CN113687969A - Alarm information generation method and device, electronic equipment and readable storage medium - Google Patents
Alarm information generation method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN113687969A CN113687969A CN202110866099.3A CN202110866099A CN113687969A CN 113687969 A CN113687969 A CN 113687969A CN 202110866099 A CN202110866099 A CN 202110866099A CN 113687969 A CN113687969 A CN 113687969A
- Authority
- CN
- China
- Prior art keywords
- component
- information
- log
- alarm
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000012544 monitoring process Methods 0.000 claims abstract description 29
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 238000012806 monitoring device Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 230000006399 behavior Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0787—Storage of error reports, e.g. persistent data storage, storage using memory protection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses an alarm information generation method and device, electronic equipment and a readable storage medium. The method comprises the steps of obtaining log information of monitoring equipment; extracting target parameters of each component of the monitoring equipment from the log information, and judging whether a component to be alarmed exists or not based on a preset alarm analysis rule; if the component to be alarmed exists, acquiring the running state information of the associated component of the component to be alarmed; and generating alarm information according to the running state information of the associated component and the target parameter corresponding to the component to be alarmed, so that equipment alarming can be accurately and effectively carried out, and the safe and stable running of the equipment is ensured.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for generating alarm information, an electronic device, and a readable storage medium.
Background
In 5G (5th Generation Mobile Communication Technology, fifth Generation Mobile Communication Technology) and beyond, there are a large number of physical device infrastructures, such as servers, switches, routers, firewalls, SDNs (Software Defined networks), magnetic arrays, distributed storage, and the like. Inevitably, the hardware equipment is abnormal due to various factors such as running time, temperature, abnormal power on and off, abnormal collision and the like, and the service running on the equipment is influenced. Due to the fact that the types of the devices are various and the number of the devices is large, great challenges are brought to device alarm management.
When generating equipment alarm information or equipment alarm, the related art uses whether some basic parameters of some components of the equipment are in an allowable range as a detection standard, that is, after detecting that some parameter exceeds an allowable maximum value or is lower than an allowable minimum value, it is determined that the equipment is suspected to have a fault, and then corresponding alarm information is generated. And the equipment with the parameter within the allowable range is considered not to have a fault, and further, the alarm is not carried out. However, for some devices, although all the current indexes are normal, the devices may fail in a very short time or fail already, and the related art cannot accurately alarm such devices, which is not favorable for the safe and stable operation of the devices.
In view of this, how to accurately and effectively perform device alarm and ensure the safe and stable operation of the device is a technical problem to be solved by technical personnel in the field.
Disclosure of Invention
The application provides an alarm information generation method and device, electronic equipment and a readable storage medium, which can accurately and effectively alarm equipment and ensure safe and stable operation of the equipment.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
an aspect of the embodiments of the present invention provides a method for generating alarm information, including:
acquiring log information of monitoring equipment;
extracting target parameters of each component of the monitoring equipment from the log information, and judging whether a component to be alarmed exists or not based on a preset alarm analysis rule;
if the component to be alarmed exists, acquiring the running state information of the associated component of the component to be alarmed;
and generating alarm information according to the running state information and the target parameters corresponding to the components to be alarmed.
Optionally, the extracting target parameters of each component of the monitoring device from the log information includes:
extracting message keywords, state keywords, position keywords, user behavior keywords and log category information of each component of the monitoring equipment from the log information;
correspondingly, the judging whether the component to be alarmed exists based on the preset alarm analysis rule comprises the following steps:
determining a suspected fault condition in advance based on the occurrence times and duration of various keywords, and generating the preset alarm analysis rule according to the suspected fault condition and the log category information;
if the target keywords with the occurrence times exceeding a time threshold and/or the duration exceeding a time threshold exist and the log category information is a preset category, determining that the component corresponding to the target keywords is the component to be warned.
Optionally, after generating the alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed, the method further includes:
and sending the alarm information to a user side by adopting a notification mode of a corresponding level according to the alarm level corresponding to the alarm information.
Optionally, the obtaining operation state information of the associated component of the component to be warned includes:
inquiring the target component of the same parent object and the state information of the sub-components under the parent object based on the target parameter of the component to be alarmed;
and generating the running state information of the related component of the component to be warned according to the state information of the target component and each sub-component and the data acquired by the sensors arranged on the target component and each sub-component.
Optionally, the generating alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed includes:
generating a fault probability model based on historical operating state data of each component of the monitoring equipment and corresponding fault log records in advance;
calling the fault probability model to obtain the probability of the fault of the associated component of the component to be warned according to the running state information;
and generating the alarm information according to the alarm times and the failure times of the component to be alarmed and the probability of the associated component failing.
Optionally, before the obtaining of the log information of the monitoring device, the method further includes:
responding to a log receiving mode configuration instruction, and setting a receiving address or a receiving port of a log for the monitoring equipment;
and responding to a log collection mode configuration instruction, and configuring the log collection mode into log forwarding or log dumping in a log component of the monitoring equipment.
Optionally, after the log information of the monitoring device is obtained, the method further includes:
and standardizing the log information according to a preset standard format, and storing the standardized log information.
Another aspect of the embodiments of the present invention provides an apparatus for generating alarm information, including:
the log information acquisition module is used for acquiring log information of the monitoring equipment;
the alarm component determination module is used for extracting target parameters of all components of the monitoring equipment from the log information and judging whether the components to be alarmed exist or not based on a preset alarm analysis rule;
the associated information acquisition module is used for acquiring the running state information of the associated component of the component to be warned if the component to be warned exists;
and the alarm information generating module is used for generating alarm information according to the running state information and the target parameter corresponding to the component to be alarmed.
An embodiment of the present invention further provides an electronic device, which includes a processor, and the processor is configured to implement the steps of the alert information generating method according to any one of the preceding items when executing the computer program stored in the memory.
Finally, an embodiment of the present invention provides a readable storage medium, where a computer program is stored on the readable storage medium, and when the computer program is executed by a processor, the steps of the warning information generating method according to any of the foregoing items are implemented.
The technical scheme provided by the application has the advantages that the log collected in the operation process of the equipment is analyzed based on the general log protocol of the equipment, the components suspected to be in fault are determined, whether the associated components operate normally or not is determined by analyzing the operation state information of the components associated with the components suspected to be in fault, so that the components which operate abnormally can be found as early as possible, the fault detection accuracy of the components is improved, the equipment alarm is accurately and effectively carried out, the equipment problem is found and processed as early as possible, the safe and stable operation of the equipment is guaranteed, and the influence and the loss on the customer service are avoided.
In addition, the embodiment of the invention also provides a corresponding implementation device, electronic equipment and a readable storage medium for the alarm information generation method, so that the method has higher practicability, and the device, the electronic equipment and the readable storage medium have corresponding advantages.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the related art, the drawings required to be used in the description of the embodiments or the related art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flow chart of an alarm information generating method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another alarm information generating method according to an embodiment of the present invention;
fig. 3 is a structural diagram of a specific embodiment of an alarm information generating apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram of an embodiment of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and claims of this application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed.
Having described the technical solutions of the embodiments of the present invention, various non-limiting embodiments of the present application are described in detail below.
Referring to fig. 1, fig. 1 is a schematic flow chart of an alarm information generating method according to an embodiment of the present invention, where the embodiment of the present invention may include the following:
s101: and acquiring log information of the monitoring equipment.
The present embodiment may collect all log information of the device to be monitored, that is, the monitoring device, in the operation process according to a fixed period, a fixed frequency, or real time. When collecting the log, the address of the system can be set on the equipment side by the equipment instruction or the graphical interface. If the log of the sub-equipment under the equipment, such as the virtual machine, needs to be collected, the setting can be carried out according to the setting manual matched with the log component of the virtual machine operating system when the network communication between the virtual machine and the system is normal. The implementation process of log collection includes, but is not limited to, device configuration log sending target (syslog), configuration of a log forwarding mode, a device interface query mode, a log proxy mode, manual uploading or automatic uploading, and the like. In order to facilitate subsequent use of the log data, the obtained log information data may be stored locally or in the cloud, and the storage manner includes, but is not limited to, a database, a file, Kafka, ES (elastic search, Lucene-based search server), and the like, as shown in fig. 2. Wherein Kafka is a distributed, partitioned, multi-replica, multi-subscriber, zookeeper-based coordinated distributed logging system. In view of the advantages of the prior Elasticissearch in mass data searching and analyzing, the Elasticissearch can be used for data storage, searching and analyzing. The storage duration of the log information data is determined based on the size of the space where the monitoring equipment is located, for example, the upper limit is MAX% of the total space size, when the space used by the system reaches the upper limit, the oldest log is deleted until the used proportion of the system space is MID%, and the log query analysis efficiency is prevented from being influenced by frequent deletion. The MAX and MID values can be set according to the service requirement, and the default values can be set as MID 65 and MAX 75.
S102: and extracting target parameters of each component of the monitoring equipment from the log information, and judging whether the component to be alarmed exists or not based on a preset alarm analysis rule.
After the log information of the monitoring device is acquired in the previous step, the log stored in the previous step may be periodically analyzed. The log analysis frequency can be preset, and the client can adjust the periodic period according to the service requirement, for example, the frequency can be appropriately increased when the alarm attention is high. The default frequency may be set to be performed once every hour, for example: 1 point, 2 points, 3 points, etc. in the morning. When the log analysis time is reached, the log is searched, the log content is analyzed according to the combination of the monitoring equipment and the component type, the state, the behavior, the level and the like, and an alarm is generated according to different log levels and log analysis frequency. The target parameters in this step include, but are not limited to, monitoring device and component types, operating states, user behaviors, log levels, log analysis frequency, and the like, alarm analysis rules are based on specific values, occurrence frequencies, and durations of these target parameters, and log information of the monitoring device is analyzed based on the alarm analysis rules, so as to determine whether there is a component that needs to be alarmed, that is, a component to be alarmed. Those skilled in the art can customize the alarm analysis rule according to the specific application scenario and the operation service requirement to meet their own requirements.
S103: and if the component to be alarmed exists, acquiring the running state information of the associated component of the component to be alarmed.
The associated components of the embodiment can be components which are mutually auxiliary to the components to be alarmed in position, physical contact and line connection and execute the same task. Information on the operating status of the associated components to improve the efficiency of the whole process, each component and the corresponding associated component may be stored in a specific file in advance. As an optional implementation manner, state information of a target component of the same parent object and sub-components under the parent object may be queried based on a target parameter of a component to be alarmed; and generating the running state information of the related component of the component to be warned according to the state information of the target component and each sub-component and the data acquired by the sensors arranged on the target component and each sub-component.
S104: and generating alarm information according to the running state information and the target parameters corresponding to the components to be alarmed.
In the last step, based on the component generating the alarm and the position information thereof, the information of other sub-components of the whole equipment, such as the numerical values, the states and the attributes of key components of a Central Processing Unit (CPU), a magnetic disk and the like, under the same father object and the father object is inquired, the current state and the numerical values of sensors are recorded, the sensors can be temperature sensors, voltage sensors and the like, the information of a large number of components and associated components of the equipment is recorded, and when a certain component generates the alarm, the states of the associated components and the alarm times of the component are counted to form basic data. When the status of the associated component reaches or is adjacent to the historical alert associated status, the associated component is considered to be abnormal, and the alert can be generated for the associated component. That is, the alarm information generated in this step includes not only the alarm information of the component to be alarmed, but also the alarm information of the associated component of the component to be alarmed.
In the technical scheme provided by the embodiment of the invention, the logs acquired in the operation process of the equipment are analyzed based on the general log protocol of the equipment to determine the components suspected to have faults, and the operation state information of the components associated with the components suspected to have faults is analyzed to determine whether the associated components operate normally, so that the components which operate abnormally can be found as early as possible, the fault detection accuracy of the components is improved, the equipment alarm is accurately and effectively carried out, the equipment problem is found and processed as early as possible, the safe and stable operation of the equipment is ensured, and the influence and the loss on the customer service are avoided.
In the foregoing embodiment, how to perform step S102 is not limited, and the embodiment further provides that extracting target parameters of each component of the monitoring device from the log information includes the following steps:
and extracting message keywords, state keywords, position keywords, user behavior keywords and log category information of each component of the monitoring equipment from the log information. Determining a suspected fault condition in advance based on the occurrence times and duration time of various keywords, and generating a preset alarm analysis rule according to the suspected fault condition and log category information; if the target keywords with the occurrence times exceeding a time threshold and/or the duration exceeding a time threshold exist and the log category information is a preset category, the component corresponding to the target keywords is judged to be the component to be alarmed.
In the present embodiment, message keyword extraction is performed based on currently known device components. For example: the server comprises a backboard, a hard disk, a Central Processing Unit (CPU), a fan, a Graphic Processing Unit (GPU), a logic disk, a memory, a network card, a network port, a Peripheral Component Interface Express (PCIE) slot, a power supply and a Raid (Redundant Arrays of Independent Disks) card; network equipment such as a switch, a router, a firewall and the like comprises a board card, a fan, a power supply, a port and the like; distributed storage nodes, storage pools, snapshots, volumes, and the like. Keyword extraction is performed based on the status, location, etc. of the device components. For example: UP (on), DOWN (off), disconnected (disconnected), connected (connected), successful, failed, enabled, disabled, timeout, sensor _ name, status, state, assert, deassert, etc. And extracting keywords based on user behaviors or operation conditions and the like. For example: UserName, Create, session, Delete, login, logout, modify, etc. Extraction is performed based on log level. For example: debug, Info, notify, Warn, Error, crit, alert, emerg. The alarm generation is performed on various preset keyword combinations, and specifically, the alarm generation and recovery can be performed on the basis of rules such as the occurrence times and the duration of the keywords.
In order to further improve the security of the device and ensure the stable operation of the device, after generating the alarm information according to the operation state information and the target parameter corresponding to the component to be alarmed, the alarm information may be sent to the user side by adopting a notification mode of a corresponding level according to the alarm level corresponding to the alarm information, as shown in fig. 2.
In this embodiment, the alarm notification is notified to the client in different ways according to the alarm level based on the result of the log analysis, for example: slight alerts use email notifications; the moderate alarm uses short message, WeChat and other modes; severe, emergency alerts use telephone number voice announcements, and the like. The lower the alert level, the simpler the way of notification, and the less time-efficient. The higher the alarm level is, the more the notification modes are, and the timeliness is higher; for example: when the alarm level is low, the alarm can be notified through a mail; and when the alarm level is urgent and serious, polling broadcast by remote fixed telephone technology and the like. The notification mode is not limited to mail, short message and the like, and can be applied to the current general notification modes, such as WeChat, client APP message push and the like.
The embodiment can analyze the running state of the equipment in time according to various logs generated during the running of the equipment, generate an alarm and inform a client of the alarm according to the notification rule. The client can find the equipment problem in time, the influence of the equipment on the service system is avoided or reduced, and the loss is reduced.
The above embodiment does not limit how to generate the alarm information, and this embodiment further provides an implementation manner for generating the alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed, where the implementation manner includes:
generating a fault probability model based on historical operating state data of each component of the monitoring equipment and corresponding fault log records in advance; calling a fault probability model according to the running state information to obtain the fault probability of the associated component of the component to be alarmed; and generating alarm information according to the alarm times and the failure times of the components to be alarmed and the probability of the associated components failing.
The failure probability model can be obtained by training an existing network structure such as a convolutional neural network by using training sample data based on any machine learning algorithm, and can output the probability that the current component is abnormal or fails, so that the accuracy of the alarm information can be further improved.
As an optional implementation manner, in order to improve the flexibility and the practicability of the technical solution of the present application and improve the automation degree of the whole process, the present embodiment may further set a log receiving manner and a log collecting manner, which may include the following contents:
responding to a log receiving mode configuration instruction, and setting a receiving address or a receiving port of a log for the monitoring equipment; and responding to the log collection mode configuration instruction, and configuring the log collection mode into log forwarding or log dumping in a log component of the monitoring equipment.
The embodiment supports setting a log receiving mode as a syslog (system log or system record) receiving address and/or receiving port mode on various devices, configuring log forwarding in a log component (rsyslog, logstack) in a device operating system, and collecting logs by using a log dump mode and the like. Wherein rsyslog and logstack are any existing log component.
It is understood that after the log is collected in S101, there is a non-uniform situation due to the log formats of the various devices. In order to facilitate subsequent data analysis and improve the accuracy of the alarm information, the device log can be subjected to format unification processing according to the data content format. The log information can be standardized according to a preset standard format, and the standardized log information is stored. The data content format can be customized according to the requirements of customers, and adjustment is not needed under the default condition.
As an alternative embodiment, the preset standard format may be json, and the preset data content in the preset standard format includes, but is not limited to, a system version, a timestamp, a device type (e.g., server, switch, router, firewall, SDN, magnetic array, distributed storage, etc.), a host name, a host IP, a tag, a process name, a source device, a class, a priority, a generation time, a notification time, a message content, and the like. Those skilled in the art can expand the data content based on the business needs, and the present application is not limited in this respect. If the default data content format does not meet the service requirement, the adjustment can be carried out on the basis of the default data format or the data format is added.
It should be noted that, in the present application, there is no strict sequential execution order among the steps, and as long as a logical order is met, the steps may be executed simultaneously or according to a certain preset order, and fig. 1 and fig. 2 are only schematic manners, and do not represent only such an execution order.
The embodiment of the invention also provides a corresponding device for the warning information generation method, thereby further ensuring that the method has higher practicability. Wherein the means can be described separately from the functional module point of view and the hardware point of view. In the following, the alarm information generating apparatus provided in the embodiment of the present invention is introduced, and the alarm information generating apparatus described below and the alarm information generating method described above may be referred to in a corresponding manner.
Based on the angle of the functional module, referring to fig. 3, fig. 3 is a structural diagram of an alarm information generating device provided in an embodiment of the present invention in a specific implementation, where the device may include:
a log information obtaining module 301, configured to obtain log information of the monitoring device.
And the alarm component determining module 302 is configured to extract target parameters of components of the monitoring device from the log information, and determine whether a component to be alarmed exists based on a preset alarm analysis rule.
The associated information acquiring module 303 is configured to acquire operating state information of an associated component of the component to be warned if the component to be warned exists.
And the alarm information generating module 304 is configured to generate alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed.
Optionally, in some implementations of this embodiment, the above-mentioned alert component determining module 302 may be further configured to: extracting message keywords, state keywords, position keywords, user behavior keywords and log category information of each component of the monitoring equipment from the log information; determining a suspected fault condition in advance based on the occurrence times and duration time of various keywords, and generating a preset alarm analysis rule according to the suspected fault condition and log category information; if the target keywords with the occurrence times exceeding a time threshold and/or the duration exceeding a time threshold exist and the log category information is a preset category, the component corresponding to the target keywords is judged to be the component to be alarmed.
As an optional implementation manner of this embodiment, the apparatus may further include a notification module, configured to send the warning information to the user terminal in a notification manner of a corresponding level according to the warning level corresponding to the warning information.
As another optional implementation manner of this embodiment, the associated information obtaining module 303 may be further configured to: inquiring the target component of the same parent object and the state information of the sub-components under the parent object based on the target parameter of the component to be alarmed; and generating the running state information of the related component of the component to be warned according to the state information of the target component and each sub-component and the data acquired by the sensors arranged on the target component and each sub-component.
As some other implementation manners of this embodiment, the warning information generating module 304 may be further configured to: generating a fault probability model based on historical operating state data of each component of the monitoring equipment and corresponding fault log records in advance; calling a fault probability model according to the running state information to obtain the fault probability of the associated component of the component to be alarmed; and generating alarm information according to the alarm times and the failure times of the components to be alarmed and the probability of the associated components failing.
Optionally, in other embodiments of this embodiment, the apparatus may further include a log configuration module, configured to respond to the log receiving mode configuration instruction, and set a receiving address or a receiving port of the log for the monitoring device; and responding to the log collection mode configuration instruction, and configuring the log collection mode into log forwarding or log dumping in a log component of the monitoring equipment.
Optionally, in some other embodiments of this embodiment, the apparatus may further include a normalization processing module, for normalizing the log information according to a preset standard format, and storing the log information after the normalization processing.
The functions of the functional modules of the alarm information generating device in the embodiment of the present invention may be specifically implemented according to the method in the above method embodiment, and the specific implementation process may refer to the description related to the above method embodiment, which is not described herein again.
Therefore, the embodiment of the invention can accurately and effectively alarm the equipment and ensure the safe and stable operation of the equipment.
The above-mentioned alarm information generating apparatus is described from the perspective of a functional module, and further, the present application also provides an electronic device, which is described from the perspective of hardware. Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 4, the electronic device includes a memory 40 for storing a computer program; a processor 41, configured to implement the steps of the alert information generating method as mentioned in any of the above embodiments when executing the computer program.
The processor 41 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the processor 41 may also be a controller, a microcontroller, a microprocessor or other data processing chip, and the like. The processor 41 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 41 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 41 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content that the display screen needs to display. In some embodiments, processor 41 may further include an AI (Artificial Intelligence) processor for processing computational operations related to machine learning.
Memory 40 may include one or more computer-readable storage media, which may be non-transitory. Memory 40 may also include high speed random access memory as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. The memory 40 may in some embodiments be an internal storage unit of the electronic device, for example a hard disk of a server. The memory 40 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk provided on a server, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 40 may also include both an internal storage unit and an external storage device of the electronic device. The memory 40 can be used for storing application software installed in the electronic device and various data, such as: the code of the program that executes the vulnerability handling method, etc. may also be used to temporarily store data that has been output or is to be output. In this embodiment, the memory 40 is at least used for storing a computer program 401, wherein after being loaded and executed by the processor 41, the computer program can implement the relevant steps of the warning information generating method disclosed in any one of the foregoing embodiments. In addition, the resources stored in the memory 40 may also include an operating system 402, data 403, and the like, and the storage manner may be a transient storage or a permanent storage. Operating system 402 may include, among other things, Windows, Unix, Linux, and the like. The data 403 may include, but is not limited to, data corresponding to the alarm information generation result, and the like.
In some embodiments, the electronic device may further include a display 42, an input/output interface 43, a communication interface 44, alternatively referred to as a network interface, a power supply 45, and a communication bus 46. The display 42 and the input/output interface 43, such as a Keyboard (Keyboard), belong to a user interface, and the optional user interface may also include a standard wired interface, a wireless interface, and the like. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, as appropriate, is used for displaying information processed in the electronic device and for displaying a visualized user interface. The communication interface 44 may optionally include a wired interface and/or a wireless interface, such as a WI-FI interface, a bluetooth interface, etc., typically used to establish a communication connection between an electronic device and other electronic devices. The communication bus 46 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
Those skilled in the art will appreciate that the configuration shown in fig. 4 is not intended to be limiting of the electronic device and may include more or fewer components than those shown, such as sensors 47, for example, to perform various functions.
The functions of the functional modules of the electronic device according to the embodiments of the present invention may be specifically implemented according to the method in the above method embodiments, and the specific implementation process may refer to the description related to the above method embodiments, which is not described herein again.
Therefore, the embodiment of the invention can accurately and effectively alarm the equipment and ensure the safe and stable operation of the equipment.
It is to be understood that, if the alarm information generating method in the above-described embodiment is implemented in the form of a software functional unit and sold or used as a stand-alone product, it may be stored in a computer-readable storage medium. Based on such understanding, the technical solutions of the present application may be substantially or partially implemented in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods of the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), an electrically erasable programmable ROM, a register, a hard disk, a multimedia card, a card type Memory (e.g., SD or DX Memory, etc.), a magnetic Memory, a removable magnetic disk, a CD-ROM, a magnetic or optical disk, and other various media capable of storing program codes.
Based on this, the embodiment of the present invention further provides a readable storage medium, which stores a computer program, and the computer program is executed by a processor, and the steps of the alarm information generating method according to any one of the above embodiments are provided.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For hardware including devices and electronic equipment disclosed by the embodiment, the description is relatively simple because the hardware includes the devices and the electronic equipment correspond to the method disclosed by the embodiment, and the relevant points can be obtained by referring to the description of the method.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The method, the device, the electronic device and the readable storage medium for generating the alarm information provided by the present application are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A method for generating alarm information is characterized by comprising the following steps:
acquiring log information of monitoring equipment;
extracting target parameters of each component of the monitoring equipment from the log information, and judging whether a component to be alarmed exists or not based on a preset alarm analysis rule;
if the component to be alarmed exists, acquiring the running state information of the associated component of the component to be alarmed;
and generating alarm information according to the running state information and the target parameters corresponding to the components to be alarmed.
2. The method for generating alarm information according to claim 1, wherein the extracting target parameters of components of the monitoring device from the log information includes:
extracting message keywords, state keywords, position keywords, user behavior keywords and log category information of each component of the monitoring equipment from the log information;
correspondingly, the judging whether the component to be alarmed exists based on the preset alarm analysis rule comprises the following steps:
determining a suspected fault condition in advance based on the occurrence times and duration of various keywords, and generating the preset alarm analysis rule according to the suspected fault condition and the log category information;
if the target keywords with the occurrence times exceeding a time threshold and/or the duration exceeding a time threshold exist and the log category information is a preset category, determining that the component corresponding to the target keywords is the component to be warned.
3. The method for generating alarm information according to claim 2, wherein after generating alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed, the method further comprises:
and sending the alarm information to a user side by adopting a notification mode of a corresponding level according to the alarm level corresponding to the alarm information.
4. The method according to claim 1, wherein the obtaining the operating state information of the associated component of the component to be warned comprises:
inquiring the target component of the same parent object and the state information of the sub-components under the parent object based on the target parameter of the component to be alarmed;
and generating the running state information of the related component of the component to be warned according to the state information of the target component and each sub-component and the data acquired by the sensors arranged on the target component and each sub-component.
5. The method for generating alarm information according to claim 4, wherein the generating alarm information according to the operating state information and the target parameter corresponding to the component to be alarmed comprises:
generating a fault probability model based on historical operating state data of each component of the monitoring equipment and corresponding fault log records in advance;
calling the fault probability model to obtain the probability of the fault of the associated component of the component to be warned according to the running state information;
and generating the alarm information according to the alarm times and the failure times of the component to be alarmed and the probability of the associated component failing.
6. The warning information generating method according to any one of claims 1 to 5, wherein before the obtaining of the log information of the monitoring device, the method further comprises:
responding to a log receiving mode configuration instruction, and setting a receiving address or a receiving port of a log for the monitoring equipment;
and responding to a log collection mode configuration instruction, and configuring the log collection mode into log forwarding or log dumping in a log component of the monitoring equipment.
7. The warning information generating method according to claim 6, wherein after the obtaining the log information of the monitoring device, further comprising:
and standardizing the log information according to a preset standard format, and storing the standardized log information.
8. An alarm information generating apparatus characterized by comprising:
the log information acquisition module is used for acquiring log information of the monitoring equipment;
the alarm component determination module is used for extracting target parameters of all components of the monitoring equipment from the log information and judging whether the components to be alarmed exist or not based on a preset alarm analysis rule;
the associated information acquisition module is used for acquiring the running state information of the associated component of the component to be warned if the component to be warned exists;
and the alarm information generating module is used for generating alarm information according to the running state information and the target parameter corresponding to the component to be alarmed.
9. An electronic device, comprising a processor and a memory, the processor being configured to implement the steps of the alert information generation method according to any one of claims 1 to 7 when executing a computer program stored in the memory.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the alert information generation method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110866099.3A CN113687969A (en) | 2021-07-29 | 2021-07-29 | Alarm information generation method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110866099.3A CN113687969A (en) | 2021-07-29 | 2021-07-29 | Alarm information generation method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113687969A true CN113687969A (en) | 2021-11-23 |
Family
ID=78578285
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110866099.3A Withdrawn CN113687969A (en) | 2021-07-29 | 2021-07-29 | Alarm information generation method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113687969A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113067729A (en) * | 2021-03-18 | 2021-07-02 | 浪潮思科网络科技有限公司 | Network equipment monitoring method, equipment and medium |
| CN113923103A (en) * | 2021-12-06 | 2022-01-11 | 深圳市城市交通规划设计研究中心股份有限公司 | Alarm method, alarm device, cloud service platform and readable storage medium |
| CN114448716A (en) * | 2022-02-28 | 2022-05-06 | 奇安信科技集团股份有限公司 | Industrial control safety control method, electronic device and storage medium |
| CN114844766A (en) * | 2022-03-25 | 2022-08-02 | 烽台科技(北京)有限公司 | Method and device for building industrial information security guarantee system |
| CN115225460A (en) * | 2022-07-15 | 2022-10-21 | 北京天融信网络安全技术有限公司 | Failure determination method, electronic device, and storage medium |
| CN115348161A (en) * | 2022-08-16 | 2022-11-15 | 中国电信股份有限公司 | Log alarm information generation method and device, electronic equipment and storage medium |
| CN116112341A (en) * | 2022-12-30 | 2023-05-12 | 中国电信股份有限公司 | Network equipment detection method and device, electronic equipment and storage medium |
| CN116155694A (en) * | 2023-04-04 | 2023-05-23 | 深圳中正信息科技有限公司 | Method and device for managing internet of things equipment and readable storage medium |
-
2021
- 2021-07-29 CN CN202110866099.3A patent/CN113687969A/en not_active Withdrawn
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113067729A (en) * | 2021-03-18 | 2021-07-02 | 浪潮思科网络科技有限公司 | Network equipment monitoring method, equipment and medium |
| CN113067729B (en) * | 2021-03-18 | 2022-07-12 | 浪潮思科网络科技有限公司 | Network equipment monitoring method, equipment and medium |
| CN113923103A (en) * | 2021-12-06 | 2022-01-11 | 深圳市城市交通规划设计研究中心股份有限公司 | Alarm method, alarm device, cloud service platform and readable storage medium |
| CN114448716A (en) * | 2022-02-28 | 2022-05-06 | 奇安信科技集团股份有限公司 | Industrial control safety control method, electronic device and storage medium |
| CN114844766A (en) * | 2022-03-25 | 2022-08-02 | 烽台科技(北京)有限公司 | Method and device for building industrial information security guarantee system |
| CN115225460A (en) * | 2022-07-15 | 2022-10-21 | 北京天融信网络安全技术有限公司 | Failure determination method, electronic device, and storage medium |
| CN115225460B (en) * | 2022-07-15 | 2023-11-28 | 北京天融信网络安全技术有限公司 | Fault determination method, electronic device, and storage medium |
| CN115348161A (en) * | 2022-08-16 | 2022-11-15 | 中国电信股份有限公司 | Log alarm information generation method and device, electronic equipment and storage medium |
| CN116112341A (en) * | 2022-12-30 | 2023-05-12 | 中国电信股份有限公司 | Network equipment detection method and device, electronic equipment and storage medium |
| CN116112341B (en) * | 2022-12-30 | 2024-04-30 | 中国电信股份有限公司 | Network equipment detection method and device, electronic equipment and storage medium |
| CN116155694A (en) * | 2023-04-04 | 2023-05-23 | 深圳中正信息科技有限公司 | Method and device for managing internet of things equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113687969A (en) | Alarm information generation method and device, electronic equipment and readable storage medium | |
| US11586972B2 (en) | Tool-specific alerting rules based on abnormal and normal patterns obtained from history logs | |
| US10469307B2 (en) | Predicting computer network equipment failure | |
| WO2020029407A1 (en) | Alarm data management method and apparatus, and computer device and storage medium | |
| CN109361548B (en) | IMS network behavior diagnosis early warning method and device based on active security | |
| CN111309567A (en) | Data processing method and device, database system, electronic equipment and storage medium | |
| CN112395156A (en) | Fault warning method and device, storage medium and electronic equipment | |
| CN111176202A (en) | Safety management method, device, terminal equipment and medium for industrial control network | |
| CN112087462A (en) | Vulnerability detection method and device of industrial control system | |
| CN114996090A (en) | Server abnormity detection method and device, electronic equipment and storage medium | |
| CN114356499A (en) | Kubernetes cluster alarm root cause analysis method and device | |
| CN112529223A (en) | Equipment fault repair method and device, server and storage medium | |
| CN114567538A (en) | Alarm information processing method and device | |
| CN112532435A (en) | Operation and maintenance method, operation and maintenance management platform, equipment and medium | |
| CN115037597A (en) | Fault detection method and equipment | |
| CN114328107A (en) | Monitoring method and system for optomagnetic fusion storage server cluster and electronic equipment | |
| US11263072B2 (en) | Recovery of application from error | |
| CN113220527A (en) | Edge end execution method, cloud end execution method and device | |
| CN109462617B (en) | Method and device for detecting communication behavior of equipment in local area network | |
| CN117220957A (en) | Attack behavior response method and system based on threat information | |
| CN114746844A (en) | Identification of constituent events in an event storm in operations management | |
| CN115102838B (en) | Emergency processing method and device for server downtime risk and electronic equipment | |
| CN115766402A (en) | Method and device for filtering fault root cause of server, storage medium and electronic device | |
| CN114218001A (en) | Fault repairing method and device, electronic equipment and readable storage medium | |
| CN113835961A (en) | Alarm information monitoring method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211123 |
|
| WW01 | Invention patent application withdrawn after publication |