CN115643200A - Abnormity detection method, abnormity detection device, electronic equipment and medium - Google Patents
Abnormity detection method, abnormity detection device, electronic equipment and medium Download PDFInfo
- Publication number
- CN115643200A CN115643200A CN202211271951.3A CN202211271951A CN115643200A CN 115643200 A CN115643200 A CN 115643200A CN 202211271951 A CN202211271951 A CN 202211271951A CN 115643200 A CN115643200 A CN 115643200A
- Authority
- CN
- China
- Prior art keywords
- log
- detected
- abnormal type
- equipment
- frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the application provides an anomaly detection method, an anomaly detection device, electronic equipment and a medium, and relates to the technical field of computer application, wherein the technical scheme of the embodiment of the application comprises the following steps: and acquiring an operation log of the detected equipment, and if the operation log is detected to have the keywords in the preset keyword set, taking the abnormal type corresponding to the keywords in the operation log as the abnormal type of the detected equipment. And then determining the frequency of each abnormal type of the detected equipment, and if the frequency of at least one abnormal type of the detected equipment reaches a preset frequency, performing abnormal alarm. Thus, the manpower consumed for carrying out abnormity detection on the equipment is reduced.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to an anomaly detection method and apparatus, an electronic device, and a medium.
Background
In the operation process of the equipment, errors may be generated due to self hardware or network connection and the like, and under the condition that the equipment is in error, serious consequences are generated if the equipment is not processed in time. Therefore, it is very important to detect the abnormality of the equipment so as to find out the operation error in time.
At present, operation and maintenance personnel are generally required to manually analyze the running condition of equipment aiming at detected equipment so as to judge whether the equipment is abnormal or not. However, this method relies on manual processing, which causes a large workload for operation and maintenance staff.
Disclosure of Invention
An embodiment of the present application provides an abnormality detection method, apparatus, electronic device, and medium, so as to reduce manpower required for abnormality detection of a device. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present application provides an anomaly detection method, where the method includes:
acquiring an operation log of the detected equipment;
if the operating log is detected to have the keywords in the preset keyword set, taking the abnormal type corresponding to the keywords in the operating log as the abnormal type of the detected equipment;
determining the number of times each abnormal type exists in the detected equipment;
and if the frequency of the detected equipment with at least one abnormal type reaches the preset frequency, performing abnormal alarm.
Optionally, the determining the number of times of the detected device having each abnormality type includes:
and for each abnormal type existing in the abnormal detection equipment, accumulating the total occurrence frequency of each keyword of the abnormal type in the operation log to the historical frequency of the abnormal type existing in the detected equipment to obtain the frequency of each abnormal type existing in the detected equipment.
Optionally, the historical times are total historical accumulated times, accumulated times in the current period, or zero.
Optionally, before detecting that the running log has the keyword in the preset keyword set, and taking the abnormal type corresponding to the keyword existing in the running log as the abnormal type existing in the detected device, the method further includes:
converting the format of the running log into a preset log format;
converting the format of each field included in the running log with the preset log format into a preset field format;
and detecting whether keywords in the preset keyword set exist in each field of the preset field format in the running log of the preset log format.
Optionally, before obtaining the operation log of the device under test, the method further includes:
receiving the address of the detected equipment and a specified service identifier input by a user;
the acquiring of the operation log of the detected device comprises:
sending a log obtaining request to the detected equipment according to the address of the detected equipment, wherein the log obtaining request is used for requesting to obtain an operation log of the specified service corresponding to the specified service identification;
and receiving the running log of the specified service sent by the detected device.
Optionally, after determining the number of times each anomaly type exists in the detected device, the method further includes:
and if the frequency of detecting that the specified abnormal type exists in the detected equipment reaches the specified frequency, reducing the frequency of sending the log acquisition request to the detected equipment, wherein the specified abnormal type represents that the equipment is in a busy state.
In a second aspect, an embodiment of the present application provides an abnormality detection apparatus, including:
the acquisition module is used for acquiring the running log of the detected equipment;
the determining module is used for taking an abnormal type corresponding to the keyword existing in the running log as an abnormal type existing in the detected equipment if the keyword in the preset keyword set exists in the running log acquired by the acquiring module;
the determining module is further configured to determine the number of times each abnormal type exists in the detected device;
and the alarm module is used for performing an abnormal alarm if the frequency of the detected equipment with at least one abnormal type reaches a preset frequency.
Optionally, the determining module is specifically configured to:
and for each abnormal type of the abnormal detection equipment, accumulating the total occurrence times of each keyword of the abnormal type in the running log to the historical times of the abnormal type of the detected equipment to obtain the times of each abnormal type of the detected equipment.
Optionally, the historical times are total historical accumulated times, accumulated times in the current period, or zero.
Optionally, the apparatus further comprises:
the format conversion module is used for converting the format of the running log into a preset log format before the abnormal type corresponding to the keyword existing in the running log is used as the abnormal type existing in the detected equipment if the keyword in the preset keyword set exists in the running log;
the format conversion module is further configured to convert formats of fields included in the running log in the preset log format into preset field formats;
and the detection module is used for detecting whether the keywords in the preset keyword set exist in each field of the preset field format in the running log of the preset log format.
Optionally, the apparatus further comprises:
the receiving module is used for receiving the address of the detected equipment and the specified service identification input by a user before acquiring the running log of the detected equipment;
the acquisition module is specifically configured to:
sending a log obtaining request to the detected equipment according to the address of the detected equipment, wherein the log obtaining request is used for requesting to obtain an operation log of the specified service corresponding to the specified service identifier;
and receiving the running log of the specified service sent by the detected device.
Optionally, the apparatus further comprises:
and the adjusting module is used for reducing the frequency of sending the log obtaining request to the detected equipment if the number of times of detecting that the detected equipment has the specified abnormal type reaches the specified number of times after determining the number of times of determining that the detected equipment has each abnormal type, wherein the specified abnormal type represents that the equipment is in a busy state.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor and the communication interface complete communication between the memory and the processor through the communication bus;
a memory for storing a computer program;
a processor configured to implement the steps of the abnormality detection method according to any one of the first aspect when executing a program stored in the memory.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the steps of the abnormality detection method according to any one of the first aspect.
In a fifth aspect, the present application further provides a computer program product including instructions, which when run on a computer, cause the computer to perform the anomaly detection method described in any one of the above.
The embodiment of the application has the following beneficial effects:
the abnormality detection method, the abnormality detection device, the electronic device and the medium provided by the embodiment of the application can acquire the running log of the detected device, and when the running log is detected to have the keywords in the preset keyword set, the abnormality type corresponding to the keywords in the running log is used as the abnormality type of the detected device, and the frequency of each abnormality type of the detected device is determined. And if the frequency of detecting that the detected equipment has at least one abnormal type reaches the preset frequency, performing abnormal alarm. The operation of the detected equipment can be automatically detected by analyzing the operation log of the detected equipment, and the operation of the detected equipment does not depend on manual operation, so that the labor consumption for carrying out abnormity detection on the equipment is reduced.
Of course, it is not necessary for any product or method of the present application to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments of the present application, and other embodiments can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a flowchart of an anomaly detection method according to an embodiment of the present application;
FIG. 2 is a flow chart of another anomaly detection method provided by an embodiment of the present application;
fig. 3 is a schematic structural diagram of an abnormality detection apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the description herein are intended to be within the scope of the present disclosure.
In order to reduce the labor consumption for performing abnormality detection on a device, the embodiments of the present application provide an abnormality detection method, which is applied to an electronic device, for example, the electronic device may be a device with data processing capability, such as a server, a desktop computer, or a notebook computer. As shown in fig. 1, the monitoring service provided by the electronic device in the embodiment of the present application implements anomaly monitoring by the following anomaly detection method:
s101, acquiring an operation log of the detected device.
The operation log comprises an operation system operation log and/or a service operation log, the operation system log comprises operation records of each operation executed in the operation process of the operation system, and the service log comprises operation records of each operation executed in the service operation process.
Optionally, when the detected device needs to be continuously monitored, the operation log of the detected device may be periodically obtained, where the obtained operation log is a log generated in the operation process of the detected device in the current period.
Or, when the detected device does not need to be continuously monitored, that is, the detected device needs to be detected once, all the running logs locally recorded by the detected device can be acquired.
S102, if the keywords in the preset keyword set exist in the operation log, taking the abnormal type corresponding to the keywords in the operation log as the abnormal type of the detected equipment.
For example, the exception types include: network anomalies and equipment operational anomalies, etc.
The exception type is network exception, and the corresponding keywords comprise: network connection failure, request transmission failure, response transmission failure, and the like.
The abnormal type is equipment operation abnormity, and the corresponding keywords comprise: response timeout, CPU occupancy exception, memory occupancy exception, and the like.
According to the embodiment of the application, the keywords corresponding to each abnormal type can be analyzed in a big data analysis mode, so that when detection is carried out, if the keywords exist in the running logs, the abnormal type corresponding to the keywords can be used as the abnormal type existing in the detected equipment.
S103, determining the number of times of each abnormal type of the detected equipment.
And S104, if the frequency of the detected equipment with at least one abnormal type reaches a preset frequency, performing an abnormal alarm.
The preset times can be set according to the operation requirement of the detected equipment, for example, when the operation requirement of the detected equipment is stricter, a lower preset time is set; when the operation requirement of the detected device is more tolerant, a higher preset number of times is set. Moreover, the preset times corresponding to each type of abnormality may be the same or different.
Optionally, the abnormal alarm manner includes: and displaying the alarm information and/or pushing a risk alarm message to preset operation and maintenance equipment, and the like. The risk warning message may be sent in the form of an email, a short message, or an instant messaging message, and the like, which is not specifically limited in this embodiment of the present application. The risk warning message includes warning information, and the warning information includes: the number of times that the detected equipment has various abnormal types, the abnormal type reaching the preset number of times, the name of the detected equipment and the like.
In the embodiment of the application, if the frequency of detecting that each abnormal type exists in the detected equipment does not reach the preset frequency, the alarm is not required to be given, and the detected equipment is waited to be detected next time.
The abnormality detection method provided by the embodiment of the application can acquire the running log of the detected equipment, when the keywords in the preset keyword set exist in the running log, the abnormality types corresponding to the keywords existing in the running log are used as the abnormality types existing in the detected equipment, and the frequency of each abnormality type existing in the detected equipment is determined. And if the frequency of detecting that the detected equipment has at least one abnormal type reaches the preset frequency, performing abnormal alarm. The operation log of the detected equipment can be analyzed, the operation of the detected equipment can be automatically detected, manual operation is not relied on, and therefore the labor consumed for carrying out abnormity detection on the equipment is reduced.
In the embodiment of the present application, the source of the running log in S101 can be flexibly configured, that is, before S101, the address of the detected device and the specified service identifier input by the user can also be received.
The address of the detected device may be an Internet Protocol (IP) address or a Media Access Control (MAC) address.
The specified service may be an operating system service of the device to be tested, a business service running in the device to be tested, or the like, and the specified service identifier may be an application name or an application identification number (ID), or the like.
Based on this, when S101 is executed by the monitoring service to acquire the operation log of the device under test, the monitoring service may send a log acquisition request to the device under test according to the address of the device under test, and then receive the operation log of the specified service sent by the device under test. The log obtaining request is used for requesting to obtain the running log of the specified service corresponding to the specified service identification.
Optionally, the monitoring service may receive an address and a specified service identifier of the device under test selected or entered by the user. For example, the user may select the address of the detected device and the specified service identifier in the configuration interface, and after clicking the submit button, the monitoring service obtains the address of the detected device and the specified service identifier selected by the user.
By the method, the source of the running log can be flexibly adjusted, so that the detected equipment and service can be flexibly adjusted.
In the embodiment of the application, the monitoring service running in the electronic equipment can perform real-time monitoring, namely, a log acquisition request is sent to the detected equipment in real time, so that the running log of the specified service is acquired in real time.
The monitoring service can send the log obtaining request based on a first time interval, the first time interval is short, and the requirement for obtaining the running log in real time can be met, for example, the first time interval is 1 second, so that the timeliness of anomaly detection is guaranteed, and anomaly alarm can be timely carried out.
Or, the monitoring service may perform time-sharing monitoring, that is, send a log acquisition request to the detected device in a time-sharing manner, so as to acquire the running log of the specified service in a time-sharing manner.
The monitoring service may send the log obtaining request based on a second time interval, where the second time interval is greater than the first time interval, and the second time interval is longer, for example, the second time interval is 5 seconds. The log acquisition request is sent to the detected equipment in a time-sharing mode, so that the processing pressure of the detected equipment caused by too frequent calling of the detected equipment can be reduced.
The monitoring service requests the detected equipment to respond to the log obtaining request, and the detected equipment needs to occupy certain processing resources and possibly influences other services executed by the detected equipment, so that the frequency of the detected equipment can be flexibly adjusted and called.
The manner of adjusting the frequency of invoking the device under test may be implemented as: and if the times of detecting the specified abnormal type of the detected equipment reach the specified times, reducing the frequency of sending log acquisition requests to the detected equipment.
Wherein the specified exception type indicates that the device is in a busy state. For example, the exception type is specified as a device operation exception.
Optionally, if the number of times of detecting that the specified abnormal type exists in the detected device reaches the specified number of times, the time interval for sending the log obtaining request may be increased by a preset value or a preset multiple, and the log obtaining request is sent to the detected device based on the increased time interval; alternatively, a promoted time interval input by a user may be received, and a log obtaining request may be sent to the detected device based on the promoted time interval. By increasing the time interval for transmitting the log acquisition request, the effect of reducing the transmission frequency is achieved.
Alternatively, the transmission frequency may be reduced in other ways, which is not specifically limited in this embodiment of the present application.
The embodiment of the application can reduce the frequency of calling the detected equipment through automation or by combining with manual intervention when the detected equipment is determined to be busy, thereby reducing the processing pressure of monitoring the detected equipment on the detected equipment and reducing the influence on the high-quality operation of the detected equipment.
The embodiment of the application can flexibly configure the detected equipment and the specified service, namely, the source of the running log can be flexibly configured, and the formats of the running logs of different services in different equipment are possibly different, so that the running logs in various formats are difficult to directly analyze.
Therefore, referring to fig. 2, before determining the type of abnormality existing in the device under test in S102, the embodiment of the present application may further perform the following steps:
s201, converting the format of the running log into a preset log format.
The preset log format may be a log format that can be recognized by the electronic device. For example, the preset log format is a JS Object Notation (JSON) format.
S202, converting the format of each field included in the running log in the preset log format into the preset field format.
The preset field format may be a field format that can be recognized by the electronic device. For example, the predetermined field format is a string format.
S203, detecting whether the keywords in the preset keyword set exist in each field in the preset field format in the running log in the preset log format. If yes, determining that the keywords in the preset keyword set exist in the running log, and executing S102; if not, executing S204 and determining that the detected equipment has no abnormity.
Optionally, after the format conversion is performed on the operation log, the converted operation log may be stored in a designated log path or a designated log collector, so that the operation log after the format conversion is subsequently acquired from the designated log path or the designated log collector for performing exception analysis.
According to the method and the device, the preset log format and the preset field format can be obtained by analyzing various running logs in advance, so that the running logs can be converted into the preset log format and the fields in the logs can be converted into the preset field format during anomaly detection, the unified log format is realized, and subsequent log analysis is facilitated.
In this embodiment of the application, the manner of determining the number of times of each abnormal type of the detected device in S103 may be implemented as follows: and aiming at each abnormal type of the abnormal detection equipment, accumulating the total occurrence frequency of each keyword of the abnormal type in the operation log to the historical frequency of the abnormal type of the detected equipment, and obtaining the frequency of each abnormal type of the detected equipment.
Optionally, the historical number of times of each abnormal type existing in the detected device may be a total historical accumulated number of times, that is, the number of times of the abnormal type existing in the detected device is detected in a historical accumulated manner.
For example, the number of times that the detected device is detected to have one abnormal type in all the detection periods in the history is 2, that is, the total accumulated number of times in the history is 2, the total number of occurrences of each keyword of the abnormal type in the operation log obtained this time is 2, and the number of times that the detected device has the abnormal type obtained after accumulation is 2+2=4.
Or, the historical number of times of the detected device having each abnormal type may be an accumulated number of times in the current period, that is, the number of times of detecting that the detected device has the abnormal type in the current period.
For example, the number of times of detecting that the detected device has one abnormal type in the current period is 1, that is, the number of times of accumulation in the current period is 1, the total number of occurrences of each keyword of the abnormal type in the operation log obtained this time is 1, and the number of times of detecting that the detected device has the abnormal type obtained after accumulation is 1+1=2.
Alternatively, the historical number of times each anomaly type exists for the detected device may be zero. Namely, the total number of the keywords of each abnormal type in the operation log obtained this time is directly used as the frequency of each abnormal type existing in the detected equipment.
For example, for the anomaly type being a network anomaly, the corresponding keywords include: network connection failure, request transmission failure, and response transmission failure. The operation log obtained this time comprises: the network connection fails, the network connection fails and the request sending fails, namely the total number of the keywords with network abnormality in the operation log obtained this time is 3, and the number of times of determining that the detected equipment has the network abnormality at this time is 3.
By the method, the embodiment of the application can perform anomaly detection by configuring the anomaly keywords corresponding to each anomaly type, so that automatic detection is realized. Because the mode of manually analyzing the abnormity is difficult to check the abnormity type and the abnormity cannot be found in time, the embodiment of the application can carry out automatic detection, thereby simplifying the abnormity detection difficulty and finding the abnormity more in time so that operation and maintenance personnel can respond and repair the abnormity in time and the abnormity detection efficiency is improved.
Based on the same inventive concept, an embodiment of the present application provides an abnormality detection apparatus, as shown in fig. 3, the apparatus including: an acquisition module 301, a determination module 302 and an alarm module 303;
an obtaining module 301, configured to obtain an operation log of a device under test;
a determining module 302, configured to, if it is detected that the running log acquired by the acquiring module 301 has a keyword in the preset keyword set, use an exception type corresponding to the keyword in the running log as an exception type existing in the detected device;
a determining module 302, configured to determine the number of times each anomaly type exists in the detected device;
and an alarm module 303, configured to perform an abnormal alarm if the number of times that the detected device has at least one abnormal type reaches a preset number of times.
Optionally, the determining module 302 is specifically configured to:
and aiming at each abnormal type of the abnormal detection equipment, accumulating the total occurrence times of each keyword of the abnormal type in the running log to the historical times of the abnormal type of the detected equipment to obtain the times of each abnormal type of the detected equipment.
Optionally, the historical times are total historical accumulated times, accumulated times in the current period, or zero.
Optionally, the apparatus may further include:
the format conversion module is used for converting the format of the running log into a preset log format before the abnormal type corresponding to the keyword existing in the running log is taken as the abnormal type existing in the detected equipment if the keyword existing in the preset keyword set in the running log is detected;
the format conversion module is also used for converting the format of each field included in the running log in the preset log format into the preset field format;
and the detection module is used for detecting whether the keywords in the preset keyword set exist in each field in the preset field format in the running log in the preset log format.
Optionally, the apparatus may further include:
the receiving module is used for receiving the address of the detected equipment and the specified service identification input by a user before acquiring the running log of the detected equipment;
the obtaining module 301 is specifically configured to:
sending a log acquisition request to the detected equipment according to the address of the detected equipment, wherein the log acquisition request is used for requesting to acquire an operation log of the specified service corresponding to the specified service identifier;
and receiving the running log of the specified service sent by the detected equipment.
Optionally, the apparatus may further include:
and the adjusting module is used for reducing the frequency of sending the log obtaining request to the detected equipment if the number of times of detecting that the detected equipment has the specified abnormal type reaches the specified number of times after determining that the detected equipment has each abnormal type, wherein the specified abnormal type represents that the equipment is in a busy state.
The embodiment of the present application further provides an electronic device, as shown in fig. 4, which includes a processor 401, a communication interface 402, a memory 403, and a communication bus 404, where the processor 401, the communication interface 402, and the memory 403 complete mutual communication through the communication bus 404,
a memory 403 for storing a computer program;
the processor 401 is configured to implement the method steps in the above method embodiments when executing the program stored in the memory 403.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present application, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any of the above-mentioned anomaly detection methods.
In yet another embodiment provided by the present application, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform any of the above-described method of anomaly detection.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the application are all or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present application and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.
Claims (10)
1. An anomaly detection method, characterized in that the method comprises:
acquiring an operation log of the detected equipment;
if the operating log is detected to have the keywords in the preset keyword set, taking the abnormal type corresponding to the keywords in the operating log as the abnormal type of the detected equipment;
determining the number of times each abnormal type exists in the detected equipment;
and if the frequency of the detected equipment with at least one abnormal type reaches the preset frequency, performing abnormal alarm.
2. The method of claim 1, wherein the determining the number of times each anomaly type exists for the detected device comprises:
and for each abnormal type existing in the abnormal detection equipment, accumulating the total occurrence frequency of each keyword of the abnormal type in the operation log to the historical frequency of the abnormal type existing in the detected equipment to obtain the frequency of each abnormal type existing in the detected equipment.
3. The method of claim 2, wherein the historical count is a total historical count, a current cycle count, or zero.
4. The method according to claim 2 or 3, wherein before the abnormal type corresponding to the keyword existing in the running log is used as the abnormal type existing in the detected device if the keyword in the preset keyword set is detected to exist in the running log, the method further comprises:
converting the format of the running log into a preset log format;
converting the format of each field included in the running log with the preset log format into a preset field format;
and detecting whether keywords in the preset keyword set exist in each field of the preset field format in the running log of the preset log format.
5. The method according to any of claims 1-3, wherein prior to obtaining the log of the device under test, the method further comprises:
receiving the address of the detected equipment and a specified service identifier input by a user;
the acquiring of the operation log of the detected device includes:
sending a log obtaining request to the detected equipment according to the address of the detected equipment, wherein the log obtaining request is used for requesting to obtain an operation log of the specified service corresponding to the specified service identifier;
and receiving the running log of the specified service sent by the detected device.
6. The method of claim 5, wherein after determining the number of times each anomaly type exists for the detected device, the method further comprises:
and if the frequency of detecting that the specified abnormal type exists in the detected equipment reaches the specified frequency, reducing the frequency of sending the log acquisition request to the detected equipment, wherein the specified abnormal type represents that the equipment is in a busy state.
7. An abnormality detection apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring the running log of the detected equipment;
the determining module is used for taking an abnormal type corresponding to the keyword existing in the running log as an abnormal type existing in the detected equipment if the keyword in the preset keyword set exists in the running log acquired by the acquiring module;
the determining module is further configured to determine the number of times each abnormal type exists in the detected device;
and the alarm module is used for performing an abnormal alarm if the frequency of the detected equipment with at least one abnormal type reaches a preset frequency.
8. The apparatus of claim 7, wherein the determining module is specifically configured to:
and for each abnormal type existing in the abnormal detection equipment, accumulating the total occurrence frequency of each keyword of the abnormal type in the operation log to the historical frequency of the abnormal type existing in the detected equipment to obtain the frequency of each abnormal type existing in the detected equipment.
9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the steps of the method of any one of claims 1 to 6 when executing the program stored in the memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271951.3A CN115643200A (en) | 2022-10-18 | 2022-10-18 | Abnormity detection method, abnormity detection device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271951.3A CN115643200A (en) | 2022-10-18 | 2022-10-18 | Abnormity detection method, abnormity detection device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115643200A true CN115643200A (en) | 2023-01-24 |
Family
ID=84945631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211271951.3A Pending CN115643200A (en) | 2022-10-18 | 2022-10-18 | Abnormity detection method, abnormity detection device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115643200A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883346A (en) * | 2023-02-23 | 2023-03-31 | 广州嘉为科技有限公司 | FDEP log-based anomaly detection method and device and storage medium |
-
2022
- 2022-10-18 CN CN202211271951.3A patent/CN115643200A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883346A (en) * | 2023-02-23 | 2023-03-31 | 广州嘉为科技有限公司 | FDEP log-based anomaly detection method and device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11789760B2 (en) | Alerting, diagnosing, and transmitting computer issues to a technical resource in response to an indication of occurrence by an end user | |
| JP6160064B2 (en) | Application determination program, failure detection apparatus, and application determination method | |
| US20200341868A1 (en) | System and Method for Reactive Log Spooling | |
| CN113746703B (en) | Abnormal link monitoring method, system and device | |
| CN107896172B (en) | Monitoring fault processing method and device, storage medium and electronic equipment | |
| CN114090366A (en) | Method, device and system for monitoring data | |
| CN110430070B (en) | Service state analysis method, device, server, data analysis equipment and medium | |
| CN115643200A (en) | Abnormity detection method, abnormity detection device, electronic equipment and medium | |
| CN112256548B (en) | Abnormal data monitoring method and device, server and storage medium | |
| US9645877B2 (en) | Monitoring apparatus, monitoring method, and recording medium | |
| CN113760677A (en) | Abnormal link analysis method, device, equipment and storage medium | |
| CN110309028B (en) | Monitoring information acquisition method, service monitoring method, device and system | |
| CN116069591A (en) | Interface performance monitoring method, device, equipment and storage medium | |
| CN115083030A (en) | Service inspection method and device and electronic equipment | |
| CN113656247A (en) | Service monitoring method and device, electronic equipment and readable storage medium | |
| CN111651330B (en) | Data acquisition method, data acquisition device, electronic equipment and computer readable storage medium | |
| CN115499302A (en) | Monitoring method and device of business system, readable storage medium and electronic equipment | |
| CN115277479A (en) | Method and system for realizing system operation condition monitoring based on monitoring assistant | |
| JP5974905B2 (en) | Response time monitoring program, method, and response time monitoring apparatus | |
| CN115934453A (en) | Troubleshooting method, troubleshooting device and storage medium | |
| US10296967B1 (en) | System, method, and computer program for aggregating fallouts in an ordering system | |
| CN113965447A (en) | Online cloud diagnosis method, device, system, equipment and storage medium | |
| CN116401138B (en) | Operating system running state detection method and device, electronic equipment and medium | |
| CN115499292B (en) | Alarm method, device, equipment and storage medium | |
| CN112835780B (en) | Service detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |