CN116010480A - Time sequence database auditing method and system - Google Patents
Time sequence database auditing method and system Download PDFInfo
- Publication number
- CN116010480A CN116010480A CN202310025808.4A CN202310025808A CN116010480A CN 116010480 A CN116010480 A CN 116010480A CN 202310025808 A CN202310025808 A CN 202310025808A CN 116010480 A CN116010480 A CN 116010480A
- Authority
- CN
- China
- Prior art keywords
- time sequence
- field
- database
- sequence database
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
According to the method and the system for auditing the time sequence database, application layer data information is disassembled from the mirror image data flow by acquiring the mirror image data flow of the time sequence database, then information such as a client connection tool, a time sequence database protocol version and a time sequence data compression mode for determining data analysis rules is extracted from the application layer data information, the data analysis rules are determined according to the information, the application layer data information is analyzed by utilizing the data analysis rules to obtain analysis results, field attributes of the time sequence database in the analysis results are mapped to corresponding field attributes of the relational database, and then the analysis results are spliced to obtain audit event logs, so that the audit fields aiming at the time sequence database are not required to be designed, and field multiplexing is carried out by utilizing the field functions of the relational database, thereby improving the utilization rate of the audit fields.
Description
Technical Field
The application relates to the technical field of computers, in particular to a time sequence database auditing method and system.
Background
In the era of internet of things, the data volume generated by the industrial internet of things is thousands times or even tens of thousands times greater than that generated by traditional informatization, and the data volume is acquired in real time, high in frequency and density, and a dynamic data model is changeable at any time. The traditional database is subject to the forepart when processing operations such as storage, inquiry, analysis and the like are performed on the data, and a database system which is specially optimized for time series data is urgently needed.
At present, the main research content of the database security problem is focused on the security aspects of database design, strategy, audit and the like, and research results and technical application are very mature. However, due to the complexity of technology and diversity of real business scenarios, the design of the database is also endless, so the analysis requirement of the database auditing system for a new database protocol is also important.
Although time series databases have recently come into the public view and their wide application has made their expansion very rapid, most time series databases have not been designed with significant security concerns at the beginning of their design. Users want to secure their data and must use tools or services from third parties. However, when facing the time sequence database, the existing audit system needs to design audit fields aiming at the time sequence database, which causes field waste.
Disclosure of Invention
The embodiment of the application aims to provide a time sequence database auditing method and system, which are used for solving the problem that when the existing auditing system faces a time sequence database, audit fields are required to be designed aiming at the time sequence database, so that field waste is caused.
The time sequence database auditing method provided by the embodiment of the application comprises the following steps:
obtaining mirror image data flow of a client accessing a time sequence database, and disassembling to obtain application layer data information;
extracting features of the application layer data information to obtain a designated client connection tool, a time sequence database protocol version, a time sequence data compression mode and field attributes of a time sequence database;
determining a data analysis rule of the time sequence database according to the client connection tool, the time sequence database protocol version and the time sequence data compression mode;
analyzing the application layer data information by utilizing a data analysis rule to obtain an analysis result;
and acquiring the mapping relation between the field attributes of the time sequence database and the field attributes of the relational database, filling the analysis result into the corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain an audit event log.
According to the technical scheme, the application layer data information is disassembled from the mirror image data flow by acquiring the mirror image data flow of the time sequence database, then the information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like for determining the data analysis rule is extracted from the application layer data information, the data analysis rule is determined according to the information, the application layer data information is analyzed by utilizing the data analysis rule to obtain an analysis result, and after the field attribute of the time sequence database in the analysis result is mapped to the corresponding field attribute of the relational database, the audit event log is obtained by splicing, so that the audit field of the time sequence database is not required to be designed, but the field multiplexing is carried out by utilizing the field function of the relational database, the utilization rate of the audit field is improved, the field waste caused by the fact that more fields are designed by an audit system is avoided, the analysis and the query are conveniently carried out on the field attribute of the time sequence database by a database manager, and the situation of the fields is reduced, and the audit result is more accurate.
In some alternative embodiments, wherein mirroring the data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed.
In the above technical solution, the data flow generated by the client accessing the time sequence database includes operation data such as adding, deleting, modifying and checking of the client accessing the time sequence database, and response data returned by the time sequence database to the client aiming at the operation data, so that the mirror image data flow obtained in the embodiment also includes operation data accessing the time sequence database, and response data returned by the time sequence database.
In some alternative embodiments, the parsing result includes at least one of table name, operation type, data operation, and result set.
In some alternative embodiments, wherein the mapping relationship comprises at least one of:
the measurement field of the time sequence database is associated with the table field of the relational database;
the data point field of the time sequence database is associated with the row field of the relational database;
the threshold field of the time sequence database is associated with the column field of the relational database;
the time stamp field of the time sequence database is associated with the row main key field of the relational database;
the tag field of the time sequence database is associated with the index field of the relational database;
the bucket or organization of the time series database is associated with a user name field of the relational database.
In the above technical solution, the Time Series database (for example, influxDB Time Series database) refers to Data of a system and equipment change recorded according to a Time sequence, and the Time Series database has the following Time Series dimensions:
Measurement/Metric: metrics associated with tables in the relational database;
data point: data points associated with row in the relational database;
value/field: a threshold value associated with column in the relational database;
timestamp: a time stamp, a time sequence unique identifier associated with a row primary key in the relational database;
and (3) tag: a tag associated with an index in a relational database;
socket/organization: the bucket/organization, users, under one organization, may have multiple pockets, which are associated with relational database usernames.
The embodiment of the application provides a time sequence database auditing system, which comprises the following steps:
the disassembly module is used for acquiring the mirror image data flow of the time sequence database accessed by the client and carrying out disassembly to obtain application layer data information;
the feature extraction module is used for carrying out feature extraction on the application layer data information to obtain a designated client connection tool, a time sequence database protocol version, a time sequence data compression mode and field attributes of a time sequence database;
the rule determining module is used for determining a data analysis rule of the time sequence database according to the client connecting tool, the time sequence database protocol version and the time sequence data compression mode;
the analysis module is used for analyzing the application layer data information by utilizing the data analysis rule to obtain an analysis result;
the conversion module is used for acquiring the mapping relation between the field attributes of the time sequence database and the field attributes of the relational database, filling the analysis result into the corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain an audit event log.
In the above technical solution, the auditing system audits all processes of accessing database operations by all users in a bypass monitoring manner, including: the disassembly module is used for disassembling application layer data information from the mirror data flow by acquiring the mirror data flow of the time sequence database accessed by the client; extracting information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like for determining a data analysis rule from application layer data information by utilizing a feature extraction module; determining a data analysis rule according to the information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like by using a rule determination module; analyzing the application layer data information through a data analysis rule by utilizing an analysis module to obtain an analysis result; and mapping the field attribute of the time sequence database in the analysis result into the corresponding field attribute of the relational database by using a conversion module, and then splicing to obtain an audit event log. The auditing system of the embodiment realizes the functions of monitoring and auditing the operation of the access database, enhances the safety of the time sequence database system, does not need to design auditing fields aiming at the time sequence database, but only utilizes the field multiplexing function of the relational database fields, improves the utilization rate of the auditing fields, avoids the field waste caused by the fact that the auditing system designs more fields, and is convenient for a database administrator to analyze and inquire later, reduces the field confusion condition and ensures more accurate auditing results.
In some alternative embodiments, wherein mirroring the data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed.
In some alternative embodiments, the parsing result includes at least one of table name, operation type, data operation, and result set.
In some alternative embodiments, wherein the mapping relationship comprises at least one of:
the measurement field of the time sequence database is associated with the table field of the relational database;
the data point field of the time sequence database is associated with the row field of the relational database;
the threshold field of the time sequence database is associated with the column field of the relational database;
the time stamp field of the time sequence database is associated with the row main key field of the relational database;
the tag field of the time sequence database is associated with the index field of the relational database;
the bucket or organization of the time series database is associated with a user name field of the relational database.
An electronic device provided in an embodiment of the present application includes: a processor and a memory storing machine-readable instructions executable by the processor, which when executed by the processor, perform a method as any one of the above.
A computer readable storage medium provided by an embodiment of the present application, on which a computer program is stored, which when executed by a processor performs a method as described in any of the above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart illustrating steps of a method for auditing a time-series database according to an embodiment of the present application;
fig. 2 is a schematic diagram of an audit system network model for bypass monitoring according to an embodiment of the present application;
FIG. 3 is a functional block diagram of a time-series database auditing system according to an embodiment of the present application;
FIG. 4 is a functional block diagram of an audit system provided in accordance with another embodiment of the present application;
fig. 5 is a schematic diagram of a possible structure of an electronic device according to an embodiment of the present application.
Icon: the system comprises a 1-disassembly module, a 2-feature extraction module, a 3-rule determination module, a 4-analysis module, a 5-conversion module, a 61-processor, a 62-memory, a 63-communication interface and a 64-communication bus.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a flowchart of steps of a time sequence database auditing method according to an embodiment of the present application, which specifically includes:
step 100, obtaining mirror image data flow of a time sequence database accessed by a client, and disassembling to obtain application layer data information;
step 200, extracting features of the application layer data information to obtain a designated client connection tool, a time sequence database protocol version, a time sequence data compression mode and field attributes of a time sequence database;
step 300, determining a data analysis rule of the time sequence database according to the client connection tool, the time sequence database protocol version and the time sequence data compression mode;
step 400, analyzing application layer data information by utilizing a data analysis rule to obtain an analysis result;
and 500, acquiring a mapping relation between field attributes of the time sequence database and field attributes of the relational database, filling an analysis result into corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain an audit event log.
According to the technical scheme, the application layer data information is disassembled from the mirror image data flow by acquiring the mirror image data flow of the time sequence database, then the information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like for determining the data analysis rule is extracted from the application layer data information, the data analysis rule is determined according to the information, the application layer data information is analyzed by utilizing the data analysis rule to obtain an analysis result, and after the field attribute of the time sequence database in the analysis result is mapped to the corresponding field attribute of the relational database, the audit event log is obtained by splicing, so that the audit field of the time sequence database is not required to be designed, but the field multiplexing is carried out by utilizing the field function of the relational database, the utilization rate of the audit field is improved, the field waste caused by the fact that more fields are designed by an audit system is avoided, the analysis and the query are conveniently carried out on the field attribute of the time sequence database by a database manager, and the situation of the fields is reduced, and the audit result is more accurate.
In some alternative embodiments, wherein mirroring the data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed. In this embodiment of the present application, the data flow generated by the client accessing the time-series database includes operation data such as adding, deleting, modifying, and checking of the client accessing the time-series database, and response data returned by the time-series database to the client with respect to the operation data, and then the mirror image data flow obtained in this embodiment also includes operation data accessing the time-series database, and response data returned by the time-series database.
In some alternative embodiments, the parsing result includes at least one of table name, operation type, data operation, and result set.
In some alternative embodiments, wherein the mapping relationship comprises at least one of: the measurement field of the time sequence database is associated with the table field of the relational database; the data point field of the time sequence database is associated with the row field of the relational database; the threshold field of the time sequence database is associated with the column field of the relational database; the time stamp field of the time sequence database is associated with the row main key field of the relational database; the tag field of the time sequence database is associated with the index field of the relational database; the bucket or organization of the time series database is associated with a user name field of the relational database.
In this embodiment of the present application, the Time Series Data (Time Series Data) refers to Data of a system and equipment change recorded according to a Time sequence, where the Time Series Data has the following Time Series dimensions:
Measurement/Metric: metrics associated with tables in the relational database;
data point: data points associated with row in the relational database;
value/field: a threshold value associated with column in the relational database;
timestamp: a time stamp, a time sequence unique identifier associated with a row primary key in the relational database;
and (3) tag: a tag associated with an index in a relational database;
socket/organization: the bucket/organization, users, under one organization, may have multiple pockets, which are associated with relational database usernames.
Another embodiment of the present application further provides a time-series database auditing system, where the auditing system implements an auditing system for bypass monitoring, and a network model of the auditing system for bypass monitoring is shown in fig. 2.
The time sequence database has great change with the traditional database in table structure and key field design, and each time a new field type is added, great waste is caused to the original audit field type, so that the field utilization rate is improved in multiplexing the field of the relational database as much as possible, the fields in the relational database are classified according to similar functions, the association relation with the traditional relational database is established according to the field attribute and the table structure, the newly added field type is reduced, and the complexity of the table structure of the audit system is reduced.
Specifically, referring to fig. 3, fig. 3 is a functional block diagram of a time sequence database auditing system provided in an embodiment of the present application, and specifically includes a disassembling module 1, a feature extracting module 2, a rule determining module 3, an analyzing module 4, and a converting module 5.
The disassembly module 1 is used for obtaining mirror image data flow of the time sequence database accessed by the client and carrying out disassembly to obtain application layer data information. The feature extraction module 2 is configured to perform feature extraction on the application layer data information to obtain a specified client connection tool, a time sequence database protocol version, a time sequence data compression mode and a field attribute of a time sequence database. The rule determining module 3 is configured to determine a data parsing rule of the time sequence database according to the client connection tool, the time sequence database protocol version and the time sequence data compression mode. And the analysis module 4 is used for analyzing the application layer data information by utilizing the data analysis rule to obtain an analysis result. And the conversion module 5 is used for acquiring the mapping relation between the field attributes of the time sequence database and the field attributes of the relational database, filling the analysis result into the corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain an audit event log.
In the embodiment of the application, the auditing system audits all processes of the database access operation of all users in a bypass monitoring mode, and the method comprises the following steps: the disassembly module is used for disassembling application layer data information from the mirror data flow by acquiring the mirror data flow of the time sequence database accessed by the client; extracting information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like for determining a data analysis rule from application layer data information by utilizing a feature extraction module; determining a data analysis rule according to the information such as a client connection tool, a time sequence database protocol version, a time sequence data compression mode and the like by using a rule determination module; analyzing the application layer data information through a data analysis rule by utilizing an analysis module to obtain an analysis result; and mapping the field attribute of the time sequence database in the analysis result into the corresponding field attribute of the relational database by using a conversion module, and then splicing to obtain an audit event log. The auditing system of the embodiment realizes the functions of monitoring and auditing the operation of the access database, enhances the safety of the time sequence database system, does not need to design auditing fields aiming at the time sequence database, but only utilizes the field multiplexing function of the relational database fields, improves the utilization rate of the auditing fields, avoids the field waste caused by the fact that the auditing system designs more fields, and is convenient for a database administrator to analyze and inquire later, reduces the field confusion condition and ensures more accurate auditing results.
In some alternative embodiments, wherein mirroring the data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed.
In some alternative embodiments, the parsing result includes at least one of table name, operation type, data operation, and result set.
In some alternative embodiments, wherein the mapping relationship comprises at least one of: the measurement field of the time sequence database is associated with the table field of the relational database; the data point field of the time sequence database is associated with the row field of the relational database; the threshold field of the time sequence database is associated with the column field of the relational database; the time stamp field of the time sequence database is associated with the row main key field of the relational database; the tag field of the time sequence database is associated with the index field of the relational database; the bucket or organization of the time series database is associated with a user name field of the relational database.
Referring to fig. 4, fig. 4 is a functional block diagram of an audit system according to another embodiment of the present application, in which a time sequence data processing module is added to the audit system to analyze time sequence interaction data of a time sequence database, and perform security audit, so that the security capability of the time sequence database is improved. The time sequence data processing module comprises a disassembling module, a feature extraction module, a rule determination module, an analysis module and a conversion module in the embodiment.
The time sequence data acquisition module is used for: and obtaining mirror image data flow of the access database from the switch through network configuration and system interfaces, and performing preliminary filtration according to the connection integrity and the retransmitted data.
A time sequence data processing module: the module performs protocol identification and time sequence data analysis on the time sequence database protocol. The protocol identification is to distinguish data flow information according to characteristic rules of a time sequence database protocol and then transmit the data flow information to a data analysis module for processing, the data analysis is to unpack an obtained data packet, analyze the data packet in a targeted manner by utilizing the protocol analysis rules of the time sequence database after unpacking to an application layer, then associate and integrate analyzed data fields with relational database fields to form an event, and then send an event log to the next module for processing.
And a strategy matching module: and providing an interface for setting the data analysis rules for the user, and applying the data analysis rules set by the user to the data analysis process. The data analysis refers to analyzing the analyzed SQL sentences according to preset data analysis rules, recording the date, time, type, result and the like of the operation event, forming a report for an administrator to obtain evidence, inquire and analyze, and alarming dangerous data.
And a data storage module: and storing event information results after data analysis and processing into a database for searching by an administrator.
And a system management module: the visual interface is provided for the user, so that the user can conveniently set data analysis rules and configure the system by himself. Audit personnel can set an audit strategy through the management system and inquire an audit result.
Fig. 5 shows a possible structure of the electronic device provided in the embodiment of the present application. Referring to fig. 5, the electronic device includes: processor 61, memory 62, and communication interface 63, which are interconnected and communicate with each other by a communication bus 64 and/or other forms of connection mechanisms (not shown).
The Memory 62 includes one or more (Only one is shown in the figure), which may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable programmable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), and the like. The processor 61 and possibly other components may access the memory 62, read and/or write data therein.
The processor 61 comprises one or more (only one shown) which may be an integrated circuit chip with signal processing capabilities. The processor 61 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a micro control unit (Micro Controller Unit, MCU), a network processor (Network Processor, NP), or other conventional processor; but may also be a special purpose processor including a Neural Network Processor (NPU), a graphics processor (Graphics Processing Unit GPU), a digital signal processor (Digital Signal Processor DSP), an application specific integrated circuit (Application Specific Integrated Circuits ASIC), a field programmable gate array (Field Programmable Gate Array FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. Also, when the processor 61 is plural, some of them may be general-purpose processors, and the other may be special-purpose processors.
Communication interface 63 includes one or more (only one shown) that may be used to communicate directly or indirectly with other devices for data interaction. Communication interface 63 may include an interface for wired and/or wireless communication.
One or more computer program instructions may be stored in memory 62 that may be read and executed by processor 61 to implement the methods provided by embodiments of the present application.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative, and that the electronic device may also include more or fewer components than shown in fig. 5, or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof. The electronic device may be a physical device such as a PC, a notebook, a tablet, a cell phone, a server, an embedded device, etc., or may be a virtual device such as a virtual machine, a virtualized container, etc. The electronic device is not limited to a single device, and may be a combination of a plurality of devices or a cluster of a large number of devices.
The present embodiments also provide a computer readable storage medium having stored thereon computer program instructions that, when read and executed by a processor of a computer, perform the methods provided by the embodiments of the present application. For example, the computer readable storage medium may be implemented as memory 62 in the electronic device of FIG. 5.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (10)
1. A time series database auditing method, comprising:
obtaining mirror image data flow of a client accessing a time sequence database, and disassembling to obtain application layer data information;
extracting features of the application layer data information to obtain a designated client connection tool, a time sequence database protocol version, a time sequence data compression mode and field attributes of a time sequence database;
determining a data analysis rule of the time sequence database according to the client connection tool, the time sequence database protocol version and the time sequence data compression mode;
analyzing application layer data information by utilizing the data analysis rule to obtain an analysis result;
and acquiring the mapping relation between the field attributes of the time sequence database and the field attributes of the relational database, filling the analysis result into the corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain an audit event log.
2. The method of claim 1, wherein the mirroring data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed.
3. The method of claim 1, wherein the parsing result comprises at least one of a table name, an operation type, a data operation, and a result set.
4. The method of claim 1, wherein the mapping relationship comprises at least one of:
the measurement field of the time sequence database is associated with the table field of the relational database;
the data point field of the time sequence database is associated with the row field of the relational database;
the threshold field of the time sequence database is associated with the column field of the relational database;
the time stamp field of the time sequence database is associated with the row main key field of the relational database;
the tag field of the time sequence database is associated with the index field of the relational database;
the bucket or organization of the time series database is associated with a user name field of the relational database.
5. A time series database auditing system, comprising:
the disassembly module is used for acquiring the mirror image data flow of the time sequence database accessed by the client and carrying out disassembly to obtain application layer data information;
the feature extraction module is used for extracting features of the application layer data information to obtain a designated client connection tool, a time sequence database protocol version, a time sequence data compression mode and field attributes of a time sequence database;
the rule determining module is used for determining a data analysis rule of the time sequence database according to the client connecting tool, the time sequence database protocol version and the time sequence data compression mode;
the analysis module is used for analyzing the application layer data information by utilizing the data analysis rule to obtain an analysis result;
the conversion module is used for acquiring the mapping relation between the field attributes of the time sequence database and the field attributes of the relational database, filling the analysis result into the corresponding field attributes of the relational database according to the mapping relation, and splicing to obtain the audit event log.
6. The system of claim 5, wherein the mirrored data traffic comprises: the operation data of the time sequence database is accessed, and the response data returned by the time sequence database is accessed.
7. The system of claim 5, wherein the parsing result includes at least one of a table name, an operation type, a data operation, and a result set.
8. The system of claim 5, wherein the mapping relationship comprises at least one of:
the measurement field of the time sequence database is associated with the table field of the relational database;
the data point field of the time sequence database is associated with the row field of the relational database;
the threshold field of the time sequence database is associated with the column field of the relational database;
the time stamp field of the time sequence database is associated with the row main key field of the relational database;
the tag field of the time sequence database is associated with the index field of the relational database;
the bucket or organization of the time series database is associated with a user name field of the relational database.
9. An electronic device, comprising: a processor and a memory storing machine-readable instructions executable by the processor, which when executed by the processor, perform the method of any of claims 1-4.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when run by a processor, performs the method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310025808.4A CN116010480A (en) | 2023-01-09 | 2023-01-09 | Time sequence database auditing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310025808.4A CN116010480A (en) | 2023-01-09 | 2023-01-09 | Time sequence database auditing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116010480A true CN116010480A (en) | 2023-04-25 |
Family
ID=86028305
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310025808.4A Pending CN116010480A (en) | 2023-01-09 | 2023-01-09 | Time sequence database auditing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116010480A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117033470A (en) * | 2023-10-08 | 2023-11-10 | 天津市天河计算机技术有限公司 | Data generation method, device, equipment and medium |
-
2023
- 2023-01-09 CN CN202310025808.4A patent/CN116010480A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117033470A (en) * | 2023-10-08 | 2023-11-10 | 天津市天河计算机技术有限公司 | Data generation method, device, equipment and medium |
| CN117033470B (en) * | 2023-10-08 | 2024-01-30 | 天津市天河计算机技术有限公司 | Data generation method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111258989B (en) | Database migration evaluation method and device, storage medium and computer equipment | |
| TWI634449B (en) | Method and device for auditing sql | |
| EP4099170B1 (en) | Method and apparatus of auditing log, electronic device, and medium | |
| US9659042B2 (en) | Data lineage tracking | |
| CN112491602B (en) | Behavior data monitoring method and device, computer equipment and medium | |
| CN111488363A (en) | Data processing method, device, electronic equipment and medium | |
| CN112052138A (en) | Service data quality detection method and device, computer equipment and storage medium | |
| US20190050435A1 (en) | Object data association index system and methods for the construction and applications thereof | |
| CN111767573A (en) | Database security management method and device, electronic equipment and readable storage medium | |
| CN111984719A (en) | Data calling method, device, equipment and storage medium based on data source | |
| CN110995273B (en) | Data compression method, device, equipment and medium for power database | |
| CN117971606B (en) | Log management system and method based on elastic search | |
| CN109445768B (en) | Database script generation method and device, computer equipment and storage medium | |
| CN111740868A (en) | Alarm data processing method and device and storage medium | |
| CN116010480A (en) | Time sequence database auditing method and system | |
| CN111767574A (en) | User permission determining method and device, electronic equipment and readable storage medium | |
| CN113553341A (en) | Multidimensional data analysis method, multidimensional data analysis device, multidimensional data analysis equipment and computer readable storage medium | |
| CN116644223A (en) | Data query method, device, equipment and readable medium | |
| KR100906454B1 (en) | Database log data management apparatus and method thereof | |
| CN113672692B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN111046382B (en) | Database auditing method, equipment, storage medium and device | |
| CN111125226B (en) | Configuration data acquisition method and device | |
| CN110020166A (en) | A kind of data analysing method and relevant device | |
| CN112416875A (en) | Log management method and device, computer equipment and storage medium | |
| KR100906449B1 (en) | Database tool identifying apparatus and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |