CN114443227A - Method and system for acquiring Windows system events in cloud environment - Google Patents
Method and system for acquiring Windows system events in cloud environment Download PDFInfo
- Publication number
- CN114443227A CN114443227A CN202210082188.3A CN202210082188A CN114443227A CN 114443227 A CN114443227 A CN 114443227A CN 202210082188 A CN202210082188 A CN 202210082188A CN 114443227 A CN114443227 A CN 114443227A
- Authority
- CN
- China
- Prior art keywords
- program
- file
- standardized
- module
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012545 processing Methods 0.000 claims abstract description 44
- 238000004806 packaging method and process Methods 0.000 claims abstract description 21
- 238000003860 storage Methods 0.000 claims abstract description 11
- 238000012544 monitoring process Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 10
- 238000007789 sealing Methods 0.000 claims description 9
- 238000007405 data analysis Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 6
- 238000005538 encapsulation Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000003032 molecular docking Methods 0.000 claims 1
- 230000008859 change Effects 0.000 abstract description 4
- 238000012423 maintenance Methods 0.000 abstract description 4
- 238000005457 optimization Methods 0.000 abstract description 4
- 238000013480 data collection Methods 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 18
- 230000006978 adaptation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 238000012858 packaging process Methods 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method and a system for acquiring Windows system events in a cloud environment, belonging to the field of cloud environment servers; s1, packaging the basic system event information command into a cloud server starting mirror image template; s2, modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program; s3 data collection standardization configuration work, through the collection of the original data catalog storage filing, collection of the standardized processing of the files output catalog file filing, standardized file output after the data timing warehousing filing operation; the method can be flexibly deployed, and meets the requirement that a client accurately acquires the event information of the virtual operating system which runs in the cloud environment after the client goes to the cloud of the managed application system, so that the client can be used for operation and maintenance operations such as environment type selection, parameter optimization, resource change and the like by analyzing and acquiring the acquired event information value of the operating system according to the current application running performance situation, and the client can use the resources on the cloud to the maximum extent.
Description
Technical Field
The invention discloses a method and a system for acquiring Windows system events in a cloud environment, and relates to the technical field of cloud environment servers.
Background
In the deployment of the virtualized environment of the cloud center, the cloud platform can provide cloud server resources of different versions for tenants to use, the tenants need to collect alarm events of the virtual machine instance operating system in the process of using the cloud server resources, therefore, operation and maintenance personnel can quickly know the running state of the virtual machine instance operating system level in the cloud environment, thereby timely processing the potential risk problem inside the operation downlink so as to timely process the change and medium optimization of the cloud server resources, the accuracy of the index can be used as a reference standard for evaluating the running health state of the virtual machine instance by a client, moreover, the client can know the scenes such as risk problems and the like applied in the internal operation process of the virtual machine operating system in more detail, and powerful data index evidence is provided for optimizing the internal parameter configuration change of the operating system for the client;
under the current situation of cloud service, a plurality of cloud service providers use a traditional virtualization tool carried by a cloud environment to check and acquire operation indexes inside a virtual machine of a cloud server, and because index data does not have an alarm event acquisition function at an operating system level, a client cannot timely know alarm events at the operating system level inside the virtual machine operated by an application, and if the client needs to know and acquire the alarm events at the operating system level more timely, the client can timely repair and process the alarm events for the operating system according to the alarm events, so that the frequency of abnormal interruption during the operation of the application is reduced, and the operation of the application on the client cloud is more stably ensured;
therefore, the invention provides a method and a system for acquiring Windows system events in a cloud environment, so as to solve the problems.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for acquiring Windows system events in a cloud environment, which adopts the following technical scheme: a method for collecting Windows system events in a cloud environment comprises the following specific steps:
s1, packaging the basic system event information instruction into a cloud server starting mirror image template;
s2, modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
s3 standardized configuration work of collected data, storing and filing the collected original data in a directory, outputting the directory file for filing after standardized processing of the collected files, and filing the data in a warehouse at regular time after the standardized files are output.
The specific steps of encapsulating the system event information basic instruction into the cloud server boot image template by the S1 are as follows:
s101, using a system event information basic instruction to acquire command customized processing module configuration of virtual system event information;
s102, aiming at different operating system versions, the mirror image templates are classified and packaged into the mirror image templates of different operating system versions when the mirror images are manufactured;
s103, storing the mirror image template for starting the cloud server into a medium deployed by the platform according to the standardized name of the product.
The S2 modifies and perfects the acquisition program, and the specific steps of adding the program for acquiring and checking the agent state and the acquisition docking program are as follows:
s201, compiling an agent service program corresponding to basic instruction collection, and collecting virtual system event information through the basic instruction;
s202, adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
s203, carrying out program matching of the acquisition timing task aiming at the qemu-guest-agent program under the libvirt kernel, and completing the realization of the program customized management function of the acquisition timing task;
s204, performing plate closing processing on the acquisition program, and performing management registration by using a timing task.
The step of S3 standardized configuration of collected data includes the following steps:
s301, configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file in the directory of the original acquisition file;
s302, a configuration flow of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
s303, using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to the acquisition index of the monitoring system database at regular time to finish archiving and storing.
A system for Windows system event collection under cloud environment specifically comprises an information packaging module, a program configuration module and a data configuration module:
an information packaging module: packaging the system event information basic instruction into a cloud server starting mirror image template;
a program configuration module: modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
a data configuration module: the collected data is subjected to standardized configuration work, and the collected original data is stored and filed in a directory, the output directory file is filed after the collected files are subjected to standardized processing, and the data after the standardized files are output is put into a warehouse and filed at regular time.
The information packaging module specifically comprises a customized configuration module, a template packaging module and a template storage module:
a customization configuration module: using a system event information basic instruction to acquire command customization processing module configuration of virtual system event information;
and (3) template packaging module: the method comprises the steps that a mirror image template is used for different operating system versions, and the mirror image template is classified and packaged into mirror image templates of different operating system versions when a mirror image is manufactured;
a template storage module: and storing the mirror image template for starting the cloud server into a medium deployed by the platform according to the standardized name of the product.
The program configuration module specifically comprises a function acquisition module, a program detection module, a timing matching module and a sealing plate processing module:
the function acquisition module: compiling agent service programs corresponding to basic instruction collection, and collecting virtual system event information through the basic instructions;
a program detection module: adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
a timing matching module: program matching of collecting timing tasks is carried out aiming at a qemu-guest-agent program under a libvirt kernel;
a plate sealing processing module: and performing plate sealing treatment on the acquisition program, and performing management registration by using a timing task.
The data configuration module specifically comprises a directory configuration module, a file configuration module and a file storage module:
a catalog configuration module: configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file under the directory of the original acquisition file;
a file configuration module: the configuration process of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
a file warehousing module: and using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to the acquisition index of the monitoring system database at regular time to finish archiving and storing.
The invention has the beneficial effects that: the method integrates a basic acquisition instruction into agent service, injects the agent service into a cloud server mirror image, starts the cloud server by using the mirror image, finishes original function encapsulation of acquired data in an acquisition program, and manages the acquisition program by using a timing task, thereby ensuring the real-time performance of acquiring event information data of the virtual operating system; in a cloud environment of a cloud center, a cloud platform can provide cloud server resources of different versions, make mirror image templates of different versions, provide the mirror image templates for an acquisition program to call, acquire original data of event information, use a standardized processing analysis program to preprocess the original data, and finally archive the original data into a related performance index data table of a monitoring system;
the final requirement of data acquisition is finished after the logic judgment utility is processed and called, so that the deployment and the management are convenient, the transverse expansion and the flexible management can be realized for each submodule, and the method can adapt to operating systems of different versions and cloud environments of different types and is flexible in adaptation; the method can be flexibly deployed, and meets the requirement that a client accurately acquires the event information of the virtual operating system which runs in the cloud environment after the client goes to the cloud of the managed application system, so that the client can be used for operation and maintenance operations such as environment type selection, parameter optimization, resource change and the like by analyzing and acquiring the acquired event information value of the operating system according to the current application running performance situation, and the client can use the resources on the cloud to the maximum extent.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart illustrating an example of a technique for packaging an instruction agent; FIG. 2 is a flowchart illustrating a process of registering an agent with a cloud server to mirror a template according to an embodiment of the present invention; FIG. 3 is a flow chart of index data processing in an embodiment of the present invention; FIG. 4 is a flowchart of program deployment in an embodiment of the invention.
Detailed Description
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
The first embodiment is as follows:
a method for collecting Windows system events in a cloud environment comprises the following specific steps:
s1, packaging the basic system event information instruction into a cloud server starting mirror image template;
s2, modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
s3 data collection standardization configuration work, through the collection of the original data catalog storage filing, collection of the standardized processing of the files output catalog file filing, standardized file output after the data timing warehousing filing operation;
aiming at indexes of a cloud server running in a cloud environment, an adaptive acquisition kernel tool is added in a monitoring system and can be flexibly managed, the method of the invention carries out expanded encapsulation and transformation on a management interface of a libvirt kernel tool qemu-guest-agent, an interface mode of directly acquiring indexes of system event information in the cloud server by using an instruction is formed by using a service mapping method at a lower layer, original data information of the system event information acquisition instruction is butted, accurate data acquisition and collection functions of a business system on the cloud server on a use scene in the cloud environment are realized, data layer adaptation adjustment of a standard instruction is carried out according to the obstructed category of the system, a basic instruction is encapsulated and fixed in a mirror image template started by the cloud server by using the interface instruction, and a penetrating acquisition model of virtual system event information from top to bottom is formed, the method provides accurate and real-time index data of the virtual system event information for the client, not only meets the requirement of optimizing and adjusting the system event information generated by analyzing and perfecting the application of the client, but also increases the data index function of a monitoring system;
the method is based on an operation system with a monitoring command tool, an agent management program is packaged outside a basic monitoring command, secondary development and preparation are carried out on the program, the program is packaged and registered in a mirror image template started by a cloud server, the agent is started in a service management mode, and an agent service port is configured and mapped to obtain the alarm events of an operation system layer in a virtual machine operation system in time;
based on an agent tool after the basic monitoring integration of an operating system, injecting the agent tool into a mirror image template VMImage started by a cloud server; opening cloud server resources for the client by using the VMImage; detecting and checking the running state of an agent program inside a cloud server by using a qemu-guest-agent tool in libvirt; calling a basic command in the virtual machine operating system by using an agent packaged instruction; after the command is called, data returned by the command is acquired and used as original acquisition data of the event information of the operating system; performing normalization on the data according to a standard data structure; warehousing and archiving after standardization;
further, the specific steps of encapsulating the system event information basic instruction into the cloud server boot image template in S1 are as follows:
s101, using a system event information basic instruction to acquire command customized processing module configuration of virtual system event information;
s102, a mirror image template is used for classifying and packaging the mirror image template into mirror image templates of different operating system versions when a mirror image is manufactured aiming at different operating system versions;
s103, storing the mirror image template for starting the cloud server into a medium deployed on a platform according to a product standardized name, and taking the mirror image template as baseline template data for long-term maintenance;
the basic instruction agent packaging process is as shown in fig. 1, a program of an agent in a cloud server image template can be customized, a basic command for obtaining event information of an operating system is packaged, the acquisition of the event information of a system layer inside a virtual machine operating system in which cloud application runs on a client is completed, the event information is ready for scheduling of a qemu-guest-agent program, the use scene is wide, and the function management is flexible;
further, the step S2 of modifying and perfecting the collection program, and the specific steps of adding the program for collecting and checking the agent status and the collection docking program are as follows:
s201, compiling an agent service program corresponding to basic instruction collection, and collecting virtual system event information through the basic instruction;
s202, adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
s203, carrying out program matching of the acquisition timing task aiming at the qemu-guest-agent program under the libvirt kernel, and completing the realization of the program customized management function of the acquisition timing task;
s204, performing plate closing processing on the acquisition program, and performing management registration by using a timing task;
the requirement of a customer is that the alarm information of the system event occurring in the running process of the tenant application can be accurately acquired and collected; successfully acquiring event information of a virtual internal operating system level, which is required to be acquired by a client, fusing the acquisition command, using agent service in a mirror image template as a springboard for acquiring the event information command of the operating system, using qemu-guest-agent management in a libvirt tool and calling the service of the agent in the mirror image template of the cloud server, thereby accurately acquiring system event information of an operating system level in the cloud server, managing and calling the agent service in the cloud server through the qemu-guest-agent tool, and generating a corresponding original data acquisition file for standardized use by the acquired operating system event information in the cloud server;
still further, the step of S3 standardized configuration of collected data includes storing and filing the collected original data directory, outputting the directory file for filing after standardized processing of the collected files, and filing the data in the database at regular time after outputting the standardized files, which includes the following steps:
s301, configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file in the directory of the original acquisition file;
s302, a configuration flow of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
s303, using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to acquisition indexes of a monitoring system database at regular time to finish archiving and storing;
firstly, a client needs to accurately acquire relevant indexes of event information of an internal operating system of a cloud server, and the indexes are put into a warehouse for filing and serve as a reference value of event information generated by analyzing the operating system level by the client, so that the user can timely master the system events of the operating system, the influence of an alarm event on the operating system is judged, and the user is enabled to perform subsequent improvement and optimization on cloud service application deployment;
an operating system layer basic command is introduced, a system event in a virtual machine operating system can be checked, the command is encapsulated into a program of an agent, and the command is finally manufactured into a virtual machine image used for starting a cloud server;
acquiring a qemu-request-agent tool inside a program, packaging and calling the qemu-request-agent tool inside libvirt, detecting agent service inside a cloud server by using the tool, and calling an acquiring action of an operating system event inside the agent; the acquired data automatically generates an original data file, and stores the original data file in a file directory of a planned acquisition server, at the moment, a standardized tool can be used for executing a standardized command on the original acquired data according to a filing data structure, so that a standardized data file of the event information of the operating system is automatically generated and stored in the standardized file filing directory of the acquisition server, and a warehousing program is waited for executing filing operation on the standardized data of the type;
in cloud services on a cloud center, the products using the cloud server are the most, wherein a service system on the cloud server is deployed, a client has a requirement for knowing virtual machine internal operating system event information generated by application of the cloud services deployed by the client in real time, and the more accurate the system event information on the operating system layer needs, the more beneficial the client is to the operation of optimizing, selecting, upgrading version and the like of the application system;
the function adopts a design mode of loading agent service in the cloud server, encapsulates a basic instruction for acquiring system event information on the operating system level into the agent service, performs customized processing on the agent service, performs customized function on a starting mirror image template of the cloud server, and injects the services of the agent into different mirror image templates according to the classification of different operating systems, so that the service program management of the agent is stabilized, and unified port allocation and management are performed from the versions of the mirror image templates, thereby facilitating deployment and use;
the function adopts libvirt management customization of a platform layer, program functions are expanded in a kernel tool qemu-guest-agent of the libvirt layer according to a use scene, a basic management instruction tool in the agent is obtained through the libvirt tool, the acquisition function of the basic instruction is flexibly configured in a management mode of libvirt from processing mode port mapping of the agent, and versions of different types of operating systems are supported in a diversified manner;
after the libvirt acquisition tool is customized and processed, expansion is added from the interior of the acquisition program, so that the distribution function of the timing task management acquisition program can be realized, and the customized processing of the acquisition task can be performed;
the storage management of the original data is well done for the collected data, the standardized processing program analyzes the original data, the collection log and the log output in a standardized way are added, two tasks are decomposed from the collection log and managed independently, the difficulty in positioning the data collection index problem is reduced, the task flow of the data processing link is clearly decomposed, and the standardized data storage task is processed in a standardized way;
for the collected original index data, the processing standardization of the relevant data indexes of the collected system event information is well managed, and the process of data warehousing is completely finished, so that the persistence of data storage is stabilized, and the data is conveniently used as follow-up analysis to provide an expansion function for report form use.
Example two:
a system for Windows system event collection under cloud environment specifically comprises an information packaging module, a program configuration module and a data configuration module:
an information packaging module: packaging the system event information basic instruction into a cloud server starting mirror image template;
a program configuration module: modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
a data configuration module: the collected data is subjected to standardized configuration work, and the collected original data is stored and filed in a directory, the output directory file is filed after the standardized processing of the collected files, and the data after the standardized files are output is put into a warehouse and filed regularly;
further, the information encapsulation module specifically includes a customized configuration module, a template encapsulation module and a template storage module:
a customization configuration module: using a system event information basic instruction to acquire command customization processing module configuration of virtual system event information;
and (3) template packaging module: the method comprises the steps that a mirror image template is used for different operating system versions, and the mirror image template is classified and packaged into mirror image templates of different operating system versions when a mirror image is manufactured;
a template storage module: storing a mirror image template for starting the cloud server into a medium deployed on a platform according to a product standardized name;
further, the program configuration module specifically includes a function acquisition module, a program detection module, a timing matching module and a sealing plate processing module:
the function acquisition module: compiling agent service programs corresponding to basic instruction collection, and collecting virtual system event information through the basic instructions;
a program detection module: adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
a timing matching module: performing program matching of a collection timing task aiming at a qemu-guest-agent program under a libvirt kernel;
a plate sealing processing module: performing plate sealing treatment on the acquisition program, and performing management registration by using a timing task;
still further, the data configuration module specifically includes a directory configuration module, a file configuration module, and a file storage module:
a catalog configuration module: configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file under the directory of the original acquisition file;
a file configuration module: the configuration process of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
a file warehousing module: and using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to the acquisition index of the monitoring system database at regular time to finish archiving and storing.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A method for collecting Windows system events in a cloud environment is characterized by comprising the following specific steps:
s1, packaging the basic system event information instruction into a cloud server starting mirror image template;
s2, modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
s3 standardized configuration work of collected data, storing and filing the collected original data in a directory, outputting the directory file for filing after standardized processing of the collected files, and filing the data in a warehouse at regular time after the standardized files are output.
2. The method as claimed in claim 1, wherein the step of S1 encapsulating the system event information base command into the cloud server boot image template includes the following specific steps:
s101, using a system event information basic instruction to acquire command customized processing module configuration of virtual system event information;
s102, aiming at different operating system versions, the mirror image templates are classified and packaged into the mirror image templates of different operating system versions when the mirror images are manufactured;
s103, storing the mirror image template for starting the cloud server into a medium deployed by the platform according to the standardized name of the product.
3. The method as claimed in claim 2, wherein the step of S2 modifying the perfect collection procedure, the procedure of adding the collection check agent status and the collection docking procedure comprises the following steps:
s201, compiling an agent service program corresponding to basic instruction collection, and collecting virtual system event information through the basic instruction;
s202, adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
s203, carrying out program matching of the acquisition timing task aiming at the qemu-guest-agent program under the libvirt kernel, and completing the realization of the program customized management function of the acquisition timing task;
s204, performing plate closing processing on the acquisition program, and performing management registration by using a timing task.
4. The method as claimed in claim 3, wherein the step of S3 is a step of standardized configuration of collected data, wherein the operation of storing and filing the collected original data in a directory, outputting the directory file after the standardized processing of the collected files, and filing the data in the database after the standardized files are outputted comprises the following steps:
s301, configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file in the directory of the original acquisition file;
s302, a configuration flow of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
s303, using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to the acquisition index of the monitoring system database at regular time to finish archiving and storing.
5. A system for Windows system event collection in cloud environment is characterized in that the system specifically comprises an information packaging module, a program configuration module and a data configuration module:
an information packaging module: packaging a system event information basic instruction into a cloud server starting mirror image template;
a program configuration module: modifying and perfecting the acquisition program, and adding a program for acquiring and checking the agent state and an acquisition docking program;
a data configuration module: the collected data is subjected to standardized configuration work, and the collected original data is stored and filed in a directory, the output directory file is filed after the collected files are subjected to standardized processing, and the data after the standardized files are output is put into a warehouse and filed at regular time.
6. The system of claim 5, wherein the information encapsulation module specifically comprises a custom configuration module, a template encapsulation module, and a template storage module:
a customization configuration module: using a system event information basic instruction to acquire command customization processing module configuration of virtual system event information;
and (3) template packaging module: the method comprises the steps that a mirror image template is used for different operating system versions, and the mirror image template is classified and packaged into mirror image templates of different operating system versions when a mirror image is manufactured;
a template storage module: and storing the mirror image template for starting the cloud server into a medium deployed by the platform according to the standardized name of the product.
7. The system of claim 6, wherein the program configuration module comprises a function acquisition module, a program detection module, a timing matching module, and a sealing plate processing module:
the function acquisition module: compiling agent service programs corresponding to basic instruction collection, and collecting virtual system event information through the basic instructions;
a program detection module: adding an acquisition and inspection program, injecting the acquisition and inspection program into a qemu-guest-agent tool of a libvirt kernel, and completing detection and verification;
a timing matching module: program matching of collecting timing tasks is carried out aiming at a qemu-guest-agent program under a libvirt kernel;
a plate sealing processing module: and performing plate sealing treatment on the acquisition program, and performing management registration by using a timing task.
8. The system of claim 7, wherein the data configuration module specifically comprises a directory configuration module, a file configuration module, and a file warehousing module:
a catalog configuration module: configuring a directory by a file acquired by an acquisition program, outputting the acquired system event information data of the operating system layer to the file, and filing and storing the file under the directory of the original acquisition file;
a file configuration module: the configuration process of standardized file processing is carried out on the original file through a standardized program, the standardized configuration function of the original data file is completed, and the standardized file configuration is output to a directory of standardized file configuration;
a file warehousing module: and using a data analysis processing tool to perform warehousing operation on the standardized data file, and warehousing the standardized data into a data table related to the acquisition index of the monitoring system database at regular time to finish archiving and storing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210082188.3A CN114443227A (en) | 2022-01-24 | 2022-01-24 | Method and system for acquiring Windows system events in cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210082188.3A CN114443227A (en) | 2022-01-24 | 2022-01-24 | Method and system for acquiring Windows system events in cloud environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114443227A true CN114443227A (en) | 2022-05-06 |
Family
ID=81370369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210082188.3A Pending CN114443227A (en) | 2022-01-24 | 2022-01-24 | Method and system for acquiring Windows system events in cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114443227A (en) |
-
2022
- 2022-01-24 CN CN202210082188.3A patent/CN114443227A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10353913B2 (en) | Automating extract, transform, and load job testing | |
| CN109933522B (en) | Test method, test system and storage medium for automatic case | |
| US9805322B2 (en) | Application blueprint and deployment model for dynamic business service management (BSM) | |
| CN103412820B (en) | The method of testing of the page in Web system and device | |
| CN109947746A (en) | A kind of quality of data management-control method and system based on ETL process | |
| US20100280863A1 (en) | Automated Model Generation For Computer Based Business Process | |
| JP2023500228A (en) | ML-based event handling | |
| US20040139176A1 (en) | Systems and methods for improving service delivery | |
| CN102298365A (en) | Method for automatically identifying and managing spaceflight measurement and control earth station device change | |
| CN112363953B (en) | Interface test case generation method and system based on crawler technology and rule engine | |
| CN111158741A (en) | Method and device for monitoring change of dependency relationship of business module on third-party class library | |
| CN113553238A (en) | Cloud platform resource exception automatic processing system and method | |
| CN112416369B (en) | Intelligent deployment method oriented to heterogeneous mixed environment | |
| CN110705724A (en) | Reusable automatic operation and maintenance management system | |
| CN107463490B (en) | Cluster log centralized collection method applied to platform development | |
| CN113190513A (en) | Data integration system and method | |
| CN111752806A (en) | Method for acquiring IO (input/output) indexes of virtual disk in cloud environment | |
| CN114443227A (en) | Method and system for acquiring Windows system events in cloud environment | |
| CN108694048A (en) | A kind of implementation method of batch issuing service | |
| CN110851516B (en) | Host operation control system and method | |
| CN113987044A (en) | Asset data import processing method and device and electronic equipment | |
| CN113570347A (en) | RPA operation and maintenance method for micro-service architecture system | |
| CN112766690A (en) | Hybrid cloud resource management system | |
| CN109324951A (en) | The acquisition methods and device of hard disk information in server | |
| CN116931965B (en) | Integrated stream processing method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |