CN113992495B

CN113992495B - Alarm information processing method and device, computer equipment and storage medium

Info

Publication number: CN113992495B
Application number: CN202111202529.8A
Authority: CN
Inventors: 吴仲阳; 许广洋; 李家炎; 熊慧君
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2021-10-15
Filing date: 2021-10-15
Publication date: 2024-02-02
Anticipated expiration: 2041-10-15
Also published as: CN113992495A

Abstract

The application relates to a method, a device, computer equipment and a storage medium for processing alarm information. Applied to a computer network system, the computer network system comprises a plurality of network devices and an alarm monitoring system, the method comprises: acquiring alarm information of a computer network system in a preset time period; filtering the alarm information according to the first associated information and/or the second associated information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices; and outputting an alarm information filtering result, wherein the alarm information filtering result is used for indicating that the computer network system is subjected to fault identification based on the target alarm information. The method can realize automatic alarm aggregation based on the algorithm based on the relevance information of the network equipment in the comprehensive network system, and improve the efficiency and accuracy of the alarm information aggregation.

Description

Alarm information processing method and device, computer equipment and storage medium

Technical Field

The present invention relates to the field of network technologies, and in particular, to a method and apparatus for processing alarm information, a computer device, and a storage medium.

Background

The rapid development of new technologies such as artificial intelligence, big data, cloud computing and the like makes the whole data center network more and more complex. When network faults occur, the generated network alarms are more complicated, so that the difficulty of network operation and maintenance is higher and higher.

Network alarms are an important basis and window for network operators to master and handle network failures. At present, when operation and maintenance personnel remove network faults, each alarm message needs to be checked one by one to check and treat the fault reasons. The operation and maintenance personnel can also process the related alarm information as one alarm information.

However, the number of network alarms is huge, and one piece of fault alarm information often derives many other alarm information to cause interference to the obstacle removal of network operation and maintenance personnel. Moreover, network operation and maintenance personnel find out the association relation of alarm information to easily cause omission, so that network faults cannot be positioned quickly, and the fault removing process is complex and the fault removing efficiency is low.

Disclosure of Invention

The method, the device, the computer equipment and the storage medium for processing the alarm information can automatically aggregate the alarm information in the network system, and improve the obstacle removing efficiency of network operation and maintenance personnel.

In a first aspect, a method for processing alarm information is provided, which is applied to a computer network system, where the computer network system includes a plurality of network devices and an alarm monitoring server, and the method includes: acquiring alarm information of a computer network system in a preset time period; filtering the alarm information according to the first associated information and/or the second associated information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices; and outputting an alarm information filtering result, wherein the alarm information filtering result is used for indicating that the computer network system is subjected to fault identification based on the target alarm information.

With reference to the first aspect, in a possible implementation manner of the first aspect, the method further includes: acquiring at least one of a physical port connection relationship between a plurality of network devices and a logical port connection relationship between the plurality of network devices and user configurable port parameters of the plurality of network devices; the first association information is determined based on user configurable port parameters of the plurality of network devices and at least one of physical port connection relationships between the plurality of network devices and logical port connection relationships between the plurality of network devices.

With reference to the first aspect, in one possible implementation manner of the first aspect, acquiring a physical port connection relationship between a plurality of network devices includes: determining a physical port connection relationship between first-class network devices based on a neighbor discovery protocol; the first type of network equipment is network equipment supporting a neighbor discovery protocol in a plurality of network equipment; acquiring a port connection record table, and determining a physical port connection relation between the second-class devices based on the port connection record table; the second type of network device is a network device of the plurality of network devices that does not support a neighbor discovery protocol.

With reference to the first aspect, in a possible implementation manner of the first aspect, the logical port connection relationship between the plurality of network devices further includes a connection relationship of logical ports between virtual network elements running on different network devices.

With reference to the first aspect, in a possible implementation manner of the first aspect, the method further includes: acquiring an identifier of a network device, a logical port used for communication by the network device and an association relation among physical ports used for communication by the network device; the second association information is determined based on an association relationship between the identity of the network device, the logical port the network device uses to communicate, and the physical port the network device uses to communicate.

With reference to the first aspect, in a possible implementation manner of the first aspect, filtering the alarm information according to the first association information to obtain target alarm information includes: n network devices with relevance are determined according to the first relevance information, and network devices with priority lower than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the time of occurrence of the alarm; and filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value from the alarm information to obtain target alarm information.

With reference to the first aspect, in one possible implementation manner of the first aspect, filtering the alarm information according to the first association information and the second association information to obtain target alarm information includes: n network devices with relevance are determined according to the first relevance information, and network devices with priority lower than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the time of occurrence of the alarm; filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the alarm information to obtain initial alarm information; for each network device with priority higher than a preset threshold value in N network devices, determining a target logical port and a target physical port with relevance in each network device according to the second association information; and filtering the alarm information corresponding to the target logical port in each network device in the initial alarm information to obtain target alarm information.

In a second aspect, there is provided an apparatus for processing alarm information, the apparatus comprising: the acquisition module is used for acquiring alarm information of the computer network system in a preset time period; the filtering module is used for filtering the alarm information according to the first associated information and/or the second associated information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices; the output module is used for outputting an alarm information filtering result which is used for indicating that the computer network system is subjected to fault identification based on the target alarm information.

In a third aspect, a computer device is provided comprising a memory and a processor, the memory storing a computer program. The steps of the method described in the first aspect or any one of the possible implementation manners of the first aspect are implemented when the processor executes a computer program.

In a fourth aspect, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method described in the first aspect or any one of the possible implementations of the first aspect.

The application provides a processing method, a processing device, computer equipment and a storage medium of alarm information, which can collect the association information of communication ports among a plurality of network equipment in a network system and the association information among different communication ports of the network equipment. The server can automatically acquire the alarm information which occurs simultaneously and has the relevance based on the relevance information, and perform aggregation processing. And finally, outputting an alarm information filtering result for operation and maintenance personnel to perform fault identification. Therefore, compared with the traditional method that the network alarm information is aggregated according to the incomplete network equipment association information, the method and the device can collect the comprehensive network equipment association information in the network system, realize automatic alarm information filtering processing based on an algorithm, avoid influence caused by human factors, and improve the alarm processing efficiency and accuracy.

Drawings

FIG. 1 is an application environment diagram of a method for processing alert information in one embodiment;

FIG. 2 is a flow chart of a method for processing alarm information in one embodiment;

FIG. 3 is another flow chart of a method for processing alarm information in one embodiment;

FIG. 4 is another flow chart of a method for processing alarm information in one embodiment;

FIG. 5 is another flow chart of a method for processing alarm information in one embodiment;

FIG. 6 is another flow chart of a method for processing alarm information in one embodiment;

FIG. 7 is a flow chart of a method for processing alarm information according to an embodiment;

FIG. 8 is a process diagram of a method for processing alert information in one embodiment;

FIG. 9 is a block diagram of an apparatus for processing alarm information in one embodiment;

FIG. 10 is another block diagram of an apparatus for processing alert information in one embodiment;

FIG. 11 is another block diagram of an apparatus for processing alert information in one embodiment;

fig. 12 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.

The alarm information processing method provided by the application can be applied to a computer network system shown in figure 1. The computer network system includes a plurality of network devices 10 and an alarm monitoring system 20. The alarm monitoring system 20 includes an alarm monitoring server 30 and an interface 40. The network device 10 is a network device that generates alarm information; the alarm monitoring server 30 may monitor, collect and process alarm information generated by the network device 10. The operation and maintenance personnel can access the alarm monitoring server 30 through the interface 40 to obtain the alarm information filtering result of the alarm monitoring server 30.

Wherein the network device 10 may be, but is not limited to, various computer devices, routing devices, servers, switches, etc.; the alarm monitoring server 30 may be implemented by a stand-alone server or a server cluster composed of a plurality of servers; the interface 40 may be an application program interface (application programming interface, API) or a graphical user interface (graphical user interface, GUI). The embodiments of the present application are not limited in this regard.

The current aggregation of the alarm information of the network system is mainly based on the human discovery of the relevance among the alarm information and the aggregation. The relevance of the alarm information is found manually, so that omission is easy to cause, the accuracy of alarm aggregation is low, and the efficiency of alarm aggregation is low due to the fact that the alarm information is aggregated manually. Therefore, the problem of lower accuracy and efficiency of alarm aggregation exists at present.

Based on this, the embodiment of the application provides an alarm information aggregation method, which can improve the accuracy and efficiency of network alarm information aggregation. Fig. 2 is a flow chart of a processing method of alarm information provided in an embodiment of the present application, including the following steps:

step 201, acquiring alarm information of a computer network system in a preset time period;

In the embodiment of the application, the alarm information which is simultaneously generated and has the relevance can be aggregated, so that the processing amount of the alarm information is reduced. Therefore, a preset time length is set, the alarm information in the preset time length is the alarm information which happens simultaneously, and the aggregation processing can be performed based on the alarm information in the preset time length.

In one possible implementation manner, from the starting time of the preset duration, the alarm information in the preset duration is added into the buffer queue. When the time limit of the preset time length is reached, all the alarm information is read from the buffer queue, namely the alarm information generated by the computer network system in the preset time length.

Step 202, filtering the alarm information according to the first associated information and/or the second associated information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices;

in the embodiment of the application, filtering the alarm information means filtering out a part of alarm information in the alarm information, and reserving the rest alarm information to reduce the processing amount of the alarm information. The aggregation processing of the alarm information is completed.

The aggregation of the simultaneous alarm information is based on the alarm information with the relevance. Specifically, most of alarm information in a group of alarm information which occurs simultaneously and has relevance is filtered, only one or a few alarms which can represent the group of alarm information are reserved, and the aggregation processing of the alarm information with relevance is completed. Alarm information from the same port (e.g., logical port or physical port) may be considered as alarm information with association, or alarm information from the same network device may be considered as alarm information with association. Therefore, massive alarm information can be aggregated according to the relevance between ports or the relevance between network devices, so that the alarm information processing capacity of the monitoring system is reduced.

In one possible implementation manner, the association information of the communication ports between the plurality of network devices may be determined according to the first association information, and the alarm information with the association may be determined from the alarm information occurring in the preset duration based on the association information. And then filtering the obtained alarm information with the relevance, filtering part of the alarm information, and reserving the rest alarm information, namely the target alarm information.

In one possible implementation manner, the association information between different communication ports of the network device may be determined according to the second association information, and the alarm information with the association may be determined from the alarm information occurring in the preset duration based on the association information. And then filtering the obtained alarm information with the relevance, filtering part of the alarm information, and reserving the rest alarm information, namely the target alarm information.

In one possible implementation manner, the alarm information with the correlation can be determined according to the correlation information of the communication ports between the first correlation information and the second correlation information and the correlation information between different communication ports of the network equipment, and the alarm information with the correlation in the alarm information occurring in the preset duration is determined based on the two kinds of correlation information. And then filtering the obtained alarm information with the relevance, filtering part of the alarm information, and reserving the rest alarm information, namely the target alarm information.

It should be noted that, the network devices corresponding to the alarm information occurring within the preset duration are not necessarily all the network devices in the network system, and are not necessarily all the network devices in the network system that generate the alarm. For example, there are 100 network devices in a network system, 20 network devices that generate alarms, 9 network devices that generate alarms within one of the preset durations, and the remaining 11 network devices that generate alarms before or after the preset duration. The embodiment of the application is based on the alarm information corresponding to the network equipment with the alarm in a preset time period.

And 203, outputting an alarm information filtering result, wherein the alarm information filtering result is used for indicating that the computer network system is subjected to fault identification based on the target alarm information.

In the embodiment of the application, after the aggregation processing of the alarm information is completed, an alarm information filtering result is output, wherein the alarm information filtering result comprises a plurality of target alarm information with relevance. The network operation and maintenance personnel or the operation and maintenance personnel of the monitoring system can carry out barrier removal processing on the network system based on the specific content of the alarm information filtering result.

In one possible implementation manner, after the alarm aggregation server completes the aggregation processing of the alarm information, the alarm information filtering result can be transmitted to a personal computer of the operation and maintenance personnel through an interface in a file form for the operation and maintenance personnel to check. The alarm information filtering result can be transmitted to a display through an interface and displayed on the display for operation and maintenance personnel to check.

The alarm information filtering result may include the target alarm information and the network device or the specific communication port of the network device corresponding to the target alarm information. The alarm information filtering result is used for indicating the operation and maintenance personnel to perform fault identification and processing work on the computer network system based on the content of the alarm information filtering result.

The application provides a processing method of alarm information, which can collect the association information of communication ports among a plurality of network devices in a network system and the association information among different communication ports of the network devices. The server can automatically acquire the alarm information which occurs simultaneously and has the relevance based on the relevance information, and perform aggregation processing. And finally, outputting an alarm information filtering result for operation and maintenance personnel to perform fault identification. Therefore, compared with the traditional method that the network alarm information is aggregated according to the incomplete network equipment association information, the method and the device can collect the comprehensive network equipment association information in the network system, realize automatic alarm information filtering processing based on an algorithm, avoid influence caused by human factors, and improve the alarm processing efficiency and accuracy.

In the method provided by the embodiment of the present application, the first association information including the configuration information and the relationship information may be further determined based on at least one of the port connection relationships between the plurality of network devices and the configuration port parameters of the plurality of network devices. Specifically, the method comprises the steps shown in fig. 3:

Step 301, obtaining at least one of a physical port connection relationship between a plurality of network devices and a logical port connection relationship between a plurality of network devices and user configurable port parameters of the plurality of network devices;

according to the method and the device for processing the alarm information, the alarm information is aggregated based on the relevance among the alarm information, and the relevance information among the network devices can be acquired first, so that the relevance among the alarm information corresponding to the network devices can be determined based on the relevance information among the network devices.

In a specific implementation, at least one of a physical port connection relationship between a plurality of network devices and a logical port connection relationship between a plurality of network devices and a user configurable port parameter of the network device may be obtained.

The user configurable port parameter of the network device is various parameter information which can be configured by a user in the network device, including an IP address of the network device, an IP address of an interface of the network device, and the like. The physical port connection relationship between the plurality of network devices is relationship information between the plurality of network devices connected through the physical ports and the network lines. The logical port connection relationship between the plurality of network devices is relationship information between the plurality of network devices connected by logical ports, protocols, and the like.

In one possible implementation, a physical port connection relationship between a plurality of network devices and a user configurable port parameter of the network device may be obtained; the logical port connection relation among a plurality of network devices can be obtained, and the user configurable port parameters of the network devices can be obtained; physical port connection relationships between a plurality of network devices, logical port connection relationships between a plurality of network devices, and user configurable port parameters of the network devices may be obtained.

In one possible implementation, the user-configurable port parameters of the network device may be obtained by viewing and recording the network device. The physical port connection relationship between the plurality of network devices may be obtained by parsing a link layer discovery protocol (link layer discovery protocol, LLDP), cisco neighbor discovery protocol (cisco discovery protocol, CDP). Logical port connection relationships between multiple network devices may be obtained by parsing a generic routing encapsulation protocol (generic routing encapsulation, GRE) or a virtual extended local area network tunneling protocol (virtual extensible local area network, VXLAN). The connection relationship of the communication ports between the routing devices can be obtained by parsing open shortest path first (open shortest path first, OSPF) or routing protocol (border gateway protocol, BGP).

Step 302, determining first association information based on at least one of a physical port connection relationship between the plurality of network devices and a logical port connection relationship between the plurality of network devices and user configurable port parameters of the plurality of network devices.

In a possible implementation manner, at least one of the obtained connection relationship information of the physical ports between the network devices and the connection relationship information of the logical ports between the network devices and the information of the network devices may be determined as the first association information, so as to determine the alarm information with association based on the first association information, and further aggregate the alarm information with association.

The application provides a scheme for determining first association information according to configuration information and relationship information of a plurality of network devices. Specifically, at least one of physical port connection relation information between a plurality of network devices and logical port connection relation information between a plurality of network devices and user configurable port parameters of the network devices are acquired. And determining the acquired information as first associated information. Therefore, the method and the device can automatically acquire the relevance information of the communication ports between the network devices by analyzing various protocol information by using a computer, so that the problem of low efficiency caused by manually acquiring the relevance information is avoided; and the problem of error acquisition of the relevance information due to the influence of human factors is avoided, the efficiency and the accuracy of acquiring the relevance information are improved, and the efficiency and the accuracy of aggregation of the alarm information are further improved.

The foregoing embodiments describe a solution for acquiring connection relationship information of physical ports between a plurality of network devices in a network system. In another embodiment of the present application, connection relationship information of physical ports between network devices may be determined according to a neighbor discovery protocol and a port connection record table. For example, the foregoing relates to "acquiring a physical port connection relationship between a plurality of network devices". Specifically, the method comprises the steps shown in fig. 4:

step 401, determining a physical port connection relationship between first-class network devices based on a neighbor discovery protocol; the first type of network equipment is network equipment supporting a neighbor discovery protocol in a plurality of network equipment;

in the embodiment of the application, a part of network devices in the network system support the neighbor discovery protocol, and the computer can acquire the physical port connection relationship between the part of network devices supporting the neighbor discovery protocol in the network system by analyzing the neighbor discovery protocol.

In one possible implementation manner, a network device supporting a neighbor discovery protocol is set as a first type network device, and connection relation information of physical ports between the first type network devices is determined by analyzing the neighbor discovery protocol.

The neighbor discovery protocol may be an LLDP protocol, a CDP protocol, or the like.

Step 402, acquiring a port connection record table, and determining a physical port connection relation between second network devices based on the port connection record table; the second type of network device is a network device of the plurality of network devices that does not support a neighbor discovery protocol.

In the embodiment of the present application, except for a part of network devices supporting the neighbor discovery protocol in the network system, the rest of network devices do not support the neighbor discovery protocol. Therefore, the connection relationship of the physical ports between the network devices that do not support the neighbor discovery protocol can be acquired through the port connection record table.

In one possible implementation manner, a network device which does not support the neighbor discovery protocol is set as a second type network device, and the connection relation of physical ports between the second type network devices is determined by looking up a port connection record table. The connection relation information of the physical ports between the first type of network devices and the connection relation information of the physical ports between the second type of network devices form the connection relation information of the physical ports between the network devices in the network system.

The port connection record table may be obtained by manually recording when the network device is maintained, or may be obtained by detecting the traffic of the ports of the network device, setting the ports with the same traffic as the ports with the connection relationship, and recording the ports with the connection relationship.

According to the embodiment of the application, the physical port connection relation information between the first-class network devices supporting the neighbor discovery protocol can be obtained through analyzing the neighbor discovery protocol, and the physical port connection relation information between the second-class network devices not supporting the neighbor discovery protocol can be obtained through the port connection record table. Therefore, the embodiment of the application can complement the connection relation information of the communication ports between the network devices through the port connection record table, so that the quantity of the alarm information is effectively reduced when the alarm information is aggregated, and the efficiency of the operation and maintenance personnel for troubleshooting the network faults is improved.

The logical port connection relationship between the plurality of network devices in the embodiment of the present application further includes a connection relationship of logical ports between virtual network elements. The method specifically comprises the following steps:

connection relationship of logical ports between virtual network elements running on different network devices.

The network device in the network system in the embodiment of the present application includes both a network device of an entity, such as a computer, a server, and the like, and a virtual network element, such as a virtual machine, running on the network device. And the logical ports between the virtual network elements also have a connection relationship. In order to aggregate the alarm information based on the comprehensive connection relationship information of the logical ports between the network devices, the connection relationship information of the logical ports between the virtual network elements can be obtained.

In one possible implementation manner, the computer may obtain connection relationship information of logical ports between virtual network elements of the virtual network by analyzing record information of the virtual network. For example, the connection relation information of the logical ports between the virtual network elements running on different network devices is obtained by analyzing the overlay network information.

According to the embodiment of the application, the connection relation information of the logical ports between the virtual network elements running on different network devices can be obtained by analyzing the overlay network information. Therefore, the embodiment of the application can acquire the connection relation information of the logic ports between the network devices, and can acquire the connection relation information of the logic ports between the virtual network elements running on different network devices. Namely, the embodiment of the application can acquire the connection relation information of the logical ports between the comprehensive network devices, so that when the alarm information is aggregated based on the connection relation information of the logical ports between the comprehensive network devices, the processing capacity of the alarm information is effectively reduced, and the efficiency of the operation and maintenance personnel for troubleshooting the network faults is improved.

In the method provided by the embodiment of the application, the second association information including the relationship information may also be determined based on the connection relationship between the identifier of the network device and the physical port of the network device, and the connection relationship between the logical port and the physical port of the network device. Specifically, the method comprises the steps shown in fig. 5:

Step 501, obtaining an identifier of a network device, a logical port used for communication by the network device, and an association relationship between physical ports used for communication by the network device;

according to the method and the device for processing the alarm information, the alarm information is aggregated based on the relevance among the alarm information, so that the relevance among the network devices can be acquired, and the relevance information inside the network devices can be acquired, and the relevance among the corresponding alarm information can be determined based on the relevance information inside the network devices.

In a specific implementation, the association information between the identifier of the network device and the physical port of the network device and the association information between the logical port of the network device and the physical port of the network device may be obtained.

Wherein the identification of the network device is information which can uniquely represent the network device, such as router-id of a router, etc.;

in one possible implementation manner, the association relationship information between the identifier of the router and the physical port of the router can be obtained by analyzing the dynamic routing protocol information; the association relation information between the board card and the physical port of the board card can be obtained by checking the configuration information of the network equipment; the association information between the logical port and the physical port of the network device can be obtained by analyzing information such as a subinterface constructed on the physical port of the network device, an aggregation binding port (for example, link aggregation information eth-trunk, port-channel), a virtual local area network (virtual local area network, VLAN) configured on the network device, or VXLAN.

Step 502, determining second association information based on association relation among the identity of the network device, the logical port used for communication by the network device, and the physical port used for communication by the network device.

In a possible implementation manner, the obtained association relationship information between the identifier of the network device and the physical port of the network device and the obtained association relationship information between the logical port of the network device and the physical port of the network device may be determined as second association information, so as to determine alarm information with association based on the second association information, and further aggregate the alarm information with association.

The application provides a scheme for determining association relation information inside network equipment. Specifically, association information between a logical port and a physical port of the network device, association information between an identifier of the router and the physical port of the router, and association information between a board card and the physical port of the board card are obtained. Therefore, the method and the device can automatically acquire the relevance information in the network equipment by using the computer, so that the problem of low efficiency caused by manually acquiring the relevance information is avoided; and the problem of error acquisition of the relevance information due to the influence of human factors is avoided, the efficiency and the accuracy of acquiring the relevance information are improved, and the efficiency and the accuracy of aggregation of the alarm information are further improved.

The foregoing embodiments describe a scheme for performing alarm aggregation according to the above-determined first association information. In another embodiment of the present application, the alert information of the network device with the association may be aggregated to the network device with the higher priority. For example, the foregoing relates to "filtering the alert information according to the first association information to obtain the target alert information". Specifically, the method comprises the steps shown in fig. 6:

step 601, determining N network devices with relevance according to first relevance information, and determining network devices with priority less than a preset threshold value in the N network devices; the priority is related to the device class and/or the time of occurrence of the alarm;

the method for aggregating the alarm information filters the alarm information corresponding to the network equipment with the alarm occurring in the preset time period, and retains the alarm information corresponding to the rest network equipment. Therefore, the aggregation of the alarm information can determine the N network devices with the relevance according to the first relevance information, and further determine the network devices needing to filter the alarm information.

In a specific implementation, network equipment needing to filter alarm information can be determined according to the priority and a preset threshold. And determining the network equipment with the priority lower than a preset threshold value from N network equipment with relevance according to the first relevance information as the network equipment needing alarm information filtering.

In one possible implementation, the priority may be a time priority and the preset threshold may be a time threshold. In the preset duration, the network device with the alarm before the time threshold is the network device with higher time priority, and the network device with the alarm after the time threshold is the network device with lower time priority. The network device needing to filter the alarm information is a network device with lower time priority.

In one possible implementation, the priority may be a level priority, and the preset threshold may be a level threshold. For all network devices in the network system, the network devices with the device level larger than the level threshold are network devices with higher level priority, and the network devices with the device level smaller than the level threshold are network devices with lower level priority. The network equipment needing to filter the alarm information is network equipment with lower level priority. The core device and the access device can be used for differentiating the grades of the devices, the core device is a network device with higher grade priority, and the access device is a network device with lower grade priority.

And 602, filtering out the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the alarm information to obtain target alarm information.

In a specific implementation, the alarm information corresponding to the determined network equipment needing to filter the alarm information in the N network equipment with the relevance can be filtered, and the alarm information corresponding to the rest network equipment is reserved, namely the target alarm information.

In one possible implementation manner, the alarm information corresponding to the network device with the time priority smaller than the time threshold among the N network devices with the relevance may be filtered, and the alarm information corresponding to the network device with the time priority greater than the time threshold is reserved, that is, the target alarm information.

In one possible implementation manner, the alarm information corresponding to the network device with the level priority smaller than the level threshold among the N network devices with the relevance may be filtered, and the alarm information corresponding to the network device with the level priority greater than the level threshold is reserved, that is, the target alarm information.

The embodiment of the application provides a scheme for acquiring target alarm information according to first associated information. Specifically, N network devices with an alarm and relevance are determined according to the first association information in the network system. And then determining the network equipment needing to filter the alarm information according to the priority and the preset threshold value, filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value, and reserving the alarm information corresponding to the rest network equipment to obtain the target alarm information. Therefore, the embodiment of the application can carry out alarm aggregation processing on the alarm information based on the equipment priority, effectively reduce the processing amount of the alarm information and improve the efficiency of the operation and maintenance personnel for troubleshooting the network equipment.

The foregoing embodiments describe a scheme for performing alarm aggregation according to the above-determined first association information and second association information. In another embodiment of the present application, the alarm information of the network device with the association may be aggregated to the network device with the high priority, and the alarm information of the logical port in the network device may be aggregated to the physical port. For example, the foregoing relates to "filtering the alert information according to the first association information and the second association information to obtain the target alert information". Specifically, the method comprises the steps shown in fig. 7:

step 701, determining N network devices with relevance according to the first relevance information, and determining network devices with priority less than a preset threshold value in the N network devices; the priority is related to the device class and/or the time of occurrence of the alarm;

the method for aggregating the alarm information in real time in the embodiment of the application filters part of the alarm information acquired in the preset time period and retains the rest alarm information. In order to reduce the number of alarm messages, the alarm messages of different devices may be aggregated. Therefore, the network equipment needing to filter the alarm information can be determined according to the first association information.

In a specific implementation, N network devices with relevance are determined according to the first relevance information, and network devices with priorities smaller than a preset threshold value in the N network devices are determined according to specific priorities and the preset threshold value.

Step 702, filtering out the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the alarm information to obtain initial alarm information;

in the specific implementation, the alarm information corresponding to the network equipment with the priority smaller than the preset threshold is filtered out, and the alarm information corresponding to the network equipment with the priority larger than the preset threshold is reserved to be the initial alarm information.

Step 703, determining, for each network device with a priority greater than a preset threshold value in the N network devices, a target logical port and a target physical port with relevance in each network device according to the second association information;

in order to effectively reduce the number of alarm information, the embodiment of the application can further perform alarm aggregation processing on the initial alarm information.

In a specific implementation, the logical port and the physical port with the connection relationship in each network device in the network devices corresponding to the initial alarm information can be determined according to the second association information, namely, the target logical port and the target physical port with the association in each network device.

In a possible implementation manner, the device identifier and the physical port with the connection relationship in each network device in the network devices corresponding to the initial alarm information can be determined according to the second association information, that is, the device identifier and the associated physical port with the association in each network device.

In a possible implementation manner, the association relationship between each board card and the physical port of the board card, namely the board card and the physical port of the board card with association, in the board card corresponding to the initial alarm information can be determined according to the second association information.

Step 704, filtering the alarm information corresponding to the target logical port in each network device in the initial alarm information to obtain the target alarm information.

In the specific implementation, the alarm information corresponding to the target logical port in the network equipment is filtered out, and the alarm information corresponding to the target physical port is reserved, namely the first target alarm information.

In a possible implementation manner, the alarm information corresponding to the device identifier in the network device is filtered out, and the alarm information corresponding to the associated physical port is reserved, namely the second target alarm information.

In a possible implementation manner, when the alarm information corresponding to the physical board port of each board card exceeds a preset threshold, the alarm information corresponding to the physical board port is filtered out, and the alarm information corresponding to the board card is reserved, namely the third target alarm information; when the alarm information corresponding to the physical ports of the boards exceeds a preset threshold, filtering the alarm information corresponding to the boards, and reserving the alarm information corresponding to the physical ports of the boards, namely, the third target alarm information;

The first target alarm information, the second target alarm information and the third target alarm information are all set to be target alarm information.

The embodiment of the application provides a scheme for acquiring target alarm information according to first association information and second association information. Specifically, N network devices with an alarm and relevance are determined according to the first association information in the network system. And then determining the network equipment needing to filter the alarm information according to the priority and the preset threshold value, filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value, and reserving the alarm information corresponding to the rest network equipment to obtain the initial alarm information. And then, determining a target logical port and a target physical port with connection relations, a device identifier and a physical port with connection relations, a board card with relevance and a board card physical port in each network device according to the second association information. Filtering out alarm information corresponding to a target logic port and a device identifier in network equipment; and filtering out alarm information corresponding to the board card or the board card physical port according to a preset threshold value, reserving the alarm information corresponding to the target physical port and the associated physical port, and reserving the alarm information corresponding to the board card or the board card physical port according to the preset threshold value to obtain the target alarm information. Therefore, the embodiment of the application can carry out alarm aggregation processing on the alarm information based on the association relation between the equipment priority and the inside of the equipment, thereby effectively reducing the processing amount of the alarm information and improving the efficiency of the operation and maintenance personnel for troubleshooting the network equipment.

It should be understood that, although the steps in the flowcharts of fig. 2-7 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in FIGS. 2-7 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.

Referring to fig. 8, taking an example of aggregation processing of alarm information generated by a network device in a network system within a preset duration, a detailed description is given of a method for processing alarm information provided in the present application, which specifically includes the following steps:

s1, setting a preset time length, starting from the starting time of the preset time length, and adding alarm information in the preset time length into a cache queue. When the time limit of the preset time length is reached, all the alarm information is read from the buffer queue, namely the alarm information generated by the computer network system in the preset time length.

S2, acquiring current network configuration (namely user-configurable port parameters of a plurality of network devices in a network system), device association information (namely physical port connection relations and logical port connection relations among the plurality of network devices), auxiliary information (namely a port connection record table) and constructing a topological graph database according to the acquired information.

S3, acquiring association information between a logical port and a physical port of each network device, association information between a device identifier and the physical port of each network device and association information between a board card and the physical port of the board card in the network system, and constructing an association information database according to the acquired information.

S4, determining whether network equipment with relevance exists in the network equipment corresponding to the alarm information generated in the preset duration of the computer network system according to the topology pattern database, and if the network equipment with relevance does not exist, directly performing relevance aggregation.

And S5, if the network equipment with the relevance exists, carrying out topology aggregation on the alarm information. Filtering out the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the network equipment with the relevance, and reserving the alarm information corresponding to the network equipment with the priority larger than the preset threshold value, namely the initial alarm information.

And S6, filtering out alarm information corresponding to the logical port in each network device with priority higher than a preset threshold according to the associated information database, and reserving the alarm information of the physical port with association with the logical port, namely, the target alarm information.

And S7, filtering out alarm information corresponding to the equipment identifier in each network equipment with priority higher than a preset threshold according to the associated information database, and reserving the alarm information of the physical port with association with the equipment identifier as target alarm information.

S8, according to the associated information database, aiming at each board card with the priority higher than a preset threshold, if the alarm information corresponding to the physical port of the board card exceeds the preset threshold, filtering the alarm information corresponding to the physical port of the board card, and reserving the alarm information of the board card, namely, the target alarm information. If the alarm information corresponding to the physical port of the board card does not exceed the preset threshold, filtering the alarm information of the board card, and reserving the alarm information corresponding to the physical port of the board card, namely, the target alarm information.

S9, the target alarm information set is an alarm information filtering result, and the alarm information filtering result is output.

In one embodiment, as shown in fig. 9, there is provided an alarm information processing apparatus, including: the device comprises an acquisition module, a filtering module and an output module, wherein:

The acquisition module 901 is configured to acquire alarm information that occurs in a preset duration of time in the computer network system;

the filtering module 902 is configured to filter the alarm information according to the first association information and/or the second association information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices;

the output module 903 is configured to output an alarm filtering result, where the alarm filtering result is used to instruct fault recognition on the computer network system based on the target alarm information.

In one embodiment, as shown in fig. 10, the alarm information processing apparatus further includes a topology pattern database module 904.

The topology pattern database module 904 is specifically configured to obtain at least one of a physical port connection relationship between a plurality of network devices and a logical port connection relationship between a plurality of network devices, and user configurable port parameters of the plurality of network devices; the first association information is determined based on user configurable port parameters of the plurality of network devices and at least one of physical port connection relationships between the plurality of network devices and logical port connection relationships between the plurality of network devices.

In one embodiment, a physical port connection relationship between first class network devices is determined based on a neighbor discovery protocol; the first type of network equipment is network equipment supporting a neighbor discovery protocol in a plurality of network equipment; acquiring a port connection record table, and determining a physical port connection relation between the second-class devices based on the port connection record table; the second type of network device is a network device of the plurality of network devices that does not support a neighbor discovery protocol.

In one embodiment, the logical port connection relationship between the plurality of network devices further includes a connection relationship of logical ports between virtual network elements running on different network devices.

In one embodiment, as shown in fig. 11, the alert information processing apparatus further includes an associated knowledge database module 905.

The association knowledge database module 905 is specifically configured to obtain an association relationship among an identifier of a network device, a logical port used for communication by the network device, and a physical port used for communication by the network device; the second association information is determined based on an association relationship between the identity of the network device, the logical port the network device uses to communicate, and the physical port the network device uses to communicate.

In one embodiment, the filtering module 902 is specifically configured to determine N network devices with relevance according to the first relevance information, and determine a network device with a priority level less than a preset threshold value in the N network devices; the priority is related to the device class and/or the time of occurrence of the alarm; and filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value from the alarm information to obtain target alarm information.

In one embodiment, the filtering module 902 is specifically configured to determine N network devices with relevance according to the first relevance information, and determine a network device with a priority level less than a preset threshold value in the N network devices; the priority is related to the device class and/or the time of occurrence of the alarm; filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the alarm information to obtain initial alarm information; for each network device with priority higher than a preset threshold value in N network devices, determining a target logical port and a target physical port with relevance in each network device according to the second association information; and filtering the alarm information corresponding to the target logical port in each network device in the initial alarm information to obtain target alarm information.

The specific limitation of the processing device for the alarm information may be referred to the limitation of the processing method for the alarm information hereinabove, and will not be described herein. The modules in the alarm information processing device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 12. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing some data related to the alarm information processing method according to the embodiment of the application, for example, the first associated information, the target alarm information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method of processing alert information.

It will be appreciated by those skilled in the art that the structure shown in fig. 12 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

acquiring alarm information of a computer network system in a preset time period;

filtering the alarm information according to the first associated information and/or the second associated information to obtain target alarm information; the first association information is used for representing the association of communication ports among a plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices;

and outputting an alarm information filtering result, wherein the alarm information filtering result is used for indicating that the computer network system is subjected to fault identification based on the target alarm information.

In one embodiment, the processor when executing the computer program further performs the steps of:

Acquiring at least one of a physical port connection relationship between a plurality of network devices and a logical port connection relationship between the plurality of network devices and user configurable port parameters of the plurality of network devices; the first association information is determined based on user configurable port parameters of the plurality of network devices and at least one of physical port connection relationships between the plurality of network devices and logical port connection relationships between the plurality of network devices.

determining a physical port connection relationship between first-class network devices based on a neighbor discovery protocol; the first type of network equipment is network equipment supporting a neighbor discovery protocol in a plurality of network equipment; acquiring a port connection record table, and determining a physical port connection relation between the second-class devices based on the port connection record table; the second type of network device is a network device of the plurality of network devices that does not support a neighbor discovery protocol.

the logical port connection relationship between the plurality of network devices also includes a connection relationship of logical ports between virtual network elements running on different network devices.

acquiring an identifier of a network device, a logical port used for communication by the network device and an association relation among physical ports used for communication by the network device; the second association information is determined based on an association relationship between the identity of the network device, the logical port the network device uses to communicate, and the physical port the network device uses to communicate.

n network devices with relevance are determined according to the first relevance information, and network devices with priority lower than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the time of occurrence of the alarm; and filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value from the alarm information to obtain target alarm information.

n network devices with relevance are determined according to the first relevance information, and network devices with priority lower than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the time of occurrence of the alarm; filtering the alarm information corresponding to the network equipment with the priority smaller than the preset threshold value in the alarm information to obtain initial alarm information; for each network device with priority higher than a preset threshold value in N network devices, determining a target logical port and a target physical port with relevance in each network device according to the second association information; and filtering the alarm information corresponding to the target logical port in each network device in the initial alarm information to obtain target alarm information.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program when executed by the processor further performs the steps of:

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.

Claims

1. A method for processing alarm information, the method being applied to a computer network system, the computer network system including a plurality of network devices and an alarm monitoring system, the method comprising:

acquiring alarm information of the computer network system in a preset time period;

filtering the alarm information according to the first association information and the second association information to obtain target alarm information; the first association information is used for representing the association of communication ports among the plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices; the filtering processing is performed on the alarm information according to the first association information and the second association information to obtain target alarm information, including: n network devices with relevance are determined according to the first relevance information, and network devices with priorities smaller than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the alarm occurrence time; filtering out the alarm information corresponding to the network equipment with the priority smaller than a preset threshold value in the alarm information to obtain initial alarm information; determining a target logical port and a target physical port with relevance in each network device according to the second relevance information aiming at each network device with priority greater than a preset threshold in the N network devices; filtering the alarm information corresponding to the target logic port in each network device in the initial alarm information to obtain the target alarm information;

2. The method according to claim 1, wherein the method further comprises:

acquiring at least one of a physical port connection relationship between the plurality of network devices and a logical port connection relationship between the plurality of network devices and user configurable port parameters of the plurality of network devices;

the first association information is determined based on user configurable port parameters of the plurality of network devices and at least one of physical port connection relationships between the plurality of network devices and logical port connection relationships between the plurality of network devices.

3. The method of claim 2, wherein the obtaining a physical port connection relationship between a plurality of network devices comprises:

determining a physical port connection relationship between first-class network devices based on a neighbor discovery protocol; the first type network device is a network device supporting the neighbor discovery protocol in the plurality of network devices;

acquiring a port connection record table, and determining a physical port connection relation between second-class network devices based on the port connection record table; the second type network device is a network device which does not support the neighbor discovery protocol in the plurality of network devices.

4. The method of claim 2, wherein the logical port connection relationship between the plurality of network devices further comprises a connection relationship of logical ports between virtual network elements running on different network devices.

5. The method according to claim 1, wherein the method further comprises:

acquiring an identifier of the network device, a logical port used for communication by the network device and a physical port used for communication by the network device;

and determining the second association information based on the association relationship among the identification of the network equipment, the logical port used for communication by the network equipment and the physical port used for communication by the network equipment.

6. An apparatus for processing alarm information, the apparatus comprising:

the acquisition module is used for acquiring alarm information of the computer network system in a preset time period; the computer network system comprises a plurality of network devices and an alarm monitoring system;

the filtering module is used for filtering the alarm information according to the first association information and the second association information to obtain target alarm information; the first association information is used for representing the association of communication ports among the plurality of network devices, and the second association information is used for representing the association among different communication ports of the network devices; the filter module is specifically used for: n network devices with relevance are determined according to the first relevance information, and network devices with priorities smaller than a preset threshold value in the N network devices are determined; the priority is related to the device class and/or the alarm occurrence time; filtering out the alarm information corresponding to the network equipment with the priority smaller than a preset threshold value in the alarm information to obtain initial alarm information; determining a target logical port and a target physical port with relevance in each network device according to the second relevance information aiming at each network device with priority greater than a preset threshold in the N network devices; filtering the alarm information corresponding to the target logic port in each network device in the initial alarm information to obtain the target alarm information;

And the output module is used for outputting an alarm information filtering result, and the alarm information filtering result is used for indicating that the computer network system is subjected to fault identification based on the target alarm information.

7. The apparatus of claim 6, wherein the apparatus further comprises:

the topology pattern database module is specifically used for: acquiring at least one of a physical port connection relationship between the plurality of network devices and a logical port connection relationship between the plurality of network devices and user configurable port parameters of the plurality of network devices;

8. The apparatus of claim 7, wherein the logical port connection relationship between the plurality of network devices further comprises a connection relationship of logical ports between virtual network elements running on different network devices.

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.