CN115695163A - Visualization method and system based on syslog log analysis process - Google Patents
Visualization method and system based on syslog log analysis process Download PDFInfo
- Publication number
- CN115695163A CN115695163A CN202211213455.2A CN202211213455A CN115695163A CN 115695163 A CN115695163 A CN 115695163A CN 202211213455 A CN202211213455 A CN 202211213455A CN 115695163 A CN115695163 A CN 115695163A
- Authority
- CN
- China
- Prior art keywords
- area
- display area
- event
- alarm
- display
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004458 analytical method Methods 0.000 title claims abstract description 24
- 238000007794 visualization technique Methods 0.000 title claims abstract description 15
- 238000012800 visualization Methods 0.000 claims abstract description 13
- 230000002159 abnormal effect Effects 0.000 claims abstract description 10
- 230000000007 visual effect Effects 0.000 claims description 8
- 238000013461 design Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000009960 carding Methods 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims 2
- 238000012423 maintenance Methods 0.000 abstract description 9
- 238000012545 processing Methods 0.000 abstract description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012098 association analyses Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention relates to the technical field of visualization, and discloses a visualization method and a visualization system based on a syslog analysis process. The invention visually presents the whole life cycle of the log analysis process, and the processing state and abnormal conditions of each stage are clear and clear; the information that the original operation and maintenance personnel can acquire only by switching a plurality of pages back and forth is concentrated into one page, so that the time for the operation and maintenance personnel to acquire the information is saved, and the operation steps are reduced.
Description
Technical Field
The invention relates to the technical field of visualization, in particular to a visualization method and a visualization system based on a syslog log analysis process.
Background
There is no complete system for visually presenting the syslog parsing process on the market today. Basically, the condition and data of a certain process are shown in the fracture. If a user pays attention to the overall situation that the syslog is accessed to analyzed to be stored, the user needs to search and count in each independent module, the operation and maintenance personnel are inconvenient, most general users are operation and maintenance personnel, the overall business process of log analysis is relatively less understood, and a common syslog analysis product on the market lacks an intuitive, connected and hierarchical step display form on the visual display of the overall process, so that the user cannot have overall and systematic knowledge of the analysis process.
Disclosure of Invention
The invention provides a visualization method and a visualization system based on a syslog analysis process, aiming at the problem that the conventional syslog analysis process visualization system cannot present the syslog analysis process globally.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention discloses a visualization method based on a syslog analysis process on one hand, which comprises the following steps:
step 1: combing out an analysis process of the syslog, designing a front-end page, and designing different visual icons according to different processes; the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area; the device comprises an equipment display area, a collector display area, an intelligent normal area, a filter area, an event cache area and an event storage area which are sequentially connected through dynamic flow lines;
step 2: acquiring device fingerprint information of an access log source by using an asset detection tool through an ip address of the access log source, judging the type of the access device through a dictionary table built in a system, and dynamically displaying the type and the number of the access devices in a display area of the access device;
and step 3: the method comprises the steps that the number of collectors is dynamically displayed in a collector display area by inquiring information of the collectors registered in a system, and the EPS situation is dynamically displayed in the collector display area by monitoring the event quantity processed in the collector in unit time;
and 4, step 4: dynamically displaying icons of the number and the types of normally started normal files in the intelligent normal area by inquiring the number and the types of the started normal files in the system, and if the normal files are abnormal, carrying out red highlighting flashing prompt in the intelligent normal area;
and 5: dynamically displaying icons of the number and the types of the normally enabled filters in the filter area by inquiring the number and the types of the enabled filters in the system;
step 6: displaying the asset information in an asset display area by inquiring the number of assets in the system; asset information as inflow data flows into an event cache region for analysis, the data in the event cache region flows out to a rule display region, the rule display region dynamically displays the number of rules of actual work through the number of rules started in a query system, and the rear part of the rule display region is connected with an alarm display region through a dynamic circulation line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area carries out red highlight flashing prompt;
and 7: and dynamically displaying the quantity of the event data stored in the elastic search and mysql in the event storage area.
Further, the step 1 further comprises:
the method is characterized in that the arrangement layout display is organized and displayed according to the flow sequence of access equipment, collector, intelligent paradigm, filter, (asset), event cache, rule, alarm, DB and ES, and the data flow is displayed by flow segments among the processes.
Further, the types of the access equipment comprise a firewall, a linux, a router, a switch and a database.
Further, the asset display area, the rule display area, the event storage area and the filter area are respectively connected with the event cache area by using dynamic flow lines.
Furthermore, all displayed numbers on the front-end page can be clicked, and corresponding information within 24 hours is displayed through a list after clicking.
In another aspect, the present invention provides a visualization system based on a syslog parsing process, including:
the front-end page design unit is used for carding out the analytic process of the syslog, designing a front-end page, and designing different visual icons according to different processes; the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area; the device display area, the collector display area, the intelligent paradigm area, the filter area, the event cache area and the event storage area are sequentially connected through dynamic flow lines;
the device display area dynamic display unit is used for acquiring the device fingerprint information of the access log source by using an asset detection tool through the ip address of the access log source, judging the type of the access device through a dictionary table built in the system, and dynamically displaying the type and the number of the access devices in the access device display area;
the collector display area dynamic display unit is used for dynamically displaying the number of collectors in the collector display area by inquiring the information of the collectors registered in the system and dynamically displaying the EPS situation in the collector display area by monitoring the event amount processed in unit time by the collectors;
the intelligent normalized region dynamic display unit is used for dynamically displaying icons of the number and the types of normally started normalized files in the intelligent normalized region by inquiring the number and the types of the normalized files started in the system, and if the normalized files are abnormal, the intelligent normalized region carries out red highlight flashing prompt;
a filter area dynamic display unit for dynamically displaying the number and type icons of the normally enabled filters in the filter area by inquiring the number and type of the enabled filters in the system;
the comprehensive display unit is used for displaying the asset information in the asset display area by inquiring the number of assets in the system; asset information as inflow data flows into an event cache region for analysis, the data in the event cache region flows out to a rule display region, the rule display region dynamically displays the number of rules of actual work through the number of rules started in a query system, and the rear part of the rule display region is connected with an alarm display region through a dynamic circulation line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area carries out red highlight flashing prompt;
and the event storage area dynamic display unit is used for dynamically displaying the amount of the event data stored in the elastic search and mysql in the event storage area.
Further, the front-end page design unit is further configured to:
the method is characterized in that the arrangement layout display is organized and displayed according to the flow sequence of access equipment, collector, intelligent paradigm, filter, (asset), event cache, rule, alarm, DB and ES, and the data flow is displayed by flow segments among the processes.
Further, the types of the access equipment comprise a firewall, a linux, a router, a switch and a database.
Further, the asset display area, the rule display area, the event storage area and the filter area are respectively connected with the event cache area by using dynamic flow lines.
Furthermore, all displayed numbers on the front-end page can be clicked, and corresponding information within 24 hours is displayed through a list after clicking.
Compared with the prior art, the invention has the following beneficial effects:
the invention visually presents the whole life cycle of the log analysis process, and the processing state and abnormal conditions of each stage are clear and clear. The information that the operation and maintenance personnel need to switch a plurality of pages back and forth before can be obtained is concentrated into one page, so that the time for the operation and maintenance personnel to obtain the information is saved, and the operation steps are reduced.
Drawings
Fig. 1 is a basic flowchart of a visualization method based on a syslog parsing process according to an embodiment of the present invention;
fig. 2 is an exemplary diagram of a front-end page designed based on a visualization method of syslog parsing process according to an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
as shown in fig. 1, a visualization method based on a syslog parsing process roughly includes the following steps:
1. and acquiring multi-source heterogeneous log information of the safety equipment in an active or passive acquisition mode.
2. And converting the safety logs of different formats of different equipment into a unified and standardized event object in a canonicalization mode for subsequent service analysis of the auditing system.
3. And performing streaming processing on the standardized event object in an event cache, and performing various analysis operations such as condition filtering, merging and deduplication, garbage data cleaning, rule-based association analysis and the like.
4. And carrying out warehousing persistence operation on the event object after standardization and the result of the last step of correlation analysis, and storing the event object into mysql or elastic search for subsequent business query and retrieval, thereby meeting the audit and traceability requirements of the security event.
Specifically, in order to satisfy the requirement that security operation and maintenance personnel comprehensively know the security state of the assets of the whole network from the whole dimension, the key steps and nodes of the log auditing system are arranged and ranked, the main flow of the system is displayed in a visual form in a data stream form, meanwhile, the important statistical data of each key node is dynamically presented, and click reading is provided for the important statistical data. The visualization method based on the syslog log parsing process specifically comprises the following steps:
the first step is as follows: and (3) combing out the parsing process of the syslog, designing a front-end page (as shown in FIG. 2), and designing different visual icons according to different processes. The arrangement layout display is organized and displayed according to the flow sequence of access equipment, collector, intelligent paradigm, filter, (asset), event cache, rule, alarm, DB, ES and the like. And flow line segments are utilized among various processes to carry out related display of data flow. Wherein DB represents a database (database), mysql can be adopted specifically, and ES represents an elastic search. Specifically, the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area.
The second step is that: the access device display area is located at the very bottom of the entire page display. The method comprises the steps of obtaining equipment fingerprint information of an access log source by an asset detection tool through an ip address of the access log source, judging the type of the access equipment through a dictionary table built in a system, dynamically displaying the type of the access equipment and the number of the access equipment (the equipment type comprises a firewall, a linux, a router, a switch, a database and the like) in a display area of the access equipment, and dynamically displaying the front end according to the actually accessed equipment number and equipment type. And meanwhile, the display area of the access equipment is connected with the collector area by utilizing a dynamic flow line.
The third step: the collector display area is positioned above the access device display area. The number of the collectors is dynamically displayed by inquiring the information of the collectors registered in the system, and simultaneously, the EPS (Event per Second) condition is dynamically displayed by monitoring the Event amount processed by the collectors in unit time. And the working state of the collector (abnormal red mark, normal green mark). Meanwhile, the collector area is connected with the intelligent paradigm area by utilizing a dynamic flow line.
The fourth step: the intelligent paradigm region is located above the collector display region. And dynamically displaying icons of the number and the types of the normally started normalized files by inquiring the number and the types of the normalized files started in the system, and if the normalized files are abnormal, carrying out red highlight flash prompt in the area. While the intelligent paradigm shift is connected to the filter region using dynamic flow lines.
The fifth step: the filter area is located above the intelligent fanning area. By querying the number and type of filters enabled in the system, icons of the number and type of filters normally enabled are dynamically displayed while the filter area is connected to the event cache area with a dynamic flow line.
And a sixth step: the event buffer area is located above the filter area. The event cache area is a core area and is respectively connected with the asset display area, the rule display area, the event storage area and the filter area by utilizing dynamic flow lines. Displaying the asset information in an asset display area by inquiring the number of assets in the system (manually input and dynamically discovered); the asset information flows into the event cache area as incoming data for analysis. And the data in the event cache region flows out to a rule display region, and the rule display region dynamically displays the number of the actually-working rules according to the number of the rules started in the query system. The rear part of the regular display area is connected with an alarm display area through a dynamic flow line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area is red and high and flashes.
The seventh step: the event storage area is positioned above the event cache area and is also the topmost part of the whole page. The event storage area is divided into two sub-areas, namely DB and ES, and the data volume of the events stored in mysql and the elastic search are dynamically displayed respectively.
It should be noted that all numbers displayed on the front page can be clicked, and after clicking, corresponding information within 24 hours is displayed through the list.
On the basis of the above embodiment, the present invention further provides a visualization system based on a syslog parsing process, including:
the front-end page design unit is used for carding the analytic process of the syslog, designing a front-end page and designing different visual icons according to different processes; the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area; the device display area, the collector display area, the intelligent paradigm area, the filter area, the event cache area and the event storage area are sequentially connected through dynamic flow lines;
the device display area dynamic display unit is used for acquiring the device fingerprint information of the access log source by using the asset detection tool through the ip address of the access log source, judging the type of the access device through a dictionary table built in the system, and dynamically displaying the type and the number of the access devices in the access device display area;
the collector display area dynamic display unit is used for dynamically displaying the number of collectors in the collector display area by inquiring the information of the collectors registered in the system and dynamically displaying the EPS situation in the collector display area by monitoring the event amount processed in unit time by the collectors;
the intelligent normalized region dynamic display unit is used for dynamically displaying icons of the number and the types of normally started normalized files in the intelligent normalized region by inquiring the number and the types of the normalized files started in the system, and if the normalized files are abnormal, the intelligent normalized region carries out red highlight flashing prompt;
a filter area dynamic display unit for dynamically displaying the number and type icons of the normally enabled filters in the filter area by inquiring the number and type of the enabled filters in the system;
the comprehensive display unit is used for displaying the asset information in the asset display area by inquiring the number of assets in the system; the asset information as inflow data flows into an event cache region for analysis, the data in the event cache region flows out to a rule display region, the rule display region dynamically displays the number of rules of actual work through the number of rules started in a query system, and the rear part of the rule display region is connected with an alarm display region through a dynamic circulation line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area carries out red highlight flashing prompt;
and the event storage area dynamic display unit is used for dynamically displaying the event data quantity stored in the elastic search and mysql in the event storage area.
Further, the front-end page design unit is further configured to:
the method is characterized in that the arrangement layout display is organized and displayed according to the flow sequence of access equipment, collector, intelligent paradigm, filter, (asset), event cache, rule, alarm, DB and ES, and the data flow is displayed by flow segments among the processes.
Further, the types of the access equipment comprise a firewall, a linux, a router, a switch and a database.
Further, the asset display area, the rule display area, the event storage area and the filter area are respectively connected through the event cache area by using a dynamic flow line.
Furthermore, all displayed numbers on the front-end page can be clicked, and corresponding information within 24 hours is displayed through a list after clicking.
In conclusion, the log analysis process is visualized in the whole life cycle, and the processing state and abnormal conditions of each stage are clear and clear. The information that the original operation and maintenance personnel can acquire only by switching a plurality of pages back and forth is concentrated into one page, so that the time for the operation and maintenance personnel to acquire the information is saved, and the operation steps are reduced.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.
Claims (10)
1. A visualization method based on a syslog parsing process is characterized by comprising the following steps:
step 1: combing out an analysis process of the syslog, designing a front-end page, and designing different visual icons according to different processes; the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area; the device display area, the collector display area, the intelligent paradigm area, the filter area, the event cache area and the event storage area are sequentially connected through dynamic flow lines;
and 2, step: acquiring device fingerprint information of an access log source by using an asset detection tool through an ip address of the access log source, judging the type of the access device through a dictionary table built in a system, and dynamically displaying the type and the number of the access devices in a display area of the access device;
and step 3: the method comprises the steps that the number of collectors is dynamically displayed in a collector display area by inquiring information of the collectors registered in a system, and the EPS situation is dynamically displayed in the collector display area by monitoring the event amount processed in unit time by the collectors;
and 4, step 4: dynamically displaying the number and type icons of normally started normal normalized files in an intelligent normalized region by inquiring the number and type of the normalized files started in the system, and if the normalized files are abnormal, carrying out red highlight flash prompt in the intelligent normalized region;
and 5: dynamically displaying icons of the number and the types of the normally enabled filters in the filter area by inquiring the number and the types of the enabled filters in the system;
step 6: displaying the asset information in an asset display area by inquiring the number of assets in the system; asset information as inflow data flows into an event cache region for analysis, the data in the event cache region flows out to a rule display region, the rule display region dynamically displays the number of rules of actual work through the number of rules started in a query system, and the rear part of the rule display region is connected with an alarm display region through a dynamic circulation line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area carries out red highlight flashing prompt;
and 7: and dynamically displaying the amount of event data stored in the elastic search and mysql in the event storage area.
2. The visualization method according to claim 1, wherein the step 1 further comprises:
the method is characterized in that the arrangement layout display is organized and displayed according to the flow sequence of access equipment, a collector, intelligent normalization, a filter, assets, event caching, rules, an alarm and DB, ES, and the data flow is displayed by utilizing flow line segments among the processes.
3. The visualization method according to claim 1, wherein the types of the access devices include firewall, linux, router, switch, and database.
4. The visualization method according to claim 1, wherein the asset display area, the rule display area, the event storage area and the filter area are respectively connected to the event buffer area by dynamic flow lines.
5. The visualization method according to claim 1, wherein all numbers displayed on the front page can be clicked, and after clicking, the corresponding information within 24 hours is displayed by a list.
6. A visualization system based on a syslog parsing process, comprising:
the front-end page design unit is used for carding the analytic process of the syslog, designing a front-end page and designing different visual icons according to different processes; the front-end page comprises an access device display area, a collector display area, an intelligent paradigm area, a filter area, an event cache area, an asset display area, a rule display area, an alarm display area and an event storage area; the device comprises an equipment display area, a collector display area, an intelligent normal area, a filter area, an event cache area and an event storage area which are sequentially connected through dynamic flow lines;
the device display area dynamic display unit is used for acquiring the device fingerprint information of the access log source by using the asset detection tool through the ip address of the access log source, judging the type of the access device through a dictionary table built in the system, and dynamically displaying the type and the number of the access devices in the access device display area;
the collector display area dynamic display unit is used for dynamically displaying the number of collectors in the collector display area by inquiring the information of the collectors registered in the system and dynamically displaying the EPS situation in the collector display area by monitoring the event amount processed in unit time by the collectors;
the intelligent normalized region dynamic display unit is used for dynamically displaying the number and the type icons of normally started normalized files in the intelligent normalized region by inquiring the number and the type of the normalized files started in the system, and if the normalized files are abnormal, the intelligent normalized region carries out red highlight flicker prompting;
a filter area dynamic display unit for dynamically displaying the number and type icons of the normally enabled filters in the filter area by inquiring the number and type of the enabled filters in the system;
the comprehensive display unit is used for displaying the asset information in the asset display area by inquiring the number of assets in the system; asset information as inflow data flows into an event cache region for analysis, the data in the event cache region flows out to a rule display region, the rule display region dynamically displays the number of rules of actual work through the number of rules started in a query system, and the rear part of the rule display region is connected with an alarm display region through a dynamic circulation line; the alarm display area dynamically displays alarm information by inquiring the alarm number in the system, and if an alarm is generated, the alarm display area carries out red highlight flashing prompt;
and the event storage area dynamic display unit is used for dynamically displaying the event data quantity stored in the elastic search and mysql in the event storage area.
7. The syslog parsing process-based visualization system according to claim 6, wherein the front-end page design unit is further configured to:
the method is characterized in that the arrangement layout display is organized and displayed according to the flow sequence of access equipment, a collector, intelligent normalization, a filter, assets, event caching, rules, an alarm and DB, ES, and the data flow is displayed by utilizing flow line segments among the processes.
8. The syslog parsing process-based visualization system according to claim 6, wherein the types of the access devices include firewall, linux, router, switch, and database.
9. The syslog parsing process-based visualization system according to claim 6, wherein the asset display area, the rule display area, the event storage area and the filter area are respectively connected to the event buffer area by dynamic flow lines.
10. The syslog parsing-based visualization system according to claim 6, wherein all numbers displayed on the front-end page can be clicked, and after clicking, corresponding information within 24 hours is displayed through a list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211213455.2A CN115695163A (en) | 2022-09-30 | 2022-09-30 | Visualization method and system based on syslog log analysis process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211213455.2A CN115695163A (en) | 2022-09-30 | 2022-09-30 | Visualization method and system based on syslog log analysis process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115695163A true CN115695163A (en) | 2023-02-03 |
Family
ID=85064041
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211213455.2A Pending CN115695163A (en) | 2022-09-30 | 2022-09-30 | Visualization method and system based on syslog log analysis process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115695163A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN112350989A (en) * | 2020-09-21 | 2021-02-09 | 西安交大捷普网络科技有限公司 | Log data analysis method |
-
2022
- 2022-09-30 CN CN202211213455.2A patent/CN115695163A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN112350989A (en) * | 2020-09-21 | 2021-02-09 | 西安交大捷普网络科技有限公司 | Log data analysis method |
Non-Patent Citations (3)
| Title |
|---|
| 余铮;冯浩;查志勇;: "集成电力大数据日志分析模块的信息系统研究", 计算机与数字工程, no. 03 * |
| 曾春;王泽林;: "歌华有线高清交互前端系统日志审计平台设计与实现", 广播与电视技术, no. 07, pages 1 - 4 * |
| 黄海龙;郭怡薇;: "一体化网络安全管控系统特性", 网络安全技术与应用, no. 11 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11831523B2 (en) | Systems and methods for displaying adjustable metrics on real-time data in a computing environment | |
| US11288283B2 (en) | Identifying metrics related to data ingestion associated with a defined time period | |
| US7251584B1 (en) | Incremental detection and visualization of problem patterns and symptoms based monitored events | |
| US20090070301A1 (en) | Document search tool | |
| CN108509326B (en) | Service state statistical method and system based on nginx log | |
| US9824148B2 (en) | Method and device for searching and displaying scattered logs | |
| KR20150009798A (en) | System for online monitering individual information and method of online monitering the same | |
| KR102067032B1 (en) | Method and system for data processing based on hybrid big data system | |
| CN112181931A (en) | Big data system link tracking method and electronic equipment | |
| CN113010484A (en) | Log file management method and device | |
| CN114116872A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN114168616A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| CN115695163A (en) | Visualization method and system based on syslog log analysis process | |
| CN102193859B (en) | Code analysis method and system | |
| KR20180071699A (en) | System for online monitoring individual information and method of online monitoring the same | |
| JP5444071B2 (en) | Fault information collection system, method and program | |
| CN108289031B (en) | Home broadband network fault diagnosis method and device | |
| CN112035580A (en) | Intelligent checking method and system for Oracle database | |
| CN112398778B (en) | Method for automatically responding to security problem in modular environment | |
| CN111427858A (en) | Log processing system and processing method thereof | |
| CN111143406A (en) | Database data comparison method and database data comparison system | |
| US20230086429A1 (en) | Method of recognizing address, electronic device and storage medium | |
| CN116975041B (en) | AB experiment shunting and analyzing system | |
| CN110808849A (en) | Power network data security management method | |
| CN114372262A (en) | Network security audit method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Building 9, No. 186 Heyang Road, High tech Industrial Development Zone, Zhengzhou City, Henan Province, 450001 Applicant after: Zhengzhou Yunzhi Xin'an Security Technology Co.,Ltd. Address before: 450001 Floor 3, Building A, Building 2, No. 186 Heyang Road, Zhengzhou Hi tech Industrial Development Zone, Henan Province Applicant before: Zhengzhou Yunzhi Xin'an Security Technology Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230203 |