CN115437870A - Monitoring method and device for business process data, computer equipment and storage medium - Google Patents
Monitoring method and device for business process data, computer equipment and storage medium Download PDFInfo
- Publication number
- CN115437870A CN115437870A CN202110610123.7A CN202110610123A CN115437870A CN 115437870 A CN115437870 A CN 115437870A CN 202110610123 A CN202110610123 A CN 202110610123A CN 115437870 A CN115437870 A CN 115437870A
- Authority
- CN
- China
- Prior art keywords
- data
- abnormal
- user
- service system
- calling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to the field of monitoring of business abnormity, and discloses a method and a device for monitoring business process data, computer equipment and a storage medium, wherein the method comprises the following steps: acquiring log data of each service system; screening the log data to obtain abnormal data, wherein the abnormal data is data of the abnormal condition of the service system, and the abnormal data comprises an ID number of a user; calling the calling chain of the user according to the ID number, tracking according to the calling chain, and finding out the service system called by the user; checking each service system one by one according to the operation time sequence of calling the service system by a user to find out a problem system; analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy. The method and the device can output and improve the monitoring and processing efficiency of the abnormal business system.
Description
Technical Field
The present application relates to the field of monitoring business anomalies, and in particular, to a method and an apparatus for monitoring business process data, a computer device, and a storage medium.
Background
In the prior art, the business of the securities industry can be automatically operated and completed by a client calling a corresponding system, for example, the client places an order to buy stocks, places the order from the front end, passes through a plurality of middle and background core systems, and finally reports the order to a trading post, after the result returned by the trading post, the feedback information is returned according to the original channel and displayed on the front end of the client, the process needs to call a plurality of systems such as a trading system for trading operation, an account system for managing client information and the like, and the whole process is difficult to complete as long as one system is abnormal.
Disclosure of Invention
The application mainly aims to provide a method and a device for monitoring business process data, computer equipment and a storage medium, and aims to solve the problems that the existing security business process is incomplete in abnormal processing and low in efficiency.
In order to achieve the above object, the present application provides a method for monitoring business process data, including:
acquiring log data of each service system;
screening the log data to obtain abnormal data, wherein the abnormal data is data of the abnormal condition of the service system, and the abnormal data comprises an ID number of a user causing the abnormal condition;
calling the calling chain of the user according to the ID number, and tracking according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information streams of all service systems for a user;
checking each service system one by one according to the operation time sequence of the service system called by a user to find out a problem system, wherein the problem system is a system with abnormity when the user operates;
analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
Further, after the log data of each service system is obtained, the method further includes:
performing logic verification and character rule verification on the log data to clean the log data;
dividing the cleaned log data into real-time operation data and historical operation data from a time dimension;
dividing the cleaned log data into operation type data of different classifications from a type dimension;
acquiring the ID of the user of the log data;
and taking the ID of the user as a main body, and performing correlation and merging on the real-time operation data, the historical operation data and the operation type data to obtain optimized log data.
Further, the exception data includes first exception data, second exception data, and third exception data; the screening the log data to obtain abnormal data includes:
the log data are matched with preset keywords to be checked, and the first abnormal data are screened out;
extracting operating frequency data of a first preset position from the remaining data after the first abnormal data are screened out, and judging whether the operating frequency data exceed a preset value;
if so, judging that the data corresponding to the first preset position is second abnormal data;
extracting a field of a second preset position from the remaining data after the second abnormal data is screened out, and judging whether the field is a preset field or not;
and if so, determining that the data corresponding to the second preset position is third abnormal data.
Further, the analyzing the operation behavior and the problem system according to a preset analysis strategy, and after obtaining an abnormal event, further comprising:
performing safety audit on the abnormal event to obtain the safety level of the abnormal event;
and sending the abnormal event to a responsible person appointed by the security level in a preset notification mode.
Further, before the obtaining of the log data of each service system, the method further includes:
acquiring input information of a user;
and acquiring the service system to be called according to the input information.
Further, before the calling the call chain of the user according to the ID number, the method further includes:
when the called service system is a designated service system, establishing a connection pool in the designated service system, taking the ID number and the operation time points of the designated service system as nodes in sequence, and generating a calling chain according to the nodes;
and when the called service system is not the designated service system, taking the operation time point of the called service system as a node, and associating each node to generate a calling chain.
Further, the calling chain of the user according to the ID number and tracking according to the calling chain to find out the service system called by the user from each service system includes:
sequentially judging whether the service system is a designated service system or not according to the association sequence of the nodes of the call chain;
if yes, searching a service system called by the user from each service system according to the ID number and the operation time point of the user;
if not, searching the service system called by the user from each service system according to the operation time point of the previous node and the operation time point of the next node of the current node in the association sequence.
The present application further provides a monitoring device for business process data, including:
a data acquisition module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring log data of each business system;
the data screening module: the log data are screened to obtain abnormal data, the abnormal data are data of the abnormal condition of the service system, and the abnormal data comprise ID numbers of users causing the abnormal condition;
a data tracking module: the calling chain is used for calling the user according to the ID number, and tracking is carried out according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information streams of all service systems for a user;
an exception troubleshooting module: the system is used for checking each business system one by one according to the operation time sequence of calling the business systems by a user so as to find out a problem system, wherein the problem system is a system with abnormity when the user operates;
an exception handling module: and the system is used for analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
The application also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for monitoring the business process data when executing the computer program.
The present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for monitoring business process data described in any one of the above.
The application example provides a method for monitoring business process data of a security IT system, which comprises the steps of obtaining log data of each business system, screening the log data to obtain abnormal data, obtaining an ID number of a user in the abnormal data, finding a call chain of the user through the ID number, calling the call chain of the user according to the ID number, tracking according to the call chain to find out business systems of the user from the business systems, checking the business systems one by one to find out problem systems, analyzing operation behaviors of the user and the problem systems according to a preset analysis strategy to obtain abnormal events, taking corresponding remedial measures according to the analysis strategy to the abnormal events, monitoring abnormal conditions and processing abnormal conditions of each business system of the security business process to realize early warning, in-process monitoring and post auditing of the abnormal events, realizing full-link monitoring in the process of calling each business system by the user, solving the abnormal problems quickly, and improving the efficiency of solving the abnormal business process.
Drawings
Fig. 1 is a schematic flowchart of an embodiment of a method for monitoring business process data of the present application;
fig. 2 is a schematic flow chart of another embodiment of a method for monitoring business process data according to the present application;
fig. 3 is a schematic structural diagram of an embodiment of a monitoring apparatus for business process data according to the present application;
FIG. 4 is a block diagram illustrating a computer device according to an embodiment of the present invention.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, an embodiment of the present application provides a method for monitoring business process data, which includes steps S10 to S50, and details of each step of the method for monitoring business process data are described as follows.
And S10, acquiring log data of each service system.
The embodiment is applied to an electronic data system with a plurality of business systems, where the electronic data system includes a plurality of business systems and each business system may further include a plurality of sub-business systems, for example, the electronic data system is an electronic data system in the securities industry, and is used to monitor abnormal situations occurring in each business system of a security business process and process the abnormal situations, so as to implement advance warning, in-process monitoring and post audit on abnormal events occurring or possibly occurring in each business system, and implement full link monitoring in the process of calling each business system by a user, so as to quickly solve abnormal problems, where the business system includes a transaction system, an account system, etc., for example, the user may perform stock transaction through the transaction system, and sign an agreement and upload user information through the account system. In this embodiment, each service system is monitored in real time, and massive log data of each service system is acquired, where the log data includes user information, user call information, system operation information, and the like. Furthermore, the log data are packed and stored by the block chain technology, and after the log data are packed and stored by the block chain technology, deep root tracing can be realized on the log data, and each time of log data generated by each service system can be completely inquired.
S20, screening the log data to obtain abnormal data, wherein the abnormal data is data of the service system in which abnormal conditions occur, and the abnormal data comprises an ID number of a user causing the abnormal conditions.
In this embodiment, because the amount of information in the log data of each service system is large, the data in the log data needs to be screened to screen out abnormal data. When the log data is screened, the log data can be cleaned, optimized, modeled, classified and the like. In an implementation mode, data generated when a business system operates normally can be determined without determining data generated when the business system is abnormal, so that normal data is screened by configuring a regular expression, when the log data meets the regular expression, the log data is determined to be normal data, and then data except the normal data in the log data is determined to be abnormal data. Abnormal data is screened out by screening the log data, wherein the abnormal data is data of an abnormal condition of a service system, for example, a user can not make an order in a trading system due to an error, or the user can make an order abnormal in the trading system, and the log data generated at the moment can not meet the screening condition of normal data, so that the log data are determined to be abnormal data. Furthermore, the abnormal data comprises an ID number of a user causing the abnormal condition, log data generated by each service system is provided with the ID number of the user, the ID number is a unique identification of the user in the service system, and each different user is identified through the ID number.
S30, calling the calling chain of the user according to the ID number, and tracking according to the calling chain so as to find out the service system called by the user from each service system; and the calling chain sequentially calls the information flow of each service system for the user.
In this embodiment, after the ID number of the user in the abnormal data is obtained, a call chain of the user is found through the ID number, where the call chain is based on a block chain technology, and uses the ID number of the user as an identifier, establishes association information between a service system called by the ID number and the identifier, and packs blocks according to the identifier and each called service system respectively and links the blocks into a block chain to obtain the call chain; the calling chain is used for sequentially calling the information flow of each service system for a user, the information flow comprises information of calling time, calling interfaces, function incoming, function output and the like of the service systems, tracking is carried out according to the calling chain, namely the service system called by the user is found from the service systems according to the calling chain, and therefore each service system called by the user in the security operation process is obtained.
And S40, checking the service systems one by one according to the operation time sequence of calling the service systems by the user to find out a problem system, wherein the problem system is a system with abnormity when the user operates.
In this embodiment, after the business system used by the user to operate the security business process is found out according to the ID number, the abnormal node can be specifically found out through the call chain, that is, the abnormal problem system occurring during the user operation is also found out, the business systems are checked one by one according to the operation time sequence of the user, the operation of the user on the business systems is formed into an operation chain, and then the business systems are checked in sequence according to the abnormal data, so as to obtain the problem system, where the problem system is the system occurring abnormality during the user operation. In an application scenario, a user can complete the operation flow of the whole security service, that is, the system runs out of the whole call chain, but an abnormal condition occurs, for example, abnormal data occurs due to overlarge order placing frequency, and at the moment, each service system is checked in sequence according to the abnormal data, so that an abnormal problem system is determined; in another application scenario, a user does not complete the operation flow of the entire correct service, for example, only stays in a certain system and has an exception, and at this time, the user cannot enter a node due to the exception of the previous node, that is, the user does not run through the entire call chain, and at this time, the service system corresponding to the staying node is a problem system.
S50, analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
In this embodiment, after a problem system and an operation behavior of a user on the problem system are found, the operation behavior of the user and the problem system are analyzed according to a preset analysis strategy to obtain an abnormal event, and a corresponding remedial measure is taken for the abnormal event according to the analysis strategy. The analysis strategy comprises the steps of obtaining log information of a problem system and operation behavior information of a user, wherein the operation behavior information comprises historical operation behavior information of the user and current operation behavior information, such as ordering operation, query operation, complaint operation, data uploading and the like. And analyzing corresponding abnormal events according to the log information and the operation behavior information, and then taking remedial measures according to the abnormal events. For example, the abnormal event may be "the frequency of placing an order by a user is too high in unit time", "the user agreement is not signed", and the like, and the analysis policy is jointly formulated by a service expert and a technical expert, and after a large amount of data is collected, corresponding analysis policies are formulated for different types of services and corresponding risk points thereof. For example, current limitation is performed aiming at the condition that the ordering frequency is too high, due to the fact that the data volume of log data is huge, abnormal data appearing in the security business process can be rapidly screened out through the method, and then abnormal events corresponding to the abnormal data are determined, so that targeted measures can be taken according to the abnormal events.
The embodiment provides a method for monitoring business process data of a security IT system, which includes the steps of obtaining log data of each business system, screening the log data to obtain abnormal data, obtaining an ID number of a user in the abnormal data, finding a call chain of the user through the ID number, calling the call chain of the user according to the ID number, tracking according to the call chain to find out the business system of the user from each business system, checking each business system one by one to find out a problem system, analyzing the operation behavior of the user and the problem system according to a preset analysis strategy to obtain an abnormal event, taking corresponding remedial measures for the abnormal event according to the analysis strategy, monitoring abnormal conditions and processing abnormal conditions of each business system of the security business process to realize early warning, in-process monitoring and post-audit on the abnormal event, realizing full-link monitoring in the process of each business system, solving the abnormal problem and improving the efficiency of solving the business process.
In an application scenario, a client conducts a department creation board stock ticket transaction in an APP, finds out that an error is reported and an order cannot be placed, finds out that an exception occurs through monitoring and checking, finds out a corresponding call chain through a client number corresponding to the client, then checks the whole call chain, finds out that order information of the client only stays in a transaction system, finds out a problem system, analyzes a corresponding exception event according to the problem system and user operation behavior information, for example, checks whether the client has an agreement or not in the transaction system, finds out that the client does not have the agreement, further tracks to an account system, checks whether the client has an agreement or not, records, voice, leaves a file or the like, if the check result meets the requirement, shows that the client has signed the agreement, is that the data of the account system and the transaction system has a problem, returns to the account system and the transaction system to continuously eliminate the reason, if the check result shows that the client has the agreement or not, obtains that the exception event is 'the client does not have the agreement', and can take corresponding signing measures, namely, give out a remedy solution, and synchronizes the agreement information of the client to the transaction system again.
In an embodiment, as shown in fig. 2, after obtaining log data of each service system, the method further includes:
s11: performing logic verification and character rule verification on the log data to clean the log data;
s12: dividing the log data after cleaning processing into real-time operation data and historical operation data from a time dimension;
s13: dividing the cleaned log data into operation type data of different classifications from a type dimension;
s14: acquiring the ID of the user of the log data;
s15: and taking the ID of the user as a main body, and performing correlation and merging on the real-time operation data, the historical operation data and the operation type data to obtain optimized log data.
In this embodiment, because the log data has a large amount of redundant information, after the log data of each business system is obtained, the log data is logically checked to eliminate unnecessary fields in the log data or correct fields with errors in the log data, then character rule screening and checking are performed, matching and comparison are performed through a preset character format, error data which do not accord with the rules are eliminated, and the log data is cleaned. The method further comprises the steps of optimizing the cleaned log data, dividing the cleaned log data into real-time operation data and historical operation data from a time dimension, wherein the real-time operation data are data of the current user operating the system, the historical operation data are data of the historical user operating the system, dividing the cleaned log data into operation type data of different classifications from a type dimension, the operation types comprise transaction types and the like, then obtaining the ID of the user of the log data, and performing associated merging data fusion on the real-time operation data, the historical operation data and the operation type data to obtain the optimized log data.
In one embodiment, the exception data includes first exception data, second exception data, and third exception data; the screening the log data to obtain abnormal data includes:
the log data are matched with preset keywords to be checked, and the first abnormal data are screened out;
extracting operating frequency data of a first preset position from the remaining data after the first abnormal data are screened out, and judging whether the operating frequency data exceed a preset value;
if so, judging that the data corresponding to the first preset position is second abnormal data;
extracting a field of a second preset position from the remaining data after the second abnormal data is screened out, and judging whether the field is a preset field or not;
and if so, determining that the data corresponding to the second preset position is third abnormal data.
In this embodiment, for the IT system of the security business process, the abnormal data includes first abnormal data or/and second abnormal data or/and third abnormal data, and the first abnormal data, the second abnormal data, and the third abnormal data are screened out in the following manner. Firstly, the log data is matched with preset keywords for checking, first abnormal data are screened out, for example, data of keywords such as 'error report', 'abnormal' and the like are generated, and then corresponding abnormal data can be directly screened out preliminarily; the remaining data can be used for further screening abnormal data by judging whether a preset condition is met, specifically, extracting operation frequency data of a first preset position from the remaining data after screening the first abnormal data, and judging whether the operation frequency data exceeds a preset value, for example, data with abnormal ordering is judged, the ordering frequency is normally ordered 10 times in a unit time by a user, but the occurring operation data is 20 times in the unit time, namely, the operation frequency data exceeds the preset value, and then the data corresponding to the first preset position can be judged to be second abnormal data; further, a field of a second preset position is extracted from the remaining data after the second abnormal data is screened out, whether the field is a preset field is judged, if yes, the data corresponding to the second preset position is judged to be third abnormal data, for example, the data of the second preset position returns to zero, and if the field is empty, the system is abnormal, at this time, the data of the second preset position can be judged to be the third abnormal data, so that the abnormal data is screened out through the steps, the abnormal reason can be analyzed according to the abnormal data subsequently, and the analysis efficiency of the abnormal data is improved.
In an embodiment, after the analyzing the operation behavior and the problem system according to a preset analysis policy to obtain an abnormal event, the method further includes:
performing safety audit on the abnormal event to obtain the safety level of the abnormal event;
and sending the abnormal event to a responsible person appointed by the security level in a preset notification mode.
In this embodiment, after an abnormal event is obtained by analyzing the operation behavior of the user and the problem system according to a preset analysis strategy, security audit is performed on the abnormal event to determine the influence of the abnormal event, where the abnormal event is an abnormal opinion caused by the user, an individual abnormal event or an overall abnormal event, so as to obtain the security level of the abnormal event, and then the abnormal event is sent to a responsible person specified by the security level in a preset notification manner, and the responsible person is notified of the risks of abnormality in the current correct service flow due to the fact that different abnormal events are processed by notifying the responsible person specified by different security levels, so that the feedback efficiency of system abnormality is improved.
In another embodiment, after obtaining the abnormal event, further verifying the identity of the client, including acquiring image information, voice information and the like reserved by the user, and then verifying the identity of the client through voice recognition, semantic recognition and image recognition technologies, so as to ensure the identity of the client to be correct and ensure the security of a business system used by the client.
In an embodiment, before the obtaining log data of each service system, the method further includes:
acquiring input information of a user;
and acquiring the service system to be called according to the input information.
In this embodiment, different users have different service systems that can be used in different ranges due to different permissions, and before log data of each service system is obtained, input information of the user is obtained, and a service system that needs to be called is obtained according to the input information, so that all service systems that can be used by the user under the current input information are determined.
In one embodiment, before the invoking the call chain of the user according to the ID number, the method further includes:
when the called service system is a designated service system, establishing a connection pool in the designated service system, and generating a calling chain according to the nodes by taking the ID number and the operation time points of the designated service system as the nodes;
and when the called service system is not the designated service system, taking the operation time point of the called service system as a node, and associating each node to generate a calling chain.
In this embodiment, before a call chain of a user is called, different call chains are generated according to a service system called by the user, when the called service system is a designated service system, a connection pool is established in the designated service system, and the ID number and an operation time point for calling the designated service system are used as nodes, and a call chain is generated according to the nodes, for example, the called service system is a controllable system provided for research and development, the connection pool is established in the designated service system, and the ID number of the user and the operation time point for calling the designated service system are used as keys of the nodes of the call chain and are placed in the connection pool, and then the call chain for calling the designated service system by the user can be generated according to the nodes; when the called service system is not the designated service system, the operation time point of the called service system is taken as a node, and each node is associated to generate a call chain, for example, an uncontrollable system provided by a customer or a supplier, and the like, the operation time point of the called service system is taken as a node, and each node corresponding to each call system is associated to establish an information flow of a user, so that the call chain is obtained. That is, the call chain sequentially calls the information flow of each service system for the user, wherein each service system corresponds to a node of the call chain.
In one embodiment, the calling the call chain of the user according to the ID number and tracking according to the call chain to find the service system called by the user from each service system includes:
sequentially judging whether the service system is a designated service system or not according to the association sequence of the nodes of the call chain;
if yes, searching a service system called by the user from each service system according to the ID number and the operation time point of the user;
if not, searching the service system called by the user from each service system according to the operation time point of the previous node and the operation time point of the next node of the current node in the association sequence.
In this embodiment, a call chain corresponding to a user is called according to an ID number, that is, it is known through the call chain which service systems the user has called, since an individual service system is not a controllable system provided by enterprise research and development but an external docking system, such as stock trading, needs to be reported to a trading post, and needs to be docked to the system of the trading post, this system is an external docking uncontrollable system, and a client number of a client cannot be stored during calling, so that it is sequentially determined whether the service system is a designated service system according to an association sequence of nodes of the call chain, and if so, the service system of the user can be directly searched from each service system according to the ID number and an operation time point of the user; if not, the ID number cannot be adopted for inquiry, at the moment, the inquiry can be carried out through the operation time point, the business system of the user is searched from each business system according to the operation time point of the previous node and the operation time point of the next node of the current node in the association sequence, so that whether the business system is an external system or an internal system is not limited, and the monitoring application of the certificate business process is improved.
Referring to fig. 3, the present application further provides a monitoring apparatus for business process data, including:
the data acquisition module 10: the system is used for acquiring log data of each business system;
the data screening module 20: the log data are screened to obtain abnormal data, the abnormal data are data of the abnormal condition of the service system, and the abnormal data comprise ID numbers of users causing the abnormal condition;
the data tracking module 30: the calling chain is used for calling the user according to the ID number, and tracking is carried out according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information flows of all service systems for a user;
the abnormality checking module 40: the system is used for checking each service system one by one according to the operation time sequence of calling the service system by a user so as to find out a problem system, wherein the problem system is a system with abnormity when the user operates;
the exception handling module 50: and the system is used for analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
As described above, it can be understood that each component of the monitoring apparatus for business process data provided in the present application may implement the function of any one of the above-described monitoring methods for business process data.
Referring to fig. 4, an embodiment of the present application further provides a computer device, where the computer device may be a mobile terminal, and an internal structure of the computer device may be as shown in fig. 4. The computer equipment comprises a processor, a memory, a network interface, a display device and an input device which are connected through a system bus. Wherein, the network interface of the computer equipment is used for communicating with an external terminal through network connection. The input means of the computer device is for receiving input from a user. The computer designed processor is used to provide computational and control capabilities. The memory of the computer device includes a storage medium. The storage medium stores a business system, a computer program, and a database. The database of the computer device is used for storing data. The computer program is executed by a processor to implement a method of monitoring business process data.
The method for monitoring the business process data executed by the processor comprises the following steps: acquiring log data of each service system; screening the log data to obtain abnormal data, wherein the abnormal data is data of the abnormal condition of the service system, and the abnormal data comprises an ID number of a user causing the abnormal condition; calling the calling chain of the user according to the ID number, and tracking according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information flows of all service systems for a user; checking each service system one by one according to the operation time sequence of the service system called by a user to find out a problem system, wherein the problem system is a system with abnormity when the user operates; analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
The computer equipment provides a method for monitoring business process data of a security IT system, the log data of each business system is obtained, the log data is screened to obtain abnormal data, an ID number of a user in the abnormal data is obtained, a call chain of the user is found through the ID number, the call chain of the user is called according to the ID number and is tracked according to the call chain, the business system of the user is found out from each business system, each business system is checked one by one to find out a problem system, the operation behavior of the user and the problem system are analyzed according to a preset analysis strategy to obtain an abnormal event, corresponding remedial measures are taken for the abnormal event according to the analysis strategy, the abnormal condition and the abnormal condition of each business system of the security business process are monitored, and after the abnormal event is audited in advance, the abnormal condition is monitored in advance, the abnormal condition is solved quickly, and the efficiency of solving the abnormal process is improved.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by the processor, implements a method for monitoring business process data, and the method includes: acquiring log data of each service system; screening the log data to obtain abnormal data, wherein the abnormal data is data of the abnormal condition of the service system, and the abnormal data comprises an ID number of a user causing the abnormal condition; calling a calling chain of the user according to the ID number, and tracking according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information flows of all service systems for a user; checking each service system one by one according to the operation time sequence of the service system called by a user to find out a problem system, wherein the problem system is a system with abnormity when the user operates; analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
The computer readable storage medium provides a method for monitoring business process data of a security IT system, the log data of each business system is obtained, the log data is screened to obtain abnormal data, an ID number of a user in the abnormal data is obtained, a call chain of the user is found through the ID number, the call chain of the user is called according to the ID number and is tracked according to the call chain, the business system of the user is found out from each business system, each business system is checked one by one to find a problem system, the operation behavior of the user and the problem system are analyzed according to a preset analysis strategy to obtain an abnormal event, corresponding remedial measures are taken for the abnormal event according to the analysis strategy, the abnormal condition and the abnormal condition of each business system of the security business process are monitored, the abnormal condition is processed, and the full-link monitoring is realized in the process of calling each business system by the user, the abnormal problem is solved quickly, and the efficiency of auditing the abnormal process is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above.
Any reference to memory, storage, database, or other medium provided herein and used in the embodiments may include non-volatile and/or volatile memory.
Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (SSRDRAM), enhanced SDRAM (ESDRAM), synchronous Link (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct Rambus Dynamic RAM (DRDRAM), and Rambus Dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of another identical element in a process, apparatus, article, or method comprising the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the scope of the present application.
All the equivalent structures or equivalent processes performed by using the contents of the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields, are included in the scope of protection of the present application.
Claims (10)
1. A method for monitoring business process data is characterized by comprising the following steps:
acquiring log data of each service system;
screening the log data to obtain abnormal data, wherein the abnormal data is data of the abnormal condition of the service system, and the abnormal data comprises an ID number of a user causing the abnormal condition;
calling the calling chain of the user according to the ID number, and tracking according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information streams of all service systems for a user;
checking each service system one by one according to the operation time sequence of calling the service systems by a user to find out a problem system, wherein the problem system is a system with abnormity when the user operates;
analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
2. The method for monitoring business process data according to claim 1, wherein after the log data of each business system is obtained, the method further comprises:
performing logic verification and character rule verification on the log data to clean the log data;
dividing the cleaned log data into real-time operation data and historical operation data from a time dimension;
dividing the cleaned log data into operation type data of different classifications from a type dimension;
acquiring the ID of the user of the log data;
and taking the ID of the user as a main body, and performing correlation and merging on the real-time operation data, the historical operation data and the operation type data to obtain optimized log data.
3. The method for monitoring business process data according to claim 1, wherein the abnormal data includes a first abnormal data, a second abnormal data and a third abnormal data; the screening the log data to obtain abnormal data includes:
the log data are matched with preset keywords to be checked, and the first abnormal data are screened out;
extracting operation frequency data of a first preset position from the remaining data after the first abnormal data are screened out, and judging whether the operation frequency data exceed a preset value;
if so, judging that the data corresponding to the first preset position is second abnormal data;
extracting a field of a second preset position from the remaining data after the second abnormal data is screened out, and judging whether the field is a preset field or not;
and if so, determining that the data corresponding to the second preset position is third abnormal data.
4. The method for monitoring business process data according to claim 1, wherein the analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event further comprises:
performing safety audit on the abnormal event to obtain the safety level of the abnormal event;
and sending the abnormal event to a responsible person appointed by the security level in a preset notification mode.
5. The method for monitoring business process data according to claim 1, wherein before the obtaining log data of each business system, the method further comprises:
acquiring input information of a user;
and acquiring the service system to be called according to the input information.
6. The method for monitoring business process data according to claim 5, wherein before calling the call chain of the user according to the ID number, the method further comprises:
when the called service system is a designated service system, establishing a connection pool in the designated service system, and generating a calling chain according to the nodes by taking the ID number and the operation time points of the designated service system as the nodes;
and when the called service system is not the designated service system, taking the operation time point of the called service system as a node, and associating each node to generate a calling chain.
7. The method for monitoring business process data according to claim 6, wherein the calling the user's calling chain according to the ID number and tracking according to the calling chain to find out the business system called by the user from each business system comprises:
sequentially judging whether the service system is a designated service system or not according to the association sequence of the nodes of the calling chain;
if yes, searching a service system called by the user from each service system according to the ID number and the operation time point of the user;
if not, searching the service systems called by the user from the service systems according to the operation time point of the previous node and the operation time point of the next node of the current node in the association sequence.
8. A device for monitoring business process data, comprising:
a data acquisition module: the system is used for acquiring log data of each business system;
the data screening module: the log data are screened to obtain abnormal data, the abnormal data are data of the abnormal condition of the service system, and the abnormal data comprise ID numbers of users causing the abnormal condition;
a data tracking module: the calling chain is used for calling the user according to the ID number and tracking according to the calling chain so as to find out the service system called by the user from each service system; the calling chain sequentially calls information streams of all service systems for a user;
an exception troubleshooting module: the system is used for checking each service system one by one according to the operation time sequence of calling the service system by a user so as to find out a problem system, wherein the problem system is a system with abnormity when the user operates;
an exception handling module: and the system is used for analyzing the operation behavior and the problem system according to a preset analysis strategy to obtain an abnormal event, and taking corresponding remedial measures for the abnormal event according to the analysis strategy.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program performs the steps of the method for monitoring business process data according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for monitoring business process data of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110610123.7A CN115437870A (en) | 2021-06-01 | 2021-06-01 | Monitoring method and device for business process data, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110610123.7A CN115437870A (en) | 2021-06-01 | 2021-06-01 | Monitoring method and device for business process data, computer equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115437870A true CN115437870A (en) | 2022-12-06 |
Family
ID=84272305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110610123.7A Pending CN115437870A (en) | 2021-06-01 | 2021-06-01 | Monitoring method and device for business process data, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115437870A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117112371A (en) * | 2023-10-25 | 2023-11-24 | 杭银消费金融股份有限公司 | Observable full-link log tracking method and system |
-
2021
- 2021-06-01 CN CN202110610123.7A patent/CN115437870A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117112371A (en) * | 2023-10-25 | 2023-11-24 | 杭银消费金融股份有限公司 | Observable full-link log tracking method and system |
CN117112371B (en) * | 2023-10-25 | 2024-01-26 | 杭银消费金融股份有限公司 | Observable full-link log tracking method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108389121B (en) | Loan data processing method, loan data processing device, loan data processing program, and computer device and storage medium | |
CN110493190B (en) | Data information processing method and device, computer equipment and storage medium | |
CN111343173B (en) | Data access abnormity monitoring method and device | |
CN112199276B (en) | Method, device, server and storage medium for detecting change of micro-service architecture | |
CN112766974A (en) | Risk account identification method and device, computer equipment and storage medium | |
CN108416665B (en) | Data interaction method and device, computer equipment and storage medium | |
CN114861185B (en) | Consensus mechanism processing method and device for enterprise-level ledger | |
Hoffmann et al. | Evaluation of information safety as an element of improving the organization’s safety management | |
CN112434335A (en) | Business problem processing method and device, computer equipment and storage medium | |
CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
CN111274227A (en) | Database auditing system and method based on cluster analysis and association rule | |
CN115660431A (en) | Method and device for evaluating intelligent operation and maintenance system, electronic equipment and storage medium | |
CN113327037A (en) | Model-based risk identification method and device, computer equipment and storage medium | |
CN115437870A (en) | Monitoring method and device for business process data, computer equipment and storage medium | |
CN116680261A (en) | Data reporting method, system and device | |
CN111352990A (en) | Report generation management method and device, computer equipment and storage medium | |
CN114896955A (en) | Data report processing method and device, computer equipment and storage medium | |
CN114092074A (en) | Channel routing-based transaction method and device, computer equipment and storage medium | |
CN114553726B (en) | Network security operation and maintenance method and system based on functions and resource levels | |
US11095658B2 (en) | Enhanced system access controls | |
CN114401494B (en) | Short message issuing abnormality detection method, device, computer equipment and storage medium | |
CN109658052B (en) | Method and device for acquiring monitoring result, computer equipment and storage medium | |
CN117891749B (en) | API application safety monitoring method, device, equipment and storage medium | |
CN116361805A (en) | Information security processing method and device | |
CN117035990A (en) | Personal tax information checking method, system, terminal and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |