CN115086160A - Log acquisition method, terminal agent and equipment based on SaaS platform - Google Patents
Log acquisition method, terminal agent and equipment based on SaaS platform Download PDFInfo
- Publication number
- CN115086160A CN115086160A CN202210647006.2A CN202210647006A CN115086160A CN 115086160 A CN115086160 A CN 115086160A CN 202210647006 A CN202210647006 A CN 202210647006A CN 115086160 A CN115086160 A CN 115086160A
- Authority
- CN
- China
- Prior art keywords
- database
- service
- log
- saas platform
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012550 audit Methods 0.000 claims abstract description 109
- 238000004891 communication Methods 0.000 claims abstract description 48
- 238000007726 management method Methods 0.000 claims description 19
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 7
- 238000002955 isolation Methods 0.000 abstract description 12
- 230000006399 behavior Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application discloses a log collection method, a terminal agent and equipment based on a software as a service (SaaS) platform, which comprise the following steps: acquiring a database communication message of a local database system; analyzing the database communication message based on a database protocol to obtain a database audit log; and uploading the database audit log to a database audit service in the SaaS platform. Therefore, the database audit logs of the local database system are obtained through the terminal agents deployed at the user terminals and then uploaded to the database audit service in the SaaS platform, so that the database audit logs of different user terminals and the effective isolation of multi-tenant data can be guaranteed to be accurately acquired under a multi-tenant scene, and meanwhile, the operation cost of users is saved.
Description
Technical Field
The application relates to the technical field of log collection, in particular to a log collection method, a terminal agent and equipment based on a software as a service (SaaS) platform.
Background
With the emergence and the continuous popularization of the SaaS (Software as a Service) platform, more and more enterprises meet certain businesses of the enterprises through leasing database audit Software services provided by SaaS platform providers, the operation cost of the traditional local deployment mode of a single tenant is high, and the requirements of most of the enterprises at present cannot be met. Due to the multi-tenant attribute of the SaaS platform, it is not so simple to realize that different tenants can acquire related operation logs of different local terminal databases, so how to ensure effective isolation of data between the tenants and how to accurately acquire behavior log data of different terminal databases is a problem to be solved urgently at present.
Disclosure of Invention
In view of this, an object of the present application is to provide a log collecting method, a terminal agent, and a device based on a SaaS platform, which can ensure that database audit logs of different user terminals and effective isolation of multi-tenant data are accurately collected in a multi-tenant scenario, and at the same time, save operation cost of a user. The specific scheme is as follows:
in a first aspect, the present application discloses a log collection method based on a SaaS platform, which is applied to a terminal agent deployed in a user terminal, and the method includes:
acquiring a database communication message of a local database system;
analyzing the database communication message based on a database protocol to obtain a database audit log;
and uploading the database audit log to a database audit service in the SaaS platform.
Optionally, the analyzing the database communication packet based on the database protocol to obtain a database audit log includes:
analyzing the database communication message based on a database protocol to obtain an initial log;
and replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log.
Optionally, the terminal agent includes a log parsing service and a log reporting service, wherein,
the log analysis service is used for acquiring a database communication message of a local database system and analyzing the database communication message based on a database protocol to obtain an initial log;
the log reporting service is used for replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log and uploading the database audit log to a database audit service in a SaaS platform;
and the log analysis service is also used for sending heartbeat data packets to the log reporting service at regular time.
Optionally, the terminal agent further includes a management service, and correspondingly, the method further includes:
and collecting the running state information of the user terminal through the management service, and reporting the running state information to the database auditing service.
Optionally, the method further includes:
and acquiring an instruction issued by the database auditing service through the management service, and responding to the instruction to execute corresponding processing.
Optionally, the obtaining, by the management service, the instruction issued by the database audit service includes:
and acquiring a terminal agent version updating instruction, a terminal agent starting and stopping instruction and an operation instruction aiming at each service in the terminal agent, which are issued by the database audit service, through the management service.
Optionally, the uploading the database audit log to a database audit service in a SaaS platform includes:
sending the database audit log to a forwarding agent service so that the forwarding agent service can upload the database audit log to the database audit service in the SaaS platform;
the forwarding agent service is deployed on a host with a public network IP, and the host and the user terminal are in the same VPC.
In a second aspect, the present application discloses a terminal agent deployed in a user equipment, including:
the database communication message acquisition module is used for acquiring a database communication message of a local database system;
the database audit log acquisition module is used for analyzing the database communication message based on a database protocol to obtain a database audit log;
and the database audit log uploading module is used for uploading the database audit log to a database audit service in the SaaS platform.
In a third aspect, the present application discloses an electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the aforementioned log collection method based on the SaaS platform.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the aforementioned log collection method based on the SaaS platform.
Therefore, the database communication message of the local database system is obtained through the terminal agent deployed in the user terminal, then the database communication message is analyzed based on the database protocol to obtain the database audit log, and then the database audit log is uploaded to the database audit service in the SaaS platform. That is, according to the application, the database audit logs of the local database system are obtained through the terminal agents deployed at the user terminals and then uploaded to the database audit service in the SaaS platform, so that the database audit logs of different user terminals and the effective isolation of multi-tenant data can be guaranteed to be accurately acquired in a multi-tenant scene, and meanwhile, the operation cost of users is saved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a log collection method based on a SaaS platform disclosed in the present application;
fig. 2 is a schematic diagram of a specific SaaS platform-based log collection scheme disclosed in the present application;
fig. 3 is a schematic structural diagram of a log collection device based on a SaaS platform disclosed in the present application;
fig. 4 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
With the emergence and the continuous popularization of the SaaS platform, more and more enterprises meet certain businesses of the enterprises through leasing database audit software services provided by SaaS platform providers, the operation cost of the traditional local deployment mode of a single tenant is high, and the requirements of most of the enterprises at present cannot be met. Due to the multi-tenant attribute of the SaaS platform, it is not so simple to realize that different tenants can acquire related operation logs of different local terminal databases, so how to ensure effective isolation of data between the tenants and how to accurately acquire behavior log data of different terminal databases is a problem to be solved urgently at present. Therefore, the log collection scheme based on the SaaS platform is provided, so that the database audit logs of different user terminals and the effective isolation of multi-tenant data can be guaranteed to be accurately collected in a multi-tenant scene, and the operation cost of users is saved.
Referring to fig. 1, an embodiment of the present application discloses a log collection method based on a SaaS platform, which is applied to a terminal agent deployed in a user terminal, and the method includes:
step S11: and acquiring a database communication message of the local database system.
The user terminal can be a Linux or Windows server host built for the user locally and used for deploying the database system.
In a specific embodiment, a database communication packet, that is, a packet generated by an operation on a database, may be acquired through a pcap packet.
Step S12: and analyzing the database communication message based on a database protocol to obtain a database audit log.
In a specific implementation manner, the database communication message may be analyzed based on a database protocol to obtain an initial log; and replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log.
It should be noted that the IP address in the parsed audit log may be problematic, and is replaced with the IP address of the user terminal, so as to uniquely identify the user terminal, so as to isolate data of different tenants.
In one implementation, the terminal agent includes a log analysis service and a log reporting service, wherein the log analysis service is configured to obtain a database communication packet of a local database system, and analyze the database communication packet based on a database protocol to obtain an initial log; the log reporting service is used for replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log and uploading the database audit log to a database audit service in a SaaS platform; and the log analysis service is also used for sending heartbeat data packets to the log reporting service at regular time. The log reporting service comprises two ports, one port is used for being communicated with the log analysis service, and the other port is used for being communicated with a cloud, namely a SaaS platform.
Further, the terminal agent further comprises a management service, and the embodiment of the application can collect the running state information of the user terminal through the management service and report the running state information to the database auditing service.
In addition, the embodiment of the application can acquire the instruction issued by the database auditing service through the management service and respond to the instruction to execute corresponding processing. Specifically, a terminal agent version update instruction, a terminal agent start and stop instruction, and an operation instruction for each service in the terminal agent, which are issued by the database audit service, may be obtained by the management service.
Step S13: and uploading the database audit log to a database audit in the SaaS platform.
In one embodiment, the database audit log may be sent to a forwarding agent service, so that the forwarding agent service uploads the database audit log to a database audit service in an SaaS platform; the forwarding agent service is deployed on a host with a public network IP, and the host and the user terminal are in the same VPC (Virtual Private Cloud). That is, when the network between the user terminal and the database auditing service is not in communication, the log can be forwarded through the forwarding agent service.
In another embodiment, the database audit log may be directly uploaded to a database audit service in the SaaS platform. That is, when the user terminal and the database audit service are in network intercommunication, the log forwarding is not required to be carried out through the forwarding agent service.
Furthermore, the embodiment of the application can also collect the running state information of the forwarding agent service through the management service and report the running state information to the database audit service.
And the database audit service performs database log audit based on the acquired database audit log, and realizes data isolation of different tenants based on tenant IDs and IP addresses in the database audit log. It should be noted that, one terminal agent may be deployed in each user terminal, and each tenant may correspond to multiple user terminals.
Therefore, database audit service provided by the SaaS platform is guaranteed, database operation log information of the terminal is accurately collected and reported under the scene of multiple tenants and multiple terminals, the network is opened under the condition that the terminal is isolated from a cloud network, data can be reported normally, multi-tenant data isolation is achieved, behavior data of the database is recorded, analyzed and monitored uniformly on the SaaS platform, and data asset safety is provided.
The software-as-a-service (SaaS) platform is a platform for operating SaaS software, a SaaS platform provider sets up all network infrastructure, software and hardware operating platforms required by informatization for enterprises, software products do not need to be frequently installed and debugged on a customer site, and the software products can be upgraded and maintained in a centralized manner, so that the requirements can be collected in a centralized manner, and the enterprises lease software services from the SaaS provider according to actual requirements. Database auditing: taking a security event as a center, taking comprehensive audit and accurate audit as a basis, recording database activities on a network in real time, carrying out compliance management of fine-grained audit on database operation, and carrying out real-time warning on risk behaviors suffered by the database. The method helps the user generate a compliance report and accident tracing and tracing sources afterwards by recording, analyzing and reporting the database access behaviors of the user, provides an efficient inquiry and audit report by a big data search technology, positions the reasons of the events, so that the users can inquire, analyze and filter the events in the future, monitor and audit of the network behaviors of the internal and external databases are enhanced, and the data asset safety is improved.
Therefore, in the embodiment of the application, the database communication message of the local database system is acquired through the terminal agent deployed in the user terminal, then the database communication message is analyzed based on the database protocol to obtain the database audit log, and then the database audit log is uploaded to the database audit service in the SaaS platform. That is, in the embodiment of the application, the database audit log of the local database system is acquired by the terminal agent deployed in the user terminal, and then is uploaded to the database audit service in the SaaS platform, so that the database audit log of different user terminals and the effective isolation of multi-tenant data can be ensured to be accurately acquired in a multi-tenant scene, and the operation cost of a user is saved.
For example, referring to fig. 2, fig. 2 is a schematic diagram of a specific log collection scheme based on a SaaS platform disclosed in the embodiment of the present application. Among them, the DBAgent can execute a program (i.e., a terminal agent): a program installation package (DBagent) which can be installed on a client database server host after being decompressed by a linux system or a windows system; proxy executable (i.e. forwarding Proxy service): an agent program installation package (hereinafter, referred to as Proxy) mainly used for opening network isolation and realizing that the data of the DBagent can be normally reported to the cloud under the condition that the network is not communicated; the module does not need to be installed, and only when the network of the client local database assets cannot be communicated with the cloud normally, the module needs to be installed. dbagent (i.e., log resolution service): one service module of the DBAgents mainly plays a role in storing heartbeats with a cloud end; the local packet capturing and log restoring are carried out and reported to the cloud; tcpproxy (i.e. log reporting service): one service module of the DBAgents is mainly used for replacing the IP in the log file reported by the DBAgent and solving the problem of IP conflict; one of the service modules in the DBAgents is mainly used for managing service processes, receiving cloud control instructions and the like; dbproxy: the flow inlet agent module is mainly used for reporting log agent forwarding and forwarding a service platform API request by a client side; a service platform: the method mainly refers to SaaS database audit service on a SaaS platform, and is mainly used for processing business data, analyzing and displaying the data and processing business functions. That is, the whole DBAgent includes 3 service modules, which are respectively: the dbagent module, the tcpproxy module and the db _ manager module; each module is an independent service application, plays an independent service process and respectively plays different roles; in a scene that a client network cannot communicate with a service platform, a Proxy agent module needs to be additionally installed, and the Proxy agent module needs to be installed on a host with a public IP in a client VPC, so that the Proxy agent module can reach a database host network in the client VPC and can also reach the service platform network; finally, the users are unaware of the information, and do not need to care how the internal business logic is realized, how log information is collected, and how the information is reported to the cloud; for the user, the method can be simply operated and used and can meet the service scene of the user. The following describes each service in detail:
the dbagent service mainly achieves the logic that a database communication message is obtained through a pcap packet, the message is analyzed according to a db protocol, the analyzed data is reported to a cloud, in the period, the heartbeat connection with a tcp proxy is required to be kept, and a heartbeat packet is sent at regular time; keeping the heartbeat in communication with the 127.0.0.1:13001 port; and the log uploading cloud is communicated with a 127.0.0.1:13002 port corresponding to tcpproxy. the tcp proxy service is mainly responsible for replacing an IP address in a log uploaded by the dbagent service, solving the problem of intranet address conflict after the multi-tenant log is uploaded to the cloud, keeping heartbeat connection with the dbagent in the period, ensuring that the dbagent is always on line, and finally reporting the log to the cloud; work at 127.0.0.1:13001 and 127.0.0.1: 13002. And the db _ manager service is mainly responsible for collecting system operation information of the local equipment and the dbproxy service, reporting the system operation information to the cloud, and receiving a cloud control instruction to update the version and manage each service in the terminal agent. Communicating with 443 port of the service platform public network entry address; the start, stop and monitoring of all service processes of the DBAagent and the interaction with the service platform are mainly responsible for the service. The dbproxy service is based on gost to implement L4 forwarding through secondary development, and seven-layer forwarding is implemented by using an HTTP module of Nginx. The related business logic realizes the main logic through the integrated Lua code. The detailed logic is to provide external API to issue forwarding configuration through exposing 443 port by starting a Nginx service; in addition, the gost module plays a role of forwarding the log reported by the client side, a Balance _ by _ lua code is embedded in the upstream (self-defined code), the log is forwarded to a number examination example specified by the service platform according to the public network outlet IP of the client, and the mapping relation between the public network outlet IP and the service platform is obtained through local redis. The service platform mainly receives the reported database operation logs by issuing cloud control instructions to a client side DBagent, and performs the functions of analyzing, processing and displaying the logs, monitoring abnormal data, alarming abnormal behaviors and the like; and isolation of respective tenant data under multiple tenants. Therefore, terminal logs are collected and reported through the DBAgents and the Proxy modules, a network flow Proxy forwarding function is realized, a plurality of service function modules are related inside, business logic is realized through a plurality of programming languages such as Go, Java, Shell, lua and the like, and accordingly database auditing service capacity provided by the SaaS platform is realized. For enterprises, the access platform is simple and easy to operate, only the agent needs to be installed at the terminal, if the terminal network can be normally communicated with the cloud end, the proxy module does not need to be installed additionally, and if the network is not communicated, the proxy module is installed.
Referring to fig. 3, an embodiment of the present application provides a terminal agent, where the terminal agent is deployed in a user terminal, and the terminal agent includes:
a database communication message obtaining module 11, configured to obtain a database communication message of a local database system;
the database audit log obtaining module 12 is configured to analyze the database communication packet based on a database protocol to obtain a database audit log;
and the database audit log uploading module 13 is used for uploading the database audit log to a database audit service in the SaaS platform.
Therefore, in the embodiment of the application, the database communication message of the local database system is acquired through the terminal agent deployed in the user terminal, then the database communication message is analyzed based on the database protocol to obtain the database audit log, and then the database audit log is uploaded to the database audit service in the SaaS platform. That is, in the embodiment of the application, the database audit log of the local database system is acquired by the terminal agent deployed in the user terminal, and then is uploaded to the database audit service in the SaaS platform, so that the database audit log of different user terminals and the effective isolation of multi-tenant data can be ensured to be accurately acquired in a multi-tenant scene, and the operation cost of a user is saved.
The database audit log obtaining module 12 specifically includes:
the message analysis unit is used for analyzing the database communication message based on a database protocol to obtain an initial log;
and the IP address replacing unit is used for replacing the IP address in the initial log with the IP address of the user terminal to obtain the database audit log.
Further, in an embodiment, the terminal agent includes a log analysis service and a log reporting service, where the log analysis service includes a database communication packet obtaining module 11 and a packet analysis unit; that is, the log analysis service is used for acquiring a database communication message of a local database system, and analyzing the database communication message based on a database protocol to obtain an initial log; the log reporting service comprises an IP address replacing unit and a database audit log uploading module 13, namely the log reporting service is used for replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log and uploading the database audit log to the database audit service in the SaaS platform; and the log analysis service is also used for sending heartbeat data packets to the log reporting service at regular time.
Further, the terminal agent further comprises a management service, which is used for collecting the running state information of the user terminal and reporting the running state information to the database auditing service.
And the management service is also used for acquiring an instruction issued by the database auditing service and responding to the instruction to execute corresponding processing.
The management service is used for acquiring a terminal agent version updating instruction, a terminal agent starting and stopping instruction and an operation instruction aiming at each service in the terminal agent, which are issued by the database audit service.
In one embodiment, the database audit log uploading module 13 is configured to send the database audit log to a forwarding agent service, so that the forwarding agent service uploads the database audit log to a database audit service in an SaaS platform;
the forwarding agent service is deployed on a host with a public network IP, and the host and the user terminal are in the same VPC.
Referring to fig. 4, an embodiment of the present application discloses an electronic device 20, which includes a processor 21 and a memory 22; wherein, the memory 22 is used for saving computer programs; the processor 21 is configured to execute the computer program, and the method for acquiring logs based on the SaaS platform disclosed in the foregoing embodiment.
For a specific process of the log collecting method based on the SaaS platform, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The memory 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage mode may be a transient storage mode or a permanent storage mode.
In addition, the electronic device 20 further includes a power supply 23, a communication interface 24, an input-output interface 25, and a communication bus 26; the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to a specific application requirement, which is not specifically limited herein.
Further, an embodiment of the present application also discloses a computer-readable storage medium, configured to store a computer program, where the computer program is executed by a processor to implement the SaaS platform-based log collection method disclosed in the foregoing embodiment.
For a specific process of the log collecting method based on the SaaS platform, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The method, the terminal agent and the equipment for acquiring the logs based on the SaaS platform are introduced in detail, specific examples are applied in the method for explaining the principle and the implementation mode of the method, and the description of the embodiments is only used for helping to understand the method and the core idea of the method; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A log collection method based on a software as a service (SaaS) platform is characterized by being applied to a terminal agent, wherein the terminal agent is deployed in a user terminal, and the method comprises the following steps:
acquiring a database communication message of a local database system;
analyzing the database communication message based on a database protocol to obtain a database audit log;
and uploading the database audit log to a database audit service in the SaaS platform.
2. The SaaS platform-based log collection method according to claim 1, wherein the analyzing the database communication messages based on a database protocol to obtain a database audit log comprises:
analyzing the database communication message based on a database protocol to obtain an initial log;
and replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log.
3. The SaaS platform-based log collection method according to claim 2, wherein the terminal agent comprises a log parsing service, a log reporting service, wherein,
the log analysis service is used for acquiring a database communication message of a local database system and analyzing the database communication message based on a database protocol to obtain an initial log;
the log reporting service is used for replacing the IP address in the initial log with the IP address of the user terminal to obtain a database audit log and uploading the database audit log to a database audit service in a SaaS platform;
and the log analysis service is also used for sending heartbeat data packets to the log reporting service at regular time.
4. The SaaS platform-based log collection method according to claim 3, wherein the terminal agent further includes a management service, and accordingly, the method further includes:
and collecting the running state information of the user terminal through the management service, and reporting the running state information to the database auditing service.
5. The SaaS platform-based log collection method according to claim 4, further comprising:
and acquiring an instruction issued by the database auditing service through the management service, and responding to the instruction to execute corresponding processing.
6. The SaaS platform-based log collection method according to claim 5, wherein the obtaining of the instruction issued by the database audit service through the management service includes:
and acquiring a terminal agent version updating instruction, a terminal agent starting and stopping instruction and an operation instruction aiming at each service in the terminal agent, which are issued by the database audit service, through the management service.
7. The SaaS platform-based log collection method according to any one of claims 1 to 6, wherein the uploading of the database audit log to a database audit service in a SaaS platform includes:
sending the database audit log to a forwarding agent service so that the forwarding agent service can upload the database audit log to the database audit service in the SaaS platform;
the forwarding agent service is deployed on a host with a public network IP, and the host and the user terminal are in the same VPC.
8. A terminal agent, wherein the terminal agent is deployed in a user terminal, comprising:
the database communication message acquisition module is used for acquiring a database communication message of a local database system;
the database audit log acquisition module is used for analyzing the database communication message based on a database protocol to obtain a database audit log;
and the database audit log uploading module is used for uploading the database audit log to a database audit service in the SaaS platform.
9. An electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the SaaS platform-based log collection method according to any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the SaaS platform-based log collection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210647006.2A CN115086160A (en) | 2022-06-09 | 2022-06-09 | Log acquisition method, terminal agent and equipment based on SaaS platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210647006.2A CN115086160A (en) | 2022-06-09 | 2022-06-09 | Log acquisition method, terminal agent and equipment based on SaaS platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115086160A true CN115086160A (en) | 2022-09-20 |
Family
ID=83251375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210647006.2A Withdrawn CN115086160A (en) | 2022-06-09 | 2022-06-09 | Log acquisition method, terminal agent and equipment based on SaaS platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086160A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115827391A (en) * | 2023-02-06 | 2023-03-21 | 北京仁科互动网络技术有限公司 | Running state monitoring method and device, monitoring platform and software service system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103329129A (en) * | 2011-01-12 | 2013-09-25 | 国际商业机器公司 | Multi-tenant audit awareness in support of cloud environments |
| CN113269531A (en) * | 2021-06-04 | 2021-08-17 | 深圳墨门善守科技有限公司 | Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment |
| CN114064429A (en) * | 2021-10-31 | 2022-02-18 | 远光软件股份有限公司 | Audit log acquisition method and device, storage medium and server |
-
2022
- 2022-06-09 CN CN202210647006.2A patent/CN115086160A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103329129A (en) * | 2011-01-12 | 2013-09-25 | 国际商业机器公司 | Multi-tenant audit awareness in support of cloud environments |
| CN113269531A (en) * | 2021-06-04 | 2021-08-17 | 深圳墨门善守科技有限公司 | Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment |
| CN114064429A (en) * | 2021-10-31 | 2022-02-18 | 远光软件股份有限公司 | Audit log acquisition method and device, storage medium and server |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115827391A (en) * | 2023-02-06 | 2023-03-21 | 北京仁科互动网络技术有限公司 | Running state monitoring method and device, monitoring platform and software service system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions. | |
| US8135827B2 (en) | Distributed capture and aggregation of dynamic application usage information | |
| EP3758297A1 (en) | Network-based resource configuration discovery service | |
| CN111786949A (en) | Firewall security policy automatic adaptation system and method | |
| US8005890B2 (en) | System and method for obtaining and executing instructions from a private network | |
| US20080162690A1 (en) | Application Management System | |
| KR100865015B1 (en) | Realtime unification management information data conversion and monitoring apparatus and method for thereof | |
| CN107241229B (en) | Service monitoring method and device based on interface testing tool | |
| CN112383502A (en) | Method and system for uniformly monitoring physical machine and virtual machine and electronic device | |
| CN110727560A (en) | Cloud service alarm method and device | |
| CN112333044B (en) | Shunting equipment performance test method, device and system, electronic equipment and medium | |
| CN112187491A (en) | Server management method, device and equipment | |
| US20230164148A1 (en) | Enhanced cloud infrastructure security through runtime visibility into deployed software | |
| CN114244676A (en) | Intelligent IT integrated gateway system | |
| Loreti et al. | SRv6-PM: A cloud-native architecture for performance monitoring of SRv6 networks | |
| CN115086160A (en) | Log acquisition method, terminal agent and equipment based on SaaS platform | |
| CN110912751A (en) | Network equipment topological graph generation method and related device | |
| CN109951313B (en) | Monitoring device and method for Hadoop cloud platform | |
| US10338544B2 (en) | Communication configuration analysis in process control systems | |
| US9356826B2 (en) | Connecting network management systems | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| US10459895B2 (en) | Database storage monitoring equipment | |
| CN116582465A (en) | Link monitoring method, medium, device and computing equipment | |
| CN115514670B (en) | Data capturing method, device, electronic equipment and storage medium | |
| KR100597196B1 (en) | Intranet Security Management System and Security Management Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220920 |