CN114338825B - TR069 protocol-based SRv network distributed log compression method - Google Patents
TR069 protocol-based SRv network distributed log compression method Download PDFInfo
- Publication number
- CN114338825B CN114338825B CN202111532672.3A CN202111532672A CN114338825B CN 114338825 B CN114338825 B CN 114338825B CN 202111532672 A CN202111532672 A CN 202111532672A CN 114338825 B CN114338825 B CN 114338825B
- Authority
- CN
- China
- Prior art keywords
- log
- segment list
- network
- alarm
- monitoring index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A SRv network distributed log compression method based on a TR069 protocol mainly comprises the following steps: acquiring monitoring index data of network nodes in the network group, and judging whether the monitoring index data is abnormal or not; generating an IP set and sequencing abnormal monitoring index data; sequentially consulting the log files of the network nodes and collecting the log files with abnormal data; generating alarm log topology identification from log data with data abnormality and storing the alarm log topology identification in a local log server, and periodically compressing the alarm log topology identification by the local log server and sending the compressed alarm log topology identification to a headquarter log server; and the headquarter log server performs source tracing analysis on the network nodes with abnormal monitoring index data according to the alarm log topology identifier. The method and the device can solve the problems that a distributed log acquisition system of the existing SRv network lacks acquisition flexibility, the system cost is too high and the system deployment is too complex.
Description
Technical Field
The invention relates to the technical field of log compression, in particular to a SRv network distributed log compression method based on a TR069 protocol.
Background
With the gradual deepening of the digital development, the in-operation equipment of the SRv network in the world is gradually increased, and compared with the equipment increased by 10-100 times before ten years, even though the operation and maintenance is developed from manual operation and maintenance to tool operation and maintenance and platform operation and maintenance, the requirements of the current ultra-large networking, server and application on operation and maintenance monitoring cannot be met.
At the same time, software systems are becoming larger and more complex, typically containing hundreds of services deployed on thousands or even hundreds of thousands of servers and supporting a large number of concurrent users. One particular challenge facing large software systems is anomaly diagnosis. That is, how quickly a problem is diagnosed when it occurs, and how quickly an administrator identifies the root cause. Logs are a common source of information for problem diagnosis. However, in today's large scale systems, the logs can be very large. For example, in some large systems providing global services, the amount of daily log data may reach tens of TB (TBs). Microsoft's online service system generates logs even more than 1Pbe (PB) per day.
On such a large scale, monitoring network equipment through manual experience and automation becomes a technical bottleneck restricting operation and maintenance work. In the prior art, the problem of combination of network equipment, servers and applications in the SRv networking monitoring process is difficult to achieve, so that the comprehensive conditions of SRv between local and allopatric network nodes, between the network nodes and the servers and between the servers and the applications cannot be quickly known. The utilization of the log to collect the alarm information does not need to change the application program code, or utilizes the advantages of higher monitoring technology and the characteristic of intuitively reflecting the execution condition of the service. Therefore, a distributed log alarm collection method and a method for monitoring log data analysis in real time are introduced. The operation and maintenance support capability of managing network equipment, lines and related service applications is comprehensively improved.
The scheme can solve the problems that the distributed log acquisition system of the existing SRv network is lack of acquisition flexibility, too high in system cost and too complex in system deployment. Meanwhile, the alarm log compressed by the network node is sent to a local log server, interaction analysis is carried out on the alarm log and a database, and an analysis result is used as a data basis for alarm root positioning, fault tracing, CPE between different places and the service overall health condition, SRv network topology drawing and the like; and the contents are compressed to generate alarm log topological identifiers and then are regularly sent to a headquarter log server, and the headquarter log server can perform source tracing analysis according to the alarm log topological identifiers.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a SRv network distributed log compression method based on a TR069 protocol.
In order to realize the purpose, the invention adopts the following technical scheme:
the method for compressing the SRv6 network distributed log based on the TR069 protocol comprises the following steps:
s1: acquiring monitoring index data of corresponding network nodes in the group network for multiple times in a period; comparing the monitoring index data obtained in the period with an alarm threshold in a threshold database, and judging whether the obtained monitoring index data is abnormal or not;
the specific content of the step S1 is as follows:
s1.1: a network management server sends a request message to a corresponding network node for multiple times within a period of time to request to acquire monitoring index data of the corresponding network node;
s1.2: analyzing the request message by the corresponding network node, acquiring the monitoring index data of the corresponding network node, putting a reply message into the reply message, and feeding the reply message back to the network management server;
s1.3: the network management server analyzes the reply message to obtain monitoring index data of the corresponding network node;
s1.4: the network management server compares the acquired monitoring index data with an alarm threshold in a threshold database, judges whether the acquired monitoring index data are abnormal in the period, and stores the acquired monitoring index data and the data of a judgment result into a historical database;
s2: acquiring the IP address of the corresponding network node and the IP addresses of other network nodes in the network group to the abnormal monitoring index data in the period, and generating an IP set;
the specific content of the step S2 is as follows:
s2.1: the network management server obtains the IP address of the current abnormal network node in the Segment List [0] -Segment List [ n ] through the IPv6 message architecture, namely the Segment List [ x ], and obtains the IP addresses of other network nodes through the IPv6 message architecture;
wherein, segment List [0] represents the IP address of the first network node, and Segment List [ n ] represents the IP address of the n +1 network node;
s2.2: the network management server generates an IP set from all the IP addresses;
s3: sequencing the IP addresses of all the network nodes in the IP set collected in the period; sending the sequenced IP set to a local log server;
the specific content of the step S3 is as follows:
s3.1: the network management server calculates the associated failure rate of the IP address Segment List [ m ] and Segment List [ x ] corresponding to each other network node except Segment List [ x ] in the period;
wherein Segment List [ m ] is represented as any one of Segment List [0] -Segment List [ n ] except Segment List [ x ];
the specific content of step S3.1 is:
s3.1.1: the network management server obtains the failure probability a of the Segment List [ m ] occurring in the previous period according to the historical database, and the sum of the failure probability a in the previous period, which does not contain the Segment List [ x ] and the IP address Segment List [. Once ] of the rest network nodes corresponding to the Segment List [ m ], is b; wherein a + b =1;
s3.1.2: the network management server obtains the probability that the Segment List [ m ] is subsequently transferred into the IP address Segment List [. Once ] of the rest network nodes, wherein the probability of the fault is c, and the probability that the Segment List [ m ] is still the fault is d; the probability of the fault of the subsequent transfer of the residual network node IP address Segment List [. Once. ] into the Segment List [ m ] is e, and the probability of the fault of the residual network node IP address Segment List [. Once. ] is f; wherein c + d =1, e + f=1;
s3.1.3: the network management server calculates the association failure probability g of Segment List [ m ] as g = a + d + b + e;
s3.2: the network management server sorts the IP addresses in the IP set according to the level of the correlation failure rate of the Segment List [ m ];
s4: the local log server sequentially refers to log files of the network nodes according to the IP addresses in the IP set and collects the log files with abnormal data;
s5: the local log server analyzes log data with abnormal data by combining with corresponding data in a network topology database, generates an alarm log topology identifier and stores the alarm log topology identifier into the local log server, and the local log server periodically compresses the alarm log topology identifier and sends the compressed alarm log topology identifier to a headquarter log server;
s6: and the headquarter log server performs source tracing analysis on the network nodes with abnormal monitoring index data according to the alarm log topology identifier.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, the format and content of the alarm log topology identifier are as follows:
the alarm IP # # # alarm type # # # alarm content # # # alarm level # # # alarm generation time # # # alarm recovery time # # # is associated with the local network node # # # and the opposite network node # # # is associated with the position of other service IP # # # alarms.
The invention has the beneficial effects that:
1. utilizing Segment List containing network node addresses in the existing IPv6 message architecture, and traversing and collecting IP addresses of the network node currently alarmed and other network nodes related to the network node currently alarmed so as to form an IP set; to facilitate ordering of subsequent IP addresses.
2. The fault rate of other IP addresses (corresponding to corresponding network nodes) associated with the IP address with the current abnormity is calculated, and the data are sequenced; so that the subsequent local server can find the IP address associated with the current abnormal IP address more quickly.
3. Feeding the logs back to the headquarter log server by the local log server; traditionally, a local log server directly compresses collected logs and feeds the compressed logs back to a headquarter log server, so that the data volume is large, and further the pressure on network operation is large; compared with the traditional technology, the method and the system are equivalent to that firstly, an analysis is carried out in the local log server, valuable data are marked (actually, the method and the system are equivalent to one-time content compression), the marked data are compressed regularly and then sent to the headquarter log server, the data volume is small, and the headquarter log server can trace the source according to the marked information when needed.
4. The scheme can solve the problems that the distributed log acquisition system of the existing SRv network is lack of acquisition flexibility, too high in system cost and too complex in system deployment. Meanwhile, the alarm log compressed by the network node is sent to a local log server, interaction analysis is carried out on the alarm log and a database, and an analysis result is used as a data basis for alarm root positioning, fault tracing, CPE between different places and the service overall health condition, SRv network topology drawing and the like; and the contents are compressed to generate alarm log topological identifiers and then are regularly sent to a headquarter log server, and the headquarter log server can perform source tracing analysis according to the alarm log topological identifiers.
Drawings
Fig. 1 is a schematic diagram of an existing IPv6 message architecture according to the present invention.
Fig. 2 is a schematic diagram illustrating calculation of a failure probability associated with an IP address according to an embodiment of the present invention.
Detailed Description
The method provided by the invention aims at the problems of large service scale, complex application relation, multiple dependence layers and difficulty in problem troubleshooting in a machine room operation and maintenance scene.
First, a network node is hereinafter referred to as a CPE, and the CPE needs to support a TR069 protocol. When a CPE accesses a networking, the operation of carrying out communication authentication configuration on the CPE is actively executed through a program deployed by an ACS (network management server). Meanwhile, the characteristic that the ACS and the CPE carry out interoperation through a specific RPC method of a TR069 protocol is utilized. The ACS sends a request message which accords with TR069 protocol RPC format to the target (CPE) for the second time, and the request message comprises time (ms) for requesting to obtain each test of the target (CPE), monitoring index data, IP and the like.
Secondly, the target (CPE) analyzes the request message and obtains the time (ms) of each test of the target (CPE), the monitoring index item, the IP address and the like to be put into the request message (reply message). The target (CPE) requests the ACS again by the request message, and the ACS analyzes the request message to acquire data such as test time (ms), monitoring index items, IP addresses and the like acquired from the (CPE) and compares the data with the alarm threshold of the monitoring index in the threshold database.
Then, refer to fig. 1. When the monitoring index value exceeds the alarm threshold value, a SRv6 method for acquiring all IP sets of network nodes passing through between the network node route of the networking alarm network to the local network outlet and then to the destination route of the different place is obtained. The concrete description is as follows: all IPv6 addresses passing through a destination network node and the IPv6 address of a current alarm network node in Segment List in an extension Routing Header (SRH) in an IPv6 message Header of a transmitted RPC format according to a TR069 protocol generate an IP set, and probability calculation is carried out on all IP address sets, except for a fault IP, contained in the Segment List. The higher the probability, the higher the probability of the occurrence of the association fault, and the higher the priority of calling the association log. And finally, the marked priorities in the IP set are arranged according to the ascending order and then are sent to a local log server.
For example, refer to fig. 2. The number of all IP addresses in the network is 10, namely Segment List [0] -Segment List [9]; taking Segment List [3] (Segment List [ X ]) as the current failure IP address as an example, now calculate the associated failure probability g of Segment List [0] (Segment List [ m ]) and the failure IP address Segment List [3 ]. Knowing the failure probability a of Segment List [0] in the previous period according to the historical database, removing the residual IP addresses Segment List [. Once. ] except the Segment List [0] which is currently calculated and the Segment List [3] which has failed (including Segment List [1], segment List [2], segment List [4] -Segment List [9 ]), wherein the failure probability is b in the previous period; further, according to the history database, it is known that the probability of failure of Segment List [0] in the later period is d, or the probability of failure of Segment List [0] transferred to the remaining address Segment List [. Once ] in the subsequent period is c. Similarly, according to the history database, the residual address Segment List [. Once ] is still the Segment List [. Once ] in the later period, the fault probability is f, or the fault probability is e when the residual address Segment List [0] is transferred to in the later period; the associated failure probability g = a × d + b × e of Segment List [0] and failure IP address Segment List [3] is thus calculated. The associated failure probabilities of other Segment List [ m ] addresses and Segment List [3] are calculated in the same manner.
The calculation mode of a and b is as follows: the history database acquires the failure times of the Segment List [0] in the previous period, and divides the times by the total acquisition test times of the network management server (ACS) to the Segment List [0] in the previous period, thereby obtaining a; further, b is obtained as a + b = 1.
Wherein the calculation mode of c is as follows: obtaining the total failure rate x (the total failure times of the Segment List [0 ]/the total times of obtaining the test Segment List [0] of ACS) of the Segment List [0] in history (the last period and the previous period) through a history database; c, calculating the failure probability c of the transition to the residual address Segment List [. Once. ] in the case of failure of Segment List [0] in the last period, wherein c = s + (x-a); where s is a threshold, and since c + d =1, d can be obtained;
for example, if the historical total failure rate x =30% =0.3 of Segment List [0], and the previous failure rate a =28% =0.28, it means that, in contrast, 2% =0.02 is transferred to the remaining address Segment List [. Once ], and 2% +20% (threshold s) of the transfer is used to obtain the transfer probability c =22% =0.22 in the next period, and further d =1-22% =0.78. Wherein the threshold s is set in advance, and a specific threshold is selected for the transition difference (in this example, the difference is 2%) in different intervals to ensure that the transition probability is less than 1 and greater than 0.
Wherein the calculation mode of e is as follows: obtaining historical (previous and future) Segment List [ total ] failure rate x' (Segment List [ total ] failure times/ACS total acquisition test Segment List [ total ] times) through a historical database; calculating the failure probability e of the transition to the residual address Segment List [0] in the case of failure of the Segment List [. Once. ], e = s '+ (x' -b); where s' is a threshold, and since e + f =1, f can be further found;
for example, if the total historical failure rate x '=70% =0.7 for Segment List [. Multidot.b =72% =0.72 for the last period, then a transition to Segment List [0] with 2% =0.02 would be compared, and 2% +30% (threshold s') of the transition would result in a transition probability e =32% =0.32 for the next period, and further f =1-32% =0.68. Wherein the threshold s' is set in advance, and a specific threshold is selected for the transition difference (in this example, the difference is 2%) in different intervals to ensure that the transition probability is less than 1 and greater than 0.
In summary, in the latter period, the associated failure probabilities g of Segment List [0] and Segment List [3] are g =0.28 + 0.78+0.72 + 0.32=0.4488, and the associated failure probabilities of Segment List [1], segment List [2], segment List [4] -Segment List [9] are determined and sorted in the same manner.
The application adopts the idea of Markov chain algorithm. The Markov transfer matrix method model formula is as follows: x (k + 1) = X (k) × P; x (k) represents a state vector of the trend analysis and prediction object at the time t = k, P represents a one-step transition probability matrix, and X (k + 1) represents a state vector of the trend analysis and prediction object at the time t = k + 1. Wherein, the association probability of each other point is different for different fault points because the different fault points are different. In the sorting process, the sorting of the fault points which have occurred can be arbitrary or put at the end, because the association probability is mainly judged for other nodes which have a fault rate.
And after receiving the IP set, the log server orderly acquires data of log files corresponding to the IP according to the priority order. The specific description is as follows: and executing a self-contained tail command of the linux system by a program arranged on a local log server and referring to the changing log file by combining a parameter-f. The program is responsible for collecting log data of an Error log file of a system on a server managed by each network node in local and different places in a network, so that alarm log data of services such as a database, middleware, a server CPU, a memory, a disk, a process and the like are obtained. Wherein [ tail-f filename ] displays the tail-most content in the filename file on the screen, and is refreshed continuously, so that the latest file content can be seen as long as the filename is updated.
And the local log server is responsible for analyzing locally acquired Error log data and a network topology database when an alarm occurs, generating an alarm log topology identifier and storing the alarm log topology identifier in the local log server. And finally, the program regularly executes the flow of sending the compressed data with the alarm log topological identification on the local log server to the headquarter log server, completing the collection and compression of the alarm log and transmitting the alarm log to the headquarter log server in a distributed manner.
Among them, explanations about related concepts are as follows:
the alarm log topology identifier stores key information such as alarm IP, type, content, level, occurrence and recovery time, correlation local end, opposite end network node IP, correlation other service IP, alarm position and the like when the alarm occurs.
The format is as follows: the alarm IP # # # alarm type # # # alarm content # # # alarm level # # # alarm generation time # # # alarm recovery time # # # is associated with the local network node # # # and the opposite network node # # # is associated with the position of other service IP # # # alarms.
[ local Log Server ] is responsible for storing log topology identification and data acquisition modules, TR069 monitors all network node IP sets passing through between SRv networking alarm routes sent by data acquisition and local network exit and then destination routes in different places.
[ headquarters log server ] stores the log topology identification sent everywhere.
The topology database stores SRv the network association between network nodes in the networking, and the server and (database, middleware, server CPU, memory, disk, process) association managed by each network node.
[ threshold database ] stores the threshold value at which the monitoring index alarms.
[ tail ] the command may be used to view the contents of a file, with a common parameter-f being used to refer to the log file being changed. the tail-f filename will display the tail-most content in the filename file on the screen and refresh continuously, so that the latest file content can be seen as long as the filename is updated.
TR069 is a Technical Report 069, which is a Technical specification revised by DSL Forum (a non-profit global industry consortium working on developing Broadband network models, and its members including leading vendors in the industries of communications, equipment, computers, networks and service providers, now known as "Broadband Forum"), and the specification is a Management Protocol of application layer, named as "CPE wide area network Management Protocol". TR069 defines a set of new network management system structure, including management model, interactive interface and basic management parameters, and can effectively implement the management of home network equipment. In TR-069, the network management Server is called an ACS (Auto Configuration Server) and has a special IP address and URL; the managed device obtains the URL of the ACS through the DHCP server, and after obtaining the network management IP, the managed device starts to establish the HTTP session according to the URL of the ACS. After the session is established, initialization is required for authentication, and the ACS is required to ensure the validity of the managed device. After the initialization is completed, the network management server can acquire various monitoring information from the CPE.
The method has the advantages that: the SNMP function does not need to be configured on the managed device, and if the number of the managed devices exceeds 3000 or more, a large amount of configuration time of the monitored devices is saved.
The advantages are two: TR069 is fast to collect information because it uses the HTTP protocol, itself, to transfer structured data information. Therefore, all the required information is collected once and returned once, while the SNMP itself cannot transfer the information, and the information is collected one by one and returned one by one.
It should be noted that the terms "upper", "lower", "left", "right", "front", "back", etc. used in the present invention are for clarity of description only, and are not intended to limit the scope of the present invention, and the relative relationship between the terms and the terms is not limited by the technical contents of the essential changes.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (2)
1. The method for compressing the SRv network distributed log based on the TR069 protocol is characterized by comprising the following steps of:
s1: acquiring monitoring index data of corresponding network nodes in the network group for multiple times in a period; comparing the monitoring index data obtained in the period with an alarm threshold value in a threshold value database, and judging whether the obtained monitoring index data is abnormal or not;
the specific content of the step S1 is as follows:
s1.1: the network management server sends a request message to the corresponding network node for multiple times within a period of time to request to acquire monitoring index data of the corresponding network node;
s1.2: analyzing the request message corresponding to the network node, obtaining the monitoring index data of the network node, putting a reply message into the reply message, and feeding the reply message back to the network management server;
s1.3: the network management server analyzes the reply message to obtain monitoring index data of the corresponding network node;
s1.4: the network management server compares the acquired monitoring index data with an alarm threshold in a threshold database, judges whether the acquired monitoring index data are abnormal in the period, and stores the acquired monitoring index data and the data of a judgment result into a historical database;
s2: acquiring the IP address of the corresponding network node and the IP addresses of other network nodes in the network group to the abnormal monitoring index data in the period, and generating an IP set;
the specific content of the step S2 is as follows:
s2.1: the network management server obtains the IP address of the current abnormal network node in the Segment List [0] -Segment List [ n ] through the IPv6 message architecture, namely the Segment List [ x ], and obtains the IP addresses of other network nodes through the IPv6 message architecture;
wherein, segment List [0] represents the IP address of the first network node, and Segment List [ n ] represents the IP address of the n +1 network node;
s2.2: the network management server generates an IP set from all the IP addresses;
s3: the network management server sequences the IP addresses of all the network nodes in the IP set collected in the period; sending the sequenced IP set to a local log server;
the specific content of step S3 is:
s3.1: the network management server calculates the associated failure rate of the IP address Segment List [ m ] and Segment List [ x ] corresponding to each other network node except Segment List [ x ] in the period;
wherein Segment List [ m ] is represented as any one of Segment List [0] -Segment List [ n ] except Segment List [ x ];
the specific content of step S3.1 is:
s3.1.1: the network management server obtains the failure probability a of the Segment List [ m ] occurring in the previous period according to the historical database, and the probability b of the failure occurring in the previous period, which does not contain the Segment List [ x ] and the IP address Segment List [. Once ] of the rest network nodes corresponding to the Segment List [ m ]; wherein a + b =1;
s3.1.2: the network management server obtains the probability that the Segment List [ m ] is subsequently transferred into the IP address Segment List [. Once ] of the rest network nodes, wherein the probability of the fault is c, and the probability that the Segment List [ m ] is still the fault is d; the probability of the fault of the subsequent transfer of the residual network node IP address Segment List [. Once. ] into the Segment List [ m ] is e, and the probability of the fault of the residual network node IP address Segment List [. Once. ] is f; wherein c + d =1,e + f =1;
s3.1.3: the network management server calculates the association failure probability g of Segment List [ m ] as g = a + d + b + e;
s3.2: the network management server sorts the IP addresses in the IP set according to the level of the correlation failure rate of the Segment List [ m ];
s4: the local log server looks up log files of the network nodes in sequence according to the IP addresses in the IP set and collects the log files with abnormal data;
s5: the local log server analyzes log data with abnormal data by combining with corresponding data in a network topology database, generates an alarm log topology identifier and stores the alarm log topology identifier into the local log server, and the local log server periodically compresses the alarm log topology identifier and sends the compressed alarm log topology identifier to a headquarter log server;
s6: and the headquarter log server performs source tracing analysis on the network nodes with abnormal monitoring index data according to the alarm log topology identifier.
2. The TR069 protocol-based SRv network distributed log compression method according to claim 1, wherein the format and content of the alarm log topology identifier are:
the alarm IP # # # alarm type # # # alarm content # # # alarm level # # # alarm generation time # # # alarm recovery time # # # is associated with the network node # # # of the local end and the network node # # # of the opposite end to be associated with the position of the other service IP # # # alarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111532672.3A CN114338825B (en) | 2021-12-15 | 2021-12-15 | TR069 protocol-based SRv network distributed log compression method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111532672.3A CN114338825B (en) | 2021-12-15 | 2021-12-15 | TR069 protocol-based SRv network distributed log compression method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338825A CN114338825A (en) | 2022-04-12 |
| CN114338825B true CN114338825B (en) | 2022-11-29 |
Family
ID=81052355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111532672.3A Active CN114338825B (en) | 2021-12-15 | 2021-12-15 | TR069 protocol-based SRv network distributed log compression method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338825B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7127743B1 (en) * | 2000-06-23 | 2006-10-24 | Netforensics, Inc. | Comprehensive security structure platform for network managers |
| CN103840953A (en) * | 2012-11-21 | 2014-06-04 | 中兴通讯股份有限公司 | Remote log real-time acquisition method and system |
| CN106649336A (en) * | 2015-10-30 | 2017-05-10 | 华为数字技术(苏州)有限公司 | Log compression method and log processing device and log processing system |
| CN113660115A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Network security data processing method, device and system based on alarm |
-
2021
- 2021-12-15 CN CN202111532672.3A patent/CN114338825B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7127743B1 (en) * | 2000-06-23 | 2006-10-24 | Netforensics, Inc. | Comprehensive security structure platform for network managers |
| CN103840953A (en) * | 2012-11-21 | 2014-06-04 | 中兴通讯股份有限公司 | Remote log real-time acquisition method and system |
| CN106649336A (en) * | 2015-10-30 | 2017-05-10 | 华为数字技术(苏州)有限公司 | Log compression method and log processing device and log processing system |
| CN113660115A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Network security data processing method, device and system based on alarm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338825A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109412870B (en) | Alarm monitoring method and platform, server and storage medium | |
| CN107544839B (en) | Virtual machine migration system, method and device | |
| US10997047B2 (en) | Automatic selection of agent-based or agentless monitoring | |
| US11348023B2 (en) | Identifying locations and causes of network faults | |
| US20100080129A1 (en) | Network troubleshooting using path topology | |
| CN101631053B (en) | EAPS ring-network topology monitoring method and system | |
| EP1361761A1 (en) | Telecommunications network management system and method for service monitoring | |
| US7275017B2 (en) | Method and apparatus for generating diagnoses of network problems | |
| CA2934122A1 (en) | Data communications performance monitoring | |
| CN111832943B (en) | Hardware equipment fault management method and device, electronic equipment and storage medium | |
| CN114422386B (en) | Monitoring method and device for micro-service gateway | |
| Safrianti et al. | Real-time network device monitoring system with simple network management protocol (snmp) model | |
| CN114338419A (en) | IPv6 global networking edge node monitoring and early warning method and system | |
| CN114338825B (en) | TR069 protocol-based SRv network distributed log compression method | |
| CN113721581A (en) | Fault diagnosis display device and method based on critical path | |
| CN114039892A (en) | Network jitter analysis and visualization method and system | |
| EP1257095A2 (en) | Method and system for providing an efficient use of broadband network resources | |
| US10129086B2 (en) | Collection of performance data in a communications network | |
| US20040060073A1 (en) | Method and system for provisioning broadband network resources | |
| EP2887579A1 (en) | Data communications performance monitoring using principal component analysis | |
| JP2016146519A (en) | Network monitoring system, monitoring device, and monitoring method | |
| CN115687036A (en) | Log collection method and device and log system | |
| CN102783087A (en) | Associative alarm method and device based on management layers | |
| Damanik | Implementation Scheme SLA and Network Availability Mechanism for Customer Service Provider | |
| CN114826939B (en) | Network traffic analysis method of K8S cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |