CN114363169A - Device auditing method based on SPI - Google Patents
Device auditing method based on SPI Download PDFInfo
- Publication number
- CN114363169A CN114363169A CN202111613214.2A CN202111613214A CN114363169A CN 114363169 A CN114363169 A CN 114363169A CN 202111613214 A CN202111613214 A CN 202111613214A CN 114363169 A CN114363169 A CN 114363169A
- Authority
- CN
- China
- Prior art keywords
- audit
- equipment
- protocol
- spi
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012550 audit Methods 0.000 claims abstract description 120
- 238000013461 design Methods 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims abstract description 12
- 230000003213 activating effect Effects 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 40
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 230000008901 benefit Effects 0.000 abstract description 5
- 238000012217 deletion Methods 0.000 abstract description 4
- 230000037430 deletion Effects 0.000 abstract description 4
- 230000006872 improvement Effects 0.000 description 6
- 230000008447 perception Effects 0.000 description 6
- 238000007792 addition Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention provides a device auditing method based on SPI, which comprises the steps of starting service, reading and analyzing a configuration SPI mode file, and acquiring a system auditing universal standard interface; scanning to obtain audit interfaces of various devices; registering to obtain auditing protocols required by various devices based on the Netconf protocol and the obtained device types; judging the type of the audit protocol, activating a corresponding audit flow of the system according to the type of the audit protocol, acquiring audit data and organizing a design audit message; and comparing the obtained audit message for dynamically adding various equipment types with the configuration of various equipment, and storing the difference result in the comparison process. According to the invention, based on the Netconf protocol, various equipment is audited by using a standard universal protocol, so that the advantage of equipment module-by-module audit is achieved; meanwhile, the audit design based on the SPI mode can ensure that audit equipment can be dynamically added, and dynamic addition and deletion in modes of equipment type, equipment quantity and the like are supported.
Description
Technical Field
The invention relates to the technical field of network equipment configuration, in particular to an equipment auditing method based on SPI.
Background
The functions and scenes make the physical devices such as firewall, router, switch and virtual machine switch of network communication bear more configuration and bear the burden, and the diversified configuration combination, diversified functions and scenes make the configuration of the devices rich and complex.
In the infrastructure of cloud computing, if configuration errors occur in the network equipment serving as the foundation, serious consequences such as network interruption of the whole user private cloud and even the whole system, system service collapse and the like can occur. In a complex cloud computing service scene, the configuration of network equipment may have the problems of disordered configuration, difficult maintenance and slow positioning, and meanwhile, due to various configurations, the equipment configuration is disordered and the efficiency is low.
The configuration of the network equipment can be configured for a single module, and can also be configured in batches for the whole functions of a user, and the operation and maintenance difficulty of the equipment is increased due to the diversification of configuration angles. Therefore, it is particularly necessary to perform an audit function of the device configuration for the comparison configuration of the functional module and the device single protocol at regular intervals.
Based on the above, the equipment auditing method based on the SPI can be adopted, the rapid development of the cloud computing network can be dynamically required, and the network computing network bears communication crowds of the whole cloud computing. The method is used for dynamically adding the equipment which needs to be audited and needs to change multiple ends, and meanwhile, the support function angle and the equipment angle audit various kinds of equipment on the basis of the NetConf protocol.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an equipment auditing method based on SPI (serial peripheral interface) so as to solve the problems in the background technology.
In order to achieve the purpose, the invention is realized by the following technical scheme: an SPI-based equipment auditing method comprises the following steps:
the method comprises the steps that firstly, service is started, a configuration SPI mode file is read and analyzed, and a system audit universal standard interface is obtained;
secondly, scanning and acquiring audit interfaces of various devices;
thirdly, registering to obtain auditing protocols required by various devices based on the Netconf protocol and the obtained device types;
fourthly, judging the type of the audit protocol, activating a corresponding audit flow of a system according to the type of the audit protocol, acquiring audit data and organizing and designing an audit message;
and fifthly, comparing the obtained audit message for dynamically adding various equipment types with the configuration of various equipment, and storing the difference result in the comparison process.
As an improvement of the SPI-based device auditing method of the present invention, in the second step, the obtained auditing interfaces of various devices include: border switch audit protocol subinterface, Leaf switch audit protocol subinterface, firewall audit protocol subinterface and router audit protocol subinterface.
As an improvement of the SPI-based device auditing method of the present invention, in the third step, based on the Netconf protocol and the obtained device type, a specific implementation manner of registering an auditing protocol required by each type of device "is as follows:
when the service is started, the relevant equipment is registered to the equipment designated in the service according to the equipment related to each function and the self-defined label.
As an improvement of the SPI-based device auditing method of the present invention, in the fourth step, the specific step of judging the auditing protocol class includes: and distinguishing the devices by the device types after the devices are distinguished to obtain a border switch, a leaf switch or a firewall, and meanwhile, filtering the related devices according to functions to obtain messages based on specific services according to the filtered results.
As an improvement of the SPI-based equipment auditing method, the judged auditing protocol category comprises function auditing and equipment auditing, wherein,
the function audit is that the configuration design is carried out by taking the service function as the dimension;
the equipment audit is that the switch equipment is used as a dimension to carry out full-scale equipment configuration audit.
As an improvement of the SPI-based device auditing method of the present invention, if, after the audit protocol class is determined, the system is activated as a functional audit process according to the audit protocol class: then, an equipment audit interface with a service function needs to be combined to obtain audit data and organize and design an audit message, and the specific implementation manner is as follows: acquiring related data from a database according to the unique identifier of the type function and a corresponding protocol, and splicing json character strings according to a protocol message;
if, after the audit protocol type is judged, activating a system as an equipment audit process according to the audit protocol type: then, the design audit message needs to be acquired and organized according to the audit protocol required by various devices.
As an improvement to the SPI-based device auditing method of the present invention, in the fifth step,
based on the comparison result, the calculation mode for obtaining the difference result is as follows: and comparing the related configuration, performing MD5 encryption on the configuration, comparing the MD5 configured on the comparison equipment with the MD5 of the calculated audit configuration, and comparing specific configuration unique identifiers such as a VPN example, L2vni and L3vni of the comparison equipment if the configuration is different from the MD5 of the comparison equipment.
Compared with the prior art, the invention has the beneficial effects that:
1. according to the invention, based on the Netconf protocol, various equipment is audited by using a standard universal protocol, so that equipment is audited in modules, and the method has the advantage of high universality; meanwhile, the audit design based on the SPI mode can ensure that audit equipment can be dynamically added, supports the dynamic addition and deletion of modes such as equipment types, equipment quantity and the like, achieves no perception extension, can dynamically activate the function audit mode and the equipment audit mode particularly in the modes such as function audit, single equipment audit and the like, achieves mode compatibility, and simultaneously provides service functions to integrally configure audit and troubleshoot functional abnormity; dynamic adding, deleting and modifying of the service function are supported, and the general and non-perception of the auditing process is further ensured after the service function is added;
2. through the proposed SPI-based audit mode, the method has the advantages of supporting the replacement upgrade without perception of the upgrade function, expanding the function and supporting the equipment access of various multi-manufacturers.
Drawings
The disclosure of the present invention is illustrated with reference to the accompanying drawings. It is to be understood that the drawings are designed solely for purposes of illustration and not as a definition of the limits of the invention, for which like reference numerals are used to indicate like parts. Wherein:
fig. 1 is a flowchart of an SPI-based device auditing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a detailed implementation process of the SPI-based device during auditing according to an embodiment of the present invention.
Detailed Description
It is easily understood that according to the technical solution of the present invention, a person skilled in the art can propose various alternative structures and implementation ways without changing the spirit of the present invention. Therefore, the following detailed description and the accompanying drawings are merely illustrative of the technical aspects of the present invention, and should not be construed as all of the present invention or as limitations or limitations on the technical aspects of the present invention.
As shown in fig. 1-2, the present invention provides an SPI-based device auditing method, comprising the steps of:
the first step is to start service, read and analyze configuration SPI mode file, and obtain system audit universal standard interface, which can be understood.
And a second step of scanning and acquiring audit interfaces of various types of equipment, wherein the acquired audit interfaces of various types of equipment comprise: border switch audit protocol subinterface, Leaf switch audit protocol subinterface, firewall audit protocol subinterface and router audit protocol subinterface.
Thirdly, registering and obtaining auditing protocols required by various devices based on the Netconf protocol and the obtained device types, wherein the specific implementation mode of registering and obtaining the auditing protocols required by various devices based on the Netconf protocol and the obtained device types is as follows:
when the service is started, the relevant equipment is registered to the equipment designated in the service according to the equipment related to each function and the self-defined label.
Fourthly, judging the type of the audit protocol, activating a corresponding audit flow of the system according to the type of the audit protocol, acquiring audit data and organizing and designing an audit message, wherein the concrete steps of judging the type of the audit protocol comprise: and distinguishing the devices by the device types after the devices are distinguished to obtain a border switch, a leaf switch or a firewall, and meanwhile, filtering the related devices according to functions to obtain messages based on specific services according to the filtered results.
Based on the technical concept, it needs to be explained that the judged audit protocol category comprises function audit and equipment audit, wherein the function audit is configured and designed by taking a service function as a dimension; the equipment audit is that the switch equipment is used as a dimension to carry out full-scale equipment configuration audit.
In an embodiment of the present invention, if, after the audit protocol type is determined, the system is activated as a functional audit process according to the audit protocol type: then, an equipment audit interface with a service function needs to be combined to obtain audit data and organize and design an audit message, and the specific implementation manner is as follows: acquiring related data from a database according to the unique identifier of the type function and a corresponding protocol, and splicing json character strings according to a protocol message;
if, after judging the type of the audit protocol, activating the system as the equipment audit flow according to the type of the audit protocol: then, the design audit message needs to be acquired and organized according to the audit protocol required by various devices.
Fifthly, comparing the obtained audit message for dynamically adding various equipment types with the configuration of various equipment, and storing difference results in the comparison process, wherein in specific implementation, the calculation mode for obtaining the difference results based on the comparison results is as follows: and comparing the related configuration, performing MD5 encryption on the configuration, comparing the MD5 configured on the comparison equipment with the MD5 of the calculated audit configuration, and comparing specific configuration unique identifiers such as a VPN example, L2vni and L3vni of the comparison equipment if the configuration is different from the MD5 of the comparison equipment.
It can be understood that, in the specific implementation of the invention, based on the Netconf protocol, the standard universal protocol is used to audit various devices, so that the device is audited in modules, and the invention has the advantage of high universality; meanwhile, the audit design based on the SPI mode can ensure that audit equipment can be dynamically added, supports the dynamic addition and deletion of modes such as equipment types, equipment quantity and the like, achieves no perception extension, can dynamically activate the function audit mode and the equipment audit mode particularly in the modes such as function audit, single equipment audit and the like, achieves mode compatibility, and simultaneously provides service functions to integrally configure audit and troubleshoot functional abnormity; the dynamic addition, deletion and modification of the service functions are supported, the general and non-perception of the auditing process is further ensured after the service functions are added, and meanwhile, the method has the advantages of supporting the replacement upgrade and the function expansion of the upgrading function without perception and supporting the equipment access of various multi-manufacturers through the proposed SPI-based auditing mode.
The technical scope of the present invention is not limited to the above description, and those skilled in the art can make various changes and modifications to the above-described embodiments without departing from the technical spirit of the present invention, and such changes and modifications should fall within the protective scope of the present invention.
Claims (7)
1. An equipment auditing method based on SPI is characterized in that: the method comprises the following steps:
the method comprises the steps that firstly, service is started, a configuration SPI mode file is read and analyzed, and a system audit universal standard interface is obtained;
secondly, scanning and acquiring audit interfaces of various devices;
thirdly, registering to obtain auditing protocols required by various devices based on the Netconf protocol and the obtained device types;
fourthly, judging the type of the audit protocol, activating a corresponding audit flow of a system according to the type of the audit protocol, acquiring audit data and organizing and designing an audit message;
and fifthly, comparing the obtained audit message for dynamically adding various equipment types with the configuration of various equipment, and storing the difference result in the comparison process.
2. The SPI-based device auditing method of claim 1, characterized by: in the second step, the obtained audit interfaces of various devices include: border switch audit protocol subinterface, Leaf switch audit protocol subinterface, firewall audit protocol subinterface and router audit protocol subinterface.
3. The SPI-based device auditing method of claim 1, characterized by: in the third step, based on the Netconf protocol and the obtained device type, the specific implementation manner of registering and obtaining the audit protocol required by each type of device is as follows:
when the service is started, the relevant equipment is registered to the equipment designated in the service according to the equipment related to each function and the self-defined label.
4. The SPI-based device auditing method of claim 1, characterized by: in the fourth step, the specific step of judging the type of the audit protocol comprises the following steps:
and distinguishing the devices by the device types after the devices are distinguished to obtain a border switch, a leaf switch or a firewall, and meanwhile, filtering the related devices according to functions to obtain messages based on specific services according to the filtered results.
5. The SPI-based device auditing method of claim 4, characterized in that: the judged audit protocol category comprises function audit and equipment audit, wherein,
the function audit is that the configuration design is carried out by taking the service function as the dimension;
the equipment audit is that the switch equipment is used as a dimension to carry out full-scale equipment configuration audit.
6. An SPI-based device auditing method according to claim 4 or 5, characterized by:
if, after the audit protocol type is judged, activating a system as a functional audit process according to the audit protocol type: then, an equipment audit interface with a service function needs to be combined to obtain audit data and organize and design an audit message, and the specific implementation manner is as follows: acquiring related data from a database according to the unique identifier of the type function and a corresponding protocol, and splicing json character strings according to a protocol message;
if, after the audit protocol type is judged, activating a system as an equipment audit process according to the audit protocol type: then, the design audit message needs to be acquired and organized according to the audit protocol required by various devices.
7. The SPI-based device auditing method of claim 1, characterized by: in the fifth step, based on the comparison result, the calculation method for obtaining the difference result is as follows: and comparing the related configuration, performing MD5 encryption on the configuration, comparing the MD5 configured on the comparison equipment with the MD5 of the calculated audit configuration, and comparing specific configuration unique identifiers such as a VPN example, L2vni and L3vni of the comparison equipment if the configuration is different from the MD5 of the comparison equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111613214.2A CN114363169B (en) | 2021-12-27 | 2021-12-27 | SPI-based equipment auditing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111613214.2A CN114363169B (en) | 2021-12-27 | 2021-12-27 | SPI-based equipment auditing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114363169A true CN114363169A (en) | 2022-04-15 |
CN114363169B CN114363169B (en) | 2023-10-27 |
Family
ID=81102104
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111613214.2A Active CN114363169B (en) | 2021-12-27 | 2021-12-27 | SPI-based equipment auditing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114363169B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6950865B1 (en) * | 2001-03-26 | 2005-09-27 | Cisco Technology, Inc. | Network audit tool |
US20060034237A1 (en) * | 2004-05-21 | 2006-02-16 | Bea Systems, Inc. | Dynamically configurable service oriented architecture |
EP1850245A1 (en) * | 2006-04-28 | 2007-10-31 | Sap Ag | Systems and methods for providing a generic audit trail service |
CN107277024A (en) * | 2017-06-27 | 2017-10-20 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system based on TDI interface layers |
CN107395570A (en) * | 2017-06-28 | 2017-11-24 | 青岛以太科技股份有限公司 | Cloud platform auditing system based on big data administrative analysis |
CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
CN110011973A (en) * | 2019-03-06 | 2019-07-12 | 浙江国利网安科技有限公司 | Industrial control network access rule construction method and training system |
US20210034496A1 (en) * | 2019-07-29 | 2021-02-04 | Ncr Corporation | Auditing-as-a-service |
CN112685020A (en) * | 2020-12-24 | 2021-04-20 | 京东数字科技控股股份有限公司 | Method and device for dynamically creating service interface, electronic equipment and storage medium |
CN113301049A (en) * | 2021-05-26 | 2021-08-24 | 杭州安恒信息技术股份有限公司 | Industrial control equipment auditing method, device, equipment and readable storage medium |
-
2021
- 2021-12-27 CN CN202111613214.2A patent/CN114363169B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6950865B1 (en) * | 2001-03-26 | 2005-09-27 | Cisco Technology, Inc. | Network audit tool |
US20060034237A1 (en) * | 2004-05-21 | 2006-02-16 | Bea Systems, Inc. | Dynamically configurable service oriented architecture |
EP1850245A1 (en) * | 2006-04-28 | 2007-10-31 | Sap Ag | Systems and methods for providing a generic audit trail service |
CN107277024A (en) * | 2017-06-27 | 2017-10-20 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system based on TDI interface layers |
CN107395570A (en) * | 2017-06-28 | 2017-11-24 | 青岛以太科技股份有限公司 | Cloud platform auditing system based on big data administrative analysis |
CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
CN110011973A (en) * | 2019-03-06 | 2019-07-12 | 浙江国利网安科技有限公司 | Industrial control network access rule construction method and training system |
US20210034496A1 (en) * | 2019-07-29 | 2021-02-04 | Ncr Corporation | Auditing-as-a-service |
CN112685020A (en) * | 2020-12-24 | 2021-04-20 | 京东数字科技控股股份有限公司 | Method and device for dynamically creating service interface, electronic equipment and storage medium |
CN113301049A (en) * | 2021-05-26 | 2021-08-24 | 杭州安恒信息技术股份有限公司 | Industrial control equipment auditing method, device, equipment and readable storage medium |
Non-Patent Citations (3)
Title |
---|
DONALD CALDWELL; SEUNGJOON LEE; SHUBHO SEN; JENNIFER YATES: "Gold standard auditing for router configurations", 2010 17TH IEEE WORKSHOP ON LOCAL & METROPOLITAN AREA NETWORKS (LANMAN) * |
周建宁;季君;吴陈龙;戴欣宇;朱梁;: "多维度数据库安全审计设计和实现", 中国公共安全(学术版), no. 04 * |
张建宇;韦韬;邹维;: "一种基于自适应缓存机制的报文分类算法", 计算机研究与发展, no. 02 * |
Also Published As
Publication number | Publication date |
---|---|
CN114363169B (en) | 2023-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11507450B2 (en) | Systems and methods to reprogram mobile devices via a cross-matrix controller to port connection | |
US20230269326A1 (en) | Automatically collected device problem information to route and guide users’ requests | |
CN112291724B (en) | 5G signaling visualization method and device | |
CN110968356B (en) | Method and device for acquiring configuration information | |
CN1808994A (en) | Method and system of interface synchronization in general-purpose mobile communication system | |
CN114363169A (en) | Device auditing method based on SPI | |
EP2993825A2 (en) | Network entity discovery and service stitching | |
CN109783026A (en) | A kind of method and device of automatic configuration server RAID | |
CN111339055B (en) | Big data cluster capacity expansion method and device | |
CN102413488B (en) | Information interacting method in automatic drive test system and equipment | |
US9294865B2 (en) | Enhanced system and method for custom programming of large groups of phones without requiring additional equipment | |
CN111770487B (en) | Access Point Name (APN) information configuration method, equipment and medium | |
CN114071464A (en) | Private network implementation method, device, equipment and storage medium based on 5G message | |
CN107124760B (en) | APN information collection and synchronization method, terminal device and storage medium | |
CN105812228B (en) | Group information filtration system and method | |
CN102883079A (en) | Method for realizing one-key navigation flow based on Telematics system | |
CN112559256B (en) | Automatic backup method of SSH TELNET equipment | |
CN114567651A (en) | Rapid visual access method for equipment and Internet of things platform | |
CN117793127A (en) | Operation command generation method, micro-service architecture communication method and micro-service system | |
CN117729105A (en) | Business account checking method and system | |
CN111371602A (en) | Alarm information processing method and equipment | |
CN117641348A (en) | Method, device, equipment and medium for realizing SDWAN zero configuration switching | |
JP2003069566A (en) | Network testing method and system and its program and record medium | |
CN108733607A (en) | A kind of connection communication method and apparatus | |
CN105282726A (en) | Backward flow service processing method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |