CN113765750A - Non-invasive system survival monitoring system - Google Patents

Non-invasive system survival monitoring system Download PDF

Info

Publication number
CN113765750A
CN113765750A CN202111041690.1A CN202111041690A CN113765750A CN 113765750 A CN113765750 A CN 113765750A CN 202111041690 A CN202111041690 A CN 202111041690A CN 113765750 A CN113765750 A CN 113765750A
Authority
CN
China
Prior art keywords
service
module
monitoring
application service
monitored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111041690.1A
Other languages
Chinese (zh)
Inventor
刘兴惠
李至立
朱良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Vhengdata Technology Co ltd
Original Assignee
Shandong Vhengdata Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Vhengdata Technology Co ltd filed Critical Shandong Vhengdata Technology Co ltd
Priority to CN202111041690.1A priority Critical patent/CN113765750A/en
Publication of CN113765750A publication Critical patent/CN113765750A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Environmental & Geological Engineering (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention relates to a monitoring system, and more particularly to a non-invasive system survival monitoring system. It is an object of the present invention to provide a system for monitoring survival that is low cost and non-invasive. A non-invasive system survival monitoring system comprises a timing task scheduling module, a communication connection establishing module, a detection request sending module and the like; the service state judging module and the abnormal alarming module; a timing task scheduling module: scheduling monitoring tasks at regular time; communication connection establishes the module: establishing a connection with the monitored service; a probe request sending module: for constructing a probe request packet and sending the request packet to the monitored service. The monitored application only carries out normal business service response in the monitoring process, and has no program intrusion on the monitored application service.

Description

Non-invasive system survival monitoring system
Technical Field
The present invention relates to a monitoring system, and more particularly to a non-invasive system survival monitoring system.
Background
At present, an IT information technology is in a high-speed development state, application services become a center of the Internet era, the operation of each key node of the Internet era is borne, one-time calling of a front end can often trigger dozens of or even hundreds of times of calling of a plurality of background services, and the continuous and uninterrupted operation of the services is the most basic and one of the most important parts in an operation and maintenance system. The technology for monitoring the service survival state similar to the technology of the invention at present is that the application service to be monitored sends heartbeat and state packets to the monitoring service regularly or irregularly, if the heartbeat data is not received for a period of time, the agent is considered to have a problem probably.
In the prior art, a heartbeat packet is sent to a monitoring service by a monitored application service, and a reply message returned by the monitoring service is received to judge the state of the monitored application service. In practice, it is found that in the prior art, monitored application services need to be code-embedded, a heartbeat function is increased, certain intrusiveness is achieved, and the operation cost may be higher for an online environment.
There is therefore a need to develop a system for monitoring survival that is cost effective and non-invasive.
Disclosure of Invention
In order to overcome the disadvantages of certain invasiveness and high operation cost for the online environment, the technical problems are as follows: a system for monitoring the survival of a system is provided which is low cost and non-invasive.
The technical scheme is as follows: a non-invasive system survival monitoring system comprises a timing task scheduling module, a communication connection establishing module, a detection request sending module, a service state judging module and an abnormal alarm module; a timing task scheduling module: scheduling monitoring tasks at regular time; communication connection establishes the module: establishing a connection with the monitored service; a probe request sending module: for constructing a probe request packet and sending the request packet to the monitored service. A service state judgment module: for determining the status of the service; an abnormality alarm module: and when the abnormity is detected, alarming in time to inform operation and maintenance personnel.
Optionally, a monitoring service is further included, as a special application service, the monitoring service establishes a communication connection with the monitored application service through a built-in communication connection establishment module.
Optionally, the system for monitoring the application service state further comprises a standby monitoring service, and the monitoring service and the standby service cooperate in a hot standby mode. The monitoring service establishes communication connection with the standby monitoring service through the communication connection establishing module.
Optionally, the method further includes that the monitoring service actively detects the survival status of the application service, the monitoring service establishes a communication connection with the monitored application service, and respectively requests different information of the monitored application service, and the monitored application service returns response information or does not return information.
Optionally, a special application service for monitoring is also included, the service including: the timing module is used for sending a monitoring detection instruction at regular time; the communication connection establishing module is used for establishing connection with the monitored application service; and the state analyzing and judging module is used for analyzing the information responded by the monitored application service and judging the state of the application service.
Optionally, the system further includes a mechanism for determining and monitoring the state of the application service, and the state of each current module of the application service is determined by formulating module information of the application service acquired from each module address of the application service, so as to evaluate and determine the overall state of the application service.
Optionally, the system for monitoring the application service state is further included, the monitoring system includes a standby service, and the monitoring service domain standby service cooperates with the monitoring service domain standby service in a hot standby mode.
The invention has the following advantages:
the monitored application only carries out normal business service response in the monitoring process, does not have any program intrusion to the monitored application service, does not need to carry out additional program development and program maintenance on the monitored application service, and further reduces the development cost and the maintenance cost of the application service for most of the application services.
Drawings
Fig. 1 is a monitoring service workflow diagram.
FIG. 2 is a flow chart of a state resolution determination module.
Fig. 3 is a flow chart of monitoring application service system operation.
Fig. 4 is a flow chart of information interaction between a monitoring service and a standby monitoring service.
Fig. 5 is a flow chart of the backup monitoring service when a monitoring service is out of order.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
A non-invasive system survival monitoring system, as shown in fig. 1-2, includes a timed task scheduling module, a communication connection establishing module, a detection request sending module, a service status judging module and an abnormal alarm module; a timing task scheduling module: scheduling monitoring tasks at regular time; communication connection establishes the module: establishing a connection with the monitored service; a probe request sending module: for constructing a probe request packet and sending the request packet to the monitored service. A service state judgment module: for determining the status of the service; an abnormality alarm module: and when the abnormity is detected, alarming in time to inform operation and maintenance personnel.
The monitored service in the invention is a web service providing HTTP access to the outside, and a plurality of services can be operated on one host computer and distinguished by IP addresses and port numbers. The communication between the monitoring service and the monitored service can adopt a wired or wireless communication mode, and the wired communication mode comprises but is not limited to Ethernet and MODEM communication; wireless communication means include, but are not limited to: WIFI, 2G, 3G, 4G and 5G. No matter what communication method is adopted, the communication between the monitoring service and the monitored service can be realized.
A timing task scheduling module: after a scheduling period is appointed for a global timing task module, the timing scheduling module can perform monitoring task scheduling execution; communication connection establishes the module: establishing connection with the monitored service according to the connection service type provided by the monitored service; a probe request sending module: the module acquires a protocol, a domain name or an IP address, a port, a service address and the like used by the monitored service from a database to construct a detection request packet and sends the detection request packet to the detected service; a service state judgment module: and judging the current state of the application service according to the information returned by the monitored service and by combining with a judgment rule, wherein the judgment rule comprises timeout, 404, 200, 50X, response time and the like. An abnormality alarm module: and after the service state judgment module judges that the abnormal condition exists, prompting the abnormal condition with striking red on a monitoring system interface immediately, inquiring related operation and maintenance personnel and sending abnormal alarm information.
Example 2
On the basis of embodiment 1, as shown in fig. 3, a monitoring service is further included, as a special application service, and the monitoring service establishes a communication connection with the monitored application service through a built-in communication connection establishment module.
When the monitoring service establishes communication connection with the application service to be monitored through the built-in communication connection establishing module, the timing module sends detection requests of different types and different addresses to the application service to be monitored at regular time, and the state analyzing and judging module acquires information of each module of the application service from the address of each module of the application service to judge the current state of each module of the application service, so that the overall state of the application service is evaluated and judged. For example, the address of the login page is requested, and whether basic equipment such as a gateway of the application service is normal or not can be judged; the verification code is requested to obtain an address, and whether a background control system and a cache system of the application service are normal or not can be judged; the request for the order list address may determine whether the database in communication with the application service is normal.
Example 3
On the basis of embodiment 2, as shown in fig. 4, a system for monitoring the application service state is further included, which includes a standby monitoring service, and the monitoring service and the standby service cooperate in a hot standby manner. The monitoring service establishes communication connection with the standby monitoring service through the communication connection establishing module.
When the monitoring service is successfully connected with the standby monitoring service through the communication connection establishing module, the monitoring service sends a monitoring service survival information packet to the standby monitoring service, the standby monitoring service returns service survival information to the monitoring service, the monitoring service monitors and judges the received service survival information, if the survival information is normally received, the standby service is alive, otherwise, the standby service has a problem, needs to give an alarm to inform operation and maintenance personnel, and can detect and monitor the survival state of the main monitoring service.
Example 4
Based on embodiment 3, as shown in fig. 5, a method for actively detecting the survival status of the application service by the monitoring service is further included, the monitoring service establishes a communication connection with the monitored application service, and respectively requests different information of the monitored application service, and the monitored application service returns response information or does not return information.
Also included are special application services for monitoring, including: the timing module is used for sending a monitoring detection instruction at regular time; the communication connection establishing module is used for establishing connection with the monitored application service; and the state analyzing and judging module is used for analyzing the information responded by the monitored application service and judging the state of the application service.
The system also comprises a mechanism for judging and monitoring the state of the application service, and the state of each current module of the application service is judged by formulating the information of each module of the application service acquired from each module address of the application service, so that the overall state of the application service is evaluated and judged.
The system for monitoring the application service state comprises a standby service, and the standby service of the monitoring service domain is matched in a hot standby mode.
The invention can find some possible safety problems by analyzing the information responded by the application service, and the specific analysis method mainly comprises the following steps: the monitored service returns service software information used by the monitored service, including the type and version of the service software, inquires the version and the safety risk list of the service software, and can know the possible safety risk of the monitored service; the monitored service returns cookie information currently set by the monitored service, for some application services with high security requirements, the cookie needs to be disabled, or the cookie cannot contain some sensitive information, and whether the current service has potential safety hazards can be judged by checking whether the cookie exists or not or whether the cookie contains the sensitive information. The monitored service returns the cache information configured by the monitored service, the real-time request cannot be cached, and whether the current cache setting is reasonable or not can be judged by checking the cache information. Meanwhile, when the monitored application service is abnormal and can not work normally or can not work normally, the abnormal state of the monitored application service can be reported to operation and maintenance personnel, the operation and maintenance personnel can know the abnormal information of the monitored application service conveniently, and the application service can be recovered quickly.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (7)

1. A non-invasive system survival monitoring system, characterized by: the system comprises a timing task scheduling module, a communication connection establishing module, a detection request sending module, a service state judging module and an abnormal alarm module; a timing task scheduling module: scheduling monitoring tasks at regular time; communication connection establishes the module: establishing a connection with the monitored service; a probe request sending module: for constructing a probe request packet and sending the request packet to the monitored service. A service state judgment module: for determining the status of the service; an abnormality alarm module: and when the abnormity is detected, alarming in time to inform operation and maintenance personnel.
2. The non-invasive system survival monitoring system according to claim 1, wherein: the monitoring service is used as a special application service, and the monitoring service establishes communication connection with the monitored application service through a built-in communication connection establishing module.
3. A non-invasive system survival monitoring system according to claim 2, wherein: the system for monitoring the application service state comprises a standby monitoring service, and the monitoring service and the standby service are matched in a hot standby mode. The monitoring service establishes communication connection with the standby monitoring service through the communication connection establishing module.
4. A non-invasive system survival monitoring system according to claim 3, wherein: the monitoring service establishes communication connection with the monitored application service, respectively requests different information of the monitored application service, and the monitored application service returns response information or does not return information.
5. The non-invasive system survival monitoring system according to claim 4, wherein: also included are special application services for monitoring, including: the timing module is used for sending a monitoring detection instruction at regular time; the communication connection establishing module is used for establishing connection with the monitored application service; and the state analyzing and judging module is used for analyzing the information responded by the monitored application service and judging the state of the application service.
6. The non-invasive system survival monitoring system according to claim 5, wherein: the system also comprises a mechanism for judging and monitoring the state of the application service, and the state of each current module of the application service is judged by formulating the information of each module of the application service acquired from each module address of the application service, so that the overall state of the application service is evaluated and judged.
7. The non-invasive system survival monitoring system according to claim 6, wherein: the system for monitoring the application service state comprises a standby service, and the standby service of the monitoring service domain is matched in a hot standby mode.
CN202111041690.1A 2021-09-07 2021-09-07 Non-invasive system survival monitoring system Pending CN113765750A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111041690.1A CN113765750A (en) 2021-09-07 2021-09-07 Non-invasive system survival monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111041690.1A CN113765750A (en) 2021-09-07 2021-09-07 Non-invasive system survival monitoring system

Publications (1)

Publication Number Publication Date
CN113765750A true CN113765750A (en) 2021-12-07

Family

ID=78793310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111041690.1A Pending CN113765750A (en) 2021-09-07 2021-09-07 Non-invasive system survival monitoring system

Country Status (1)

Country Link
CN (1) CN113765750A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114429676A (en) * 2022-01-27 2022-05-03 山东纬横数据科技有限公司 Medical institution disinfection supply room personnel identity and behavior recognition system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1791034A (en) * 2004-12-13 2006-06-21 华为技术有限公司 Detecting method
CN103926893A (en) * 2014-04-14 2014-07-16 浪潮电子信息产业股份有限公司 Cloud container data center monitoring system
CN108566317A (en) * 2018-04-27 2018-09-21 深信服科技股份有限公司 Business monitoring method, Cloud Server, storage medium and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1791034A (en) * 2004-12-13 2006-06-21 华为技术有限公司 Detecting method
CN103926893A (en) * 2014-04-14 2014-07-16 浪潮电子信息产业股份有限公司 Cloud container data center monitoring system
CN108566317A (en) * 2018-04-27 2018-09-21 深信服科技股份有限公司 Business monitoring method, Cloud Server, storage medium and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114429676A (en) * 2022-01-27 2022-05-03 山东纬横数据科技有限公司 Medical institution disinfection supply room personnel identity and behavior recognition system

Similar Documents

Publication Publication Date Title
CN1643876B (en) Method and system for reducing the false alarm rate of network intrusion detection systems
JP2004021549A (en) Network monitoring system and program
CN111600863B (en) Network intrusion detection method, device, system and storage medium
EP1890427B1 (en) A system and method for monitoring the device port state
CN104219091A (en) System and method for network operation fault detection
CN102291275A (en) Server cluster monitoring technology and method
CN105045700A (en) Method for monitoring user experience index of application system in real time
JP6220625B2 (en) Delay monitoring system and delay monitoring method
CN113765750A (en) Non-invasive system survival monitoring system
JP2020149390A (en) Cyber attack detector
JP2010198491A (en) Virtual machine server, and virtual machine network monitoring system using the same
CN111131203B (en) External connection monitoring method and device
CN103731315A (en) Server failure detecting method
JP2016197309A (en) Relay and program
CN116055303A (en) Link monitoring processing method and device, electronic equipment and storage medium
CN115174189A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium
JPH1145195A (en) Computer system, abnormality detector and recording medium
CN110521233A (en) Network failure discovery
JP3757072B2 (en) Monitoring method of computer constituting network system
JP4034436B2 (en) Client / server system and client operation monitoring method
JP5155986B2 (en) Monitoring system, monitoring method, monitoring program
JP2007148477A (en) Monitoring system
JP2020170946A (en) Data collection status monitoring device, data collection status monitoring program, data collection status monitoring method, and data collection status monitoring system
CN113630396B (en) Method, device and system for processing network security alarm information
JP5787730B2 (en) Device monitoring server, management method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination