CN113472748B - Audit log system communication method based on non-blocking input and output - Google Patents

Audit log system communication method based on non-blocking input and output Download PDF

Info

Publication number
CN113472748B
CN113472748B CN202110605064.4A CN202110605064A CN113472748B CN 113472748 B CN113472748 B CN 113472748B CN 202110605064 A CN202110605064 A CN 202110605064A CN 113472748 B CN113472748 B CN 113472748B
Authority
CN
China
Prior art keywords
audit log
message
protocol
audit
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110605064.4A
Other languages
Chinese (zh)
Other versions
CN113472748A (en
Inventor
刘健平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Wanyi Energy Technology Co ltd
Original Assignee
Sichuan Wanyi Energy Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Wanyi Energy Technology Co ltd filed Critical Sichuan Wanyi Energy Technology Co ltd
Priority to CN202110605064.4A priority Critical patent/CN113472748B/en
Publication of CN113472748A publication Critical patent/CN113472748A/en
Application granted granted Critical
Publication of CN113472748B publication Critical patent/CN113472748B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention discloses a communication method of an audit log system based on non-blocking input and output, which is realized based on an audit log protocol, wherein the audit log protocol adopts a compact protocol format without any useless protocol header, thereby greatly reducing the size of a protocol body and reducing the occupation of bandwidth and the waste of flow; when the audit log protocol is coded, a high-efficiency and simple coding and decoding mode is adopted, so that the expense of a CPU is reduced; a message confirmation mechanism is designed, so that the reliability of application data transmission is ensured; the audit log protocol operation is established on non-blocking long connection, the transmission direction is not limited, and the two ends (client and server) of the connection can send data to the opposite end at any time, so that the efficiency and the flexibility of data transmission are improved.

Description

Audit log system communication method based on non-blocking input and output
Technical Field
The invention belongs to the technical field of data communication methods, and particularly relates to a non-blocking input and output-based audit log system communication method.
Background
A system Log (Log) is information that records hardware, software, and system problems in a system, while also monitoring events occurring in the system. Through which the user can check the cause of the error or look for traces left by the attacker when under attack. The system logs include system logs, application logs, security logs, and audit logs. The basic purpose of an Audit log (audio log) is to provide information to determine the operations that have been performed or attempted to be performed, by whom, when, and what the data associated with the operations are. Audit logs are often used to assist security teams in monitoring fraudulent, illegal or other unauthorized activities and being able to correct erroneous changes. Audit logs are commonly used to demonstrate compliance with legal obligations such as the sarbans-Oxley act (Sarbanes-Oxley). The traditional method for recording the audit log comprises two methods, one is that a system (client) generating the audit log is directly written into a local disk; the other is that the system (client) generating the audit log sends the audit log to the system (server) receiving the audit log through a network communication protocol. The latter is more widely used in the industry. Most of traditional audit log systems adopt a hypertext transfer protocol (HTTP) as a network communication protocol, and the protocol has the characteristics of high maturity, stability, wide application, simplicity in development and the like. As is well known, an audit log application scenario has the characteristics of high transmission frequency, small single-time transmission data volume, high requirement on reliability and the like. Therefore, the hypertext transfer protocol (HTTP) has the following four inherent drawbacks in the application field of audit logs:
(1) Protocol redundancy: the hypertext transfer protocol (HTTP) is designed to link hypertext formed by the interrelationship of multiple documents into a world wide web WWW that can be mutually referenced by a browser. Therefore, the protocol design includes a large number of protocol headers special for the browser, and the protocol design is not compact enough and includes a large number of spaces and symbols. If the hypertext transfer protocol (HTTP) is applied to an audit log scene needing high-frequency transmission, a large amount of useless data is inevitably transmitted to a server, a large amount of bandwidth is occupied, and a large amount of flow is wasted.
(2) Short connection: the initial design of the hypertext transfer protocol (HTTP) was to refer to the world wide web WWW via a browser, and in early versions of HTTP (0.9, 1.0), users sent a small and simple request to a server via a browser, and the server returned a large amount of response data (typically a web page) where the user stayed for a while to see the information and sent the request again to the server after a while. Based on this application scenario, the hypertext transfer protocol (HTTP) provides that the client closes the connection after receiving the server response. If the hypertext transfer protocol (HTTP) is applied to the field of audit logs with high sending frequency and small data volume sent once, the frequent establishment and closing of server connection is bound to be caused, and server resources are wasted; the data volume sent by each connection is small, and the connection utilization rate is low; the new connection also requires a certain time to establish, increasing network latency.
(3) Unreliable: although the hypertext transfer protocol (HTTP) is an application layer protocol built on top of the reliable transport protocol Transmission Control Protocol (TCP). But the protocol does not guarantee the reliability of the upper layer application data transmission. This requires the application using hypertext transfer protocol (HTTP) to implement itself. Therefore, the hypertext transfer protocol (HTTP) is directly applied to the field of audit logs, and the reliability of application data transmission cannot be guaranteed.
(3) Unidirectional transmission: the hypertext transfer protocol (HTTP) specifies that data can only be transmitted in one way, i.e. only the client actively sends a request to the server, and the server passively receives the request and replies a response. The server cannot actively send data to the client. If the hypertext transfer protocol (HTTP) is applied to the field of audit logs, functions which need reverse control of a server are difficult or even impossible to realize.
Disclosure of Invention
Aiming at the defects in the prior art, the audit log system communication method based on non-blocking input and output provided by the invention solves the problems in the background art.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a communication method of an audit log system based on non-blocking input and output comprises the following steps:
s1, establishing TCP network connection;
s2, transmitting an audit log message based on an audit log protocol on the basis of TCP network connection;
s3, encoding and decoding the audit log messages at two ends of the TCP network respectively;
s4, creating an audit log session based on the decoded audit log message;
s5, sending and processing the audit log based on the created audit log session;
and S6, replying a confirmation message to the sent audit log to realize message communication in the audit log system.
Further, the audit log protocol in the step S2 is a protocol described by adopting a lightweight data exchange format JSON format;
the audit log protocol comprises a protocol header and a protocol body;
the data item structure of the audit log protocol is a key value pair, wherein the key is the name of the data, and the value is a corresponding value;
the audit log message comprises a protocol structure and a plurality of data items, wherein, for the audit log message, a protocol header is optional, and a protocol body is optional;
the audit log message comprises a data message and a control message, wherein the data message is used as a load of a transmission protocol, and the control message is used for realizing the specific function of the protocol.
Further, the step S3 specifically includes:
s31, encoding the audit log message into a binary byte stream through any end of a TCP network;
s32, adding additional 4 bytes at the top of the binary byte stream;
the added 4 bytes are used for storing the total length of the audit log message;
s33, writing the binary byte stream added with the 4 bytes into a TCP network;
s34, acquiring the first 4 subsections of the binary byte stream through the other end of the TCP network, and decoding the subsections to acquire the total length of the audit log message;
and S35, acquiring byte number equal to the total length of the audit log message, and decoding the byte number to obtain the decoded audit log message.
Further, the step S4 specifically includes:
s41, when a system generating the audit log is started, starting a new thread by using the audit log client through Netty, establishing TCP connection between the thread and an audit log server, and judging whether the TCP connection is successful;
if yes, go to step S43;
if not, the step S42 is carried out;
s42, repeatedly establishing TCP connection with an audit log server based on a new thread started by an audit log client, if the connection is successful within the set times, entering a step S43, and if the connection is failed within the set times, notifying a user of the connection failure and giving fault information;
s43, establishing a TCP connection keep-alive counter at an audit log server;
s44, based on the established TCP connection, sending an audit log message of 'creating an audit log session' to an audit log server through an audit log client;
s45, based on the received audit log message, creating an audit log session in a memory of an audit log server, associating the audit log session with the current TCP connection, deleting the created TCP connection protection counter, and then creating an ALP session keep-alive counter;
and S46, returning the information of successful creation of the audit log session to the audit log client through the audit log server, and finishing the creation of the audit log session.
Further, in step S43, the established TCP keep-alive counter monitors the currently established TCP connection in real time, and when the TCP connection does not receive a TCP packet within a set time, it determines that the current TCP connection is a malicious connection, and closes the TCP connection;
in step S45, the established ALP session keep-alive counter monitors the created audit log session in real time;
based on monitoring of an ALP session keep-alive counter, when the audit log session does not receive the audit log message in a first set time period, the count value of the ALP session keep-alive counter is increased by 1, and when the count value is larger than or equal to a set value, the current audit log session is judged to be unavailable through the ALP session keep-alive counter and is closed;
and when the audit log session does not send the audit log message in a second set time period, sending the audit log message of the heartbeat request to the audit log client through the ALP session keep-alive counter, and replying the audit log message corresponding to the heartbeat response after the audit log client receives the audit log message.
Further, in step S43, when it is determined that the current TCP connection is a malicious connection and the TCP connection is closed, an automatic connection reestablishment mechanism is started;
the execution method of the automatic connection reestablishment mechanism comprises the following steps:
and after the audit log client monitors that the TCP connection is closed, the audit log client reestablishes the TCP connection within infinite times until the TCP connection is established successfully.
Further, the step S5 specifically includes:
s51, when the user generates an audit log at an audit log client, sending an audit log message of sending the audit log to an audit log server;
s52, in the audit log server, comparing the event id with the existing event id of the database thereof based on the received audit log message of sending the audit log, and judging whether the event id is repeated;
if yes, discarding the received audit log, recording the discarding behavior in a system log, and entering step S53;
if not, writing the received audit log into a database, and entering step S53;
and S53, finishing the processing of the audit log.
Further, in step S51, after the audit log client sends the audit log message of "sending the audit log" to the audit log server, the audit log message sent this time is saved and is used as an "unacknowledged message".
Further, the step S6 specifically includes:
s61, sending the audit log message of 'message confirmation' to the audit log client through the audit log server
S62, when the audit log client does not receive the audit log message of 'message confirmation' sent by the audit log server within the third set time, the audit log client judges that the audit log server does not successfully receive and process the audit log message, and repeatedly sends the currently stored audit log message to the audit log server until the audit log server receives the 'message confirmation' audit log message sent by the audit log client, and then deletes the 'unconfirmed message', thereby realizing message communication in the audit log system.
Further, in step S62, on the basis of repeatedly sending the saved audit log message to the audit log server, when the audit log message of "message confirmation" sent by the audit log server is still not received within the fourth set time, "unconfirmed message" is discarded.
The invention has the beneficial effects that:
(1) The communication method is realized based on the audit log protocol, and the audit log protocol adopts a compact protocol format without any useless protocol header, thereby greatly reducing the size of a protocol body, and reducing the occupation of bandwidth and the waste of flow;
(2) When the audit log protocol is coded, a high-efficiency and simple coding and decoding mode is adopted, so that the expense of a CPU is reduced;
(3) The method adopts a non-blocking long connection mode, ensures the reliability of connection and conversation through a connection and conversation heartbeat protection mechanism and an automatic connection reestablishment mechanism, improves the connection utilization rate and reduces the waste of server resources;
(3) The invention designs a message confirmation mechanism, thereby ensuring the reliability of application data transmission;
(4) The audit log protocol operation is established on non-blocking long connection, the transmission direction is not limited, and the two ends (client and server) of the connection can send data to the opposite end at any time, so that the efficiency and the flexibility of data transmission are improved.
Drawings
Fig. 1 is a flowchart of a communication method of an audit log system based on non-blocking input and output according to the present invention.
Fig. 2 is a schematic diagram of an audit log protocol structure provided by the present invention.
Fig. 3 is a schematic diagram of an audit log message provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined by the appended claims, and all changes that can be made by the invention using the inventive concept are intended to be protected.
As shown in fig. 1, an audit log system communication method based on non-blocking input and output includes the following steps:
s1, establishing TCP network connection;
s2, transmitting an audit log message based on an audit log protocol on the basis of TCP network connection;
s3, encoding and decoding the audit log messages at two ends of the TCP network respectively;
s4, creating an audit log session based on the decoded audit log message;
s5, sending and processing an audit log based on the created audit log session;
and S6, replying a confirmation message to the sent audit log to realize message communication in the audit log system.
In this embodiment, an Audit Log Protocol (ALP) in step S2 is a Protocol described in a JSON (JavaScript Object Notation) format in a lightweight data exchange format;
the audit log protocol includes a protocol header (Head) and a protocol Body (Body), as shown in fig. 2;
the data item structure of the audit log protocol is a Key Value pair (Key: value), wherein the Key is the name of the data, and the Value is a corresponding Value;
the audit log message comprises a protocol structure and a plurality of data items, wherein, for the audit log message, a protocol header is optional, and a protocol body is optional, as shown in fig. 3;
the audit log message comprises a data message and a control message, wherein the data message is used as a load of a transmission protocol, and the control message is used for realizing the specific function of the protocol.
Step S3 in this embodiment specifically includes:
s31, encoding the audit log message into a binary byte stream through any end (client or server) of the TCP network;
s32, adding additional 4 bytes at the forefront of the binary byte stream;
the added 4 bytes are used for storing the total length of the audit log message;
s33, writing the binary byte stream added with 4 bytes into a TCP network;
s34, acquiring the first 4 subsections of the binary byte stream through the other end of the TCP network, and decoding the subsections to acquire the total length of the audit log message;
and S35, acquiring byte number equal to the total length of the audit log message, and decoding the byte number to obtain the decoded audit log message.
Step S4 in this embodiment specifically includes:
s41, when a system generating the audit log is started, starting a new thread by using the audit log client through Netty (realization of non-blocking input and output (I/O)), so that the thread establishes TCP connection with an audit log server, and judging whether the TCP connection is successful or not;
if yes, go to step S43;
if not, the step S42 is carried out;
s42, repeatedly establishing TCP connection with an audit log server based on a new thread started by an audit log client, if the connection is successful within the set times, entering a step S43, and if the connection is failed within the set times, notifying a user of the connection failure and giving fault information;
wherein, the number of repeated connections needs to be configured by the user before starting;
s43, establishing a TCP connection keep-alive counter at an audit log server;
s44, based on the established TCP connection, sending an audit log message of 'creating an audit log session' to an audit log server through an audit log client;
s45, based on the received audit log message, creating an audit log session in a memory of an audit log server, associating the audit log session with the current TCP connection, deleting the created TCP connection protection counter, and then creating an ALP session keep-alive counter;
each audit log session corresponds to one TCP connection;
and S46, returning the information of successful creation of the audit log session to the audit log client through the audit log server, and finishing the creation of the audit log session.
In the session process of creating the audit log, two session keep-alive mechanisms are designed in this embodiment, specifically, in step S43, the established TCP keep-alive counter monitors the currently established TCP connection in real time, and when the TCP connection does not receive a TCP packet within a set time, it is determined that the current TCP connection is a malicious connection, and the TCP connection is closed, so as to prevent occupation of server connection resources;
in step S45, the established ALP session keep-alive counter monitors the established audit log session in real time;
based on monitoring of an ALP session keep-alive counter, when the audit log session does not receive the audit log message in a first set time (8 seconds), increasing the count value of the ALP session keep-alive counter by 1, and when the count value is greater than or equal to a set value (5, namely 40 seconds), judging that the current audit log session is unavailable through the ALP session keep-alive counter and closing the current audit log session;
when the audit log session does not send the audit log message within a second set time (6 seconds), sending the audit log message of heartbeat request to the audit log client through an ALP session keep-alive counter, and replying the audit log message corresponding to heartbeat response after the audit log client receives the audit log message;
meanwhile, in the present embodiment, in the process of creating the audit log session, an automatic connection reestablishment mechanism is further designed, one is to reconnect within a limited number of times (user configuration) after the first connection failure in step S42, and the time interval between each connection is 0.5 seconds; in step S43, when the current TCP connection is determined to be a malicious connection and the TCP connection is closed, an automatic connection reestablishment mechanism is started;
the execution method of the automatic connection reestablishment mechanism comprises the following steps:
when the audit log client side monitors that the TCP connection is closed, the audit log client side reestablishes the TCP connection within infinite times until the TCP connection is established successfully, wherein the connection interval time of each time is 0.5 second.
Step S5 in this embodiment specifically includes:
s51, when the user generates an audit log at an audit log client, sending an audit log message of sending the audit log to an audit log server;
s52, in the audit log server, comparing the event id with the existing event id of the database thereof based on the received audit log message of sending the audit log, and judging whether the event id is repeated;
if yes, discarding the received audit log, recording the discarding behavior in a system log, and entering step S53;
if not, writing the received audit log into a database, and entering step S53;
and S53, finishing the processing of the audit log.
Specifically, in step S51, after the audit log client sends the audit log message of "sending the audit log" to the audit log server, the audit log message sent this time is saved and is used as an "unacknowledged message".
Step S6 in this embodiment is specifically:
s61, sending an audit log message of 'message confirmation' to an audit log client through an audit log server;
s62, when the audit log client does not receive the audit log message of 'message confirmation' sent by the audit log server within the third set time (3 seconds), the audit log client judges that the audit log server does not successfully receive and process the audit log message, and repeatedly sends the currently stored audit log message to the audit log server until the audit log server receives the 'message confirmation' audit log message sent by the audit log client, and then deletes the 'unconfirmed message', so that message communication in the audit log system is realized;
furthermore, on the basis of repeatedly sending the saved audit log messages to the audit log server, when the audit log messages of 'message confirmation' sent by the audit log server are still not received within the fourth set time, the 'unconfirmed messages' are discarded.

Claims (7)

1. A communication method of an audit log system based on non-blocking input and output is characterized by comprising the following steps:
s1, establishing TCP network connection;
s2, transmitting an audit log message based on an audit log protocol on the basis of TCP network connection;
s3, encoding and decoding the audit log messages at two ends of the TCP network respectively;
s4, creating an audit log session based on the decoded audit log message;
s5, sending and processing the audit log based on the created audit log session;
s6, replying a confirmation message to the sent audit log to realize message communication in the audit log system;
the audit log protocol in the step S2 is a protocol described by adopting a lightweight data exchange format JSON format;
the audit log protocol comprises a protocol header and a protocol body;
the data item structure of the audit log protocol is a key value pair, wherein the key is the name of the data, and the value is a corresponding value;
the audit log message comprises a protocol structure and a plurality of data items, wherein, for the audit log message, a protocol header is optional, and a protocol body is optional;
the audit log message comprises a data message and a control message, wherein the data message is used as a load of a transmission protocol, and the control message is used for realizing the specific function of the protocol;
the step S3 specifically includes:
s31, encoding the audit log message into a binary byte stream through any end of a TCP network;
s32, adding additional 4 bytes at the forefront of the binary byte stream;
the added 4 bytes are used for storing the total length of the audit log message;
s33, writing the binary byte stream added with 4 bytes into a TCP network;
s34, acquiring the first 4 subsections of the binary byte stream through the other end of the TCP network, and decoding the subsections to acquire the total length of the audit log message;
s35, acquiring byte number equal to the total length of the audit log message, and decoding the byte number to obtain a decoded audit log message;
the step S4 specifically comprises the following steps:
s41, when a system generating the audit log is started, starting a new thread by using the audit log client through Netty, establishing TCP connection between the thread and an audit log server, and judging whether the TCP connection is successful;
if yes, go to step S43;
if not, the step S42 is carried out;
s42, repeatedly establishing TCP connection with an audit log server based on a new thread started by an audit log client, if the connection is successful within the set times, entering a step S43, and if the connection is failed within the set times, notifying a user of the connection failure and giving fault information;
s43, establishing a TCP connection keep-alive counter at an audit log server;
s44, based on the established TCP connection, sending an audit log message of 'creating an audit log session' to an audit log server through an audit log client;
s45, creating an audit log session in a memory of an audit log server based on the received audit log message, associating the audit log session with the current TCP connection, deleting the established TCP connection protection counter, and then establishing an audit log protocol session keep-alive counter;
and S46, returning the information of successful creation of the audit log session to the audit log client through the audit log server, and finishing the creation of the audit log session.
2. The method according to claim 1, wherein in step S43, the established TCP keep-alive counter monitors the currently established TCP connection in real time, and when the TCP connection does not receive a TCP packet within a set time, it determines that the current TCP connection is a malicious connection, and closes the TCP connection;
in the step S45, the established audit log protocol session keep-alive counter monitors the established audit log session in real time;
based on the monitoring of the audit log protocol session keep-alive counter, when the audit log session does not receive the audit log message in a first set time period, the count value of the audit log protocol session keep-alive counter is increased by 1, and when the count value is greater than or equal to a set value, the current audit log session is judged to be unavailable through the audit log protocol session keep-alive counter and is closed;
and when the audit log session does not send the audit log message within a second set time period, sending the audit log message of the heartbeat request to the audit log client through the session keep-alive counter of the audit log protocol, and replying the audit log message corresponding to the heartbeat response after the audit log client receives the audit log message.
3. The method according to claim 2, wherein in step S43, when the current TCP connection is determined to be a malicious connection and is closed, an automatic connection reestablishment mechanism is started;
the execution method of the automatic connection reestablishment mechanism comprises the following steps:
and after the audit log client monitors that the TCP connection is closed, the audit log client reestablishes the TCP connection within infinite times until the TCP connection is established successfully.
4. The method according to claim 1, wherein the step S5 specifically comprises:
s51, when the user generates an audit log at an audit log client, sending an audit log message of sending the audit log to an audit log server;
s52, in the audit log server, comparing the event id with the existing event id of the database thereof based on the received audit log message of sending the audit log, and judging whether the event id is repeated;
if yes, discarding the received audit log, recording the discarding behavior in a system log, and entering step S53;
if not, writing the received audit log into a database, and entering step S53;
and S53, finishing the processing of the audit log.
5. The communication method of the audit log system based on non-blocking input and output according to claim 4, wherein in step S51, after the audit log client sends the audit log message of "sending audit log" to the audit log server, the audit log message sent this time is saved and is used as an "unconfirmed message".
6. The method according to claim 5, wherein the step S6 specifically comprises:
s61, sending an audit log message of 'message confirmation' to an audit log client through an audit log server;
s62, when the audit log client side does not receive the audit log message of 'message confirmation' sent by the audit log server within the third set time, the audit log client side judges that the audit log server does not successfully receive and process the audit log message, and repeatedly sends the currently stored audit log message to the audit log server until the audit log server receives the 'message confirmation' audit log message sent by the audit log client side, and then deletes the 'unconfirmed message', thereby realizing message communication in the audit log system.
7. The communication method according to claim 6, wherein in step S62, on the basis of repeatedly sending the saved audit log messages to the audit log server, when the audit log messages of "message confirmation" sent by the audit log server are not received within the fourth set time, the "unconfirmed messages" are discarded.
CN202110605064.4A 2021-05-31 2021-05-31 Audit log system communication method based on non-blocking input and output Active CN113472748B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110605064.4A CN113472748B (en) 2021-05-31 2021-05-31 Audit log system communication method based on non-blocking input and output

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110605064.4A CN113472748B (en) 2021-05-31 2021-05-31 Audit log system communication method based on non-blocking input and output

Publications (2)

Publication Number Publication Date
CN113472748A CN113472748A (en) 2021-10-01
CN113472748B true CN113472748B (en) 2023-03-24

Family

ID=77872006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110605064.4A Active CN113472748B (en) 2021-05-31 2021-05-31 Audit log system communication method based on non-blocking input and output

Country Status (1)

Country Link
CN (1) CN113472748B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915460A (en) * 2015-07-10 2015-09-16 上海斐讯数据通信技术有限公司 Log storage method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6085251A (en) * 1998-04-02 2000-07-04 The United States Of America As Represented By The Secretary Of The Air Force Implementing a parallel file transfer protocol
CN101227643A (en) * 2008-01-21 2008-07-23 中兴通讯股份有限公司 Terminal log conveying system and method
CN108234595B (en) * 2017-11-29 2021-05-14 山东鲁能软件技术有限公司 Log transmission method and system
CN111158876B (en) * 2019-12-26 2023-06-06 杭州安恒信息技术股份有限公司 Log processing method, device, equipment and computer readable storage medium
CN111416767A (en) * 2020-03-16 2020-07-14 广东科徕尼智能科技有限公司 Log output method, device and storage medium of edge intelligent gateway
CN112118266B (en) * 2020-09-24 2022-05-31 焦点科技股份有限公司 Distributed state synchronization method based on cooperation of HTTP and WebSocket

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915460A (en) * 2015-07-10 2015-09-16 上海斐讯数据通信技术有限公司 Log storage method and system

Also Published As

Publication number Publication date
CN113472748A (en) 2021-10-01

Similar Documents

Publication Publication Date Title
US6999992B1 (en) Efficiently sending event notifications over a computer network
CN100520757C (en) Method and apparatus for sharing authentication session state in a global distributed network
RU2480829C2 (en) Distributed messaging system with configurable assurances
US20050015502A1 (en) Method for communicating data between client and server using RDT messages, recording medium, system, user agent client, and user agent server thereof
KR101201140B1 (en) Reliable one-way messaging over request-response transport protocols
US7072962B2 (en) Proxy reply method and apparatus
CN101610268B (en) Implementation method and equipment of keyword filtration
CN101473622A (en) Method and system for outband identification of data network communication
CN110557677A (en) Video transmission method and device
CN113676605A (en) Data transmission method, device, equipment and computer readable storage medium
CN106656919B (en) A kind of session analytic method and system based on Telnet agreement
US9191405B2 (en) Dynamic cross-site request forgery protection in a web-based client application
CN113472748B (en) Audit log system communication method based on non-blocking input and output
Mishra et al. Reducing session establishment delay using timed out packets in SIP signaling network
Mishra et al. TCP Flow Control in Lossy Networks: Analysis and Enhancement.
US20010005884A1 (en) Communication method and communication system
CN108390868B (en) Hidden communication method based on HTTP cache record
Zhuang et al. A 3: application-aware acceleration for wireless data networks
US7424544B2 (en) Method for improving performance in computer networks based on lossy channel
CN114070647A (en) Video transmission system and video transmission method
CN115550459A (en) Method for transmitting and receiving voice data and related equipment
Yavas et al. Strict prioritization of new requests over retransmissions for enhancing scalability of SIP servers
CN103731314B (en) A kind of detection method, system and the equipment of communication service abnormal behavior
CN111917784B (en) Safety interconnection protocol method different from Web server application
CN112291270B (en) Data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant