CN113094225B - Abnormal log monitoring method and device and electronic equipment - Google Patents
Abnormal log monitoring method and device and electronic equipment Download PDFInfo
- Publication number
- CN113094225B CN113094225B CN202010023747.4A CN202010023747A CN113094225B CN 113094225 B CN113094225 B CN 113094225B CN 202010023747 A CN202010023747 A CN 202010023747A CN 113094225 B CN113094225 B CN 113094225B
- Authority
- CN
- China
- Prior art keywords
- log
- abnormal
- exception
- logic
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 157
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012544 monitoring process Methods 0.000 title claims abstract description 43
- 238000004458 analytical method Methods 0.000 claims abstract description 65
- 238000002347 injection Methods 0.000 claims abstract description 49
- 239000007924 injection Substances 0.000 claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012806 monitoring device Methods 0.000 claims abstract description 6
- 230000005856 abnormality Effects 0.000 claims description 14
- 238000007639 printing Methods 0.000 claims description 14
- 230000009471 action Effects 0.000 claims description 9
- 230000001960 triggered effect Effects 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 8
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000012545 processing Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000012800 visualization Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 238000010249 in-situ analysis Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an anomaly log monitoring method, an anomaly log monitoring device and electronic equipment, wherein the method comprises the following steps: identifying a log framework used by the obtained application program; logic injection is carried out on the log frame so as to inject the analysis logic of the abnormal log into the log frame; during the running process of the application program, the analysis logic analyzes the abnormal log of the application program to obtain abnormal information; and reporting the abnormal information to an abnormal database. In the scheme, the analysis logic of the abnormal log is logically injected into the log framework, so that the local analysis and monitoring of the abnormal log are realized, remote transmission of the abnormal log is not needed, the technical problem of high operation and maintenance cost of the abnormal log monitoring in the prior art is solved, and the operation and maintenance cost of the abnormal log monitoring is reduced.
Description
Technical Field
The present invention relates to the field of software technologies, and in particular, to an anomaly log monitoring method and apparatus, and an electronic device.
Background
The log framework is an important part in the JAVA technology framework and is used for log output of software developed under the JAVA language ecology. The journal framework used in most project development in the industry is focused on SLF4J, logback, apache Log4j and the like.
At present, for monitoring an abnormal log, asynchronous transmission and processing are generally adopted for the abnormal log output by a log framework, for example, the abnormal log is remotely output to an analysis server, and the analysis server analyzes the abnormal log to obtain statistical data.
Disclosure of Invention
The embodiment of the invention provides an abnormal log monitoring method, an abnormal log monitoring device and electronic equipment, which are used for solving the technical problem of high operation and maintenance cost of abnormal log monitoring in the prior art and reducing the operation and maintenance cost of the abnormal log monitoring.
The embodiment of the invention provides an anomaly log monitoring method, which comprises the following steps:
identifying a log framework used by the obtained application program;
logic injection is carried out on the log frame so as to inject the analysis logic of the abnormal log into the log frame;
during the running process of the application program, the analysis logic analyzes the abnormal log of the application program to obtain abnormal information;
and reporting the abnormal information to an abnormal database.
Optionally, the analyzing the exception log of the application program through the analyzing logic obtains exception information, including:
analyzing and obtaining target data of the recorded abnormality in the abnormality log through the analysis logic;
obtaining at least one of the following anomaly information based on the target data:
the exception log corresponds to an exception type of the exception, a print location of the exception log, and a code location of the exception generated by the application.
Optionally, the analyzing logic analyzes and obtains the target data of the record abnormality in the abnormality log, including:
obtaining an exception stack of the exception log through the analysis logic;
judging whether the abnormal stack contains a data row with a preset class name, wherein the preset class name is the class name of a log bridge;
if not, acquiring the data after the preset row in the abnormal stack as the target data; or,
if yes, acquiring the data after the data row containing the preset class name as the target data.
Optionally, logic injection is performed on the log frame to inject the analysis logic of the exception log into the log frame, including:
obtaining a logic injection mode corresponding to the log frame, wherein the logic injection mode is byte code enhancement, injection through an extensible interface or section-oriented programming;
and injecting the analysis logic of the abnormal log into the log frame according to the logic injection mode.
Optionally, reporting the anomaly information to an anomaly database includes:
converting the abnormal information into an index data structure to be reported;
and reporting the index data structure to the abnormal database in a pushing mode or a pulling mode.
Optionally, the analyzing, by the analyzing logic, the exception log of the application program to obtain exception information includes:
when the abnormal log printing action occurs, the analysis logic is triggered to analyze the abnormal log of the application program, and abnormal information is obtained.
The embodiment of the invention also provides an abnormal log monitoring device, which comprises:
the identification unit is used for identifying and obtaining a log framework used by the application program;
the injection unit is used for carrying out logic injection on the log frame so as to inject the analysis logic of the abnormal log into the log frame;
the monitoring unit is used for analyzing the abnormal log of the application program through the analysis logic in the running process of the application program to obtain abnormal information;
and the reporting unit is used for reporting the abnormal information to an abnormal database.
Optionally, the monitoring unit is configured to:
analyzing and obtaining target data of the recorded abnormality in the abnormality log through the analysis logic;
obtaining at least one of the following anomaly information based on the target data:
the exception log corresponds to an exception type of the exception, a print location of the exception log, and a code location of the exception generated by the application.
Optionally, the monitoring unit is further configured to:
obtaining an exception stack of the exception log through the analysis logic;
judging whether the abnormal stack contains a data row with a preset class name, wherein the preset class name is the class name of a log bridge;
if not, acquiring the data after the preset row in the abnormal stack as the target data; or,
if yes, acquiring the data after the data row containing the preset class name as the target data.
Optionally, the injection unit is configured to:
obtaining a logic injection mode corresponding to the log frame, wherein the logic injection mode is byte code enhancement, injection through an extensible interface or section-oriented programming;
and injecting the analysis logic of the abnormal log into the log frame according to the logic injection mode.
Optionally, the reporting unit is configured to:
converting the abnormal information into an index data structure to be reported;
and reporting the index data structure to the abnormal database in a pushing mode or a pulling mode.
Optionally, the monitoring unit is configured to: when the abnormal log printing action occurs, the analysis logic is triggered to analyze the abnormal log of the application program, and abnormal information is obtained.
The above technical solutions in the embodiments of the present application at least have the following technical effects:
the embodiment of the application provides an abnormal log monitoring method, which is used for identifying and obtaining a log framework used by an application program; logic injection is carried out on the log frame so as to inject the analysis logic of the abnormal log into the log frame; in the running process of the application program, the abnormal log of the application program is analyzed through the injected analysis logic to obtain abnormal information; the method has the advantages that the abnormal information is reported to the abnormal database, the local analysis and monitoring of the abnormal log are realized, remote transmission of the abnormal log is not needed, the technical problem that the operation and maintenance cost of the abnormal log monitoring is high in the prior art is solved, the operation and maintenance cost of the abnormal log monitoring is reduced, the invasiveness of an application program is reduced by collecting the abnormal information through a logic injection mode, and the method is simple and convenient to use.
Drawings
Fig. 1 is a flow chart of an anomaly log monitoring method according to an embodiment of the present application;
FIG. 2 is a block diagram of an anomaly log monitoring device according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In the technical scheme provided by the embodiment of the application, an abnormal log monitoring method is provided, and an abnormal log analysis logic is put into a log frame in a logic injection mode so as to realize abnormal log monitoring locally in an application program, thereby solving the technical problem of higher operation and maintenance cost of the abnormal log monitoring in the prior art.
The following describes in detail the main implementation principles of the technical solution of the embodiments of the present application, the specific implementation manner and the corresponding beneficial effects.
Examples
Referring to fig. 1, an embodiment of the present application provides an anomaly log monitoring method, which includes:
s10, identifying and obtaining a log framework used by an application program;
s12, carrying out logic injection on the log frame so as to inject analysis logic of the abnormal log into the log frame;
s14, analyzing the abnormal log of the application program through the analysis logic in the running process of the application program to obtain abnormal information;
s16, reporting the abnormal information to an abnormal database.
In the implementation process, S10 may perform abnormal log monitoring initialization when the application program is started, and identify and obtain a log framework used by the application program. The log framework is divided into two types: log facade framework and log realization framework. The log portal framework, also known as a log bridge, provides an interface to log related functions without a concrete implementation framework that invokes a concrete implementation framework for Logging, and typical log portal frameworks include general log Commons Logging, simple log portal SLF4J (Simple Logging Facade for Java), and the like. The log realization framework is a log component for log recording, and the log component comprises log back, log4j2 and the like.
And S12, performing logic injection on the log frame obtained through recognition, and injecting analysis logic of the abnormal log into the log frame, namely injecting analysis codes of the abnormal log into the log frame. The analysis logic of the abnormal log takes the abnormal log printing action as a trigger condition, and executes analysis logic when the abnormal log printing action occurs, so as to perform in-situ analysis processing on the abnormal log generated in the execution process of the application program.
When S12 is executed, a logic injection method corresponding to the log framework may be acquired first. Different log frameworks may take different logical injection approaches. Based on JAVA language characteristics, the logic injection mode comprises byte code enhancement, injection through an extensible interface, section-oriented programming AOP and the like. In general, code may be injected through the extensible interface for log components that provide extensible interfaces, such as: code can be injected through its scalable interface AbstractFilter for Log4j2 and turbo filter for Log back. For other components that do not support extension, code may be injected by JAVA bytecode enhanced methods or by slice-oriented programming. After the logic injection mode is obtained, the analysis logic of the abnormal log is injected into the log frame according to the logic injection mode corresponding to the log frame. The injected analysis logic establishes an analysis calculation logic of a branch processing abnormal log on the log frame, and the branch and other logics of the log frame such as log printing logic can be parallel, so that asynchronous processing of the branch and the log printing logic is realized, and the current thread is ensured not to be blocked and delayed; no extra log landing and log scanning are needed, and the input/output IO and CPU burden of the host machine is reduced.
After the logic injection is completed in S12, the execution of the process of continuing S14 is performed, and if an abnormal log printing action occurs, the analysis logic can be triggered to analyze the abnormal log and obtain the abnormal information of the abnormal log. Exception logs are typically classified into different error classes, including: warning warn, error, serious error far, etc. The parsing logic may also be triggered only by exception logs of certain error levels, such as norm and error. Analyzing the anomaly log to obtain at least one of the following anomaly information:
(1) The exception type of the exception corresponding to the exception log, such as null pointer exception NullPointException, the specified object not being a group of illegalarmmentexception, etc.;
(2) The printing position of the abnormal log comprises the class, the method, the line number of the code line and the like of the abnormal log;
(3) The application program generates the abnormal code position, such as traversing from the abnormal stack of the abnormal log, namely the abnormal stack to obtain the position of the latest current item class;
(4) Abnormal error grades, such as warn, error, fatal, etc.;
(5) Project names, which refer to names or identifications of monitored application programs, because a plurality of application programs with different functions are running a common support service under the distributed cluster, and the application programs from which the abnormality comes are distinguished through the project names;
(6) Machine instance, which refers to a host running a monitored application, is typically represented by an IP address or host alias, distinguishing from which running hosts an exception came.
When the abnormal information is obtained through analysis, the target data of the record abnormality in the abnormal log can be obtained through analysis logic analysis; and obtaining abnormal information based on the target data. Typically, the exception log records the target data of the exception in an exception stack. The abnormal stack is a method call stack track of an abnormal occurrence position and is key data for acquiring abnormal information. In order to accurately and rapidly acquire target data, the embodiment provides the following method for acquiring the target data:
first, an exception stack of an exception log is obtained by parsing logic. Further, whether the abnormal stack contains a data row with a preset class name is judged. The preset class name is the class name of the log bridge, namely the log portal frame, one row of the class name used for recording the log portal frame is arranged in the exception stack corresponding to the log portal frame, and the exception information is recorded in the rows after the row. And for the log realization frame, namely the abnormal stack of the log component, the calling path of the log component is recorded in the preset line of the abnormal stack, and the abnormal information is recorded in the lines after the lines. If the judgment result is negative, acquiring data after the preset line in the abnormal stack as the target data; or if the judgment result is yes, acquiring the data after the data row containing the preset class name as target data. The method can rapidly and accurately position the target data, and further rapidly and accurately traverse and obtain the abnormal information from the target data.
For example, for the log bridge slf4j, the exception stack corresponding to the exception log is an array, and the array structure is as follows:
the first 6 rows are call paths of the original log component;
line 7 is the bridge path using the SLF4j log bridge, containing class names named SLF4 jXXX;
starting from line 8 is the actual path of the recorded anomaly.
Based on the method, when the abnormal information is acquired, the 7 th row of the abnormal stack can be scanned and judged to contain the data row with the slf4j class name, the data after the 7 th row is acquired as target data, the abnormal information is searched and acquired from the target data, and the analysis efficiency of the abnormal log is improved.
After obtaining the anomaly information, further executing S16, and reporting the anomaly information in the form of indicator metrics or formatting logging. Specifically, when reporting the abnormal information, the abnormal information may be first converted into an indicator meta data structure or a formatted logging data structure to be reported; the index data structure or the formatted data structure is reported to the exception database by a push means such as filebeat, logstash or flime, or a pull means such as kafka or API interface. The index metrics data structure may be used to statistically report the anomaly information: the anomaly information is subjected to multidimensional statistics, such as how many anomalies are generated in total per minute, how many anomalies of a certain error type are generated per minute, how many anomalies are generated per minute at a certain code position, and the like, and the statistical indexes are reported to an anomaly database. The statistical reporting of the abnormal information can greatly improve the reporting efficiency, and particularly has extremely high statistical reporting efficiency when the application program is in an abnormal burst.
In the implementation process, when the analysis logic of the abnormal log is injected into the log framework logic, the alarm logic and the monitoring visualization logic can be injected simultaneously. The alarm logic is used for alarming when the application program generates an abnormal log of a preset type. The monitoring visualization logic is used for displaying the analysis process and/or analysis result of the abnormal log analysis logic to the user. Of course, the exception log parsing logic provided in this embodiment may also interface with other monitoring tools or time series data storage tools, such as providing corresponding interfaces thereto for monitoring their parsing or storing corresponding data.
In the above embodiment, the log frame is logically injected to inject the analysis logic of the abnormal log into the log frame; in the running process of the application program, the injected analysis logic analyzes the abnormal log of the application program to obtain abnormal information, so that the local analysis and monitoring of the abnormal log are realized, the remote transmission of the abnormal log is avoided, the operation and maintenance cost of the abnormal log monitoring is reduced, the acquisition cost of the abnormal information is reduced through logic injection, the invasiveness of the analysis logic to the application program is reduced, and the application program is simple and convenient to use. Moreover, the logic injection mode is widely applied to log frames log back, log4j2, common-logging, slf4j and the like in the industry, so the abnormal log monitoring method provided by the embodiment has the beneficial effect of wide application coverage.
Meanwhile, the embodiment also obtains the exception information of multiple dimensions, including rich dimensions such as project names, machine examples, exception types, exception occurrence positions, exception printing positions, exception stacks and the like, but the embodiment limits specific dimensions, the dimensions of the exception information can be expanded and customized, and can also be classified by expression matching, and the accuracy and usability of exception statistical analysis are improved by obtaining rich data dimensions.
For the foregoing embodiment, an anomaly log monitoring method is provided, and an anomaly log monitoring device is correspondingly provided in the embodiment of the present application, please refer to fig. 2, where the device includes:
an identification unit 21 for identifying a log frame used by the obtained application program;
an injection unit 22, configured to perform logic injection on the log frame, so as to inject the analysis logic of the abnormal log into the log frame;
the monitoring unit 23 is configured to parse the exception log of the application program through the parsing logic during the running process of the application program, so as to obtain exception information;
and the reporting unit 24 is used for reporting the abnormal information to an abnormal database.
As an optional implementation manner, the monitoring unit 23 may trigger the analysis logic to analyze the exception log of the application program to obtain exception information when an exception log printing action occurs. During specific analysis, the analysis logic analyzes and obtains target data of the record abnormality in the abnormality log; obtaining at least one of the following anomaly information based on the target data: the exception log corresponds to an exception type of the exception, a print location of the exception log, and a code location of the exception generated by the application.
As an alternative embodiment, the monitoring unit 23 may obtain the target data by parsing as follows: obtaining an exception stack of the exception log through the analysis logic; judging whether the abnormal stack contains a data row with a preset class name, wherein the preset class name is the class name of a log bridge; if not, acquiring the data after the preset row in the abnormal stack as the target data; or if so, acquiring the data after the data row containing the preset class name as the target data.
As an optional implementation manner, when the injection unit 22 performs logic injection, a logic injection mode corresponding to the log frame may be acquired first, where the logic injection mode is a bytecode enhancement, injection through an expandable interface, or slice-oriented programming; and injecting the analysis logic of the abnormal log into the log frame according to the logic injection mode.
As an optional implementation manner, when the reporting unit 24 reports the information, the abnormal information may be converted into an index data structure to be reported; and reporting the index data structure to the abnormal database in a pushing mode or a pulling mode.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Fig. 3 is a block diagram illustrating an electronic device 800 for implementing an anomaly log monitoring method, according to an example embodiment. For example, electronic device 800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.
Referring to fig. 3, the electronic device 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/presentation (I/O) interface 812, a sensor component 814, and a communication component 816.
The processing component 802 generally controls overall operation of the electronic device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 may include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operations at the electronic device 800. Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply component 806 provides power to the various components of the electronic device 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the electronic device 800.
The multimedia component 808 includes a screen between the electronic device 800 and the user that provides a presentation interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. When the electronic device 800 is in an operational mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
The audio component 810 is configured to present and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, the audio component 810 further includes a speaker for rendering audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.
The sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of the electronic device 800. For example, the sensor assembly 814 may detect an on/off state of the electronic device 800, a relative positioning of the components, such as a display and keypad of the electronic device 800, the sensor assembly 814 may also detect a change in position of the electronic device 800 or a component of the electronic device 800, the presence or absence of a user's contact with the electronic device 800, an orientation or acceleration/deceleration of the electronic device 800, and a change in temperature of the electronic device 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communication between the electronic device 800 and other devices, either wired or wireless. The electronic device 800 may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the electronic device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 804 including instructions executable by processor 820 of electronic device 800 to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
A non-transitory computer readable storage medium, which when executed by a processor of a mobile terminal, causes the mobile terminal to perform an anomaly log monitoring method, the method comprising:
identifying a log framework used by the obtained application program; logic injection is carried out on the log frame so as to inject the analysis logic of the abnormal log into the log frame; during the running process of the application program, the analysis logic analyzes the abnormal log of the application program to obtain abnormal information; and reporting the abnormal information to an abnormal database.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the invention is limited only by the appended claims
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (10)
1. An anomaly log monitoring method, the method comprising:
identifying a log framework used by the obtained application program;
logic injection is carried out on the log frame so as to inject the analysis logic of the abnormal log into the log frame;
in the running process of the application program, the analysis logic analyzes the abnormal log of the application program to obtain abnormal information, and the method specifically comprises the following steps: analyzing and obtaining target data of the recorded abnormality in the abnormality log through the analysis logic; obtaining at least one of the following anomaly information based on the target data: the exception log corresponds to the exception type of the exception, the printing position of the exception log and the code position of the exception generated by the application program;
reporting the abnormal information to an abnormal database;
the analyzing, by the analyzing logic, the target data of the recorded exception in the exception log, including: obtaining an exception stack of the exception log through the analysis logic; judging whether the abnormal stack contains a data row with a preset class name, wherein the preset class name is the class name of the log bridge; if not, acquiring the data after the preset row in the abnormal stack as the target data; or if so, acquiring the data after the data row containing the preset class name as the target data.
2. The method of claim 1, wherein logically injecting the log framework to inject the parsing logic of the exception log into the log framework comprises:
obtaining a logic injection mode corresponding to the log frame, wherein the logic injection mode is byte code enhancement, injection through an extensible interface or section-oriented programming;
and injecting the analysis logic of the abnormal log into the log frame according to the logic injection mode.
3. The method of claim 1, wherein reporting the anomaly information to an anomaly database comprises:
converting the abnormal information into an index data structure to be reported;
and reporting the index data structure to the abnormal database in a pushing mode or a pulling mode.
4. A method according to claims 1-3, wherein said parsing, by said parsing logic, the exception log of said application program to obtain exception information comprises:
when the abnormal log printing action occurs, the analysis logic is triggered to analyze the abnormal log of the application program, and abnormal information is obtained.
5. An anomaly log monitoring device, the device comprising:
the identification unit is used for identifying and obtaining a log framework used by the application program;
the injection unit is used for carrying out logic injection on the log frame so as to inject the analysis logic of the abnormal log into the log frame;
the monitoring unit is used for analyzing the abnormal log of the application program through the analysis logic in the running process of the application program to obtain abnormal information, and specifically comprises the following steps: analyzing and obtaining target data of the recorded abnormality in the abnormality log through the analysis logic; obtaining at least one of the following anomaly information based on the target data: the exception log corresponds to the exception type of the exception, the printing position of the exception log and the code position of the exception generated by the application program;
the reporting unit is used for reporting the abnormal information to an abnormal database;
wherein, the monitoring unit is further used for: obtaining an exception stack of the exception log through the analysis logic; judging whether the abnormal stack contains a data row with a preset class name, wherein the preset class name is the class name of the log bridge; if not, acquiring the data after the preset row in the abnormal stack as the target data; or if so, acquiring the data after the data row containing the preset class name as the target data.
6. The apparatus of claim 5, wherein the injection unit is to:
obtaining a logic injection mode corresponding to the log frame, wherein the logic injection mode is byte code enhancement, injection through an extensible interface or section-oriented programming;
and injecting the analysis logic of the abnormal log into the log frame according to the logic injection mode.
7. The apparatus of claim 5, wherein the reporting unit is to:
converting the abnormal information into an index data structure to be reported;
and reporting the index data structure to the abnormal database in a pushing mode or a pulling mode.
8. The apparatus according to claims 5-7, wherein the monitoring unit is configured to:
when the abnormal log printing action occurs, the analysis logic is triggered to analyze the abnormal log of the application program, and abnormal information is obtained.
9. An electronic device comprising a memory and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing the method of any of claims 1-4.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, carries out the steps corresponding to the method according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010023747.4A CN113094225B (en) | 2020-01-09 | 2020-01-09 | Abnormal log monitoring method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010023747.4A CN113094225B (en) | 2020-01-09 | 2020-01-09 | Abnormal log monitoring method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113094225A CN113094225A (en) | 2021-07-09 |
| CN113094225B true CN113094225B (en) | 2024-03-01 |
Family
ID=76663592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010023747.4A Active CN113094225B (en) | 2020-01-09 | 2020-01-09 | Abnormal log monitoring method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113094225B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113986736B (en) * | 2021-10-29 | 2024-10-01 | 重庆富民银行股份有限公司 | JAVA agent and byte code enhancement based slow SQL monitoring system and method |
| CN114584457A (en) * | 2022-03-22 | 2022-06-03 | 北京结慧科技有限公司 | Log analysis alarm method and platform for system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156355A (en) * | 2016-07-27 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Log processing method and device |
| CN108132873A (en) * | 2016-12-01 | 2018-06-08 | 无锡中科西北星科技有限公司 | Systematic procedure daily record prints and long-range multiple terminals daily record debugging control system |
| WO2019060327A1 (en) * | 2017-09-20 | 2019-03-28 | University Of Utah Research Foundation | Online detection of anomalies within a log using machine learning |
| CN110196790A (en) * | 2018-02-24 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus of abnormal monitoring |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9910759B2 (en) * | 2015-12-03 | 2018-03-06 | Sap Se | Logging framework and methods |
| US10740170B2 (en) * | 2016-12-08 | 2020-08-11 | Nec Corporation | Structure-level anomaly detection for unstructured logs |
-
2020
- 2020-01-09 CN CN202010023747.4A patent/CN113094225B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156355A (en) * | 2016-07-27 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Log processing method and device |
| CN108132873A (en) * | 2016-12-01 | 2018-06-08 | 无锡中科西北星科技有限公司 | Systematic procedure daily record prints and long-range multiple terminals daily record debugging control system |
| WO2019060327A1 (en) * | 2017-09-20 | 2019-03-28 | University Of Utah Research Foundation | Online detection of anomalies within a log using machine learning |
| CN110196790A (en) * | 2018-02-24 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus of abnormal monitoring |
Non-Patent Citations (2)
| Title |
|---|
| AOP技术在J2EE系统构建中的应用;古全友;王恩波;胥昌胜;;计算机技术与发展(第04期);全文 * |
| 基于Struts+Spring+log4j框架的日志管理;陈兀;程耕国;;软件导刊(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113094225A (en) | 2021-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113094225B (en) | Abnormal log monitoring method and device and electronic equipment | |
| CN112540996B (en) | Service data verification method and device, electronic equipment and storage medium | |
| CN112256563B (en) | Android application stability testing method and device, electronic equipment and storage medium | |
| CN115129573A (en) | Program operation monitoring method and device, electronic equipment and storage medium | |
| CN110347565B (en) | Application program abnormity analysis method and device and electronic equipment | |
| CN111552613A (en) | Thread timeout processing method and device and electronic equipment | |
| CN112486770B (en) | Client dotting reporting method and device, electronic equipment and storage medium | |
| CN116069612A (en) | Abnormality positioning method and device and electronic equipment | |
| CN111782508B (en) | Automatic test method, device, electronic equipment and storage medium | |
| CN112416751A (en) | Processing method and device for interface automation test and storage medium | |
| CN115563156A (en) | Method, device and equipment for checking stream data information and storage medium | |
| CN116032782A (en) | Fault detection method, device and storage medium | |
| CN111240927B (en) | Method, device and storage medium for detecting time consumption of method in program | |
| CN115314426A (en) | Data acquisition method, system, electronic device and storage medium | |
| CN112333233B (en) | Event information reporting method and device, electronic equipment and storage medium | |
| CN114417133A (en) | Business data processing method and device, electronic equipment and computer storage medium | |
| CN111898100A (en) | Code leakage tracing method and device and terminal equipment | |
| CN114936040B (en) | Program data processing method, device, electronic equipment and storage medium | |
| CN113965476B (en) | Inspection method, device and equipment based on application | |
| CN112363917B (en) | Application program debugging exception processing method and device, electronic equipment and medium | |
| CN114281581A (en) | Data display method and device, electronic equipment and storage medium | |
| CN111818019B (en) | Method, device, equipment and medium for determining network hijacking data or network hijacking | |
| CN116680157A (en) | Information processing method and device, electronic equipment and storage medium | |
| CN118550800A (en) | Fault diagnosis method, device, apparatus, storage medium, and computer program product | |
| CN115758383A (en) | Security analysis method and device and mobile terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |