CN115757318A - Log query method and device, storage medium and electronic equipment - Google Patents
Log query method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115757318A CN115757318A CN202211457072.XA CN202211457072A CN115757318A CN 115757318 A CN115757318 A CN 115757318A CN 202211457072 A CN202211457072 A CN 202211457072A CN 115757318 A CN115757318 A CN 115757318A
- Authority
- CN
- China
- Prior art keywords
- log
- log file
- file
- target
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application discloses a log query method, a log query device, a storage medium and electronic equipment. Relates to the field of big data. The method comprises the following steps: acquiring an operation command of a target operation sent by a user side, and determining a log file in which the target operation is stored to obtain a first log file; acquiring a plurality of log contents associated with the operation command from the first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files; obtaining log content associated with at least one log content from the plurality of associated log files to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side. According to the method and the device, the problem that the related operation cannot be traced in time accurately according to the production logs because the production logs are distributed in a plurality of servers in the related art is solved.
Description
Technical Field
The application relates to the field of big data, in particular to a log query method, a log query device, a storage medium and electronic equipment.
Background
For a large-scale data center, a production system stores a large amount of client sensitive information and important data assets in a centralized manner, so that the user security management requirement of the system is increasingly urgent for preventing a user from illegally invading the system to obtain important data, and besides the subsequent security audit, the security monitoring of user information is an indispensable link for the data center security management.
The currently used security monitoring method relies on the production log of the system, however, since a large data center has a large number of production servers, each operation may involve a plurality of production servers, and therefore, the production log in each production server has the following problems: 1. production logging is incomplete and risky operations cannot be monitored comprehensively. 2. The production log is complicated in type and lacks efficient and complete analysis capability. 3. The production, operation and maintenance modes are complex and various, and the operation and the source tracing are difficult.
Therefore, when monitoring user information, when a certain production server performs a certain operation, all production logs corresponding to the operation cannot be timely acquired due to the problems, so that the operation cannot be quickly traced, the production logs of the data center cannot be timely and accurately monitored, an alarm cannot be timely sent out under the condition of abnormal operation, and the phenomenon of user information leakage is caused.
In order to solve the problem that the related operations cannot be traced accurately and timely according to the production logs because the production logs are distributed in a plurality of servers in the related art, an effective solution is not provided at present.
Disclosure of Invention
The application provides a log query method, a log query device, a storage medium and electronic equipment, which are used for solving the problem that related operations cannot be traced accurately and timely according to production logs because the production logs are distributed in a plurality of servers in the related art.
According to one aspect of the present application, a log query method is provided. The method comprises the following steps: the method comprises the steps of obtaining an operation command of a target operation sent by a user side, determining a log file in which the target operation is stored in a database, and obtaining a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; acquiring a plurality of log contents associated with an operation command from a first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located; acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side.
Optionally, before obtaining log files associated with a plurality of log contents from a plurality of target log file sets, the method further comprises: obtaining log files of executed operations of a plurality of devices to obtain a plurality of log files; determining the log type of each log file, and generating a marking stamp for each log file according to the log type to obtain a plurality of marking stamps; and classifying the plurality of log files according to the marking stamps to obtain a plurality of log file sets.
Optionally, before obtaining log files of executed operations of a plurality of devices and obtaining the plurality of log files, the method further includes: obtaining the equipment type of each equipment to obtain a plurality of equipment types; sequentially configuring a log acquisition program matched with the equipment type in each equipment; and acquiring the log file of the executed operation of the equipment, which is sent by each log collection program.
Optionally, obtaining log files of executed operations of a plurality of devices, where obtaining the plurality of log files includes: acquiring initial log files of a plurality of devices to obtain a plurality of initial log files; acquiring the file format of each initial log file to obtain a plurality of file formats; sequentially judging whether each file format is a preset file format or not; under the condition that the file format is not the preset file format, converting the file format of the initial log file into the preset file format, and determining the updated initial log file as the log file; in case that the file format is a preset file format, the initial log file is determined as a log file.
Optionally, the log content has user authority information, and before sending the operation log file to the user side, the method further includes: acquiring user authority information from log contents in an operation log file; judging whether the user authority information comprises authority information for executing the operation command; under the condition that the user authority information does not include authority information for executing the operation command, generating first alarm information, wherein the first alarm information represents that an executing user of the operation command is abnormal; and adding the first alarm information into the operation log file to obtain an updated operation log file, and executing a step of sending the operation log file to a user side according to the updated operation log file.
Optionally, the target operation is initiated by logging in any one of the plurality of devices by the operation initiating device, and before sending the operation log file to the user side, the method further includes: acquiring the address of operation initiating equipment for initiating target operation from the operation log file; judging whether the address of the operation initiating device has the authority of initiating the target operation; generating second alarm information under the condition that the address of the operation initiating device does not have the authority of initiating the target operation, wherein the second alarm information represents that the execution address of the operation command is abnormal; and adding the second alarm information into the operation log file to obtain an updated operation log file, and executing the step of sending the updated operation log file to the user side according to the updated operation log file.
Optionally, the plurality of log file sets comprises at least one of: the system comprises an access log file set, an operation behavior log file set and an operation and maintenance terminal log file set.
According to another aspect of the present application, there is provided a log query apparatus. The device comprises: the first determining unit is used for acquiring an operation command of a target operation sent by a user side, and determining a log file in which the target operation is stored in a database to obtain a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; a first obtaining unit, configured to obtain a plurality of log contents associated with an operation command from a first log file, and obtain log files associated with the plurality of log contents from a plurality of target log file sets, so as to obtain a plurality of associated log files, where the target log file sets are different log file sets from a log file set in which the first log file is located; the second acquisition unit is used for sequentially acquiring the log content associated with at least one log content from the plurality of associated log files to obtain a plurality of associated log contents; and the combination unit is used for combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation and sending the operation log file to the user side.
According to another aspect of the embodiments of the present invention, there is also provided a computer storage medium for storing a program, where the program controls a device in which the computer storage medium is located to execute a log query method when the program runs.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors and a memory; the memory has stored therein computer readable instructions, and the processor is configured to execute the computer readable instructions, wherein the computer readable instructions when executed perform a log querying method.
By the application, the following steps are adopted: the method comprises the steps of obtaining an operation command of a target operation sent by a user side, determining a log file in which the target operation is stored in a database, and obtaining a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; acquiring a plurality of log contents associated with an operation command from a first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located; acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side. The problem that in the related art, due to the fact that the production logs are distributed in a plurality of servers, related operations cannot be traced accurately and timely according to the production logs is solved. The log content is obtained from the production log file in which the operation is stored, and the content related to the log content is obtained from the rest log files according to the log content, so that the log content and the related log content are used as the log content corresponding to the target operation, the operation is traced according to the log content corresponding to the target operation, and the effect of tracing the operation in time is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
FIG. 1 is a flowchart of a log query method provided according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an alternative log collection program configuration provided in accordance with an embodiment of the present application;
FIG. 3 is a schematic diagram of a log querying device provided in an embodiment of the present application;
fig. 4 is a schematic view of an electronic device according to an embodiment of the present application.
Detailed Description
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the relevant information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
It should be noted that the log query method, the log query device, the storage medium and the electronic device determined by the present disclosure may be used in the field of big data, and may also be used in any field other than the field of big data.
According to an embodiment of the application, a log query method is provided.
Fig. 1 is a flowchart of a log query method provided according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
step S101, obtaining an operation command of a target operation sent by a user terminal, and determining a log file storing the target operation in a database to obtain a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation.
Specifically, an operation instruction of a target operation sent by a user side can be received through the log processing platform, wherein the target operation is an operation of a user side to be traced and queried, and the operation instruction is an operation instruction input when the target operation is executed. For example, the target operation may be to delete a data table in a certain production system, and the operation instruction is a "deletexx table" command.
After the log processing platform receives the operation instruction of the target operation, the log file storing the target operation can be determined. It should be noted that the log processing platform centrally stores production logs in all production servers. Therefore, the log file storing the target operation can be determined in a plurality of production servers. For example, the target operation may be that the server a goes down, and a log file corresponding to the down of the server a may be acquired from the operation behavior log to obtain a first log file. The operation behavior logs can store downtime behavior logs of a plurality of servers, and then log files corresponding to downtime of the server A can be acquired from the operation behavior logs according to the downtime information of the server A.
Step S102, obtaining a plurality of log contents related to the operation command from the first log file, and obtaining a plurality of log files related to the plurality of log contents from a plurality of target log file sets to obtain a plurality of related log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located.
Specifically, after the first log file is obtained, an operation command corresponding to the target operation may be input, so as to search for the log content related to the operation command, and obtain, according to the log content, the log file associated with the plurality of log contents from the plurality of target log file sets.
For example, the operation command of the downtime of the server a may be "shutdown-a", and the execution time corresponding to the downtime operation may be acquired from the first log file in the operation behavior log, so as to obtain the log content. And querying other log files, such as an access log, an operation and maintenance terminal log and the like, by taking the execution time as a condition, and obtaining the log file containing the time from the access log, the operation and maintenance terminal log and the like.
Step S103, sequentially acquiring the log content associated with at least one log content from the plurality of associated log files to obtain a plurality of associated log contents.
Specifically, after obtaining a plurality of associated log files, the remaining log contents associated with the log contents may be obtained, so as to obtain a plurality of associated log contents.
For example, the access log is queried by taking the execution time as a condition, a user login record including information such as login time and a server user name in the execution time is obtained, the operation and maintenance terminal log is queried by taking the execution time as a condition, the called condition of the server at the execution time is queried, the user information of a caller, the operation source terminal and the operation source address information are obtained, and a plurality of associated content logs are obtained.
And step S104, combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side.
Specifically, after obtaining the plurality of associated log contents, the associated log contents may be combined with the log contents in the first log file, so as to obtain a completion log corresponding to the target operation, that is, an operation log file, and return the complete log to the user side, so that the user side may perform a source tracing operation on the target operation according to the operation log file.
For example, the time information, the user login record in the execution period, including the login time, the server user name and other information, and the called condition of the server may be obtained, the user information of the caller, the operation source terminal, the operation source address information may be obtained, and the information may be determined as the operation log file, so that the tracing may be performed according to the information in the operation log file, for example, the executor of the command and the originating source address may be located according to the operation source address information and the server user name, so as to trace the source of the target operation.
According to the log query method provided by the embodiment of the application, a first log file is obtained by acquiring an operation command of a target operation sent by a user side and determining a log file in which the target operation is stored in a database, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; acquiring a plurality of log contents associated with an operation command from a first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located; acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side. The problem that in the related technology, due to the fact that the production logs are distributed in a plurality of servers, related operations cannot be traced accurately and timely according to the production logs is solved. The log content is obtained from the production log file in which the operation is stored, and the content related to the log content is obtained from the rest log files according to the log content, so that the log content and the related log content are used as the log content corresponding to the target operation, the operation is traced according to the log content corresponding to the target operation, and the effect of tracing the operation in time is achieved.
Optionally, in the log query method provided in the embodiment of the present application, before obtaining log files associated with a plurality of log contents from a plurality of target log file sets, the method further includes: obtaining log files of executed operations of a plurality of devices to obtain a plurality of log files; determining the log type of each log file, and generating a marking stamp for each log file according to the log type to obtain a plurality of marking stamps; and classifying the plurality of log files according to the marking stamps to obtain a plurality of log file sets.
Specifically, the device may be a production server, or an operation and maintenance system, an operation and maintenance tool, and the like, and the log processing platform may periodically obtain log files for which operations have been executed from the multiple devices, determine a log type of each log file according to information included in each log file, and add a corresponding mark stamp to each log type, at this time, after the log processing platform receives the multiple log files, the log type may be determined according to the mark stamp, and the log files are added to the corresponding log file set according to the log types, thereby completing creation and update of the log file set.
For example, in the log query method provided in the embodiment of the present application, the multiple log file sets include at least one of: the system comprises an access log file set, an operation behavior log file set and an operation and maintenance terminal log file set. After the log centralized processing platform collects the log files in each device, the file type of the log file containing the time information, the server user information and the target server information can be determined as an access log, the file type of the log file containing the time information and the operation command information can be determined as an operation behavior log, and the log file containing the time information, the personnel user information and the operation terminal information can be determined as a source operation and maintenance terminal log. And adding corresponding marking stamps according to the log types, and adding each log file to a corresponding log file set in a log centralized processing platform according to the marking stamps.
Optionally, in the log query method provided in the embodiment of the present application, before obtaining log files of executed operations of multiple devices and obtaining multiple log files, the method further includes: obtaining the equipment type of each equipment to obtain a plurality of equipment types; sequentially configuring a log acquisition program matched with the equipment type in each equipment; and acquiring the log file of the executed operation of the equipment, which is sent by each log collection program.
Specifically, fig. 2 is a schematic diagram of an optional log collection program configuration provided according to an embodiment of the present application, and as shown in fig. 2, in order to obtain a production log of each device, a collection program needs to be set in each device, and because the types of production servers are different, a used log collection program also needs to be adapted to the corresponding device, so as to ensure that the production log in each device can be normally received, where the device may be a production server, or may be an operation and maintenance system, an operation and maintenance tool, and the like.
For example, log collection programs are locally deployed in all production servers, and the log collection programs are configured according to different pertinences of server types, for example, a large-scale host system can deploy a smf collection program, a windows server can deploy an nxlog collection program, a unix server can deploy a syslog collection program, a database server can deploy a traffic collection plug-in, and the like, so that successful reception of logs is ensured.
Optionally, in the log query method provided in the embodiment of the present application, obtaining log files of executed operations of a plurality of devices, and obtaining the plurality of log files includes: acquiring initial log files of a plurality of devices to obtain a plurality of initial log files; acquiring the file format of each initial log file to obtain a plurality of file formats; sequentially judging whether each file format is a preset file format or not; under the condition that the file format is not the preset file format, converting the file format of the initial log file into the preset file format, and determining the updated initial log file as the log file; in case that the file format is a preset file format, the initial log file is determined as a log file.
Specifically, in order to unify the log files, so that the content in the log files can be more conveniently and quickly acquired, after the initial log files of the device are acquired through the log acquisition program, the file format of each initial log file can be checked, and the file format of each initial log file can be converted into the preset file format under the condition that the file format is not the preset file format, so that the formats of the log files stored in the log processing platform are unified and are all the preset formats, and the stability of operation can be ensured when the log files are subsequently operated.
Optionally, in the log query method provided in the embodiment of the present application, the log content has user right information, and before sending the operation log file to the user side, the method further includes: acquiring user authority information from log contents in an operation log file; judging whether the user authority information comprises authority information for executing the operation command; under the condition that the user authority information does not include authority information for executing the operation command, generating first alarm information, wherein the first alarm information represents that an executing user of the operation command is abnormal; and adding the first alarm information into the operation log file to obtain an updated operation log file, and executing a step of sending the operation log file to a user side according to the updated operation log file.
Specifically, in order to implement monitoring and accurate monitoring of operations, after an operation log file is acquired, user permission information in the file needs to be checked, whether the user permission information includes permission information for executing an operation command or not is judged, and when the user permission information does not include permission information for executing the operation command, it is represented that the user does not have permission to perform checked operations.
For example, a certain administrator user logs in a certain system to delete a data table thereof in a certain service time period, if the user right information of the user includes deleting the data table, an alarm is not needed, if the user right information of the user does not include deleting the data table, the operation is represented as an illegal operation, and alarm information needs to be added in an operation file log, so that the user side can perform corresponding operation on the alarm information in time.
Optionally, in the log query method provided in the embodiment of the present application, the target operation is initiated by logging in any one of the multiple devices by the operation initiation device, and before sending the operation log file to the user side, the method further includes: acquiring the address of operation initiating equipment for initiating target operation from the operation log file; judging whether the address of the operation initiating device has the authority of initiating the target operation; generating second alarm information under the condition that the address of the operation initiating device does not have the authority of initiating the target operation, wherein the second alarm information represents that the execution address of the operation command is abnormal; and adding the second alarm information into the operation log file to obtain an updated operation log file, and executing a step of sending the updated operation log file to the user side according to the updated operation log file.
Specifically, in order to implement the operation implementation monitoring and accurate monitoring, after an operation log file is obtained, an address of an operation initiating device initiating a target operation needs to be obtained from the operation log file, and whether the address can execute the target operation at this time is judged, and under the condition that the address does not have the authority to execute the operation at this time, alarm information needs to be added to the operation log file, so that a user side can obtain the alarm information after receiving the operation log file, and trace the source of an operation command according to the content of the alarm information and information in the operation log file, that is, the address sending the operation command and corresponding user information can be accurately determined, and each operation can be accurately monitored and checked. Therefore, tracking and tracing of abnormal operation behaviors of the user are guaranteed, and the effect of monitoring the risk behaviors of the user in the large data center such as illegal entrance and exit invasion behaviors, internal illegal operation, sensitive data leakage and the like in real time is achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the present application further provides a log query device, and it should be noted that the log query device in the embodiment of the present application may be used to execute the log query method provided in the embodiment of the present application. The following describes a log query apparatus according to an embodiment of the present application.
Fig. 3 is a schematic diagram of a log query device provided according to an embodiment of the present application. As shown in fig. 3, the apparatus includes: a first determining unit 31, a first acquiring unit 32, a second acquiring unit 33, and a combining unit 34.
The first determining unit 31 is configured to obtain an operation command of a target operation sent by a user, and determine, in a database, a log file in which the target operation is stored, to obtain a first log file, where the database stores a plurality of log file sets, each log file set includes a plurality of log files of executed operations, and the executed operations include the target operation.
A first obtaining unit 32, configured to obtain a plurality of log contents associated with the operation command from the first log file, and obtain a plurality of associated log files by obtaining log files associated with the plurality of log contents from a plurality of target log file sets, where a target log file set is a log file set different from a log file set in which the first log file is located.
A second obtaining unit 33, configured to sequentially obtain log contents associated with at least one log content from the plurality of associated log files, and obtain a plurality of associated log contents.
A combining unit 34, configured to combine the associated log content and the multiple log contents to obtain an operation log file of the target operation, and send the operation log file to the user side.
The log query device provided in this embodiment of the present application obtains, by the first determining unit 31, an operation command of a target operation sent by a user side, and determines, in a database, a log file in which the target operation is stored, to obtain a first log file, where a plurality of log file sets are stored in the database, each log file set includes a plurality of log files of executed operations, and the executed operations include the target operation. The first acquisition unit 32 acquires a plurality of log contents associated with the operation command from the first log file, and acquires log files associated with the plurality of log contents from a plurality of target log file sets, which are different log file sets from the log file set in which the first log file is located, resulting in a plurality of associated log files. The second acquisition unit 33 sequentially acquires log contents associated with at least one log content from the plurality of associated log files, resulting in a plurality of associated log contents. The combining unit 34 combines the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sends the operation log file to the user side. The problem that in the related technology, due to the fact that the production logs are distributed in a plurality of servers, related operations cannot be traced accurately and timely according to the production logs is solved. The log content is obtained from the production log file in which the operation is stored, and the content related to the log content is obtained from the rest log files according to the log content, so that the log content and the related log content are used as the log content corresponding to the target operation, the operation is traced according to the log content corresponding to the target operation, and the effect of tracing the operation in time is achieved.
Optionally, in the log query device provided in the embodiment of the present application, the device further includes: a third obtaining unit, configured to obtain log files of executed operations of multiple devices, and obtain multiple log files; the second determining unit is used for determining the log type of each log file and generating a marking stamp for each log file according to the log type to obtain a plurality of marking stamps; and the classification unit is used for classifying the plurality of log files according to the mark stamps to obtain a plurality of log file sets.
Optionally, in the log query device provided in the embodiment of the present application, the device further includes: a fourth obtaining unit, configured to obtain a device type of each device, to obtain multiple device types; the configuration unit is used for configuring a log acquisition program matched with the equipment type in each piece of equipment in sequence; and the fifth acquisition unit is used for acquiring the log file of the executed operation of the equipment sent by each log acquisition program.
Optionally, in the log query device provided in the embodiment of the present application, the fourth obtaining unit includes: the first acquisition module is used for acquiring initial log files of a plurality of devices to obtain a plurality of initial log files; the second acquisition module is used for acquiring the file format of each initial log file to obtain a plurality of file formats; the judging module is used for sequentially judging whether each file format is a preset file format or not; the conversion module is used for converting the file format of the initial log file into a preset file format under the condition that the file format is not the preset file format, and determining the updated initial log file as the log file; and the determining module is used for determining the initial log file as the log file under the condition that the file format is the preset file format.
Optionally, in the log query apparatus provided in the embodiment of the present application, the log content has user right information, and the apparatus further includes: a sixth acquiring unit, configured to acquire user right information from log content in the operation log file; the first judging unit is used for judging whether the authority information of the user comprises the authority information for executing the operation command; the first generating unit is used for generating first alarm information under the condition that the user authority information does not comprise authority information for executing the operation command, wherein the first alarm information represents that the executing user of the operation command is abnormal; and the first adding unit is used for adding the first alarm information into the operation log file to obtain an updated operation log file, and executing the step of sending the operation log file to the user side according to the updated operation log file.
Optionally, in the log query apparatus provided in this embodiment of the present application, the target operation is initiated by logging in any one of the multiple devices by the operation initiating device, and the apparatus further includes: a seventh obtaining unit, configured to obtain, from the operation log file, an address of an operation initiating device that initiates the target operation; the second judging unit is used for judging whether the address of the operation initiating equipment has the authority of initiating the target operation; the second generating unit is used for generating second alarm information under the condition that the address of the operation initiating device does not have the authority of initiating the target operation, wherein the second alarm information represents that the execution address of the operation command is abnormal; and the second adding unit is used for adding the second alarm information into the operation log file to obtain an updated operation log file, and executing the step of sending the updated operation log file to the user side according to the updated operation log file.
Optionally, in the log querying device provided in the embodiment of the present application, the plurality of log file sets at least include one of: the system comprises an access log file set, an operation behavior log file set and an operation and maintenance terminal log file set.
The log query device comprises a processor and a memory, wherein the first determining unit 31, the first acquiring unit 32, the second acquiring unit 33, the combining unit 34 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the problem that related operations cannot be traced accurately and timely according to the production logs in the related technology due to the fact that the production logs are distributed in a plurality of servers is solved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
An embodiment of the present invention provides a computer-readable storage medium on which a program is stored, the program implementing the log query method when executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the log query method is executed when the program runs.
As shown in fig. 4, an embodiment of the present invention provides an electronic device, where the electronic device 40 includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor executes the program to implement the following steps: the method comprises the steps of obtaining an operation command of a target operation sent by a user side, determining a log file in which the target operation is stored in a database, and obtaining a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; acquiring a plurality of log contents associated with an operation command from a first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located; acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps of obtaining an operation command of a target operation sent by a user side, determining a log file in which the target operation is stored in a database, and obtaining a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation; acquiring a plurality of log contents associated with an operation command from a first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file sets are different log file sets from the log file set in which the first log file is located; acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents; and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A log query method, comprising:
acquiring an operation command of a target operation sent by a user side, determining a log file in which the target operation is stored in a database, and obtaining a first log file, wherein a plurality of log file sets are stored in the database, each log file set comprises a plurality of log files of executed operations, and the executed operations comprise the target operation;
acquiring a plurality of log contents associated with the operation command from the first log file, and acquiring log files associated with the plurality of log contents from a plurality of target log file sets to obtain a plurality of associated log files, wherein the target log file set is a log file set different from the log file set in which the first log file is located;
acquiring log contents associated with at least one log content from a plurality of associated log files in sequence to obtain a plurality of associated log contents;
and combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side.
2. The method of claim 1, wherein prior to retrieving log files associated with the plurality of log contents from a plurality of target sets of log files, the method further comprises:
obtaining log files of executed operations of a plurality of devices to obtain a plurality of log files;
determining the log type of each log file, and generating a marking stamp for each log file according to the log type to obtain a plurality of marking stamps;
and classifying the plurality of log files according to the marking stamps to obtain a plurality of log file sets.
3. The method of claim 2, wherein prior to obtaining a plurality of log files of executed operations of a plurality of devices, the method further comprises:
obtaining the equipment type of each equipment to obtain a plurality of equipment types;
sequentially configuring a log acquisition program matched with the equipment type in each equipment;
and acquiring the log file of the executed operation of the equipment, which is sent by each log collection program.
4. The method of claim 2, wherein obtaining a log file of executed operations for a plurality of devices comprises:
acquiring initial log files of the plurality of devices to obtain a plurality of initial log files;
acquiring the file format of each initial log file to obtain a plurality of file formats;
sequentially judging whether each file format is a preset file format or not;
under the condition that the file format is not the preset file format, converting the file format of the initial log file into the preset file format, and determining the updated initial log file as the log file;
determining the initial log file as the log file if the file format is the preset file format.
5. The method according to claim 1, wherein the log content has user authority information, and before sending the operation log file to the user side, the method further comprises:
acquiring user authority information from the log content in the operation log file;
judging whether the user authority information comprises authority information for executing the operation command;
generating first alarm information under the condition that the user permission information does not include permission information for executing the operation command, wherein the first alarm information represents that an executing user of the operation command is abnormal;
and adding the first alarm information into the operation log file to obtain an updated operation log file, and executing a step of sending the operation log file to the user side according to the updated operation log file.
6. The method of claim 2, wherein the target operation is initiated by an operation initiating device logging on to any one of the plurality of devices, and wherein the method further comprises, before sending the operation log file to the user side:
acquiring the address of the operation initiating equipment initiating the target operation from the operation log file;
judging whether the address of the operation initiating device has the authority of initiating the target operation;
generating second alarm information under the condition that the address of the operation initiating device does not have the authority of initiating the target operation, wherein the second alarm information represents that the execution address of the operation command is abnormal;
and adding the second alarm information into the operation log file to obtain an updated operation log file, and executing a step of sending the updated operation log file to the user side according to the updated operation log file.
7. The method of claim 2, wherein the plurality of log file sets comprises at least one of: the system comprises an access log file set, an operation behavior log file set and an operation and maintenance terminal log file set.
8. A log querying device, comprising:
a first determining unit, configured to obtain an operation command of a target operation sent by a user, and determine, in a database, a log file in which the target operation is stored, to obtain a first log file, where the database stores multiple log file sets, each log file set includes multiple log files of executed operations, and each executed operation includes the target operation;
a first obtaining unit, configured to obtain multiple log contents associated with the operation command from the first log file, and obtain multiple associated log files by obtaining log files associated with the multiple log contents from multiple target log file sets, where the target log file sets are log file sets different from a log file set in which the first log file is located;
the second acquisition unit is used for acquiring the log content associated with at least one log content from the plurality of associated log files in sequence to obtain a plurality of associated log contents;
and the combination unit is used for combining the associated log content and the plurality of log contents to obtain an operation log file of the target operation, and sending the operation log file to the user side.
9. A computer storage medium for storing a program, wherein the program when executed controls an apparatus in which the computer storage medium is located to execute the log query method according to any one of claims 1 to 7.
10. An electronic device comprising one or more processors and memory storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the log query method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211457072.XA CN115757318A (en) | 2022-11-16 | 2022-11-16 | Log query method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211457072.XA CN115757318A (en) | 2022-11-16 | 2022-11-16 | Log query method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115757318A true CN115757318A (en) | 2023-03-07 |
Family
ID=85333676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211457072.XA Pending CN115757318A (en) | 2022-11-16 | 2022-11-16 | Log query method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115757318A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116701426A (en) * | 2023-08-07 | 2023-09-05 | 荣耀终端有限公司 | Data processing method, electronic device and storage medium |
-
2022
- 2022-11-16 CN CN202211457072.XA patent/CN115757318A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116701426A (en) * | 2023-08-07 | 2023-09-05 | 荣耀终端有限公司 | Data processing method, electronic device and storage medium |
| CN116701426B (en) * | 2023-08-07 | 2024-04-05 | 荣耀终端有限公司 | Data processing method, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399293B (en) | System test method, device, computer equipment and storage medium | |
| CN110020339B (en) | Webpage data acquisition method and device based on non-buried point | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN111478889B (en) | Alarm method and device | |
| CN108134812B (en) | Data processing method and device | |
| CN112035354B (en) | Positioning method, device and equipment of risk codes and storage medium | |
| CN113315828B (en) | Traffic recording method and device, traffic recording equipment and storage medium | |
| CN110941632A (en) | Database auditing method, device and equipment | |
| CN114531304B (en) | Session processing method and system based on data packet | |
| CN115757318A (en) | Log query method and device, storage medium and electronic equipment | |
| CN112583944B (en) | Processing method and device for updating domain name certificate | |
| CN109951326B (en) | Data processing method, device, storage medium and processor | |
| US20160004850A1 (en) | Secure download from internet marketplace | |
| CN114528201A (en) | Abnormal code positioning method, device, equipment and medium | |
| CN116881979A (en) | Method, device and equipment for detecting data safety compliance | |
| CN111241547B (en) | Method, device and system for detecting override vulnerability | |
| CN114500249B (en) | Root cause positioning method and device | |
| CN114070737B (en) | Method and device for checking configuration data of equipment, storage medium and electronic equipment | |
| US11768944B2 (en) | Non-intrusive method of detecting security flaws of a computer program | |
| CN111767322A (en) | Method and device for managing offshore oilfield service equipment | |
| CN113656245B (en) | Data inspection method and device, storage medium and processor | |
| CN115934468A (en) | Log acquisition method and device and computer readable storage medium | |
| CN116886518A (en) | Website security audit method and device, electronic equipment and storage medium | |
| CN115186275A (en) | Method and device for tracing calling information of privacy service and electronic equipment | |
| Cho | A study on prospect and security technology of big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |