CN113676356A - Alarm information processing method and device, electronic equipment and readable storage medium - Google Patents
Alarm information processing method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN113676356A CN113676356A CN202110997537.XA CN202110997537A CN113676356A CN 113676356 A CN113676356 A CN 113676356A CN 202110997537 A CN202110997537 A CN 202110997537A CN 113676356 A CN113676356 A CN 113676356A
- Authority
- CN
- China
- Prior art keywords
- alarm
- alarm information
- information
- processing
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0604—Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides an alarm information processing method, an alarm information processing device, electronic equipment and a readable storage medium, and relates to the technical field of computers. According to the method, when the alarm information is abnormal alarm, the alarm category to which the alarm information belongs is obtained, then the processing rule corresponding to the alarm category is obtained from the processing rule base, and the alarm information is processed according to the processing rule, so that the equipment can be automatically processed according to the rule preferentially when abnormal alarm occurs, operation and maintenance personnel do not need to be notified, abnormal alarm can be processed in time, and operation and maintenance time is saved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to an alarm information processing method and apparatus, an electronic device, and a readable storage medium.
Background
In order to know the working state of the equipment (such as a server and network equipment) in time, the equipment can be generally monitored, and when the working state of the equipment is abnormal, alarm information is sent out. At present, the method is to directly inform the network management personnel of the alarm information, and the network management personnel processes the alarm information. However, the number of devices that the network administrator needs to face is usually large, and the number of received alarm information may be hundreds or thousands, so that some alarm information cannot be processed in time, and the devices may be in an abnormal state for a long time and cannot be processed.
Disclosure of Invention
An object of the embodiments of the present application is to provide an alarm information processing method, an alarm information processing apparatus, an electronic device, and a readable storage medium, so as to solve the problem that in the prior art, there are many alarm information that cannot be processed in time.
In a first aspect, an embodiment of the present application provides an alarm information processing method, where the method includes: acquiring alarm information; if the alarm information is abnormal alarm, acquiring the alarm category to which the alarm information belongs; acquiring a processing rule corresponding to the alarm category from a processing rule base; and processing the alarm information according to the processing rule.
In the implementation process, when the alarm information is abnormal alarm, the alarm type to which the alarm information belongs is obtained, then the processing rule corresponding to the alarm type is obtained from the processing rule base, and the alarm information is processed according to the processing rule, so that the equipment can be automatically processed according to the rule preferentially when abnormal alarm occurs, operation and maintenance personnel do not need to be notified, the abnormal alarm can be processed in time, and the operation and maintenance time is saved.
Optionally, whether the alarm information is an abnormal alarm is judged by the following method:
judging whether the alarm information is one of abnormal alarm information or not;
if so, determining that the alarm information is abnormal alarm; or outputting the alarm information to a user of the equipment;
and if the received feedback information of the equipment user aiming at the alarm information is abnormal alarm, determining that the alarm information is abnormal alarm.
In the implementation process, whether the alarm information is abnormal or not is judged by equipment users, and the abnormal alarm can be confirmed manually, so that the method is more accurate.
Optionally, after the alarm information is processed according to the processing rule, the method further includes:
if the alarm information is failed to be processed according to the processing rule, outputting prompt information containing a websock interface of the connection equipment to equipment users so as to prompt the equipment users to process the alarm information after the equipment is connected with the equipment through the websock interface.
In the implementation process, when failure of automatic alarm information processing is realized, the equipment user is informed to process, the equipment user can process the alarm information firstly, and the operation and maintenance personnel do not need to be informed, so that the operation and maintenance pressure of the operation and maintenance personnel can be reduced.
Optionally, after outputting, to a device user, a prompt message including a websock interface of the connection device, the method further includes:
and if the equipment user is determined to fail to process the alarm information, outputting prompt information for processing the alarm information to operation and maintenance personnel. Therefore, after the alarm information is failed to be processed according to the processing rule and the equipment user, the operation and maintenance personnel can participate in the processing of the alarm information at last instead of processing the alarm information at the beginning, and therefore the operation and maintenance pressure of the operation and maintenance personnel can be reduced.
Optionally, after outputting, to a device user, a prompt message including a websock interface of the connection device, the method further includes:
and before the websock interface is disconnected, stopping outputting prompt information for processing other alarm information to the equipment user. Therefore, the problem that the burden of equipment users is large due to the fact that prompt information is continuously output to the equipment users can be avoided.
Optionally, the acquiring the alarm information includes:
and acquiring alarm information from a Configuration Management Database (CMDB). The alarm information can be automatically classified through the relevant functions of the CMDB, so that massive alarm information can be rapidly classified.
Optionally, after the alarm information is processed according to the processing rule, the method further includes:
if the alarm information is successfully processed, recording the alarm information into a log, wherein the log also comprises historical alarm information;
analyzing the alarm frequency of various alarm items according to the alarm information in the log;
and outputting prompt information for increasing resources or adjusting an alarm threshold value according to the alarm frequency.
In the implementation process, the alarm frequency of each alarm item can be counted by analyzing the alarm information, so that corresponding prompt information is output, related personnel can know the alarm condition of each alarm item, and data basis is provided for adjusting the alarm condition.
In a second aspect, an embodiment of the present application provides an alarm information processing apparatus, where the apparatus includes:
the information acquisition module is used for acquiring alarm information;
the category acquisition module is used for acquiring the alarm category to which the alarm information belongs if the alarm information is abnormal alarm;
the rule acquisition module is used for acquiring the processing rule corresponding to the alarm category from a processing rule base;
and the alarm processing module is used for processing the alarm information according to the processing rule.
Optionally, whether the alarm information is an abnormal alarm is judged by the following method:
judging whether the alarm information is one of abnormal alarm information or not;
if so, determining that the alarm information is abnormal alarm; or outputting the alarm information to a user of the equipment;
and if the received feedback information of the equipment user aiming at the alarm information is abnormal alarm, determining that the alarm information is abnormal alarm.
Optionally, the alarm processing module is further configured to output, to a device user, prompt information including a websock interface for connecting the device if the alarm information processing fails according to the processing rule, so as to prompt the device user to process the alarm information after the device is connected to the device through the websock interface.
Optionally, the alarm processing module is further configured to output a prompt message for processing the alarm information to an operation and maintenance worker if it is determined that the equipment user fails to process the alarm information.
Optionally, the alarm processing module is further configured to stop outputting prompt information for processing other alarm information to the device user before the websock interface is disconnected.
Optionally, the information obtaining module is configured to obtain the alarm information from a configuration management database CMDB.
Optionally, the alarm processing module is further configured to record the alarm information into a log if the alarm information is successfully processed, where the log further includes historical alarm information; analyzing the alarm frequency of various alarm items according to the alarm information in the log; and outputting prompt information for increasing resources or adjusting an alarm threshold value according to the alarm frequency.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the steps in the method as provided in the first aspect are executed.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, performs the steps in the method as provided in the first aspect above.
Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of an alarm information processing method according to an embodiment of the present application;
fig. 2 is a complete flowchart of an alarm information processing method according to an embodiment of the present application;
fig. 3 is a block diagram of a structure of an alarm information processing apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device for executing an alarm information processing method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be noted that the terms "system" and "network" in the embodiments of the present invention may be used interchangeably. The "plurality" means two or more, and in view of this, the "plurality" may also be understood as "at least two" in the embodiments of the present invention. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" generally indicates that the preceding and following related objects are in an "or" relationship, unless otherwise specified.
The embodiment of the application provides an alarm information processing method, which comprises the steps of obtaining an alarm type to which the alarm information belongs when the alarm information is abnormal, then obtaining a processing rule corresponding to the alarm type from a processing rule base, and processing the alarm information according to the processing rule, so that when the alarm occurs, equipment can automatically process according to the rule, operation and maintenance personnel do not need to be informed, the abnormal alarm can be processed in time, and the operation and maintenance time is saved.
Referring to fig. 1, fig. 1 is a flowchart of an alarm information processing method according to an embodiment of the present application, where the method includes the following steps:
step S110: and acquiring alarm information.
The alarm information is generated when a problem occurs in the operation period of the device, and the device may refer to a server, a network device, a terminal and the like. The equipment can be deployed with a monitoring service, the monitoring service can be used for monitoring the running state of the equipment, alarm information is generated when the equipment is monitored to be abnormal, and the monitoring service can be realized by a Prometheus monitor. The device can also be provided with an alarm service, and the alarm service is used for correspondingly processing the alarm information, namely the alarm service can be used for executing the method.
In some embodiments, the monitoring service may store the alarm information in a Configuration Management Database (CMDB) after acquiring the alarm information, and the alarm service may acquire the alarm information from the CMDB when performing alarm information processing. The CMDB can store and manage various configuration information of equipment, is closely connected with all service support and service delivery processes, supports the operation of the processes, exerts the value of the configuration information and simultaneously ensures the accuracy of data depending on the related processes.
The CMDB comprises several key functions, such as integration, reconciliation, synchronization, mapping, visualization and the like, wherein the integration refers to the fact that information from other data sources can be fully utilized to access the record source attributes contained in the CMDB, a plurality of data sources are combined into one view, and a report containing the information from the CMDB and the other data sources is generated; the reconciliation capability means that the records in the CMDB are ensured not to have repeated phenomena in a plurality of data sources by comparing the matching fields from each data source, the integrity of each configuration project data source in the CMDB is maintained, and the flow is automatically adjusted to ensure that the initial implementation, the manual operation of a database administrator and the field maintenance support work are reduced to the minimum; the synchronization means that the information in the CMDB can reflect the updating condition of the joint data source, the CMDB updating schedule is determined on the basis of the updating frequency of the joint data source, the CMDB is updated according to the approved changes, and the unapproved changes are found out; application mapping and visualization refers to instantiating relationships between applications and understanding dependencies between applications and other components, understanding the impact caused by changes and helping to diagnose problems.
According to the method and the device, the CMDB related functions can be utilized to integrate the alarm information, if the alarm information belonging to the same category is integrated, the CMDB can judge whether the alarm information belongs to the same alarm category or not by obtaining the association among all the alarm information, so that the new alarm information can be classified quickly after the new alarm information is obtained.
It should be noted that the alarm service may obtain newly stored alarm information from the CMDB in real time, or may obtain newly stored alarm information from the CMDB at a certain time interval, where the obtained alarm information includes a plurality of pieces, and after the alarm service obtains a plurality of pieces of alarm information, the alarm service may process each piece of alarm information according to the method of the present application.
Step S120: and if the alarm information is abnormal alarm, acquiring the alarm category to which the alarm information belongs.
After obtaining the alarm information, the alarm service may determine whether the alarm information is an abnormal alarm, and the abnormal alarm may be an alarm that greatly affects the security threat of the device. For example, a keyword in the alarm information may be extracted and matched with an abnormal keyword stored in the device and representing an abnormal alarm, if the keyword is matched, the alarm information is considered to be an abnormal alarm, if the keyword is not matched, the alarm information is considered to be a normal alarm, the normal alarm may refer to an alarm having a small influence on the security threat of the device, and for the normal alarm, the alarm service may not process the alarm information, and the alarm information may be recorded in a log, so that the log is analyzed subsequently. Or, for normal alarm, if the alarm appears for multiple times, the alarm service can determine that the alarm is converted into an abnormal alarm after the set number of times is reached, and then the alarm is processed in the same way.
And if the alarm information is abnormal alarm, acquiring the alarm category to which the alarm information belongs. Specifically, the abnormal alarm may be a trojan program, a memory overflow, and the like, the alarm category corresponding to the abnormal alarm may be a CPU alarm, a memory alarm, a storage alarm, a trojan program, and the like, the alarm service may determine the corresponding alarm category by extracting a keyword in the alarm information, and if the alarm information is a memory overflow caused by insufficient memory usage, it may determine that the alarm category of the alarm information is a memory overflow. The keyword in the alarm information may also be, for example, a process name of the alarm information, and the alarm category may also be determined according to the process name, and if the process name corresponding to the alarm information is a memory process, the alarm category of the alarm information may be determined to be a memory alarm.
Or after the CMDB stores the alarm information, the CMDB can automatically classify the alarm information into the corresponding alarm category, so that after the alarm service reads the alarm information, the CMDB can automatically determine the alarm category to which the alarm information belongs.
Step S130: and acquiring the processing rule corresponding to the alarm category from a processing rule base.
The device may store processing rules set for different alarm categories in advance, and the processing rules are stored in one processing rule base, in other words, the processing rule base includes processing rules corresponding to various alarm categories, and the processing rules may be configured in the processing rule base by operation and maintenance personnel in advance. For example, for an alarm of memory overflow, the corresponding processing rule may be to restart the device after storing information that the device is currently running; for another example, for an alarm of a trojan program, a processing rule corresponding to the alarm may be to trace and trace a source of the trojan program and then intercept the trojan program.
The processing rules can refer to some running scripts, the running scripts can be written into the processing rule base by operation and maintenance personnel in advance, and the running scripts can refer to repair scripts, so that when abnormal alarm occurs, corresponding repair scripts can be automatically run to repair the problems.
It should be noted that, if the alarm category corresponding to the alarm information is not found, a prompt message may be output to a device user or an operation and maintenance person to prompt the device user or the operation and maintenance person to determine the alarm category to which the alarm information belongs, and prompt the device user or the operation and maintenance person to configure the processing rule corresponding to the alarm category. Thus, the alarm service can obtain the processing rule corresponding to the alarm category.
Step S140: and processing the alarm information according to the processing rule.
Therefore, after the processing rule corresponding to the alarm category is obtained in the above steps, the alarm information can be processed according to the processing rule, and if a corresponding repair script is operated, the alarm information can be automatically processed, so that the problem can be repaired, and the stable operation of the equipment can be ensured.
In the implementation process, when the alarm information is abnormal alarm, the alarm category to which the alarm information belongs is acquired, then the processing rule corresponding to the alarm category is acquired from the processing rule base, and the alarm information is processed according to the processing rule, so that the equipment can preferentially realize automatic processing according to the rule when abnormal alarm occurs, operation and maintenance personnel do not need to be notified, abnormal alarm can be timely processed, and operation and maintenance time is saved.
On the basis of the above embodiment, it can also be determined whether the alarm information is an abnormal alarm by: judging whether the alarm information is one of abnormal alarm information or not, and if so, determining that the alarm information is abnormal alarm; or, the alarm information can be output to the equipment user, and if the received feedback information of the equipment user on the alarm information is abnormal alarm, the alarm information is determined to be abnormal alarm.
If the keyword in the alarm information is matched with the abnormal keyword stored in the device and representing the abnormal alarm, if the keyword is matched, the alarm information is represented as one of the abnormal alarm information, and the alarm information is the abnormal alarm.
Or, the alarm service may output alarm information to the device user (referring to the person using the device), such as sending an email, a short message or a WeChat to the device user, where the specific content includes detailed alarm information and prompt information for confirming whether the alarm is an abnormal alarm, therefore, the user of the equipment can check the alarm information through mails, short messages or WeChat, and manually confirm whether the alarm information is abnormal or not, then feeding back to the alarm service through mail, short message or WeChat, if the equipment user confirms that the alarm information is abnormal, the feedback information containing abnormal alarm can be sent to the alarm service through mail, short message or WeChat, if the equipment user confirms that the alarm information is not abnormal alarm, feedback information containing abnormal alarm can be sent to the alarm service through mails, short messages or WeChat, so that the alarm service can determine whether the alarm information is abnormal alarm according to the feedback information. Therefore, whether the alarm information is abnormal or not is judged by the equipment user, the alarm information can be judged more accurately, and the alarm service can more accurately perform corresponding processing on the alarm information.
When the equipment user confirms that the alarm information is normal alarm, the alarm service can close the pushing of the alarm information, namely close the sending of mails, short messages or WeChat to the equipment user to confirm whether the alarm information is abnormal alarm, namely, the alarm service does not send mails, short messages or WeChat to the equipment user for notification after receiving the same alarm information subsequently. In addition, the alarm service can also set the closing time, for example, after the closing time is expired for one day or several hours, the alarm service can continue to send prompt information to the equipment user after receiving the same alarm information. During specific implementation, when the alarm information is closed, the alarm service can record information such as a process name, host information, an IP address and the like corresponding to the alarm information, and therefore after the alarm information is subsequently received, if the process name, the host information, the IP address information and the like of the alarm information are consistent with the recorded information, corresponding prompt information is not output to equipment users within the closing time.
In the implementation process, whether the alarm information is abnormal or not is judged by equipment users, and the abnormal alarm can be confirmed manually, so that the method is more accurate.
On the basis of the above embodiment, if the alarm service processes the alarm information according to the processing rule, if the processing is successful, the alarm information may be recorded in a log, and if the processing is failed, the prompt information including the websock interface for connecting the device may be output to the device user, so as to prompt the device user to process the alarm information after connecting the device through the websock interface.
For example, the alarm service may monitor a processing result after the repair script is run in real time, and if the corresponding problem is not solved after the repair script is run, it indicates that the alarm information is not successfully processed, that is, the processing fails, and at this time, a device user may participate in the processing. The alarm service can send mails, short messages or WeChat to equipment users, the content of the alarm service comprises a websock interface connected with the equipment, and the equipment users can click the websock interface, so that the equipment users can establish connection between the client and the server side, and the equipment users can conveniently process the alarm information.
In the implementation process, when failure of automatic alarm information processing is realized, the equipment user is informed to process, the equipment user can process the alarm information firstly, and the operation and maintenance personnel do not need to be informed, so that the operation and maintenance pressure of the operation and maintenance personnel can be reduced.
On the basis of the above embodiment, after the equipment user processes the alarm information, the alarm service may obtain a processing result, and if the processing result is a processing failure, the alarm service may further output a prompt message for processing the alarm information to the operation and maintenance staff, for example, send the prompt message to the operation and maintenance staff by a mail, a short message, a WeChat, or the like, so as to further notify the operation and maintenance staff to participate in processing the alarm information. Therefore, after the alarm information is failed to be processed according to the processing rule and the equipment user, the operation and maintenance personnel can participate in the processing of the alarm information at last instead of processing the alarm information at the beginning, and therefore the operation and maintenance pressure of the operation and maintenance personnel can be reduced.
After the equipment user processes the alarm information, the equipment user can feed back feedback information of whether the alarm information is successfully processed to the alarm service, so that the alarm service can quickly determine whether the alarm information is successfully processed; or, after the equipment user finishes processing the alarm information, the alarm service automatically monitors whether the problem is repaired, if the problem is repaired (for example, if the alarm information is the alarm information with a high load in a certain process, the alarm service checks whether the load in the process is reduced, and if the load is reduced to a set threshold, the problem is considered to be repaired), the alarm information is determined to be successfully processed, and if the problem is not repaired, the alarm information is determined to be failed to be processed. At the moment, the alarm service can automatically trigger the prompt information to be sent to the operation and maintenance personnel instead of sending the prompt information to the operation and maintenance personnel by the equipment user, so that the operation of the equipment user can be reduced, and the operation and maintenance personnel can be automatically notified to process.
On the basis of the above embodiment, in the process of processing the alarm information by the device user, the alarm service may stop outputting the prompt information for processing other alarm information to the device user, in other words, before the websock interface is disconnected, the alarm service stops outputting the prompt information for processing other alarm information to the device user. Therefore, the problem that the burden of equipment users is large due to the fact that prompt information is continuously output to the equipment users can be avoided.
For example, the alarm service can monitor the state of the websock interface in real time, if the websock interface is in a connected state, it is determined that a device user is still in the process of processing the alarm information, if the websock interface is in a disconnected state, it is determined that the device user completes processing the alarm information, in the process that the websock interface is connected and disconnected, it indicates that the device user is connected with the device through the websock interface and processes the alarm information, in the process, if the alarm service receives other alarm information and needs the device user to process the alarm information, the alarm service stops outputting the prompt information to the device user, but can wait for the websock interface to be disconnected and then sends corresponding prompt information to the device user, so that the problem that the device user does not select which alarm information to be processed preferentially because the device user receives a large amount of prompt information at the same time can be avoided, and may cause the equipment user to see the need to process a large amount of alarm information, creating a negative mood.
On the basis of the above embodiment, if there are a plurality of alarm messages that need to be processed by the device user, the alarm service may sequence the processing urgency levels of the plurality of alarm messages, and then sequentially send prompt messages to the device user according to the processing urgency levels.
For example, the alarm service receives a plurality of alarm messages, and then processes the plurality of alarm messages according to corresponding processing rules, and if none of the processing rules can be processed, it is necessary to send a prompt message to the device user, and if a plurality of prompt messages are sent to the device user at the same time, the device user may not know which alarm message should be processed first, and in order to avoid this problem, the alarm service may sort the plurality of alarm messages according to the processing urgency degree. If the processing emergency degree of the alarm information of the Trojan program is defined to be the highest, then the alarm information of the CPU alarm is given, and then the alarm information of the memory alarm is given, so that the processing emergency degree of each alarm information can be determined according to the alarm category to which each alarm information belongs, then the prompt information of the alarm information with the highest processing emergency degree is preferentially sent to the equipment user, and after the equipment user processes the alarm information, the prompt information of the alarm information with the second processing emergency degree is sent to the equipment user, so that the equipment user can preferentially process the alarm information with the high emergency degree, the stable operation of the equipment can be ensured in time, and the safety threat problem of the equipment can be eliminated in time.
On the basis of the above embodiment, after the alarm information is processed, if the alarm information is successfully processed, the alarm information may be recorded in a log, the log may further include historical alarm information, and then the alarm frequencies of various alarm items may be analyzed according to the alarm information in the log, and prompt information on whether to increase resources or adjust an alarm threshold may be output according to the alarm frequencies.
The alarm items can be divided according to aspects such as CPU, memory, storage and the like, namely the alarm items can be more detailed alarm problems under each alarm category, or the alarm items can be divided according to the alarm categories, and under the condition, the alarm frequency of each alarm category can be obtained.
The alarm frequency can be counted weekly or daily, for example, for an alarm item with the memory usage rate of more than 95%, the alarm frequency in one month or two months can be counted, and then the alarm frequency for alarming every week is obtained, for example, if the alarm frequency is 5 times per week, the alarm frequency is 5. If the alarm frequency is higher than the set value, prompt information about whether to increase resources or adjust the alarm threshold value can be output.
If the alarm threshold value is adjusted by operation and maintenance personnel, then whether to alarm or not can be judged according to the alarm threshold value, if the alarm threshold value corresponding to the memory utilization rate is 90%, then alarm is performed when the memory utilization rate is higher than 90%, and if alarm information is generated.
For example, if the alarm frequency for the memory usage rate is high, it indicates that the memory usage rate is high in most cases, so that the device user can be prompted to increase the alarm threshold and increase resources.
In addition, in some embodiments, the alarm service may further draw the alarm condition of each alarm item into an image and output the image to the operation and maintenance personnel, for example, for the memory usage rate, the value of the memory usage rate in each alarm message is drawn into a histogram and output, so that the operation and maintenance personnel can more intuitively see the alarm condition of each alarm item.
In the implementation process, the alarm frequency of each alarm item can be counted by analyzing the alarm information, so that corresponding prompt information is output, related personnel can know the alarm condition of each alarm item, and data basis is provided for adjusting the alarm condition.
The above-mentioned embodiment is described with reference to fig. 2, and fig. 2 shows a complete flow chart of an alarm information processing method, which includes the following steps:
step S210: the monitoring service stores the alarm information into the CMDB;
step S220: the alarm service informs the user of the equipment to judge whether the alarm information is abnormal;
if the equipment user confirms that the alarm information is normal alarm, executing step S230: closing the alarm of the alarm information and recording the alarm information into a log; if the equipment user confirms that the alarm information is an abnormal alarm, executing step S240: processing the alarm information according to the processing rule corresponding to the alarm category;
if the alarm information processing is successful, executing step S250: closing the alarm of the alarm information and recording the alarm information into a log; if the alarm information processing fails, step S260 is executed: acquiring alternative processing rules through a log analysis module to process alarm information (the processing rules and the alternative processing rules can be set for each alarm category, processing is carried out according to the processing rules, and the alternative processing rules are adopted to process if the processing fails);
if the alarm information is successfully processed by adopting the alternative processing rule, executing step S270: recording the alarm information into a log; if the alarm information is processed for multiple times (for example, three times) by using the alternative processing rule, executing step S280: sending prompt information carrying a websock interface to a device user;
if the equipment user successfully processes the alarm information, executing step S290: closing the alarm of the alarm information and recording the alarm information into a log; if the equipment user fails to process the alarm information, step S291 is executed: sending prompt information for processing alarm information to operation and maintenance personnel;
step S292: and analyzing the alarm information through a log analysis module, for example, acquiring the alarm frequency of various alarm items, and outputting prompt information whether to increase resources or adjust an alarm threshold according to the alarm item frequency.
Therefore, in the application, the alarm information is automatically processed through the alarm service, the problem processing process is realized, the timeliness of problem processing is improved, and some labor cost and operation and maintenance cost are saved.
Referring to fig. 3, fig. 3 is a block diagram of an alarm information apparatus 300 according to an embodiment of the present application, where the apparatus 300 may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus 300 corresponds to the above-mentioned embodiment of the method of fig. 1, and can perform various steps related to the embodiment of the method of fig. 1, and the specific functions of the apparatus 300 can be referred to the above description, and the detailed description is appropriately omitted here to avoid redundancy.
Optionally, the apparatus 300 comprises:
an information obtaining module 310, configured to obtain alarm information;
a category obtaining module 320, configured to obtain an alarm category to which the alarm information belongs if the alarm information is an abnormal alarm;
a rule obtaining module 330, configured to obtain a processing rule corresponding to the alarm category from a processing rule base;
and the alarm processing module 340 is configured to process the alarm information according to the processing rule.
Optionally, whether the alarm information is an abnormal alarm is judged by the following method:
judging whether the alarm information is one of abnormal alarm information or not;
if so, determining that the alarm information is abnormal alarm; or outputting the alarm information to a user of the equipment;
and if the received feedback information of the equipment user aiming at the alarm information is abnormal alarm, determining that the alarm information is abnormal alarm.
Optionally, the alarm processing module 340 is further configured to, if the alarm information is failed to be processed according to the processing rule, output a prompt message including a websock interface for connecting a device to a device user, so as to prompt the device user to process the alarm information after connecting the device through the websock interface.
Optionally, the alarm processing module 340 is further configured to output a prompt message for processing the alarm information to an operation and maintenance worker if it is determined that the equipment user fails to process the alarm information.
Optionally, the alarm processing module 340 is further configured to stop outputting a prompt message for processing other alarm information to the device user before the websock interface is disconnected.
Optionally, the information obtaining module 310 is configured to obtain the alarm information from a configuration management database CMDB.
Optionally, the alarm processing module 340 is further configured to record the alarm information into a log if the alarm information is successfully processed, where the log further includes historical alarm information; analyzing the alarm frequency of various alarm items according to the alarm information in the log; and outputting prompt information for increasing resources or adjusting an alarm threshold value according to the alarm frequency.
It should be noted that, for the convenience and brevity of description, the specific working procedure of the above-described apparatus may refer to the corresponding procedure in the foregoing method embodiment, and the description is not repeated herein.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device for executing an alarm information processing method according to an embodiment of the present application, where the electronic device may include: at least one processor 410, such as a CPU, at least one communication interface 420, at least one memory 430, and at least one communication bus 440. Wherein the communication bus 440 is used to enable direct connection communication of these components. In this embodiment, the communication interface 420 of the device in this application is used for performing signaling or data communication with other node devices. The memory 430 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 430 may optionally be at least one memory device located remotely from the aforementioned processor. The memory 430 stores computer readable instructions, which when executed by the processor 410, cause the electronic device to perform the method processes described above with reference to fig. 1.
It will be appreciated that the configuration shown in fig. 4 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 4 or may have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the method processes performed by an electronic device in the method embodiment shown in fig. 1.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: acquiring alarm information; if the alarm information is abnormal alarm, acquiring the alarm category to which the alarm information belongs; acquiring a processing rule corresponding to the alarm category from a processing rule base; and processing the alarm information according to the processing rule.
To sum up, the embodiment of the present application provides an alarm information processing method, an alarm information processing apparatus, an electronic device, and a readable storage medium, where when an alarm information is an abnormal alarm, an alarm category to which the alarm information belongs is obtained, then a processing rule corresponding to the alarm category is obtained from a processing rule base, and the alarm information is processed according to the processing rule, so that when the abnormal alarm occurs, the device can preferentially implement automatic processing according to the rule, and does not need to notify operation and maintenance personnel, and can timely process the abnormal alarm, thereby saving operation and maintenance time.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. An alarm information processing method, characterized by comprising:
acquiring alarm information;
if the alarm information is abnormal alarm, acquiring the alarm category to which the alarm information belongs;
acquiring a processing rule corresponding to the alarm category from a processing rule base;
and processing the alarm information according to the processing rule.
2. The method of claim 1, wherein determining whether the alert information is an abnormal alert is performed by:
judging whether the alarm information is one of abnormal alarm information or not;
if so, determining that the alarm information is abnormal alarm; or
Outputting the alarm information to a user of the equipment;
and if the received feedback information of the equipment user aiming at the alarm information is abnormal alarm, determining that the alarm information is abnormal alarm.
3. The method of claim 1, wherein after processing the alarm information according to the processing rule, further comprising:
if the alarm information is failed to be processed according to the processing rule, outputting prompt information containing a websock interface of the connection equipment to equipment users so as to prompt the equipment users to process the alarm information after the equipment is connected with the equipment through the websock interface.
4. The method of claim 3, wherein after outputting the prompt message to the device user including the websock interface of the connected device, the method further comprises:
and if the equipment user is determined to fail to process the alarm information, outputting prompt information for processing the alarm information to operation and maintenance personnel.
5. The method of claim 3, wherein after outputting the prompt message to the device user including the websock interface of the connected device, the method further comprises:
and before the websock interface is disconnected, stopping outputting prompt information for processing other alarm information to the equipment user.
6. The method of claim 1, wherein the obtaining alert information comprises:
and acquiring alarm information from a Configuration Management Database (CMDB).
7. The method according to any one of claims 1-6, wherein after processing the alarm information according to the processing rule, further comprising:
if the alarm information is successfully processed, recording the alarm information into a log, wherein the log also comprises historical alarm information;
analyzing the alarm frequency of various alarm items according to the alarm information in the log;
and outputting prompt information for increasing resources or adjusting an alarm threshold value according to the alarm frequency.
8. An alarm information processing apparatus, characterized in that the apparatus comprises:
the information acquisition module is used for acquiring alarm information;
the category acquisition module is used for acquiring the alarm category to which the alarm information belongs if the alarm information is abnormal alarm;
the rule acquisition module is used for acquiring the processing rule corresponding to the alarm category from a processing rule base;
and the alarm processing module is used for processing the alarm information according to the processing rule.
9. An electronic device comprising a processor and a memory, the memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110997537.XA CN113676356A (en) | 2021-08-27 | 2021-08-27 | Alarm information processing method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110997537.XA CN113676356A (en) | 2021-08-27 | 2021-08-27 | Alarm information processing method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113676356A true CN113676356A (en) | 2021-11-19 |
Family
ID=78547175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110997537.XA Pending CN113676356A (en) | 2021-08-27 | 2021-08-27 | Alarm information processing method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113676356A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338350A (en) * | 2021-12-30 | 2022-04-12 | 北京汇通天下物联科技有限公司 | Alarm method, alarm device, electronic equipment and computer storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070107052A1 (en) * | 2003-12-17 | 2007-05-10 | Gianluca Cangini | Method and apparatus for monitoring operation of processing systems, related network and computer program product therefor |
| CN105049270A (en) * | 2015-08-31 | 2015-11-11 | 北京奇艺世纪科技有限公司 | Information processing method, device and system |
| CN108737182A (en) * | 2018-05-22 | 2018-11-02 | 平安科技(深圳)有限公司 | The processing method and system of system exception |
| CN110166297A (en) * | 2019-05-22 | 2019-08-23 | 平安信托有限责任公司 | O&M method, system, equipment and computer readable storage medium |
| CN111522704A (en) * | 2020-03-04 | 2020-08-11 | 平安科技(深圳)有限公司 | Alarm information processing method, device, computer device and storage medium |
| CN111862547A (en) * | 2020-07-16 | 2020-10-30 | 湖北航天保华科技股份有限公司 | Intelligent alarm system based on power supply cabinet in inside anomaly |
| CN112765161A (en) * | 2020-12-30 | 2021-05-07 | 北京奇艺世纪科技有限公司 | Alarm rule matching method and device, electronic equipment and storage medium |
| CN112799909A (en) * | 2021-01-26 | 2021-05-14 | 上海瀚银信息技术有限公司 | Automatic management system and method for server |
-
2021
- 2021-08-27 CN CN202110997537.XA patent/CN113676356A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070107052A1 (en) * | 2003-12-17 | 2007-05-10 | Gianluca Cangini | Method and apparatus for monitoring operation of processing systems, related network and computer program product therefor |
| CN105049270A (en) * | 2015-08-31 | 2015-11-11 | 北京奇艺世纪科技有限公司 | Information processing method, device and system |
| CN108737182A (en) * | 2018-05-22 | 2018-11-02 | 平安科技(深圳)有限公司 | The processing method and system of system exception |
| CN110166297A (en) * | 2019-05-22 | 2019-08-23 | 平安信托有限责任公司 | O&M method, system, equipment and computer readable storage medium |
| CN111522704A (en) * | 2020-03-04 | 2020-08-11 | 平安科技(深圳)有限公司 | Alarm information processing method, device, computer device and storage medium |
| CN111862547A (en) * | 2020-07-16 | 2020-10-30 | 湖北航天保华科技股份有限公司 | Intelligent alarm system based on power supply cabinet in inside anomaly |
| CN112765161A (en) * | 2020-12-30 | 2021-05-07 | 北京奇艺世纪科技有限公司 | Alarm rule matching method and device, electronic equipment and storage medium |
| CN112799909A (en) * | 2021-01-26 | 2021-05-14 | 上海瀚银信息技术有限公司 | Automatic management system and method for server |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338350A (en) * | 2021-12-30 | 2022-04-12 | 北京汇通天下物联科技有限公司 | Alarm method, alarm device, electronic equipment and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109726072B (en) | WebLogic server monitoring and alarming method, device and system and computer storage medium | |
| US7213176B2 (en) | Adaptive log file scanning utility | |
| US20160042289A1 (en) | Systems and methods for adaptive thresholding using maximum concentration intervals | |
| US11799748B2 (en) | Mitigating failure in request handling | |
| KR20180037342A (en) | Application software error monitoring, statistics management service and solution method. | |
| WO2015187001A2 (en) | System and method for managing resources failure using fast cause and effect analysis in a cloud computing system | |
| CN114924990A (en) | Abnormal scene testing method and electronic equipment | |
| US9405657B2 (en) | Application architecture assessment system | |
| CN113676356A (en) | Alarm information processing method and device, electronic equipment and readable storage medium | |
| CN107908525B (en) | Alarm processing method, equipment and readable storage medium | |
| CN111756778A (en) | Server disk cleaning script pushing method and device and storage medium | |
| CN111835566A (en) | System fault management method, device and system | |
| CN111475495A (en) | Mass analysis method, system and storage medium based on big data | |
| CN113742400B (en) | Network data acquisition system and method based on self-adaptive constraint conditions | |
| CN115391141A (en) | Database flow analysis method, device, equipment and readable storage medium | |
| CN112131090B (en) | Service system performance monitoring method, device, equipment and medium | |
| CN112965793B (en) | Identification analysis data-oriented data warehouse task scheduling method and system | |
| CN113220379B (en) | Task processing method and device, electronic equipment and readable storage medium | |
| CN110362464B (en) | Software analysis method and equipment | |
| CN113900902A (en) | Log processing method and device, electronic equipment and storage medium | |
| CN113835916A (en) | Ambari big data platform-based alarm method, system and equipment | |
| CN114301904A (en) | Monitoring method and device for big data cluster, monitoring system and readable storage medium | |
| US10296967B1 (en) | System, method, and computer program for aggregating fallouts in an ordering system | |
| CN109002480A (en) | A kind of data processing method and server | |
| CN111061609A (en) | Log monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |