CN115987827A - Equipment monitoring method and device, electronic equipment and readable medium - Google Patents

Equipment monitoring method and device, electronic equipment and readable medium Download PDF

Info

Publication number
CN115987827A
CN115987827A CN202211510165.4A CN202211510165A CN115987827A CN 115987827 A CN115987827 A CN 115987827A CN 202211510165 A CN202211510165 A CN 202211510165A CN 115987827 A CN115987827 A CN 115987827A
Authority
CN
China
Prior art keywords
monitoring index
monitored
equipment
monitored equipment
index data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211510165.4A
Other languages
Chinese (zh)
Inventor
曲文超
徐蕾
王健
徐锐
付迎鑫
刘桥
徐冬冬
槐正
范小将
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202211510165.4A priority Critical patent/CN115987827A/en
Publication of CN115987827A publication Critical patent/CN115987827A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a device monitoring method, a device, electronic equipment and a readable medium, wherein preset monitoring index information is obtained, a remote calling file is generated based on the monitoring index information and is sent to monitored equipment, monitoring index data from the monitored equipment is received, the monitoring index data is extracted, a flow statistical graph is drawn based on the monitoring index data, whether the monitored equipment breaks down or not is determined based on the monitoring index data, if yes, the monitored equipment which breaks down is positioned based on an asset database and the monitoring index data, and therefore the method for visualizing the flow statistical graph is adopted, managers can quickly read data, recognize abnormity and find attack modes, the local and remote network equipment can be monitored more intelligently, efficiently and timely, the operation and maintenance guarantee capacity of managing network equipment is further improved, and the operation and maintenance pressure of a current operation and maintenance environment is reduced.

Description

Equipment monitoring method and device, electronic equipment and readable medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to an apparatus monitoring method, an apparatus monitoring device, an electronic apparatus, and a computer readable medium.
Background
With the gradual deepening of the digital development, the in-service equipment of each unit is gradually increased, compared with the ten years ago, the equipment is increased by 10 to 100 times, and even though the operation and maintenance is developed from manual operation and maintenance to tool operation and maintenance and platform operation and maintenance, the operation and maintenance monitoring requirements of the current large-scale networking cannot be met. On such a large scale, monitoring the monitoring duration of the network equipment by manual experience and automation operation and maintenance becomes a technical bottleneck restricting operation and maintenance work. Meanwhile, local or remote equipment is positioned according to the condition of faults between remote lines, so that timeliness and visualization requirements of monitoring are difficult to achieve in the prior art, and efficiency is low.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a device monitoring method and a corresponding device monitoring apparatus, electronic device and storage medium that overcome or at least partially solve the above problems.
The embodiment of the invention discloses an equipment monitoring method, which is applied to management equipment, wherein a management network comprises the management equipment and monitored equipment, and the monitored equipment comprises local monitored equipment and remote monitored equipment; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; an asset database is configured in the local monitored equipment, wherein the asset database contains information of the remote monitored equipment, and the method comprises the following steps:
acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information, and sending the remote calling file to the monitored equipment;
receiving monitoring indicator data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
extracting the monitoring index data, and drawing a flow statistical chart based on the monitoring index data;
and determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data.
Optionally, the method further includes:
the monitored equipment analyzes the remote calling file to obtain the monitoring index information;
collecting corresponding monitoring index data for the monitored equipment based on the monitoring index information;
and sending the monitoring index data to the management equipment according to a preset frequency.
Optionally, the packet sending rate and the connection number are preset in the monitoring index information, the step of extracting the monitoring index data and drawing a flow statistic map based on the monitoring index data includes:
extracting the octrouet data in the monitoring index data, and the packet sending rate and the connection number; the octets of data comprise: sampling time, IP layer protocol, source IP address, destination IP address, source port number, destination port number, packet number and byte number;
calculating a flow information entropy based on the eight-tuple data, wherein the flow information entropy comprises a source IP entropy, a destination IP entropy, a source port entropy and a destination port entropy;
and drawing a flow statistical graph according to the sampling time, the source IP entropy, the destination IP entropy, the source port entropy, the destination port entropy, the packet sending rate and the connection quantity.
Optionally, the method further includes:
and generating warning information when the packet sending rate exceeds a preset threshold value.
Optionally, the method further includes:
the local monitored equipment is directly associated with the displaced monitored equipment over a network,
or indirectly associated with the offsite monitored equipment through the services deployed on the local monitored equipment and the offsite monitored equipment.
Optionally, the method further includes:
the management device accesses the asset database to obtain the monitoring index data of the remote monitored device associated with the local monitored device.
Optionally, the asset database includes a source IP address, a destination IP address, a source port number, and a destination port number that are monitored in different places, and when a fault occurs, the asset database is accessed to locate the monitored device in different places that has a fault based on the source IP address, the destination IP address, the source port number, and the destination port number.
The embodiment of the invention also discloses a device monitoring device which is characterized by being applied to management equipment, wherein a management network comprises the management equipment and the monitored equipment, and the monitored equipment comprises local monitored equipment and remote monitored equipment; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; an asset database is configured in the local monitored equipment, the asset database contains information of the remote monitored equipment, and the device comprises:
the acquisition module is used for acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information and sending the remote calling file to the monitored equipment;
the receiving module is used for receiving monitoring index data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
the extraction module is used for extracting the monitoring index data and drawing a flow statistical chart based on the monitoring index data;
and the fault judgment module is used for determining whether the monitored equipment has faults or not based on the monitoring index data, and if so, positioning the faulty monitored equipment based on the asset database and the monitoring index data.
The embodiment of the invention also discloses electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;
the memory is used for storing a computer program;
the processor is configured to implement the device monitoring method according to the embodiment of the present invention when executing the program stored in the memory.
One or more computer-readable media having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform the device monitoring method according to the embodiments of the present invention are also disclosed.
The embodiment of the invention has the following advantages: the method comprises the steps that preset monitoring index information is obtained, a remote calling file is generated based on the monitoring index information and is sent to monitored equipment, and monitoring index data from the monitored equipment are received; the monitored index data is analyzed by the monitored equipment to obtain monitored index information through the remote calling file, the monitored equipment is monitored based on the monitored index information, the monitored index data is extracted, a flow statistical chart is drawn based on the monitored index data, whether the monitored equipment breaks down or not is determined based on the monitored index data, if yes, the monitored equipment which breaks down is positioned based on the asset database and the monitored index data, and therefore monitoring information of remote associated equipment of the local monitored equipment can be obtained in time. And the method of flow statistical chart visualization is adopted, so that managers can quickly read data, quickly identify abnormity and discover attack modes, can monitor local and remote network equipment more intelligently and efficiently, further improves the operation and maintenance guarantee capability of the management network equipment by combining a visualization algorithm, and reduces the operation and maintenance pressure of the current machine room operation and maintenance environment.
Drawings
Fig. 1 is a flow chart illustrating steps of a method for monitoring equipment provided in an embodiment of the present invention;
fig. 2 is a block diagram of another device monitoring method provided in the embodiment of the present invention;
FIG. 3 is a stacked bar graph of traffic for a method of device monitoring provided in embodiments of the present invention;
fig. 4 is a block diagram of a device monitoring apparatus provided in an embodiment of the present invention;
fig. 5 is a block diagram of an electronic device provided in an embodiment of the invention;
fig. 6 is a schematic diagram of a computer-readable medium provided in an embodiment of the invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Referring to fig. 1, a flowchart of steps of an apparatus monitoring method provided in the embodiment of the present invention is shown, and is applied to a management apparatus, where a management networking includes the management apparatus and a monitored apparatus, and the monitored apparatus includes a local monitored apparatus and a remote monitored apparatus; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; the method for monitoring the remote monitored equipment comprises the following steps that an asset database is configured in the local monitored equipment, and the asset database contains information of the remote monitored equipment:
step 101, acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information, and sending the remote calling file to the monitored equipment;
aiming at the actual conditions that when a fault occurs between different-place lines, the timeliness of positioning fault equipment is poor, the efficiency is low, and the monitoring timeliness and the visualization requirements are difficult to achieve in the prior art, the invention introduces a visualization analysis technology of more intelligent and efficient flow data Netflow (network flow), wherein the Netflow can collect the number and information of IP packets entering and leaving a network interface, and network managers can know the source and destination of the packets, the type of network service and the reason of network congestion by analyzing the information collected by the Netflow, so that the local and different-place network equipment can be traced, and massive network equipment can be better and uniformly managed.
In the present invention, the management networking includes an Auto-Configuration Server (ACS) and a monitored device (CPE), and the management device is responsible for managing the monitored device in the management networking. The monitored equipment comprises local monitored equipment and remote monitored equipment, the management equipment can be connected with at least one local monitored equipment, and the local monitored equipment is associated with the at least one remote monitored equipment. An asset database is configured in the local monitored equipment, wherein the asset database contains information related to the remote monitored equipment associated with the local monitored equipment.
Before the management equipment monitors the monitored equipment, monitoring index information needing to be monitored can be preset, the monitoring index information can comprise monitoring indexes such as equipment IP (Internet protocol) of the monitored equipment, equipment board cards, equipment PU (polyurethane) utilization rate and equipment memory occupancy rate, and the indexes needing to be monitored can also be set in the monitoring index information according to the actual work needs of managers. After acquiring the monitoring index information, the management device generates a Remote Call file based on the monitoring index information, and sends the Remote Call file to the monitored device, wherein the Remote Call file may be a < rpc > (Remote Procedure Call) data structure file.
102, receiving monitoring index data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
after receiving the remote call file, the monitored equipment analyzes the remote call file to obtain monitoring index information, and monitors the monitored equipment according to the monitoring index in the monitoring index information to obtain monitoring index data corresponding to the monitoring index. After the monitoring index data are obtained, the monitored equipment sends the monitoring index data to the management equipment, and the management equipment receives the monitoring index data from the monitored equipment.
103, extracting the monitoring index data, and drawing a flow statistical chart based on the monitoring index data;
after receiving the monitoring index data from the monitored equipment, the management equipment extracts, samples and fuses the monitoring index data, and then draws a flow statistical graph based on the monitoring index data, wherein the statistical graph can be a stacked bar graph, a sector graph, a line graph and the like. The invention does not limit how the flow statistics map is drawn.
And 104, determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data.
The management equipment receives monitoring index data from the monitored equipment, after a flow statistical graph is drawn, whether the monitored equipment fails or not can be determined according to the data in the flow statistical graph, if the monitored equipment fails, the failed monitored equipment can be located through the asset database and the monitoring index data, the flow statistical graph can be analyzed, and the reason of the failure can be predicted through the distribution characteristics of the data in the flow statistical graph, so that management personnel can quickly read the data, quickly identify the abnormality and find an attack mode.
The embodiment of the invention generates a remote calling file based on the monitoring index information by acquiring the preset monitoring index information, sends the remote calling file to the monitored equipment and receives the monitoring index data from the monitored equipment; the monitoring index data is obtained by analyzing the remote call file by the monitored equipment, the monitored equipment is monitored based on the monitoring index information, the monitoring index data is extracted, a flow statistical graph is drawn based on the monitoring index data, whether the monitored equipment fails or not is determined based on the monitoring index data, if yes, the failed monitored equipment is positioned based on the asset database and the monitoring index data, and therefore monitoring information of remote association equipment of the local monitored equipment can be obtained in time. And by adopting the method of visualization of the flow statistical chart, managers can quickly read data, quickly identify abnormity and discover attack modes, can monitor local and remote network equipment more intelligently and efficiently, further improves the operation and maintenance support capability of the network equipment management by combining a visualization algorithm, and reduces the operation and maintenance pressure of the current machine room operation and maintenance environment.
Referring to fig. 2, a flowchart of steps of another device monitoring method provided in the embodiment of the present invention is shown, and is applied to a management device, where a management networking includes the management device and a monitored device, and the monitored device includes a local monitored device and a remote monitored device; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; the method for monitoring the remote monitored equipment comprises the following steps that an asset database is configured in the local monitored equipment, and the asset database contains information of the remote monitored equipment:
step 201, acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information, and sending the remote calling file to the monitored equipment;
before the management equipment monitors the monitored equipment, monitoring index information needing to be monitored can be preset, the monitoring index information can comprise monitoring indexes such as equipment IP (Internet protocol) of the monitored equipment, equipment board cards, equipment PU (polyurethane) utilization rate and equipment memory occupancy rate, and the indexes needing to be monitored can also be set in the monitoring index information according to the actual work needs of managers. After acquiring the monitoring index information, the management device generates a Remote Call file based on the monitoring index information, and sends the Remote Call file to the monitored device, wherein the Remote Call file may be a < rpc > (Remote Procedure Call) data structure file.
In an optional embodiment of the present invention, the method further comprises:
the local monitored equipment is directly associated with the displaced monitored equipment over a network,
or indirectly associated with the offsite monitored equipment through the services deployed on the local monitored equipment and the offsite monitored equipment.
In the invention, the management networking comprises management equipment and monitored equipment, and the management equipment is responsible for managing the monitored equipment in the management networking. The monitored equipment comprises local monitored equipment and remote monitored equipment, the management equipment can be connected with at least one local monitored equipment, and the local monitored equipment is associated with the at least one remote monitored equipment. An asset database is configured in the local monitored equipment, wherein the asset database contains information related to the remote monitored equipment associated with the local monitored equipment.
The local monitored equipment can be directly associated with the remote monitored equipment through a network, at the moment, a network topology relation exists between the local monitored equipment and the remote monitored equipment, the local monitored equipment and the remote monitored equipment are nodes in the network topology, and the nodes are connected through a communication line.
The local monitored equipment can be indirectly associated with the remote monitored equipment through the services deployed on the local monitored equipment and the remote monitored equipment, and at the moment, the local monitored equipment and the remote monitored equipment have a service association relation. In an example, a is a local monitored device, B is a remote monitored device, and a and B need to complete a stock order service together, so a sales delivery service can be deployed in a, and a sales delivery service is deployed in B, so a service association relationship exists between the local monitored device a and the remote monitored device B. It will be understood by those skilled in the art that the services deployed in the local monitored equipment and the remote monitored equipment in the above examples are only illustrative, and the present invention is not limited thereto.
Step 202, the monitored equipment analyzes the remote calling file to obtain the monitoring index information;
the Netconf provides a set of protocols for communication between the management device and the monitored device, and the management device issues, modifies, deletes and the like the Configuration of the remote monitored device through the Netconf Protocol. The monitored device provides a canonical Application Programming Interface (API) that the managing device can use to manage the monitored device via Netconf. Netconf is a network configuration and management protocol based on Extensible Markup Language XML (Extensible Markup Language), and uses a simple RPC-based mechanism to enable communication between a client and a server. The client may be a script or an application running on the network manager. A server is a typical network device.
The RPC layer of Netconf provides a simple, transport protocol independent mechanism for the encoding of RPC modules. By encapsulating request and response data (namely, contents of an operation layer and a content layer) of a client (a management device or a network configuration application) and a server (a monitored device) of a Netconf protocol by using < rpc > and < rpc-reply > elements, the < rpc-reply > element encapsulates data required by the client or prompt information of successful configuration under normal conditions, and when the request message of the client has an error or the processing of the server is unsuccessful, the server encapsulates a < rpc-error > element containing detailed error information in the < rpc-reply > element to feed back to the client.
Once the Netconf session begins, the controller and devices exchange a set of "properties". This set of "properties" includes information such as the Netconf protocol version support list, whether alternative data exists, the way in which the data store can be modified on the fly. In addition to the "properties" defined in Netconf RFC (Request For Comments), developers can add additional "properties" by following the canonical format described in RFC. The command set of the NETCONF protocol consists of a series of commands to read, modify device configuration data, and read status data. Commands are communicated through RPCs and responded with RPC replies. An RPC reply must respond to an RPC before it can be returned. A configuration operation must consist of a series of RPCs, each with a reply RPC corresponding to it.
The method comprises the steps of deploying a Netconf management protocol in monitored equipment to enable the monitored equipment to receive a remote call file, generating a monitoring event in response to the remote call file, and enabling the management equipment to monitor the monitored equipment through the monitoring event. And after receiving the remote call file, the monitored equipment analyzes the remote call file to obtain monitoring index information.
Step 203, collecting corresponding monitoring index data for the monitored equipment based on the monitoring index information;
the monitoring index information may include monitoring indexes such as an equipment IP, an equipment board card, an equipment PU usage rate, and an equipment memory occupancy rate of the monitored equipment, and the monitoring index data corresponding to the monitoring index information is collected for the monitored equipment according to the monitoring index information.
Step 204, sending the monitoring index data to the management equipment according to a preset frequency;
after the monitoring index data is collected, the monitored equipment can send the monitoring index data to the management equipment according to the preset frequency. In one example, the frequency may be set to 30S,35S, 8230, but the present application is not limited thereto, and those skilled in the art may set the frequency according to actual needs.
In an optional embodiment of the present invention, the method further comprises:
the management device accesses the asset database to obtain the monitoring index data of the remote monitored device associated with the local monitored device.
After the remote monitored equipment acquires the monitoring index data, the monitoring index data can be stored in the asset database, and the management equipment can access the database to acquire the monitoring index data of the remote monitored equipment related to the local monitored equipment.
Step 205, extracting the monitoring index data, and drawing a flow statistical chart based on the monitoring index data;
after receiving the monitoring index data from the monitored equipment, the management equipment extracts, samples and fuses the monitoring index data, and then draws a flow statistical graph based on the monitoring index data, wherein the statistical graph can be a stacked bar graph, a sector graph, a line graph and the like. The invention does not limit how the flow statistics map is drawn.
In an optional embodiment of the present invention, the packet sending rate and the number of connections are preset in the monitoring indicator information, and the step 205 includes:
substep S11, extracting the octal group data, the packet sending rate and the connection number in the monitoring index data; the octets of data comprise: sampling time, IP layer protocol, source IP address, destination IP address, source port number, destination port number, packet number and byte number;
after receiving the monitoring index data from the monitored equipment, the management equipment extracts, samples and fuses the monitoring index data, extracts the eight-tuple data, and sends a packet rate and a connection number, wherein the eight-tuple data comprises sampling time, an IP layer protocol, a source IP address, a destination IP address, a source port number, a destination port number, a packet number and byte numbers.
Substep S12, calculating a flow information entropy based on the octant group data, wherein the flow information entropy comprises a source IP entropy, a destination IP entropy, a source port entropy and a destination port entropy;
in the present application, the formula for calculating the entropy is:
Figure BDA0003970472560000101
in the formula: h (x) represents entropy; n represents the total recorded number of the data in the statistical time period; x is a radical of a fluorine atom i Representing the number of different IP addresses or port numbers; n represents the number of kinds of IP addresses or port numbers. When H (x) tends to 0, the data set is distributed in a centralized mode to the maximum extent; when H (x) tends to log 2 And N, the data sets are distributed in a scattered manner to the maximum extent. Thus, entropy can represent the distribution of network traffic. Based on the monitoring index data and the above expression 1, a source IP entropy, a destination IP entropy, a source port entropy, and a destination port entropy can be calculated, respectively.
And a substep S13 of drawing a flow statistical chart according to the sampling time, the source IP entropy, the destination IP entropy, the source port entropy, the destination port entropy, the packet sending rate and the connection number.
In an example, taking a statistical graph as a stacked bar graph as an example, assuming a certain sampling frequency (for example, 30 s), in the sampling time, firstly, the IP address, the type of the port, and the number of each port are respectively counted, H (X) is calculated according to formula 1, then H (X) is converted into an appropriate interval according to the size thereof, the height of the corresponding bar graph is taken as the reference, and finally, the bar graph is stacked towards the Y axis with the X axis as the reference, so as to form an entropy-based stacked bar graph, referring to fig. 3, the middle time line shows specific hours and minutes, which represent the time for collecting detection index data, the stacked graph above the time line is an entropy-based stacked bar graph, and the source IP entropy, the destination IP entropy, the source port entropy, and the destination port entropy are respectively from top to bottom. The stacked graph below the timeline is a stacked bar graph based on bale rate.
The information entropy can effectively reflect the information quantity of the information in communication, can also reflect the uncertainty degree of the system, and can be used for detecting large-scale network traffic DDoS (Distributed Denial of Service) attacks. For example: for DDoS attack, in a statistical time period, the entropy of a destination port is smaller, the entropy of a source port is larger, the corresponding destination ports are more concentrated, the number of the source ports is huge, and the DDoS attack characteristics are met; for the scanning attack, in the statistical time period, the target port entropy and the target IP entropy are large, the source port entropy and the source IP entropy are small, and the ports of the network host are scanned corresponding to a small number of ports with a small number of hosts so as to acquire the state of the scanned object. In addition, the stacked bar graphs fully utilize the characteristics of intuition and strong contrast of the bar graphs, and network flow data can be well displayed. The visual display of the host activity is realized by means of the stacked bar graphs. Meanwhile, the condition of the local area network activity is visually displayed by utilizing the stacked bar graphs.
In an optional embodiment of the present invention, the method further comprises:
and generating warning information when the packet sending rate exceeds a preset threshold value.
When the bale sending rate exceeds a preset threshold value, the corresponding stacking strip is set to be in a striking color, the bag sending rate exceeds an alert, and therefore warning information is generated.
In an alternative embodiment of the invention, a plurality of different thresholds may be set, corresponding to different levels of warning information.
In an optional embodiment of the invention, a stacked bar graph can be drawn based on monitoring index data of remote monitored equipment and a line graph can be drawn based on monitoring index data of local monitored equipment in the same flow statistical graph, so that data of the local monitored equipment and the remote monitored equipment can be visually displayed. The skilled person can select the form of the statistical graph according to actual needs, and the invention is not limited to this.
Step 206, determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data;
the management equipment receives monitoring index data from the monitored equipment, after a flow statistical graph is drawn, whether the monitored equipment fails or not can be determined according to the data in the flow statistical graph, if the monitored equipment fails, the failed monitored equipment can be located through the asset database and the monitoring index data, the flow statistical graph can be analyzed, and the reason of the failure can be predicted through the distribution characteristics of the data in the flow statistical graph, so that management personnel can quickly read the data, quickly identify the abnormality and find an attack mode.
In an optional embodiment of the present invention, the asset database includes a source IP address, a destination IP address, a source port number, and a destination port number of the remote monitored device, and when a failure occurs, the asset database is accessed to locate the remote monitored device that has a failure based on the source IP address, the destination IP address, the source port number, and the destination port number.
Monitoring index data acquired by the remote monitored equipment is stored in the asset database, so that the asset database comprises a source IP address, a destination IP address, a source port number and a destination port number of the remote monitored equipment, when a fault is determined, the management equipment can access the asset data, and the remote monitored equipment with the fault is positioned based on the source IP address, the destination IP address, the source port number and the destination port number, so that the remote equipment with the transverse fault is traced.
The embodiment of the invention acquires preset monitoring index information, generates a remote call file based on the monitoring index information, sends the remote call file to the monitored equipment, analyzes the remote call file by the monitored equipment to obtain the monitoring index information, acquires corresponding monitoring index data aiming at the monitored equipment based on the monitoring index information, sends the monitoring index data to the management equipment according to a preset frequency, extracts the monitoring index data, draws a flow statistical chart based on the monitoring index data, determines whether the monitored equipment fails based on the monitoring index data, and positions the failed monitored equipment based on the asset database and the monitoring index data if the monitored equipment fails, so that the management of local and remote server information in a networking by adopting a Netconf management protocol can be realized, and the monitoring information of local and remote servers can be timely obtained. And by adopting a visualization method of stacked bar graphs, managers can quickly read data, quickly identify abnormity and discover attack modes, can monitor local and remote network equipment more intelligently and efficiently, and further improves the operation and maintenance guarantee capability of managing the network equipment by combining a visualization algorithm. Meanwhile, a visual scheme that the NetConf protocol is combined with faults between local lines and different-place lines is provided, and the operation and maintenance pressure of the current machine room operation and maintenance environment is relieved.
It should be noted that for simplicity of description, the method embodiments are shown as a series of combinations of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram of a device monitoring apparatus provided in the embodiment of the present invention is shown, and is applied to a management device, where a management networking includes the management device and a monitored device, and the monitored device includes a local monitored device and a remote monitored device; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; the local monitored equipment is configured with an asset database, the asset database contains information of the remote monitored equipment, and the method specifically includes the following modules:
the acquisition module 401 is configured to acquire preset monitoring index information, generate a remote call file based on the monitoring index information, and send the remote call file to the monitored device;
a receiving module 402, configured to receive monitoring index data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
an extracting module 403, configured to extract the monitoring index data, and draw a flow statistic map based on the monitoring index data;
a fault determining module 404, configured to determine whether the monitored equipment fails based on the monitoring index data, and if so, locate the failed monitored equipment based on the asset database and the monitoring index data.
In an optional embodiment of the present invention, the apparatus further comprises:
the analysis module is used for analyzing the remote calling file by the monitored equipment to obtain the monitoring index information;
the acquisition module is used for acquiring corresponding monitoring index data aiming at the monitored equipment based on the monitoring index information;
and the sending module is used for sending the monitoring index data to the management equipment according to a preset frequency.
In an optional embodiment of the present invention, the packet sending rate and the connection number are preset in the monitoring index information, and the extracting module 403 includes:
the extraction submodule is used for extracting the octrouet data in the monitoring index data, the packet sending rate and the connection quantity; the octets of data comprise: sampling time, IP layer protocol, source IP address, destination IP address, source port number, destination port number, packet number and byte number;
the calculation sub-module is used for calculating a flow information entropy based on the octroup data, wherein the flow information entropy comprises a source IP entropy, a destination IP entropy, a source port entropy and a destination port entropy;
and the drawing module is used for drawing a flow statistical graph according to the sampling time, the source IP entropy, the destination IP entropy, the source port entropy, the destination port entropy, the packet sending rate and the connection quantity.
In an optional embodiment of the present invention, the apparatus further comprises:
and the warning module is used for generating warning information when the packet sending rate exceeds a preset threshold value.
In an optional embodiment of the present invention, the apparatus further comprises:
and the access module is used for the management equipment to access the asset database to acquire the monitoring index data of the remote monitored equipment associated with the local monitored equipment.
In an optional embodiment of the present invention, the asset database includes a source IP address, a destination IP address, a source port number, and a destination port number that are monitored in a different place, and the apparatus further includes:
and the positioning module is used for positioning the remote monitored equipment with the fault on the basis of the source IP address, the destination IP address, the source port number and the destination port number by accessing the asset database when the fault occurs.
The embodiment of the invention acquires preset monitoring index information through an acquisition module, generates a remote calling file based on the monitoring index information, sends the remote calling file to the monitored equipment, and receives monitoring index data from the monitored equipment through a receiving module; the monitoring index data is obtained by analyzing a remote calling file by the monitored equipment to obtain monitoring index information, the monitored equipment is monitored based on the monitoring index information, the monitoring index data is extracted through an extraction module, a flow statistical graph is drawn based on the monitoring index data, whether the monitored equipment fails or not is determined based on the monitoring index data through a fault judgment module, if yes, the failed monitored equipment is positioned based on an asset database and the monitoring index data, and therefore monitoring information of remote association equipment of local monitored equipment can be obtained in time. And the method of flow statistical chart visualization is adopted, so that managers can quickly read data, quickly identify abnormity and discover attack modes, can monitor local and remote network equipment more intelligently and efficiently, further improves the operation and maintenance guarantee capability of the management network equipment by combining a visualization algorithm, and reduces the operation and maintenance pressure of the current machine room operation and maintenance environment.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
In addition, an embodiment of the present invention further provides an electronic device, as shown in fig. 5, which includes a processor 501, a communication interface 502, a memory 503 and a communication bus 504, where the processor 501, the communication interface 502 and the memory 503 complete mutual communication through the communication bus 504,
a memory 503 for storing a computer program;
the processor 501, when executing the program stored in the memory 503, implements the following steps:
acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information, and sending the remote calling file to the monitored equipment;
receiving monitoring index data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
extracting the monitoring index data, and drawing a flow statistical chart based on the monitoring index data;
and determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data.
Optionally, the method further includes:
the monitored equipment analyzes the remote calling file to obtain the monitoring index information;
acquiring corresponding monitoring index data for the monitored equipment based on the monitoring index information;
and sending the monitoring index data to the management equipment according to a preset frequency.
Optionally, the packet sending rate and the connection number are preset in the monitoring index information, the step of extracting the monitoring index data and drawing a flow statistic map based on the monitoring index data includes:
extracting the octrouet data in the monitoring index data, and the packet sending rate and the connection number; the octets of data comprise: sampling time, IP layer protocol, source IP address, destination IP address, source port number, destination port number, packet number and byte number;
calculating a flow information entropy based on the eight-element group data, wherein the flow information entropy comprises a source IP entropy, a target IP entropy, a source port entropy and a target port entropy;
and drawing a flow statistical graph according to the sampling time, the source IP entropy, the destination IP entropy, the source port entropy, the destination port entropy, the packet sending rate and the connection quantity.
Optionally, the method further includes:
and when the packet sending rate exceeds a preset threshold value, generating warning information.
Optionally, the method further includes:
the local monitored equipment is directly associated with the displaced monitored equipment over a network,
or indirectly associated with the offsite monitored equipment through the services deployed on the local monitored equipment and the offsite monitored equipment.
Optionally, the method further includes:
the management device accesses the asset database to obtain the monitoring index data of the remote monitored device associated with the local monitored device.
Optionally, the asset database includes a source IP address, a destination IP address, a source port number, and a destination port number that are monitored in different places, and when a fault occurs, the asset database is accessed to locate the monitored device in different places that has a fault based on the source IP address, the destination IP address, the source port number, and the destination port number.
The communication bus mentioned in the above terminal may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this is not intended to represent only one bus or type of bus.
The communication interface is used for communication between the terminal and other equipment.
The Memory may include a Random Access Memory (RAM), and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In yet another embodiment provided by the present invention, as shown in fig. 6, a computer-readable storage medium 601 is further provided, which stores instructions that, when executed on a computer, cause the computer to execute the device monitoring method described in the above embodiment.
In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the device monitoring method described in the above embodiment.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "...," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. The equipment monitoring method is characterized by being applied to management equipment, wherein a management network comprises the management equipment and monitored equipment, and the monitored equipment comprises local monitored equipment and remote monitored equipment; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; an asset database is configured in the local monitored equipment, wherein the asset database contains information of the remote monitored equipment, and the method comprises the following steps:
acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information, and sending the remote calling file to the monitored equipment;
receiving monitoring indicator data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
extracting the monitoring index data, and drawing a flow statistical chart based on the monitoring index data;
and determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data.
2. The method of claim 1, further comprising:
the monitored equipment analyzes the remote calling file to obtain the monitoring index information;
acquiring corresponding monitoring index data for the monitored equipment based on the monitoring index information;
and sending the monitoring index data to the management equipment according to a preset frequency.
3. The method according to claim 1, wherein a packet sending rate and a connection number are preset in the monitoring index information, and the step of extracting the monitoring index data and drawing a flow statistical graph based on the monitoring index data includes:
extracting the octrouet data in the monitoring index data, and the packet sending rate and the connection number; the octets of data comprise: sampling time, IP layer protocol, source IP address, destination IP address, source port number, destination port number, packet number and byte number;
calculating a flow information entropy based on the eight-tuple data, wherein the flow information entropy comprises a source IP entropy, a destination IP entropy, a source port entropy and a destination port entropy;
and drawing a flow statistical graph according to the sampling time, the source IP entropy, the destination IP entropy, the source port entropy, the destination port entropy, the packet sending rate and the connection quantity.
4. The method of claim 4, further comprising:
and when the packet sending rate exceeds a preset threshold value, generating warning information.
5. The method of claim 1, further comprising:
the local monitored equipment is directly associated with the displaced monitored equipment over a network,
or indirectly associated with the offsite monitored equipment through the services deployed on the local monitored equipment and the offsite monitored equipment.
6. The method of claim 1, further comprising:
the management device accesses the asset database to obtain the monitoring index data of the remote monitored device associated with the local monitored device.
7. The method of claim 1 wherein the asset database contains the source IP address, destination IP address, source port number, and destination port number of the offsite monitored device, and wherein when a fault occurs, the asset database is accessed to locate the offsite monitored device that has failed based on the source IP address, the destination IP address, the source port number, and the destination port number.
8. An equipment monitoring device is characterized in that the equipment monitoring device is applied to management equipment, a management network comprises the management equipment and monitored equipment, and the monitored equipment comprises local monitored equipment and remote monitored equipment; the managing device is connected to at least one of the local monitored devices, the local monitored device being associated with at least one of the displaced monitored devices; an asset database is configured in the local monitored equipment, the asset database contains information of the remote monitored equipment, and the device comprises:
the acquisition module is used for acquiring preset monitoring index information, generating a remote calling file based on the monitoring index information and sending the remote calling file to the monitored equipment;
the receiving module is used for receiving monitoring index data from the monitored equipment; the monitored equipment analyzes the remote calling file to obtain the monitoring index data, and monitors the monitored equipment based on the monitoring index information;
the extraction module is used for extracting the monitoring index data and drawing a flow statistical chart based on the monitoring index data;
and the fault judgment module is used for determining whether the monitored equipment fails or not based on the monitoring index data, and if so, positioning the failed monitored equipment based on the asset database and the monitoring index data.
9. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor, when executing a program stored on the memory, implementing the method of any of claims 1-7.
10. One or more computer-readable media having instructions stored thereon that, when executed by one or more processors, cause the processors to perform the method of any of claims 1-7.
CN202211510165.4A 2022-11-29 2022-11-29 Equipment monitoring method and device, electronic equipment and readable medium Pending CN115987827A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211510165.4A CN115987827A (en) 2022-11-29 2022-11-29 Equipment monitoring method and device, electronic equipment and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211510165.4A CN115987827A (en) 2022-11-29 2022-11-29 Equipment monitoring method and device, electronic equipment and readable medium

Publications (1)

Publication Number Publication Date
CN115987827A true CN115987827A (en) 2023-04-18

Family

ID=85965504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211510165.4A Pending CN115987827A (en) 2022-11-29 2022-11-29 Equipment monitoring method and device, electronic equipment and readable medium

Country Status (1)

Country Link
CN (1) CN115987827A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560571A (en) * 2023-05-10 2023-08-08 上海威固信息技术股份有限公司 Method and system for reading safety data of solid state disk

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560571A (en) * 2023-05-10 2023-08-08 上海威固信息技术股份有限公司 Method and system for reading safety data of solid state disk
CN116560571B (en) * 2023-05-10 2024-05-07 上海威固信息技术股份有限公司 Method and system for reading safety data of solid state disk

Similar Documents

Publication Publication Date Title
WO2021008031A1 (en) Processing method for implementing monitoring intellectualization on the basis of micro-services, and electronic device
US7640460B2 (en) Detect user-perceived faults using packet traces in enterprise networks
CN103716173B (en) A kind of method for storing monitoring system and monitoring alarm issue
CN103152352A (en) Perfect information security and forensics monitoring method and system based on cloud computing environment
CN101388903B (en) Mobile enterprise IT standardization management platform
CN107635003A (en) The management method of system journal, apparatus and system
CN110929896A (en) Security analysis method and device for system equipment
CN112463772A (en) Log processing method and device, log server and storage medium
CN115987827A (en) Equipment monitoring method and device, electronic equipment and readable medium
US20210365564A1 (en) Techniques for monitoring computing infrastructure
CN114363222A (en) Network equipment inspection method and system based on Netconf protocol
CN112583643A (en) Cross-device alarm correlation method
CN114449018A (en) Automatic log file uploading method and system for power acquisition terminal
CN114039892B (en) Network jitter analysis and visualization method and system
CN106911510B (en) Usability monitoring system and method for network access system
CN110430070A (en) A kind of service state analysis method, device, server, data analysis equipment and medium
US20060053021A1 (en) Method for monitoring and managing an information system
JP4025597B2 (en) Data communication apparatus and method, data communication program and recording medium recording the program
CN105025006B (en) A kind of positive information safety operation and maintenance platform
CN114143171B (en) Alarm root cause positioning method and system based on TR069 protocol
KR100500836B1 (en) Fault management system of metro ethernet network and method thereof
CN101753266A (en) Network topology search and error control optimization method of coaxially-loading Ethernet equipment
CN114584356A (en) Network security monitoring method and network security monitoring system
CN117255005B (en) CDN-based service alarm processing method, device, equipment and medium
CN116204386B (en) Method, system, medium and equipment for automatically identifying and monitoring application service relationship

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination