CN116149930A - Service monitoring platform and monitoring method for electric power information system - Google Patents

Service monitoring platform and monitoring method for electric power information system Download PDF

Info

Publication number
CN116149930A
CN116149930A CN202211540492.4A CN202211540492A CN116149930A CN 116149930 A CN116149930 A CN 116149930A CN 202211540492 A CN202211540492 A CN 202211540492A CN 116149930 A CN116149930 A CN 116149930A
Authority
CN
China
Prior art keywords
service
data
analysis
flow
information system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211540492.4A
Other languages
Chinese (zh)
Inventor
金紫嫣
查梦
邓燕楠
胡齐晋
于仕
余志琴
朱正刚
聂琦
彭敏亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202211540492.4A priority Critical patent/CN116149930A/en
Publication of CN116149930A publication Critical patent/CN116149930A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • G06F11/3072Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/321Display for diagnostics, e.g. diagnostic result display, self-test user interface
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3452Performance evaluation by statistical analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a service monitoring platform and a monitoring method of an electric power information system, wherein the service monitoring platform comprises a data acquisition layer; deploying the acquisition equipment into the power information system in a bypass access mode, deploying the acquisition system on the equipment in a distributed deployment mode, and acquiring service interaction flow for partition storage; a data analysis layer; carrying out flow detailed analysis, protocol decoding and index calculation on the stored data packet; a data feature extraction layer; extracting features of the service flow packet, analyzing, calculating and counting; a data display layer; and carrying out real-time visual display on information system asset information, IP node interaction association, service overall performance, abnormal behavior and service alarm. The monitoring platform has the advantages of simple structure, reasonable design, convenient realization, good use effect and convenient popularization and use, and can be effectively applied to the service monitoring of the electric power information system by combining the monitoring method.

Description

Service monitoring platform and monitoring method for electric power information system
Technical Field
The invention belongs to the technical field of operation and maintenance of an electric power information system, and particularly relates to an electric power information system business monitoring platform and a monitoring method.
Background
With the continuous development and the enlargement of the service scale of the national network, the number of the electric power information systems of the national network is rapidly increased, the service network architecture is huge and complex, and the stable operation of the information systems and the full-link monitoring of each core service are particularly important for ensuring the normal handling and operation of the core service of the national network. The basic operation of the operation and maintenance of the information system is to register and discover the information of the information system, and actively monitor and discover the relevant incremental information and service performance of the information system. The traditional system performance monitoring is mainly used for monitoring the running state of the system, including internal memory, CPU and hardware alarms, and can rapidly locate faults and analyze reasons and timely treat the faults when a certain system alarms. However, as the service data flow situation becomes more complex, the service access situation becomes variable, and the problems of sporadic decrease of service quality or abnormal failure occur in the interaction process of various services, the conventional system operation and maintenance mode cannot meet the requirement of service monitoring, and specifically has the following defects:
firstly, the existing core network mainly collects and monitors the flow of the boundary area of the core, has flow collection and monitoring blind areas among aggregation and application nodes, cannot collect multiple sections, multiple nodes and full paths of service systems, and cannot conduct transaction analysis on various core service systems;
secondly, the current SNMP-based monitoring means only can monitor the running state of service equipment, can not sense the transaction success rate of service, the transaction amount change of service, the response time of service and the like, so that the service running quality sensing is passive, and the problems of abnormal service and active sensing faults can not be found in time;
thirdly, the operation and maintenance mode of the traditional system lacks service transaction backtracking analysis capability, and when sporadic abnormality occurs to the service or intermittent transaction fails, backtracking analysis and reappearance evidence collection cannot be carried out on the service abnormality, so that the efficiency of fault handling and cause analysis is low.
Disclosure of Invention
The invention aims to solve the technical problems in the prior art, and provides the electric power information system service monitoring platform which has the advantages of simple structure, reasonable design, convenience in implementation, good use effect and convenience in popularization and use, can be effectively applied to electric power information system service monitoring by combining a monitoring method.
In order to solve the technical problems, the invention adopts the following technical scheme: the utility model provides a power information system business monitoring platform, includes the data acquisition layer; deploying the acquisition equipment into the power information system in a bypass access mode, deploying the acquisition system on the equipment in a distributed deployment mode, and acquiring service interaction flow for partition storage; a data analysis layer; carrying out flow detailed analysis, protocol decoding and index calculation on the stored data packet; a data feature extraction layer; extracting features of the service flow packet, analyzing, calculating and counting; a data display layer; and carrying out real-time visual display on information system asset information, IP node interaction association, service overall performance, abnormal behavior and service alarm.
The data acquisition layer comprises flow acquisition equipment and a data acquisition front-end system; the flow acquisition equipment comprises a switch and a TAP network shunt, wherein the switch is configured with a port mirror image and copies flow data to a monitoring port; the TAP network diverter is arranged between the production network mirror image interface and the acquisition front-end equipment cluster, and distributes the real-time converged mirror image flow of the switch of the access layer, the convergence layer and the core layer to one or more data analysis equipment; the data acquisition front-end system comprises acquisition probes and a data evaluation module, wherein the acquisition probes acquire all mirror image flows of all acquisition devices in real time in a distributed deployment mode, and the data evaluation module performs preliminary screening on the flows acquired by the acquisition probes to remove ineffective flows of streaming media.
The invention also discloses a service monitoring method of the electric power information system, which adopts the monitoring platform, and comprises the following steps:
step one, the data acquisition layer acquires and stores service flow packets of the electric power information system in a multi-section, multi-node and full-path mode;
step two, the data analysis layer analyzes and evaluates the stored data packet;
step three, the data feature extraction layer performs feature extraction on the analyzed and evaluated service flow packet;
and fourthly, rendering a front-end page by the data display layer through an interaction technology and a visual analysis technology, and displaying the comprehensive monitoring information of the service system.
In the above method for monitoring service of electric power information system, the specific process of the data acquisition layer for acquiring and storing the service flow packet of the electric power information system in multiple segments, multiple nodes and full paths includes:
step 101, analyzing each flow sink node, judging whether incremental data acquisition is needed, deploying a shunt in the sink node and the sink node for the nodes needing to be acquired, amplifying data flow signals, and acquiring the flows of a specific protocol, a specific IP and a specific port in a five-tuple mode;
102, connecting a mirror image port of a switch with a shunt, and copying the shunted data into a local machine through the switch;
step 103, each probe is deployed in each exchanger, the obtained flow is collected and evaluated in real time, the UDP protocol is screened to remove the streaming media noise data, and the real and effective data flow is reserved;
and 104, storing the acquired data in an Oracle database in a full amount by using a database and table dividing mode, and carrying out data persistence.
In the above method for monitoring service of electric power information system, the specific process of analyzing and evaluating the stored data packet by the data analysis layer in the second step includes:
step 201, importing information system asset information, including asset name, status, IP address and port, and detailed statistics capable of monitoring access performance of key business applications;
step 202, analyzing the original network data packet stored in the data acquisition layer, identifying IP protocol, service and extracting original file in the flow;
step 203, analyzing TCP session detailed data, counting the network transmission delay of a client terminal accessing the key application, and deeply analyzing the data transmission process;
and 204, comparing the statistical index with the names of the same indexes in the same period of time in the history by combining the asset information, calculating the difference index data, analyzing relevant parts of equipment, links and service platforms, and assisting in service characteristic analysis.
In the foregoing method for monitoring a service of a power information system, in step 202, the IP protocol includes a destination IP address, a destination IP port number, a source IP address, a source IP port number, and a protocol type.
In the above method for monitoring service of a power information system, in step 203, the counting of the transmission delay of the client network accessing the key application includes starting time, duration time, ending time, connection state, RTT retransmission and segment loss statistics; the deep analysis data transmission process comprises data transmission, service transaction request and response processing in different service transaction specific processes; and counting service link conditions, different session durations, active conditions of assets, service flow interactions and quantity, and accessing performance of key service applications.
In the above method for monitoring service in a power information system, the specific process of extracting features from the service flow packet after analysis and evaluation by the data feature extraction layer in the third step includes:
step 301, performing multidimensional similarity analysis on the real-time index values, and calculating standard deviation and covariance of each index by adopting a pearson similarity calculation method, so as to explore the correlation among different indexes;
step 302, performing fault analysis on the real-time index and the historical index, and analyzing the influence of the data difference of different indexes on the result by adopting a fault analysis method, thereby analyzing the influence of each index on the result;
step 303, performing time sequence analysis and historical dimension analysis on the historical indexes, extracting normal value ranges of the indexes by the historical dimension analysis, and establishing a reference threshold value of each index;
and 304, determining basic data characteristics according to the index analysis result and combining the service side requirements and service operation and maintenance characteristics, constructing customized service characteristic vectors, including flow port characteristics, session characteristics, network segment characteristics, delay characteristics and concurrent flow characteristics, storing the characteristics in an Oracle database, and mining the relevance and data rules of characteristic items.
In the above method for monitoring service of electric power information system, in the fourth step, the data display layer builds a front-end interactive visual analysis interface through JavaScript, CSS, HTML based on a Web framework, and performs visual coding on feature vectors and index data through colors and graphics, including main views of service performance, service alarm, link analysis and transaction analysis, and functional modules of service alarm, carding, retrieval, report form and configuration.
In the above method for monitoring service of electric power information system, in the fourth step, the data display layer renders the front page through the interaction technology and the visual analysis technology, and the specific process of displaying the overall monitoring information of the service system includes:
step 401, the service performance view displays service performance trade indexes and service index data, and the service application health, trade state and abnormal index information in the selected time are checked by adopting an interactive selection time period;
step 402, the service alarm view includes abnormal access alarm, service alarm and burst alarm, and after setting alarm trigger, related data packets are automatically stored, and the data packets can be decoded online, and a data packet list, a data stream and a time sequence diagram are displayed; the abnormal access alarm defines access rules according to IP, ports, applications and protocol elements, and sets priority levels; the service alarm carries out intelligent evaluation according to service interaction data, key performance of host connection communication and application response state, provides graphical display of evaluation results, and generates an alarm when performance is reduced; the burst alarm configures the specific rate peak value and the percentage of sudden increase/sudden decrease threshold value, and generates an alarm when the specific rate peak value and the percentage of sudden increase/sudden decrease threshold value reach a set value;
step 403, the link analysis view is based on information asset information and service flow direction carding, an original data packet flow link is rendered through a node association diagram, and states of all nodes are encoded based on the service characteristics and indexes; the transaction analysis view displays the number, type, state and time of transaction;
step 404, the transaction analysis view displays transaction information of different applications, including specifying transaction processing quantity, transaction processing time, transaction success rate statistics and transaction state change trend;
step 405, the carding module includes all relevant node IP lists, supporting screening according to applications, probes, protocols, nodes;
step 406, the search module performs global search on the IP session, and one-key query returns a complete network path and a traffic packet between two IP nodes through which access flows;
step 407, the report module generates a report according to the business performance, the equipment performance, the link analysis and the transaction analysis data;
step 408, the configuration module supports various terminal configurations, including a disaster recovery terminal, a VolP terminal and an application client, where the disaster recovery terminal supports client and network segment terminal types, and can configure aliases, terminal numbers, geographic locations, state selections and labels.
Compared with the prior art, the invention has the following advantages:
1. the monitoring platform is simple in structure, reasonable in design and convenient to realize.
2. The invention adopts a bypass and distributed mode to deploy the acquisition equipment and the system, has no interaction and frame integration with the existing service system, supports long-term real-time full-quantity acquisition, storage and analysis of service data packets, stores the flow of different links in a partition mode according to customized conditions, can screen and filter the flow according to the conditions, solves the problems that the equipment storage validity period in the current electric power information system network is shorter, and the multi-system, multi-service and multi-link data packets cannot be stored and analyzed in a classified mode, and the damage influence of the traditional flow acquisition and monitoring on the original network, service and system is possible.
3. The invention can monitor the access performance detailed information of the key business, analyze the network transmission delay of the access client according to the access network section and the IP, screen the appointed business application to analyze the TCP session and the trade detailed information at any time period, select the appointed protocol to check the trade processing quantity, the trade processing time and the trade state change trend graph, and solve the problems that the business performance can not be perceived autonomously and the trade abnormality can not be found.
4. The invention has the service backtracking analysis function, and the whole service communication process when the fault occurs is reproduced by retrieving and analyzing the service communication data packet within the designated time range, so that objective and original data support is provided for the abnormal analysis, the abnormal analysis and treatment efficiency is improved, and the problem that the abnormal state cannot be completely restored and reproduced by the prior art means is solved.
5. The invention can be effectively applied to the service monitoring of the electric power information system, has good use effect and is convenient for popularization and use.
In conclusion, the monitoring platform disclosed by the invention has the advantages of simple structure, reasonable design, convenience in implementation, good use effect and convenience in popularization and use, and can be effectively applied to service monitoring of the electric power information system by combining the monitoring method.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
FIG. 1 is a block diagram of a monitoring platform of the present invention;
fig. 2 is a flow chart of the monitoring method of the present invention.
Detailed Description
As shown in FIG. 1, the power information system service monitoring platform of the invention comprises
A data acquisition layer; deploying the acquisition equipment into the power information system in a bypass access mode, deploying the acquisition system on the equipment in a distributed deployment mode, and acquiring service interaction flow for partition storage;
a data analysis layer; carrying out flow detailed analysis, protocol decoding and index calculation on the stored data packet;
a data feature extraction layer; extracting features of the service flow packet, analyzing, calculating and counting;
a data display layer; and carrying out real-time visual display on information system asset information, IP node interaction association, service overall performance, abnormal behavior and service alarm.
In the specific implementation, the acquisition equipment and the system are deployed in a bypass and distributed mode, no interaction and frame integration are realized with the existing service system, the long-term real-time full-quantity acquisition, storage and analysis of service data packets are supported, the flows of different links are stored in a partitioning mode according to customized conditions, and filtering can be carried out according to the conditions, so that the problems that the storage validity period of equipment in the current electric power information system network is short, the multi-system, multi-service and multi-link data packets cannot be stored and analyzed in a classified mode and the possible infringement influence of the traditional flow acquisition monitoring on the original network, service and system are solved.
In this embodiment, the data acquisition layer includes a flow acquisition device and a data acquisition front-end system; the flow acquisition equipment comprises a switch and a TAP network shunt, wherein the switch is configured with a port mirror image and copies flow data to a monitoring port; the TAP network diverter is arranged between the production network mirror image interface and the acquisition front-end equipment cluster, and distributes the real-time converged mirror image flow of the switch of the access layer, the convergence layer and the core layer to one or more data analysis equipment; the data acquisition front-end system comprises acquisition probes and a data evaluation module, wherein the acquisition probes acquire all mirror image flows of all acquisition devices in real time in a distributed deployment mode, and the data evaluation module performs preliminary screening on the flows acquired by the acquisition probes to remove ineffective flows of streaming media.
When the method is implemented, the acquisition probe can close a link and cut off the traffic when the traffic of a certain node is not required to be acquired.
As shown in fig. 2, the method for monitoring the service of the electric power information system of the present invention comprises the following steps:
step one, the data acquisition layer acquires and stores service flow packets of the electric power information system in a multi-section, multi-node and full-path mode;
in the specific implementation, the acquisition system is deployed on the equipment in a distributed deployment mode, the system service flow packets are acquired in a multi-section, multi-node and full-path mode in real time through a DPDK acquisition mode, and meanwhile, the captured full-quantity service data packets are partitioned according to the flows of different links and stored in an Oracle database in a database splitting and table splitting mode, so that data persistence is carried out.
Step two, the data analysis layer analyzes and evaluates the stored data packet;
in the implementation, the analysis and evaluation comprises information system asset information statistics, original network data packet quintuple analysis and TCP session analysis, and all flow data are subjected to index calculation and evaluation.
Step three, the data feature extraction layer performs feature extraction on the analyzed and evaluated service flow packet;
in specific implementation, multidimensional similarity analysis, fault analysis and reference threshold analysis are carried out on the flow indexes after analysis and evaluation of the data analysis layer, basic data characteristics are determined by combining index analysis results and service side requirements, customized service characteristic vectors are constructed, the customized service characteristic vectors comprise flow port characteristics, session characteristics, network segment characteristics, delay characteristics and concurrent flow characteristics, and the characteristics are stored in the data storage layer in a multi-element array mode.
And fourthly, rendering a front-end page by the data display layer through an interaction technology and a visual analysis technology, and displaying the comprehensive monitoring information of the service system.
When in implementation, the data display layer comprises four main views of service performance, service alarm, link analysis and transaction analysis, and service alarm, carding, searching, reporting and configuration function modules.
In this embodiment, the specific process of the data acquisition layer for acquiring and storing the service traffic packets of the power information system in multiple segments, multiple nodes and full paths includes:
step 101, analyzing each flow sink node, judging whether incremental data acquisition is needed, deploying a shunt in the sink node and the sink node for the nodes needing to be acquired, amplifying data flow signals, and acquiring the flows of a specific protocol, a specific IP and a specific port in a five-tuple mode;
102, connecting a mirror image port of a switch with a shunt, and copying the shunted data into a local machine through the switch;
step 103, each probe is deployed in each exchanger, the obtained flow is collected and evaluated in real time, the UDP protocol is screened to remove the streaming media noise data, and the real and effective data flow is reserved;
and 104, storing the acquired data in an Oracle database in a full amount by using a database and table dividing mode, and carrying out data persistence.
In this embodiment, the specific process of the data analysis layer for analyzing and evaluating the stored data packet includes:
step 201, importing information system asset information, including asset name, status, IP address and port, and detailed statistics capable of monitoring access performance of key business applications;
step 202, analyzing the original network data packet stored in the data acquisition layer, identifying IP protocol, service and extracting original file in the flow;
step 203, analyzing TCP session detailed data, counting the network transmission delay of a client terminal accessing the key application, and deeply analyzing the data transmission process;
and 204, comparing the statistical index with the names of the same indexes in the same period of time in the history by combining the asset information, calculating the difference index data, analyzing relevant parts of equipment, links and service platforms, and assisting in service characteristic analysis.
In this embodiment, the IP protocol includes a destination IP address, a destination IP port number, a source IP address, a source IP port number, and a protocol type.
In this embodiment, the counting the transmission delay of the client network accessing the key application includes a start time, a duration time, an end time, a connection state, RTT retransmission, and segment loss statistics; the deep analysis data transmission process comprises data transmission, service transaction request and response processing in different service transaction specific processes; and counting service link conditions, different session durations, active conditions of assets, service flow interactions and quantity, and accessing performance of key service applications.
In this embodiment, the specific process of performing feature extraction on the service flow packet after analysis and evaluation by the data feature extraction layer includes:
step 301, performing multidimensional similarity analysis on the real-time index values, and calculating standard deviation and covariance of each index by adopting a pearson similarity calculation method, so as to explore the correlation among different indexes;
step 302, performing fault analysis on the real-time index and the historical index, and analyzing the influence of the data difference of different indexes on the result by adopting a fault analysis method, thereby analyzing the influence of each index on the result;
step 303, performing time sequence analysis and historical dimension analysis on the historical indexes, extracting normal value ranges of the indexes by the historical dimension analysis, and establishing a reference threshold value of each index;
and 304, determining basic data characteristics according to the index analysis result and combining the service side requirements and service operation and maintenance characteristics, constructing customized service characteristic vectors, including flow port characteristics, session characteristics, network segment characteristics, delay characteristics and concurrent flow characteristics, storing the characteristics in an Oracle database, and mining the relevance and data rules of characteristic items.
In this embodiment, the data display layer builds a front-end interactive visual analysis interface through JavaScript, CSS, HTML based on a Web framework, and performs visual coding on feature vectors and index data through colors and graphics, including main views of service performance, service alarm, link analysis and transaction analysis, and functional modules of service alarm, carding, retrieval, report form and configuration.
In this embodiment, the specific process of rendering the front-end page by the data presentation layer through the interaction technology and the visual analysis technology, and presenting the overall monitoring information of the service system includes:
step 401, the service performance view displays service performance trade indexes and service index data, and the service application health, trade state and abnormal index information in the selected time are checked by adopting an interactive selection time period;
step 402, the service alarm view includes abnormal access alarm, service alarm and burst alarm, and after setting alarm trigger, related data packets are automatically stored, and the data packets can be decoded online, and a data packet list, a data stream and a time sequence diagram are displayed; the abnormal access alarm defines access rules according to IP, ports, applications and protocol elements, and sets priority levels; the service alarm carries out intelligent evaluation according to service interaction data, key performance of host connection communication and application response state, provides graphical display of evaluation results, and generates an alarm when performance is reduced; the burst alarm configures the specific rate peak value and the sudden increase/sudden decrease percentage threshold value, and generates an alarm when the specific rate peak value and the sudden increase/sudden decrease percentage threshold value reach set values;
step 403, the link analysis view is based on information asset information and service flow direction carding, an original data packet flow link is rendered through a node association diagram, and states of all nodes are encoded based on the service characteristics and indexes; the transaction analysis view displays the number, type, state and time of transaction;
step 404, the transaction analysis view displays transaction information of different applications, including specifying transaction processing quantity, transaction processing time, transaction success rate statistics and transaction state change trend;
step 405, the carding module includes all relevant node IP lists, supporting screening according to applications, probes, protocols, nodes;
step 406, the search module performs global search on the IP session, and one-key query returns a complete network path and a traffic packet between two IP nodes through which access flows;
step 407, the report module generates a report according to the business performance, the equipment performance, the link analysis and the transaction analysis data;
step 408, the configuration module supports various terminal configurations, including a disaster recovery terminal, a VolP terminal and an application client, where the disaster recovery terminal supports client and network segment terminal types, and can configure aliases, terminal numbers, geographic locations, state selections and labels.
The foregoing description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and any simple modification, variation and equivalent structural changes made to the above embodiment according to the technical substance of the present invention still fall within the scope of the technical solution of the present invention.

Claims (10)

1. The utility model provides a power information system business monitoring platform which characterized in that: comprising
A data acquisition layer; deploying the acquisition equipment into the power information system in a bypass access mode, deploying the acquisition system on the equipment in a distributed deployment mode, and acquiring service interaction flow for partition storage;
a data analysis layer; carrying out flow detailed analysis, protocol decoding and index calculation on the stored data packet;
a data feature extraction layer; extracting features of the service flow packet, analyzing, calculating and counting;
a data display layer; and carrying out real-time visual display on information system asset information, IP node interaction association, service overall performance, abnormal behavior and service alarm.
2. A power information system service monitoring platform according to claim 1, wherein: the data acquisition layer comprises flow acquisition equipment and a data acquisition front-end system; the flow acquisition equipment comprises a switch and a TAP network shunt, wherein the switch is configured with a port mirror image and copies flow data to a monitoring port; the TAP network diverter is arranged between the production network mirror image interface and the acquisition front-end equipment cluster, and distributes the real-time converged mirror image flow of the switch of the access layer, the convergence layer and the core layer to one or more data analysis equipment; the data acquisition front-end system comprises acquisition probes and a data evaluation module, wherein the acquisition probes acquire all mirror image flows of all acquisition devices in real time in a distributed deployment mode, and the data evaluation module performs preliminary screening on the flows acquired by the acquisition probes to remove ineffective flows of streaming media.
3. A method for monitoring service of an electric power information system, characterized in that the monitoring platform as claimed in claim 1 is used, the method comprising the following steps:
step one, the data acquisition layer acquires and stores service flow packets of the electric power information system in a multi-section, multi-node and full-path mode;
step two, the data analysis layer analyzes and evaluates the stored data packet;
step three, the data feature extraction layer performs feature extraction on the analyzed and evaluated service flow packet;
and fourthly, rendering a front-end page by the data display layer through an interaction technology and a visual analysis technology, and displaying the comprehensive monitoring information of the service system.
4. A method for monitoring service of electric power information system according to claim 3, wherein the specific process of the data acquisition layer in the first step for acquiring and storing the service traffic packet of the electric power information system in multiple segments, multiple nodes and full paths comprises:
step 101, analyzing each flow sink node, judging whether incremental data acquisition is needed, deploying a shunt in the sink node and the sink node for the nodes needing to be acquired, amplifying data flow signals, and acquiring the flows of a specific protocol, a specific IP and a specific port in a five-tuple mode;
102, connecting a mirror image port of a switch with a shunt, and copying the shunted data into a local machine through the switch;
step 103, each probe is deployed in each exchanger, the obtained flow is collected and evaluated in real time, the UDP protocol is screened to remove the streaming media noise data, and the real and effective data flow is reserved;
and 104, storing the acquired data in an Oracle database in a full amount by using a database and table dividing mode, and carrying out data persistence.
5. A method for monitoring service of electric power information system according to claim 3, wherein the specific process of analyzing and evaluating the stored data packet by the data analysis layer in the second step comprises:
step 201, importing information system asset information, including asset name, status, IP address and port, and detailed statistics capable of monitoring access performance of key business applications;
step 202, analyzing the original network data packet stored in the data acquisition layer, identifying IP protocol, service and extracting original file in the flow;
step 203, analyzing TCP session detailed data, counting the network transmission delay of a client terminal accessing the key application, and deeply analyzing the data transmission process;
and 204, comparing the statistical index with the names of the same indexes in the same period of time in the history by combining the asset information, calculating the difference index data, analyzing relevant parts of equipment, links and service platforms, and assisting in service characteristic analysis.
6. A method for traffic monitoring in a power information system according to claim 5, wherein said IP protocol in step 202 includes a destination IP address, a destination IP port number, a source IP address, a source IP port number, and a protocol type.
7. The method for monitoring service of electric power information system according to claim 5, wherein the counting of the transmission delay of the client network accessing the critical application in step 203 includes start time, duration, end time, connection status, RTT retransmission, segment loss statistics; the deep analysis data transmission process comprises data transmission, service transaction request and response processing in different service transaction specific processes; and counting service link conditions, different session durations, active conditions of assets, service flow interactions and quantity, and accessing performance of key service applications.
8. A method for monitoring service of electric power information system according to claim 3, wherein the specific process of extracting features of the service flow packet after analysis and evaluation by the data feature extraction layer in the third step comprises:
step 301, performing multidimensional similarity analysis on the real-time index values, and calculating standard deviation and covariance of each index by adopting a pearson similarity calculation method, so as to explore the correlation among different indexes;
step 302, performing fault analysis on the real-time index and the historical index, and analyzing the influence of the data difference of different indexes on the result by adopting a fault analysis method, thereby analyzing the influence of each index on the result;
step 303, performing time sequence analysis and historical dimension analysis on the historical indexes, extracting normal value ranges of the indexes by the historical dimension analysis, and establishing a reference threshold value of each index;
and 304, determining basic data characteristics according to the index analysis result and combining the service side requirements and service operation and maintenance characteristics, constructing customized service characteristic vectors, including flow port characteristics, session characteristics, network segment characteristics, delay characteristics and concurrent flow characteristics, storing the characteristics in an Oracle database, and mining the relevance and data rules of characteristic items.
9. A method for monitoring service of electric power information system according to claim 3, wherein in the fourth step, the data display layer builds a front-end interactive visual analysis interface through JavaScript, CSS, HTML based on Web framework, and performs visual coding on feature vector and index data through colors and graphics, including main views of service performance, service alarm, link analysis and transaction analysis, and functional modules of service alarm, carding, retrieval, report and configuration.
10. The method for monitoring the business of the electric power information system according to claim 9, wherein in the fourth step, the data display layer renders a front page through an interaction technology and a visual analysis technology, and the specific process of displaying the comprehensive monitoring information of the business system comprises the following steps:
step 401, the service performance view displays service performance trade indexes and service index data, and the service application health, trade state and abnormal index information in the selected time are checked by adopting an interactive selection time period;
step 402, the service alarm view includes abnormal access alarm, service alarm and burst alarm, and after setting alarm trigger, related data packets are automatically stored, and the data packets can be decoded online, and a data packet list, a data stream and a time sequence diagram are displayed; the abnormal access alarm defines access rules according to IP, ports, applications and protocol elements, and sets priority levels; the service alarm carries out intelligent evaluation according to service interaction data, key performance of host connection communication and application response state, provides graphical display of evaluation results, and generates an alarm when performance is reduced; the burst alarm configures a bit rate peak value and a sudden increase/sudden decrease percentage threshold value, and generates an alarm when a set value is reached;
step 403, the link analysis view is based on information asset information and service flow direction carding, an original data packet flow link is rendered through a node association diagram, and states of all nodes are encoded based on the service characteristics and indexes; the transaction analysis view displays the number, type, state and time of transaction;
step 404, the transaction analysis view displays transaction information of different applications, including specifying transaction processing quantity, transaction processing time, transaction success rate statistics and transaction state change trend;
step 405, the carding module includes all relevant node IP lists, supporting screening according to applications, probes, protocols, nodes;
step 406, the search module performs global search on the IP session, and one-key query returns a complete network path and a traffic packet between two IP nodes through which access flows;
step 407, the report module generates a report according to the business performance, the equipment performance, the link analysis and the transaction analysis data;
step 408, the configuration module supports various terminal configurations, including a disaster recovery terminal, a VolP terminal and an application client, where the disaster recovery terminal supports client and network segment terminal types, and can configure aliases, terminal numbers, geographic locations, state selections and labels.
CN202211540492.4A 2022-11-28 2022-11-28 Service monitoring platform and monitoring method for electric power information system Pending CN116149930A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211540492.4A CN116149930A (en) 2022-11-28 2022-11-28 Service monitoring platform and monitoring method for electric power information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211540492.4A CN116149930A (en) 2022-11-28 2022-11-28 Service monitoring platform and monitoring method for electric power information system

Publications (1)

Publication Number Publication Date
CN116149930A true CN116149930A (en) 2023-05-23

Family

ID=86339761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211540492.4A Pending CN116149930A (en) 2022-11-28 2022-11-28 Service monitoring platform and monitoring method for electric power information system

Country Status (1)

Country Link
CN (1) CN116149930A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582450A (en) * 2023-07-13 2023-08-11 北京智芯微电子科技有限公司 Service access sensing method and system for low-voltage distribution network
CN117453493A (en) * 2023-12-22 2024-01-26 山东爱特云翔信息技术有限公司 GPU computing power cluster monitoring method and system for large-scale multi-data center

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582450A (en) * 2023-07-13 2023-08-11 北京智芯微电子科技有限公司 Service access sensing method and system for low-voltage distribution network
CN116582450B (en) * 2023-07-13 2023-12-01 北京智芯微电子科技有限公司 Service access sensing method and system for low-voltage distribution network
CN117453493A (en) * 2023-12-22 2024-01-26 山东爱特云翔信息技术有限公司 GPU computing power cluster monitoring method and system for large-scale multi-data center
CN117453493B (en) * 2023-12-22 2024-05-31 山东爱特云翔信息技术有限公司 GPU computing power cluster monitoring method and system for large-scale multi-data center

Similar Documents

Publication Publication Date Title
CN116149930A (en) Service monitoring platform and monitoring method for electric power information system
CN102158360B (en) Network fault self-diagnosis method based on causal relationship positioning of time factors
US6363384B1 (en) Expert system process flow
JP3510658B2 (en) Network analysis method
US8391157B2 (en) Distributed flow analysis
US6529954B1 (en) Knowledge based expert analysis system
CN100431302C (en) Log device, system and method with function of analyzing network traffic
EP2742646B1 (en) A method, apparatus and communication network for root cause analysis
CN106301971A (en) Electric power application performance monitoring system based on flow analysis
CN109586239B (en) Real-time diagnosis and fault early warning method for intelligent substation
WO2003107190A1 (en) Real-time network performance monitoring system
US10439899B2 (en) Service summary view
CN114629802B (en) Service awareness-based power communication backbone network quality assessment method
CN107635003A (en) The management method of system journal, apparatus and system
CN108259263A (en) Data analysing method, apparatus and system
CN112333020A (en) Network security monitoring and data message analyzing system based on quintuple
CN115022908A (en) Method for predicting and positioning abnormity of core network and base station transmission network
CN116800586A (en) Method for diagnosing data communication faults of telecommunication network
CN110677327A (en) Chip-based real-time detection method for RTP flow fault
CN116204386B (en) Method, system, medium and equipment for automatically identifying and monitoring application service relationship
JP2002026935A (en) Frame monitoring device and storage medium
CN116155581A (en) Network intrusion detection method and device based on graph neural network
KR100500836B1 (en) Fault management system of metro ethernet network and method thereof
CN111988172B (en) Network information management platform, device and security management method
CN102123092B (en) A kind of multicast performance analytical method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination