CN113595794B - Network equipment alarm information optimization method, device, equipment and storage medium - Google Patents
Network equipment alarm information optimization method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113595794B CN113595794B CN202110873409.4A CN202110873409A CN113595794B CN 113595794 B CN113595794 B CN 113595794B CN 202110873409 A CN202110873409 A CN 202110873409A CN 113595794 B CN113595794 B CN 113595794B
- Authority
- CN
- China
- Prior art keywords
- alarm
- alarm information
- information
- processing
- regular expression
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0604—Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present specification relates to the technical field of network equipment alarm information processing, and provides a network equipment alarm information optimization method, a device, equipment and a storage medium, where the method includes: receiving English alarm information of one or more network devices; judging whether the English alarm information is effective alarm information or not according to a general regular expression; when the English alarm information is effective alarm information, carrying out alarm definition processing on the effective alarm information according to an alarm definition table; the alarm definition processing comprises alarm translation and alarm grading processing; and outputting the Chinese warning information and the warning level corresponding to the effective warning information. According to the embodiment of the description, the timeliness of the alarm information processing of the network equipment can be improved, and the cost of the alarm information processing of the network equipment is reduced.
Description
Technical Field
The present disclosure relates to the field of network device alarm information processing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for optimizing alarm information of a network device.
Background
The alarms sent by the data center network equipment are generally English alarms; in order to facilitate the query and the alarm processing of operation and maintenance personnel, after the network equipment forwards the English alarm to the network management server, the network management server carries out Chinese translation, alarm grading and other processing on the English alarm according to the alarm definition table, and the processing result is presented to the user side. Along with the expansion of the scale of the data center, the Chinese translation of English alarms and the alarm grading processing task are increasingly heavy; however, statistics indicate that only a small portion of alarms may require handling by the operation and maintenance personnel; therefore, in the prior art, all English alarms are processed in Chinese translation, alarm grading and the like without distinction, so that not only are computer resources and labor cost wasted, but also alarms which are really required to be processed by operation and maintenance personnel are delayed to be presented, and the timeliness of the alarm information processing of the network equipment is affected.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide a method, an apparatus, a device, and a storage medium for optimizing alarm information of a network device, so as to improve the timeliness of alarm information processing of the network device and reduce the cost of alarm information processing of the network device.
In order to achieve the above objective, in one aspect, an embodiment of the present disclosure provides a method for optimizing alarm information of a network device, including:
receiving English alarm information of one or more network devices;
judging whether the English alarm information is effective alarm information or not according to a general regular expression;
when the English alarm information is effective alarm information, carrying out alarm definition processing on the effective alarm information according to an alarm definition table; the alarm definition processing comprises alarm translation and alarm grading processing;
and outputting the Chinese warning information and the warning level corresponding to the effective warning information.
In this embodiment of the present disclosure, the method for optimizing alarm information of a network device further includes:
when the English alarm information is invalid alarm information, storing the invalid alarm information into a designated storage path;
and when a processing request for the specified invalid alarm information in the specified storage path is received, performing alarm definition processing on the specified invalid alarm information according to the alarm definition table.
In this embodiment of the present disclosure, the determining, according to a general regular expression, whether the english alarm information is valid alarm information includes:
judging whether the English alarm information accords with the shielding rule of the general regular expression or not;
when the English alarm information accords with the shielding rule of the general regular expression, identifying the English alarm information as invalid alarm information;
and when the English alarm information does not accord with the shielding rule of the general regular expression, identifying the English alarm information as effective alarm information.
In this embodiment of the present disclosure, the method for optimizing alarm information of a network device further includes:
the generic regular expression is updated periodically.
In this embodiment of the present disclosure, the updating the generic regular expression periodically includes:
acquiring a full regular expression corresponding to the invalid alarm from the alarm definition table at regular intervals;
the full regular expressions are integrated and processed, so that a new general regular expression is generated;
and replacing the general regular expression with the new general regular expression.
In this embodiment of the present disclosure, the performing, according to an alarm definition table, alarm definition processing on the effective alarm information includes:
determining equipment manufacturer identification corresponding to the effective alarm information according to the IP address in the effective alarm information;
inquiring alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table;
and processing the effective alarm information based on the alarm definition processing logic to obtain corresponding Chinese alarm information and alarm level.
In an embodiment of the present disclosure, the processing the valid alarm information based on the alarm definition processing logic includes:
when the alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table has a plurality of regular expressions, each regular expression is used for processing the effective alarm information.
On the other hand, the embodiment of the specification also provides a network device alarm information optimizing device, which comprises:
the receiving module is used for receiving English alarm information of one or more network devices;
the judging module is used for judging whether the English alarm information is effective alarm information or not according to the general regular expression;
the processing module is used for carrying out alarm definition processing on the effective alarm information according to an alarm definition table when the English alarm information is the effective alarm information; the alarm definition processing comprises alarm translation and alarm grading processing;
and the output module is used for outputting the Chinese warning information and the warning level corresponding to the effective warning information.
In another aspect, embodiments of the present disclosure further provide a computer device including a memory, a processor, and a computer program stored on the memory, which when executed by the processor, performs the instructions of the above method.
In another aspect, embodiments of the present disclosure also provide a computer storage medium having stored thereon a computer program which, when executed by a processor of a computer device, performs instructions of the above method.
As can be seen from the technical solutions provided by the embodiments of the present specification, the embodiments of the present specification can identify whether the english alarm information of each network device is effective alarm information according to a generic regular expression; only when the English alarm information is effective alarm information, alarm definition processing is carried out on the effective alarm information according to the alarm definition table, namely, invalid alarm information is selectively shielded; therefore, the number of alarm information entering the subsequent alarm definition processing flow is greatly reduced, so that the embodiment of the specification improves the timeliness of the alarm information processing of the network equipment and reduces the cost of the alarm information processing of the network equipment.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some of the embodiments described in the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic diagram of a network device alert information processing system in some embodiments of the present description;
FIG. 2 illustrates a flow chart of a network device alert information optimization method in some embodiments of the present description;
FIG. 3 is a flowchart illustrating a method for determining whether English alarm information is valid alarm information according to a generic regular expression in some embodiments of the present disclosure;
FIG. 4 illustrates a flow chart of an alarm definition process for active alarm information according to an alarm definition table in some embodiments of the present description;
FIG. 5 illustrates a flow chart for periodically updating the generic regular expression in some embodiments of the present description;
FIG. 6 is a block diagram illustrating the configuration of a network device alert information optimizing apparatus in some embodiments of the present description;
fig. 7 illustrates a block diagram of a computer device in some embodiments of the present description.
[ reference numerals description ]
10. A network device;
20. a network management server;
30. a user terminal;
61. a receiving module;
62. a judging module;
63. a processing module;
64. an output module;
702. a computer device;
704. a processor;
706. a memory;
708. a driving mechanism;
710. an input/output interface;
712. an input device;
714. an output device;
716. a presentation device;
718. a graphical user interface;
720. a network interface;
722. a communication link;
724. a communication bus.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
The embodiment of the specification relates to a network equipment alarm information processing technology. In view of the problems that the traditional technology carries out Chinese translation, alarm grading and other treatments on all English alarms without distinction, the resource waste is caused, and the effective alarms (i.e. the alarms which need to be treated by operation and maintenance personnel) are delayed to be presented. The present description embodiments provide improved network device alert information processing techniques that may be adapted to be based on any suitable business system or data center, etc.
Referring to fig. 1, a network device alarm information system according to some embodiments of the present disclosure may include a plurality of network devices 10, a network management server 20, and a client 30. The network device 10 mainly refers to a network device physical entity involved in a business system (e.g., banking system, etc.), a data center (e.g., banking data center, etc.), and the like. The network management server 20 may communicate (e.g., data interact) with the network device 10, the client 30, etc.
In some embodiments, network device 10 may include, but is not limited to, servers (e.g., large host (mainframe) based servers), switches, repeaters, bridges, routers, gateways, firewalls, and the like. The network management server 20 may be an electronic device with operation and network interaction functions.
In some embodiments, the network management server 20 may receive the english alarm information sent by each network device 10, identify the effective alarms therefrom, perform alarm definition processing on the effective alarms, and output the processed chinese alarm information and alarm level to the client 30 for display, so as to facilitate querying and processing by operation and maintenance personnel.
In some embodiments, the client 30 may be an electronic device with information display function. For example, in some embodiments, the user terminal 30 may be a display, a desktop computer, a tablet computer, a notebook computer, a mobile terminal (i.e., a smart phone), or the like.
The embodiment of the specification provides a network equipment alarm information optimization method, which can be applied to a network management server side. Referring to fig. 2, in some embodiments, the network device alert information optimization method may include the steps of:
s201, receiving English alarm information of one or more network devices.
S202, judging whether the English alarm information is effective alarm information or not according to a general regular expression.
S203, when the English alarm information is effective alarm information, alarm definition processing is carried out on the effective alarm information according to an alarm definition table; the alarm definition processing comprises alarm translation and alarm grading processing.
S204, outputting the Chinese warning information and the warning level corresponding to the effective warning information.
In the embodiment of the specification, whether the English alarm information of each network device is effective alarm information can be identified according to the general regular expression; only when the English alarm information is effective alarm information, alarm definition processing is carried out on the effective alarm information according to the alarm definition table, namely, invalid alarm information is selectively shielded; therefore, the number of alarm information entering the subsequent alarm definition processing flow is greatly reduced, so that the embodiment of the specification improves the timeliness of the alarm information processing of the network equipment and reduces the cost of the alarm information processing of the network equipment.
Each network device can generate a system log (syslog) of carried English alarm information and send the system log (syslog) to the network management server under the conditions of faults or anomalies and the like. Of these english alert messages, one part may be valid alert messages and another part may be invalid alert messages. The effective alarm information is generally fault alarm information (such as hardware fault alarm and the like) which needs to be processed by operation and maintenance personnel; the fault alarm information needs operation and maintenance personnel to process in time for coping, otherwise, the safety and stable operation of the system (i.e. a service system or a data center and the like) are affected with high probability. The invalid alarm information is prompt information which is not needed (at least temporarily needed) to be processed by operation staff (such as excessive CPU occupancy rate of sporadic network equipment, excessive memory usage rate of sporadic network equipment and the like); the network equipment outputs the prompting information to cause the operation and maintenance personnel to pay attention to the abnormal state, and if the abnormal state disappears in the appointed time, the processing of coping is not needed; if the abnormal state does not disappear for a specified time, i.e., the abnormal state continues to exist (even worsens), the abnormal state is worsened to a fault state, and thus a countermeasure process is also required to ensure safe and stable operation of the system.
Research shows that the proportion of effective alarm information in English alarm information thrown by each network device is relatively small, namely the proportion of ineffective alarm information is relatively large. Therefore, in order to reduce or avoid wasting resources and delayed presentation of active alarms, it is necessary to mask such large amounts of inactive alarm information. However, since the system often includes numerous network devices, and device manufacturers, models, software versions, and the like of the network devices often differ; in order to timely and effectively identify the invalid alarm information, a general regular expression can be configured in advance, so that whether various English alarm information thrown out by various network devices in the system is valid alarm information can be automatically identified through the general regular expression.
The alarm definition table contains alarm definition processing logic for each device vendor. It should be noted that, in addition to the alarm definition processing logic of each device vendor, the alarm definition table may also include other information (such as processing suggestions corresponding to alarm levels, etc.).
Each regular expression may be represented by one or more regular expressions; the number of regular expressions for each device vendor corresponds to the number of alert levels. For example, in an exemplary scenario, where a server vendor a has seven alert levels set for its server, seven regular expressions of the server vendor a may be included in the alert definition table, each for uniquely identifying an alert level and translating it into corresponding chinese alert information after identification. And ten alarm levels are set by the server of the server manufacturer B, ten regular expressions of the server manufacturer B can be contained in the alarm definition table, and each regular expression is used for uniquely identifying one alarm level and translating the alarm level into corresponding Chinese alarm information after identification.
For the service system or data center operators, one part of the alarm level of each equipment manufacturer can be classified as an active alarm, and the other part can be classified as an inactive alarm. For example, in the exemplary scenario described above, of the seven alarm levels of the server vendor A described above, the level 1-3 alarms may be classified as active alarms, and the level 4-7 alarms may be classified as inactive alarms; of the ten alarm levels of the server vendor B described above, the level 1-4 alarms may be classified as active alarms and the level 5-10 alarms may be classified as inactive alarms. Therefore, the regular expressions corresponding to the invalid alarms (for example, the regular expressions corresponding to the 4 th-7 th level alarms of the server manufacturer A and the regular expressions corresponding to the 5 th-7 th level alarms of the server manufacturer B) can be extracted from the alarm definition table, and are integrated and processed, so that the universal regular expression can be obtained.
In the present description embodiment, the generic regular expression refers to: the regular expression is applicable to various equipment manufacturers, various models and various software versions. For example, in an exemplary implementation scenario, for the alert message "ssh login failure", different network devices may throw different english alert messages, such as "ssh logon failure", "ssh login failure", "ssh logo fail", "ssh logo error" and "ssh logo error". However, the recognition judgment can be accurately performed on the regular expressions based on the general regular expressions.
It should be noted that, in the embodiment of the present specification, since the generic regular expression is integrated and processed based on the regular expression corresponding to the invalid alarm in the alarm definition table; therefore, the shielding of the unknown English alarm information which possibly needs to be processed by operation and maintenance personnel can be avoided, and the safe and stable operation of the system is further improved.
Specifically, when the general regular expression is integrated and processed based on the regular expression corresponding to the invalid alarms in the alarm definition table, only the invalid alarms predefined in the alarm definition table are shielded during recognition; in other words, both the unknown alarms (i.e., the English alarms not previously defined by the alarm definition table) and the valid alarms previously defined by the alarm definition table are not masked; if some unknown alarms are actually alarms which need to be processed by operation and maintenance personnel, the operation and maintenance personnel can obtain corresponding alarm information from a user side as the alarms can enter an alarm definition processing flow, so that the operation and maintenance personnel can respond in time, and the safety and stability operation of the system can be improved. Wherein, the unknown alarms may occur when the system introduces new network devices (e.g., network device expansion, network device replacement, etc. in the system), but the alarm definition table does not update the corresponding regular expression information in time.
However, when the general regular expression is integrated and processed based on the regular expression corresponding to the effective alarm in the alarm definition table, only the effective alarm predefined in the alarm definition table will not be shielded during recognition; in other words, both the unknown alarms (i.e., the English alarms not previously defined by the alarm definition table) and the invalid alarms previously defined by the alarm definition table are masked; if some unknown alarms are actually alarms which need to be processed by operation and maintenance personnel, the alarms are shielded (namely, the alarm information cannot be output to the user side), and the operation and maintenance personnel cannot obtain the corresponding alarm information from the user side, so that the response is difficult to be timely carried out, and the safe and stable operation of the system is not facilitated.
In some embodiments, when the English alarm information is judged to be invalid alarm information according to the general regular expression, the invalid alarm information can be stored in a designated storage path. Thus, the related personnel can check whether the information identified as invalid alarm information has false judgment or not from the appointed storage path, namely whether the information has unknown alarm or valid alarm or not. If the related personnel find that the unknown alarm or the effective alarm exists in the appointed storage path, the related personnel can add the unknown alarm or the effective alarm into a processing queue of the effective alarm information to perform alarm definition processing. When the alarm information which is misjudged in the appointed storage path is added into the processing queue of the effective alarm information, the processing request for the appointed invalid alarm information under the appointed storage path is equivalent to the processing request. Therefore, for the network management server side, when a processing request for the specified invalid alarm information under the specified storage path is received, alarm definition processing can be performed on the specified invalid alarm information according to the alarm definition table. Therefore, the system can also be beneficial to the safe and stable operation of the system to a certain extent.
Referring to fig. 3, in some embodiments, the determining whether the english alarm information is valid alarm information according to a generic regular expression may include the following steps:
s301, judging whether the English alarm information accords with the shielding rule of the general regular expression.
The general regular expression is a general shielding rule; therefore, whether the English alarm information accords with the shielding rule of the general regular expression is judged, namely whether the English alarm information accords with the shielding rule represented by the general regular expression is judged.
S302, when the English alarm information accords with the shielding rule of the general regular expression, identifying the English alarm information as invalid alarm information;
and S303, identifying the English alarm information as effective alarm information when the English alarm information does not accord with the shielding rule of the general regular expression.
Referring to fig. 4, in some embodiments, the alarm definition processing for the effective alarm information according to the alarm definition table may include the following steps:
s401, determining equipment manufacturer identification corresponding to the effective alarm information according to the IP address in the effective alarm information.
Each network device corresponds to a unique IP address, and the network management server side stores information such as the IP address of each network device, the device manufacturer and the like. Thus, the network management server side can determine from which device vendor the effective alarm information is from which network device. Because the alarm definition table contains a lot of alarm definition processing logic, and the alarm definition processing logic corresponds to equipment manufacturers (actually, equipment manufacturer identifiers); therefore, in order to find the matching alarm definition processing logic to process the effective alarm information, the equipment manufacturer identifier corresponding to the effective alarm information needs to be determined first.
S402, inquiring alarm definition processing logic corresponding to the equipment manufacturer identification in the alarm definition table.
In the alarm definition table, a one-to-many mapping relation exists between equipment manufacturer identification and alarm definition processing logic; from this mapping, alarm definition processing logic corresponding to the equipment vendor identification may be determined.
S403, processing the effective alarm information based on the alarm definition processing logic to obtain corresponding Chinese alarm information and alarm level.
In the processing of the effective alarm information based on the alarm definition processing logic, when the alarm definition processing logic corresponding to the equipment manufacturer identification in the alarm definition table has a plurality of regular expressions, each regular expression is used for processing the effective alarm information. In the alarm definition table, each regular expression is dedicated to the identification of an alarm level of a specific equipment manufacturer, and when one regular expression identifies the alarm level, the other regular expressions cannot identify the alarm level. Therefore, each regular expression is used for processing the effective alarm information, and the alarm level to which the effective alarm information belongs can be correctly identified.
In view of the changes of changing, expanding, shrinking and the like of the network equipment of the system, the operation and maintenance personnel can correspondingly update the alarm definition table. When the operator updates the alarm definition table, the equipment manufacturers and regular expressions in the alarm definition table may change. For example, after the system is modified in a domestic manner, the original foreign manufacturer M is replaced by the domestic manufacturer N, and the data of the foreign manufacturer M and regular expressions thereof are removed from the correspondingly updated alarm definition table, so that the data of the domestic manufacturer N and regular expressions thereof are increased. In this case, if the original generic regular expression produced based on the alarm definition table is not updated, the recognition accuracy of the generic regular expression may be lowered. Therefore, the generic regular expression can be updated periodically (or event triggered) to ensure the recognition accuracy of the generic regular expression. The event triggering type may be to update a general regular expression whenever the alarm definition table is changed.
Referring to FIG. 5, in some embodiments, the periodically updating the generic regular expression may include the steps of:
s501, periodically acquiring a full-scale regular expression corresponding to the invalid alarm from the alarm definition table.
The periodic time intervals may be appropriately selected as desired. For example, to compromise recognition accuracy and implementation cost, in some exemplary scenarios, a full-scale regular expression corresponding to an invalid alarm may be obtained from an alarm definition table weekly, i.e., updated once weekly.
S502, carrying out integration and processing on the full regular expression, so as to generate a new general regular expression.
In the embodiment of the specification, the normalization and the processing are that each rule corresponding to the full-scale regular expression is subjected to the common feature extraction, so that a more generalized rule is obtained on the basis, and the full-scale regular expression is represented.
S503, replacing the general regular expression with the new general regular expression.
For example, in one exemplary embodiment, for "user unlocked," three device vendor output alarms are shown in Table 1 below, respectively:
TABLE 1
The regular expressions for three device vendors in Table 1, each corresponding to "user unlocked", can be as shown in Table 2 below:
TABLE 2
| Equipment manufacturer | Regular expression |
| Manufacturer 1 | AAA-5-USER_UNLOCKED |
| Manufacturer 2 | AAA-5-USER_UNLOCKED |
| Vendor 3 | AAA/5/USER_UNLOCK |
The three regular expressions in the table 2 are integrated and processed, so that the following general regular expressions can be obtained:
AAA.*5.*USER.*UNLOCK
in the context of the corresponding grammar, the mask logic corresponding to the generic regular expression can be expressed as:
filter f_temp{(match('AAA.*USER.*UNLOCK');};
destination filter_syslog{file("/filterncolog");};
log{filter(f_temp);destination(filter_syslog);};
while the process flows described above include a plurality of operations occurring in a particular order, it should be apparent that the processes may include more or fewer operations, which may be performed sequentially or in parallel (e.g., using a parallel processor or a multi-threaded environment).
Corresponding to the above method for optimizing the alarm information of the network device, the embodiment of the present disclosure further provides an apparatus for optimizing the alarm information of the network device, which may be configured on the above network management server. Referring to fig. 6, in some embodiments, the network device alarm information optimizing apparatus may include:
a receiving module 61, configured to receive english alarm information of one or more network devices;
the judging module 62 may be configured to judge whether the english alarm information is valid alarm information according to a general regular expression;
the processing module 63 may be configured to perform alarm definition processing on the effective alarm information according to an alarm definition table when the english alarm information is the effective alarm information; the alarm definition processing comprises alarm translation and alarm grading processing;
the output module 64 may be configured to output the chinese alarm information and the alarm level corresponding to the effective alarm information.
In the embodiment of the specification, the network management server can identify whether the English alarm information of each network device is effective alarm information according to the general regular expression; only when the English alarm information is effective alarm information, alarm definition processing is carried out on the effective alarm information according to the alarm definition table, namely, invalid alarm information is selectively shielded; therefore, the number of alarm information entering the subsequent alarm definition processing flow is greatly reduced, so that the embodiment of the specification improves the timeliness of the alarm information processing of the network equipment and reduces the cost of the alarm information processing of the network equipment.
In some apparatus embodiments of the present disclosure, the network device alarm information optimization apparatus may further include an adjustment module; the adjusting module can be used for storing the invalid alarm information into a designated storage path when the English alarm information is the invalid alarm information; and when receiving a processing request for the appointed invalid alarm information in the appointed storage path, performing alarm definition processing on the appointed invalid alarm information according to the alarm definition table.
In some embodiments of the apparatus of the present disclosure, the determining, according to a general regular expression, whether the english alarm information is valid alarm information may include:
judging whether the English alarm information accords with the shielding rule of the general regular expression or not;
when the English alarm information accords with the shielding rule of the general regular expression, identifying the English alarm information as invalid alarm information;
and when the English alarm information does not accord with the shielding rule of the general regular expression, identifying the English alarm information as effective alarm information.
In some apparatus embodiments of the present disclosure, the network device alarm information optimizing apparatus may further include an update module; the update module may be used to update the generic regular expression on a periodic (or event-triggered) basis.
In some apparatus embodiments of the present description, the periodically updating the generic regular expression may include:
acquiring a full regular expression corresponding to the invalid alarm from the alarm definition table at regular intervals;
the full regular expressions are integrated and processed, so that a new general regular expression is generated;
and replacing the general regular expression with the new general regular expression.
In some embodiments of the apparatus of the present disclosure, the performing, according to an alarm definition table, alarm definition processing on the effective alarm information may include:
determining equipment manufacturer identification corresponding to the effective alarm information according to the IP address in the effective alarm information;
inquiring alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table;
and processing the effective alarm information based on the alarm definition processing logic to obtain corresponding Chinese alarm information and alarm level.
In some apparatus embodiments of the present disclosure, the processing the valid alert information based on the alert definition processing logic may include:
when the alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table has a plurality of regular expressions, each regular expression is used for processing the effective alarm information.
Embodiments of the present description also provide a computer device. As shown in fig. 7, in some embodiments of the present description, the computer device 702 may include one or more processors 704, such as one or more Central Processing Units (CPUs) or Graphics Processors (GPUs), each of which may implement one or more hardware threads. The computer device 702 may also include any memory 706 for storing any kind of information, such as code, settings, data, etc., and in a particular embodiment, a computer program on the memory 706 and executable on the processor 704 that, when executed by the processor 704, may perform the instructions of the network device alert information optimization method described in any of the embodiments above. For example, and without limitation, the memory 706 may include any one or more of the following combinations: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may store information using any technique. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 702. In one case, the computer device 702 can perform any of the operations of the associated instructions when the processor 704 executes the associated instructions stored in any memory or combination of memories. The computer device 702 also includes one or more drive mechanisms 708, such as a hard disk drive mechanism, an optical disk drive mechanism, and the like, for interacting with any memory.
The computer device 702 may also include an input/output interface 710 (I/O) for receiving various inputs (via an input device 712) and for providing various outputs (via an output device 714). One particular output mechanism may include a presentation device 716 and an associated graphical user interface 718 (GUI). In other embodiments, input/output interface 710 (I/O), input device 712, and output device 714 may not be included as just one computer device in a network. The computer device 702 can also include one or more network interfaces 720 for exchanging data with other devices via one or more communication links 722. One or more communication buses 724 couple the above-described components together.
Communication link 722 may be implemented in any manner, for example, through a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. Communication link 722 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to some embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processor to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processor, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processor to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processor to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computer device. Computer readable media, as defined in the specification, does not include transitory computer readable media (transmission media), such as modulated data signals and carrier waves.
It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the present specification embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description embodiments may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present embodiments may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processors that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It should also be understood that, in the embodiments of the present specification, the term "and/or" is merely one association relationship describing the association object, meaning that three relationships may exist. For example, a and/or B may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the embodiments of the present specification. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (7)
1. A method for optimizing alarm information of a network device, comprising:
receiving English alarm information of one or more network devices;
judging whether the English alarm information is effective alarm information or not according to a general regular expression; the general regular expression is obtained by integrating and processing the regular expressions corresponding to the invalid alarms in the alarm definition table; the alarm definition table comprises alarm definition processing logic and alarm level processing suggestions of equipment manufacturers of the network equipment; the regular expression is updated regularly, and the specific updating process comprises the following steps: acquiring a full regular expression corresponding to the invalid alarm from the alarm definition table at regular intervals; the full regular expressions are integrated and processed, so that a new general regular expression is generated; replacing the generic regular expression with the new generic regular expression;
when the English alarm information is invalid alarm information, storing the invalid alarm information into a designated storage path;
when the English alarm information is effective alarm information, carrying out alarm definition processing on the effective alarm information according to an alarm definition table; the alarm definition processing comprises alarm translation and alarm grading processing; the alarm definition processing for the effective alarm information according to the alarm definition table comprises the following steps: determining equipment manufacturer identification corresponding to the effective alarm information according to the IP address in the effective alarm information; inquiring alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table; processing the effective alarm information based on the alarm definition processing logic to obtain corresponding Chinese alarm information and alarm level;
and outputting the Chinese warning information and the warning level corresponding to the effective warning information.
2. The network device alert information optimization method of claim 1, further comprising:
and when a processing request for the specified invalid alarm information in the specified storage path is received, performing alarm definition processing on the specified invalid alarm information according to the alarm definition table.
3. The network device alert information optimization method of claim 1, wherein the determining whether the english alert information is a valid alert information according to a generic regular expression comprises:
judging whether the English alarm information accords with the shielding rule of the general regular expression or not;
when the English alarm information accords with the shielding rule of the general regular expression, identifying the English alarm information as invalid alarm information;
and when the English alarm information does not accord with the shielding rule of the general regular expression, identifying the English alarm information as effective alarm information.
4. The network device alert information optimization method of claim 1, wherein the processing the active alert information based on the alert definition processing logic comprises:
when the alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table has a plurality of regular expressions, each regular expression is used for processing the effective alarm information.
5. A network device alert information optimizing apparatus, comprising:
the receiving module is used for receiving English alarm information of one or more network devices;
the judging module is used for judging whether the English alarm information is effective alarm information or not according to the general regular expression; the general regular expression is obtained by integrating and processing the regular expressions corresponding to the invalid alarms in the alarm definition table; the alarm definition table comprises alarm definition processing logic and alarm level processing suggestions of equipment manufacturers of the network equipment; the regular expression is updated regularly, and the specific updating process comprises the following steps: acquiring a full regular expression corresponding to the invalid alarm from the alarm definition table at regular intervals; the full regular expressions are integrated and processed, so that a new general regular expression is generated; replacing the generic regular expression with the new generic regular expression;
the processing module is used for storing the invalid alarm information into a designated storage path when the English alarm information is the invalid alarm information; when the English alarm information is effective alarm information, carrying out alarm definition processing on the effective alarm information according to an alarm definition table; the alarm definition processing comprises alarm translation and alarm grading processing; the alarm definition processing for the effective alarm information according to the alarm definition table comprises the following steps: determining equipment manufacturer identification corresponding to the effective alarm information according to the IP address in the effective alarm information; inquiring alarm definition processing logic corresponding to the equipment manufacturer identifier in the alarm definition table; processing the effective alarm information based on the alarm definition processing logic to obtain corresponding Chinese alarm information and alarm level;
and the output module is used for outputting the Chinese warning information and the warning level corresponding to the effective warning information.
6. A computer device comprising a memory, a processor, and a computer program stored on the memory, characterized in that the computer program, when being executed by the processor, performs the instructions of the method according to any of claims 1-4.
7. A computer storage medium having stored thereon a computer program, which, when executed by a processor of a computer device, performs the instructions of the method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110873409.4A CN113595794B (en) | 2021-07-30 | 2021-07-30 | Network equipment alarm information optimization method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110873409.4A CN113595794B (en) | 2021-07-30 | 2021-07-30 | Network equipment alarm information optimization method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113595794A CN113595794A (en) | 2021-11-02 |
| CN113595794B true CN113595794B (en) | 2023-08-04 |
Family
ID=78253006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110873409.4A Active CN113595794B (en) | 2021-07-30 | 2021-07-30 | Network equipment alarm information optimization method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113595794B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245360A (en) * | 2015-09-08 | 2016-01-13 | 长威信息科技发展股份有限公司 | Data center operation and maintenance monitoring and alarming white list system |
| CN106487593A (en) * | 2016-10-21 | 2017-03-08 | 国家计算机网络与信息安全管理中心 | A kind of screen method of invalid network management alarm |
| CN111030857A (en) * | 2019-12-06 | 2020-04-17 | 深圳前海微众银行股份有限公司 | Network alarm method, device, system and computer readable storage medium |
-
2021
- 2021-07-30 CN CN202110873409.4A patent/CN113595794B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245360A (en) * | 2015-09-08 | 2016-01-13 | 长威信息科技发展股份有限公司 | Data center operation and maintenance monitoring and alarming white list system |
| CN106487593A (en) * | 2016-10-21 | 2017-03-08 | 国家计算机网络与信息安全管理中心 | A kind of screen method of invalid network management alarm |
| CN111030857A (en) * | 2019-12-06 | 2020-04-17 | 深圳前海微众银行股份有限公司 | Network alarm method, device, system and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 陈鸿辉.综合网管一体化平台的开发及设计.中国优秀博硕士学位论文全文数据库.2011,1-54. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113595794A (en) | 2021-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10656981B2 (en) | Anomaly detection using sequences of system calls | |
| US9594619B2 (en) | Robust hardware fault management system, method and framework for enterprise devices | |
| US20170075746A1 (en) | Information processing device and monitoring method | |
| CN112534432A (en) | Real-time mitigation of unfamiliar threat scenarios | |
| WO2020244307A1 (en) | Vulnerability detection method and apparatus | |
| EP3842974B1 (en) | Information processing device, information processing method, and program | |
| JP2021515498A (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| CN108287769B (en) | Information processing method and device | |
| JP7346688B2 (en) | Information processing device, information processing method and program | |
| JP7191080B2 (en) | Recovery of application functionality through analysis of application behavior requests | |
| CN110674118A (en) | Database management method, database management device, server and computer-readable storage medium | |
| US20240250967A1 (en) | Techniques for resolving contradictory device profiling data | |
| US11805146B2 (en) | System and method for detection promotion | |
| CN113595794B (en) | Network equipment alarm information optimization method, device, equipment and storage medium | |
| CN112817827A (en) | Operation and maintenance method, device, server, equipment, system and medium | |
| CN114679295B (en) | Firewall security configuration method and device | |
| CN115225394A (en) | Message interception method and system based on domain name | |
| CN108512806A (en) | A kind of operation behavior analysis method and server based on virtual environment | |
| CN113569291A (en) | Log mask method and device | |
| CN112583825A (en) | Method and device for detecting abnormality of industrial system | |
| CN113194075B (en) | Access request processing method, device, equipment and storage medium | |
| CN112486755B (en) | Server detection method, detection device, electronic equipment and storage medium | |
| US20210173938A1 (en) | Security risk reduction method and security risk reduction system | |
| CN113505368A (en) | Cloud database SQL statement monitoring method and monitoring system | |
| CN115408686A (en) | Sql abnormity checking method, device, storage medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |