CN116820909A

CN116820909A - Audit log recording method, audit log recording device, audit log recording equipment and computer storage medium

Info

Publication number: CN116820909A
Application number: CN202311089488.5A
Authority: CN
Inventors: 施博文
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2023-08-28
Filing date: 2023-08-28
Publication date: 2023-09-29

Abstract

The application provides a recording method, device and equipment of an audit log and a computer storage medium, relating to the technical field of computers and being used for realizing decoupling of a common log and the audit log in a recording process. The method comprises the following steps: in the running process of the target process, recording each original log information generated by the target process; the original log information includes: first description information of a system task executed by a target process; transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information; the target log information includes: second descriptive information of a system task executed by the target process in response to the operation instruction; and calling an audit log process, respectively generating corresponding audit logs based on at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

Description

Audit log recording method, audit log recording device, audit log recording equipment and computer storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for recording an audit log, and a computer storage medium.

Background

The log is a file for recording various important information in the running process of the system, is created and recorded by each process in the running process of the system, and has the functions of recording the running process and abnormal information of the system and providing detailed information for quickly positioning problems occurring in the running process of the system and program debugging problems in the developing process. The audit log is a log specially used for recording information of system operators, operation contents, operation objects and the like. It is desirable for the system operator to record the self-triggering operation information so as to find out the possible cause of the problem in the subsequent examination process.

However, in a general logging process, all logs are uniformly saved in a native log file after being created for later review. This results in that when a developer runs in the inspection system, if he wants to view the log content of the category of audit logs, he can only extract all logs and then look up them; therefore, when the system operation is problematic, a large amount of system operation logs and audit logs are mixed, and the possibility of system operation errors caused by the operation of system operators on the system cannot be timely eliminated, so that the problem positioning efficiency is seriously reduced, and the stability of the system error correction operation is further affected.

Therefore, how to decouple the audit log from the normal log when logging the log so that the information of the audit log can be quickly and conveniently extracted later is a problem to be solved.

Disclosure of Invention

The application provides a recording method, device and equipment of an audit log and a computer storage medium, which are used for realizing decoupling of a common log and the audit log in a recording process.

In a first aspect, an embodiment of the present application provides a method for recording an audit log, where the method includes:

in the running process of the target process, recording each original log information generated by the target process; the original log information includes: first description information of a system task executed by a target process;

transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information; the target log information includes: second descriptive information of a system task executed by the target process in response to the operation instruction;

and calling an audit log process, respectively generating corresponding audit logs based on at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

In a second aspect, an embodiment of the present application provides a recording apparatus for an audit log, including:

the recording module is used for recording each original log information generated by the target process in the running process of the target process; the original log information includes: first description information of a system task executed by a target process;

the processing module is used for transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information; the target log information includes: second descriptive information of a system task executed by the target process in response to the operation instruction;

the storage module is used for calling an audit log process, respectively generating corresponding audit logs based on at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

In one possible implementation manner, the storage module is configured to invoke an audit log process, generate corresponding audit logs based on at least one target log information, and store the obtained at least one audit log to a specified audit log set, where the storage module is specifically configured to:

acquiring preset audit log configuration parameters; wherein, the audit log configuration parameters include at least: set identification and set update period;

Calling an audit log process, and respectively generating corresponding audit logs based on at least one target log information;

based on the set identifier, respectively storing the obtained at least one audit log into an audit log set corresponding to the set identifier;

based on the set update period, the audit log with the storage time reaching the set update period is periodically deleted from the audit log set.

In one possible implementation manner, the recording module is configured to record each piece of original log information generated by the target process, and is specifically configured to:

when the target process responds to the operation instruction to execute the system task, acquiring second description information of the system task executed by the target process; wherein the second description information at least comprises at least one of the following: the method comprises the steps of an instruction source of an operation instruction, an operation object of the operation instruction, instruction content of the operation instruction and an execution result of the operation instruction;

and recording the obtained second description information to target log information in the original log information.

In one possible implementation manner, the second description information further includes an execution duration;

the recording module is used for acquiring the second description information of the system task executed by the target process, and is specifically used for:

Acquiring a first time point when the target process receives the operation instruction and acquiring a second time point when the target process finishes processing the operation instruction;

and acquiring the execution time length of the target process responding to the operation instruction based on the first time point and the second time point.

In one possible implementation manner, the recording module is configured to, during the running process of the target process, record each piece of original log information generated by the target process, and further configured to:

if the target process is determined to be responding to the operation instruction and the expected response result cannot be obtained when the system task is executed, corresponding execution error information is obtained; wherein, the executing error information includes: describing information of a target process error execution system task;

and recording the execution error information to target log information in the original log information.

In one possible implementation, the processing module is configured, when transmitting the at least one target log information to the audit log process, to further:

if any one of the at least one target log information is determined, splitting the any one target log information into a plurality of sub-log information corresponding to the any one target log information if the occupied transmission bytes exceed a first threshold; wherein, the transmission bytes occupied by the sub-log information are smaller than a second threshold value;

Transmitting the sub-log information to an audit log process respectively;

the storage module is configured to, when generating the corresponding audit logs based on the at least one target log information, further:

and generating an audit log corresponding to any one target log based on each sub-log information in the plurality of sub-log information.

In one possible implementation, the recording module is further configured, after being configured to record, during the running of the target process, each piece of original log information generated by the target process, to:

transmitting each original log information to an original log process;

calling an original log process, respectively generating corresponding original logs based on the original log information, and storing the obtained original logs into a designated original log set.

transmitting other log information except at least one target log information in each original log information to an original log process;

calling an original log process, respectively generating corresponding original logs based on other log information, and storing the obtained original logs into a designated original log set.

In a third aspect, the application provides an electronic device comprising a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to carry out the steps of any of the methods described above.

In a fourth aspect, the application also provides a computer readable storage medium comprising program code for causing an electronic device to perform the steps of any of the methods described above, when the program code is run on the electronic device.

In a fifth aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of any of the methods described above.

The application has the following beneficial effects:

in the scheme, in the process of generating the original log information by the target process, the target log information for describing the system task executed by the target process in response to the operation instruction is screened, the audit log and the original log are screened and isolated in advance in the log generation stage, and a data basis is provided for splitting the follow-up audit log and the original log. And after screening out the target log information, transmitting the target log information to an added audit log process, completing the process of generating the audit log based on the target log information through the audit log process, and storing the audit log information to a designated audit log set, so that the original log and the audit log can be stored simultaneously without occupying an original log storing process, and under the condition of not influencing the record of the original log, the independent record of the audit log is completed simultaneously, namely, the effect of independently recording the audit log is realized, and the efficiency of log record is also ensured.

In addition, in the process of acquiring the target log information, the execution time length and the acquisition of execution error information are increased, the information content in the audit log is expanded, the description information of the system task executed by the target process after the response operation instruction is recorded in more detail, more comprehensive data is provided for the subsequent possible problem positioning, and the problem investigation efficiency can be effectively improved.

Meanwhile, the target log information with excessive contents is respectively transmitted in a mode of splitting the target log information, so that the problems of transmission performance reduction and packet loss rate improvement possibly caused by overlarge content for single transmission can be effectively avoided.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.

Drawings

Fig. 1 is a schematic diagram of a possible application scenario provided in an embodiment of the present application;

fig. 2 is a flow chart of a method for recording an audit log according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a relationship between original log information and target log information according to an embodiment of the present application;

FIG. 4 is a schematic diagram of an implementation architecture according to an embodiment of the present application;

fig. 5 is a flow chart of a recording method of original log information according to an embodiment of the present application;

fig. 6 is a logic schematic diagram of a recording method of original log information according to an embodiment of the present application;

FIG. 7 is a flowchart illustrating another method for recording original log information according to an embodiment of the present application;

FIG. 8 is a schematic diagram of another recording method of original log information according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a method for logging according to an embodiment of the present application;

fig. 10 is a flowchart of a method for recording target log information according to an embodiment of the present application;

FIG. 11 is a schematic diagram of an original log information structure according to an embodiment of the present application;

fig. 12 is a flowchart of a method for obtaining an execution duration according to an embodiment of the present application;

fig. 13 is a flowchart of a method for obtaining target log information according to an embodiment of the present application;

fig. 14A is a logic schematic diagram of a method for obtaining target log information according to an embodiment of the present application;

FIG. 14B is a schematic diagram of a relationship between original log information and target log information according to an embodiment of the present application;

fig. 15A is a flowchart of a method for transmitting target log information according to an embodiment of the present application;

fig. 15B is a logic schematic diagram of a method for transmitting target log information according to an embodiment of the present application;

FIG. 16 is a flow chart of a method for storing audit logs according to an embodiment of the present application;

FIG. 17 is a schematic diagram of an audit log recording method according to an embodiment of the present application;

fig. 18 is a schematic structural diagram of an audit log recording device according to an embodiment of the present application;

FIG. 19 is a schematic diagram showing a hardware configuration of an electronic device according to an embodiment of the present application;

fig. 20 is a schematic diagram of a hardware component of another electronic device according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application. Embodiments of the application and features of the embodiments may be combined with one another arbitrarily without conflict. Also, while a logical order is depicted in the flowchart, in some cases, the steps depicted or described may be performed in a different order than presented herein.

It will be appreciated that in the following detailed description of the application, related data such as raw logs or audit logs are referred to, and when embodiments of the application are applied to a particular product or technology, related permissions or consents need to be obtained, and the collection, use and processing of related data is required to comply with relevant laws and regulations and standards of the relevant country and region. For example, where relevant data is required, this may be implemented by recruiting relevant volunteers and signing the relevant agreement of volunteer authorisation data, and then using the data of these volunteers; alternatively, by performing within an authorized allowed organization, the relevant identification of the internal members is performed by employing the data of the internal members of the organization to perform the following embodiments; alternatively, the relevant data used in the implementation may be analog data, for example, analog data generated in a virtual scene.

In order to facilitate understanding of the technical solution provided by the embodiments of the present application, some key terms used in the embodiments of the present application are explained here:

and (3) log: the log is a file for recording various important information in the running process of the system, is created and recorded by each process in the running process of the system, and has the functions of recording the running process and abnormal information of the system and providing detailed information for quickly positioning problems occurring in the running process of the system and program debugging problems in the developing process.

Audit log: an audit log is a log that is dedicated to recording information of system operators, operation contents, operation objects, and the like. In other words, whenever a system operator operates the system (e.g., creates a table or deletes data, etc.), the system generates a corresponding audit log that records the operator's operation.

Log rotation: log output can be bulky and thus cannot endlessly save all log information. The log-saved files need to be cycled so that after a reasonable period of time a new log file will start and the old one will be removed.

Unified configuration (Grand Unified Configuration, GUC) parameters: GUC parameters are the mechanism by which postgreSQL manages database parameters. It is generally understood that the variables in the postgresql. Conf file are modified or the parameters are set by a set command. Among them, postgreSQL is an object-relational database management system (ordms) of very well-defined free software.

The following briefly describes the design concept of the embodiment of the present application:

during the running process of the system, a plurality of logs are continuously generated for recording the states of the system during the running process. Thus, when the system operation is in error, the developer can quickly locate the problems of the system through the system operation information recorded by the log.

When a developer maintains a system through a log, the developer can first confirm whether a problem occurring in the system is triggered by some operation outside the system, so that the developer needs to confirm the problem occurring due to the external operation by checking an audit log in the log.

However, in a general log recording manner, the logs generated during the running process of the system are generally uniformly stored in a log file, which results in that when a developer is checking the running of the system, if he wants to check the log content of the category of the audit log, he can only extract all the logs and then look up the log; when the system operation is problematic, the developer cannot timely remove the possibility of system operation errors caused by the operation of system operators on the system, so that the problem positioning efficiency is seriously reduced, and the stability of the error correction operation of the system is further affected.

In view of this, the embodiments of the present application provide a method, an apparatus, a device, and a computer storage medium for recording audit logs, by individually storing audit logs in all generated original logs into a designated audit log set when a system is running, so that when a subsequent developer reviews the system running, the behavior of an operator of the system can be referred to through all audit logs in the audit log set first, thereby determining whether the cause of a problem occurring in the system is related to the operator.

Specifically, in a general log recording process, the embodiment of the application provides a process (namely an audit log process) which is added separately and used for performing audit log recording, so that by calling the audit log process, a corresponding audit log can be generated by utilizing second description information which is generated by a target process and used for describing system tasks which are executed by the target process in response to operation instructions, the generated audit log is stored into a designated audit log set according to the requirement of the configuration parameters based on preset audit log configuration parameters, and the audit log with the storage duration reaching the set update period is periodically deleted from the audit log set based on the requirement of the set update period in the configuration parameters.

The following description is made for some simple descriptions of application scenarios applicable to the technical solution of the embodiment of the present application, and it should be noted that the application scenarios described below are only used for illustrating the embodiment of the present application, but not limiting. In the specific implementation process, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.

Referring to fig. 1, a schematic diagram of a possible application scenario provided in an embodiment of the present application may include a terminal device 101 and a server 102.

The terminal device 101 may be a device such as a mobile phone, a tablet personal computer (PAD), a personal computer (Personal computer, PC), a wearable device, or a vehicle-mounted terminal, or may be a device such as a camera or a video camera. The server 102 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, a content delivery network (Content Delivery Network, CDN), basic cloud computing services such as big data and an artificial intelligence platform.

The server 102 can include one or more processors 1021, memory 1022, and I/O interfaces 1023 for interaction with terminals, etc. In addition, the server 102 may further configure a database 1024, where the database 1024 may be used to store log information such as an audit log and an original log, and may also be used to store audit log configuration parameters used by the above audit log method. Program instructions of the method for recording an audit log provided by the embodiment of the present application may also be stored in the memory 1022 of the server 102, where the program instructions can be used to implement the steps for recording an audit log provided by the embodiment of the present application when executed by the processor 1021, so as to separately store the audit log.

The terminal device 101 and the server 102 may be in direct or indirect communication connection via one or more communication networks 103. The communication network 103 may be a wired network, or may be a Wireless network, for example, a mobile cellular network, or may be a Wireless-Fidelity (WIFI) network, or may be other possible networks, which the embodiments of the present application are not limited to.

It should be noted that, the method for recording the audit log in the embodiment of the present application may be performed by a computer device, which may be the terminal device 101 or the server 102, that is, the method may be performed by the terminal device 101 or the server 102 alone.

For example, when the method for recording the audit log provided by the present application is separately executed by the terminal device 101, the terminal device 101 may be configured with the audit log process provided by the embodiment of the present application, so that when the target process runs, the terminal device 101 may call the audit log to store the audit log, and generate a corresponding audit log file based on the audit log set in which the audit log is stored.

For another example, when the method for recording the audit log provided by the present application is executed by the server 102, the server may utilize the audit log process to extract the audit log information generated in any process operation, generate a corresponding audit log based on the audit log information, and store the audit log in the audit log set for the subsequent developer to review when locating the system problem.

It should be noted that, the number of terminal devices and servers and the communication manner are not limited in practice, and are not particularly limited in the embodiment of the present application, as shown in fig. 1 for illustration only.

The method for recording an audit log according to an exemplary embodiment of the present application will be described below with reference to the accompanying drawings in conjunction with the above-described application scenario, and it should be noted that the above-described application scenario is only shown for the convenience of understanding the spirit and principle of the present application, and the embodiment of the present application is not limited in any way in this respect.

Referring to fig. 2, a flow chart of a recording method of an audit log according to an embodiment of the present application is shown. In order to facilitate the following description of the method, the implementation steps of each method will be described below by taking the server as an execution subject of any method. As shown in fig. 2, the server may perform the following operations when performing the recording of the audit log:

step S201: in the running process of the target process, recording each piece of original log information generated by the target process, wherein the original log information comprises: first description information of a system task executed by a target process.

The target process refers to any process that needs to be invoked when the server runs a certain system or a certain application, and the any process may be one or more of the systems, which is not limited in the present application.

For example, assuming that the relational database, postgreSQL, is running in the server, during the running of the database, the server needs to call a plurality of processes to complete the stable running of the database, and any one or more of the plurality of processes may be the target process in step S201 of the present application. When the target process executes a certain system task in the database operation process, the server can record first description information of the target process when executing the system task, and the first description information is used as original log information generated by the target process in the operation process.

The original log information refers to all log information generated by any process in the running process. Correspondingly, the target log information provided in the embodiment of the present application includes: any process receives the operation instruction, and responds to the log information of the second description information of the system task executed by the operation instruction. In other words, as shown in fig. 3, the original log information is all log information generated in any process, and the target log information is part of the original log information generated based on a specific condition.

In step S201, the server needs to record the generated original log information, and for the original log information, the server may store the original log information in a buffer area in a buffer manner, so as to extract information when generating a corresponding log later. When recording these original log information, the server may record each time when the target process generates a piece of log information in real time, or may record the log information generated in a certain time interval at one time according to a certain time interval, which is not limited in the present application.

Step S202: transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information, the target log information comprising: the target process responds to the second descriptive information of the system task executed by the operation instruction.

As described above, the target log information is a part of the original log information, and is generated by a specific condition, and the specific generation cause is the log information generated after the target process executes the system task in response to the operation instruction.

Taking the PostgreSQL database mentioned above as an example, when an operator performs any operation on the database, the server can generate corresponding target log information.

For example, when an operator issues an operation instruction to data to instruct the database to create a data table, the server may generate corresponding target log information for recording the operation, where the generated target log information includes second description information of a system task executed by the target in response to the operation instruction. Specifically, the information may be information of the operator who makes the operation instruction, details in the operation instruction, an operation object corresponding to the operation instruction, and the like. Therefore, the source of the operation instruction and the information such as the influence of the target process on the system after responding to the operation instruction are recorded in the target log information, and after the audit log is generated subsequently, a developer can determine whether the system operation is problematic due to the operation instruction input externally by checking the information in the audit log.

In one possible implementation, the target log information may further include information about the operation instruction. In order to clarify various kinds of information that may be contained in the target log, various information types in the target log information will be exemplified below, respectively. It should be clear that the following description of various types of information included in the target log information is only for illustration, and in the actual target log information generation, the types of information specifically included in the target log information may be defined by a preset configuration, and the present application does not limit the specific combination thereof.

Firstly, recording time of a log, wherein the information is used for indicating the recorded time of target log information, the format of a corresponding value can be limited by a character string type, and the character strings do not contain a character string type of brackets; secondly, an operation user name is used for recording the name of a user sending an operation instruction to the system, a database name is used for indicating which database the operation object indicated by the operation instruction corresponds to when the system is a PostgreSQL database, and the format of the value corresponding to the information types is a character string type; next, information indicating the time at which the execution of the operation instruction starts, such as a statement execution start time stamp (in seconds) and an execution start time precision supplement (in microseconds); then, a session identification number (ID) is used to uniquely identify the operation instruction, and an execution status code is used to indicate the completion status of the operation instruction, which may be represented by a five-digit number, for example, 00000 may indicate that the operation instruction is executed successfully.

When the target process receiving the operation instruction is a process running the PostgreSQL database, the target log information may further include the following types of information:

A structured query language (Structured Query Language, SQL) type for indicating the type of SQL statement that may be included in the operation instruction; an object type indicating a type of an object operated by the operation instruction; an object name indicating a name of an object operated by the operation instruction; statement parameter values indicating information of parameters contained in statements in the operation instruction; the number of influencing rows is used to indicate the number of influencing rows of the data in the database by the operation instructions in the operation instructions, for example, the number of rows returned in response to the SQL statement is denoted by "SELECT" and the number of rows added/modified/deleted to the data in the database is denoted by "INSERT/UPDATE/DELETE".

In addition, in addition to the above information, the target log information may include time-consuming information of the target process in response to the operation instruction, error information for indicating an execution error of the operation instruction, and the like.

For example, when the target process receives an SQL statement (assuming that table 2 is indicated as being generated, but table 2 is already present in the database), then the corresponding error information indicating the error is recorded in the corresponding generated target log information.

The above is an introduction of information possibly contained in the target log information, and in the running process of the target process, the server may determine whether the original log information generated by the target process is the target log information defined above in several different manners. The method comprises the steps that firstly, each time a target process generates an original log message, a server judges the original log message and determines whether the original log message is the target log message or not; and secondly, when the number of the original log information generated by the target process reaches a preset requirement, judging the original log information at one time, and determining whether at least one target log information exists.

Regardless of the manner in which the target log information is determined, the determination of the target log information may be performed in the same manner. For example, in the generated original log information, the target process may add a determination identifier indicating whether the original log information is the target log information, and when the server determines that the determination identifier in the original log information indicates that the original log information is the target log information, it may determine whether the log information is the target log information.

In this way, the server can transmit at least one target log information to the audit log process each time it is determined that the target log information exists in the original log information, and as shown in fig. 4, the audit log process is a process dedicated to storing the audit log independent of the original log process of the system. Based on the audit log, after completing the recording of the target log information containing the combination of any type of information, the server also needs to perform the following operations:

Step S203: and calling an audit log process, respectively generating corresponding audit logs based on at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

And after transmitting at least one audit log information to the audit log process, the server can call the audit log process to finish the storage of the target log information. Specifically, based on the obtained at least one target log information, the server may call the audit log process to generate audit logs corresponding to the target log information, respectively, and then store the obtained at least one audit log into the designated audit log set.

For example, when a certain system user makes an operation instruction for searching data from a table t in a database, a corresponding target process generates corresponding target log information while the corresponding target process returns data to the system user in response to the operation instruction, and an audit log process can generate a corresponding audit log as shown in the following through the generated target log information:

2023-05-31 08:47:59.497

UTC,”postgres”,”[local]”,168552879,494035,647709b6.69ae,00000,”SELECT”,”TABLE”,”public.t”,”select*from t;”,,0,1.683000,

and then the audit log process can store the audit log into a designated audit log set.

In one possible manner, the above-mentioned method for recording the audit log may be divided into an automatic opening manner and a manual opening manner. For example, when an automatic opening mode is adopted, during the running process of the system, every time when a system operator sends an operation instruction to the system, an audit log is recorded in the mode. For another example, when a manual opening mode is adopted, a system operator can select whether to perform individual recording of the audit log or not through a display interface.

While the above describes a recording manner of the audit log, in addition to the recording of the audit log, the recording of the original log generated by the target process needs to be described. In the embodiment of the application, the following two possible ways are provided, so that the server can complete the recording of the original log.

Mode one, recording all original log information

Referring to fig. 5, a flowchart of a method for recording original log information according to an embodiment of the present application is shown in fig. 5, and in a first mode, after the server completes recording of the original log information generated in the running process of the target process, the server needs to execute the following operations:

step S501: transmitting each original log information to an original log process;

step S502: calling an original log process, respectively generating corresponding original logs based on the original log information, and storing the obtained original logs into a designated original log set.

In this manner, it is proposed that the logging of the original log also requires the server to call the original log process to complete. As shown in fig. 6, in this manner, all original log information is transmitted to an original log process to generate and store an original log, and the execution content of the original log is not different from that of a general log recording manner, so that the original log process in this manner can directly adopt the general original log process to realize complete recording of all original logs. And all original logs can be saved into the designated original log set, so that a completely non-missing log set can be provided when the logs are searched later. The original log set and the audit log set are the same set for storing logs, and the specific expression form of the original log set and the audit log set can be text files or table files and the like, so that the application is not limited to the text files or the table files.

In this way, in the method, the logs recorded in the original log set are all logs including the audit logs and other common logs except the audit logs, so that the existing log recording process is fully utilized, the implementation method is simple and convenient, and the problem that log information is not missed is ensured.

Mode two, recording partial original log information

Referring to fig. 7, a flowchart of another recording method of original log information provided by an embodiment of the present application is shown in fig. 7, and in a second mode, after the server completes recording of the original log information generated in the running process of the target process, the server further needs to execute the following operations:

step S701: transmitting other log information except at least one target log information in each original log information to an original log process;

step S702: and calling the original log process, respectively generating corresponding original logs based on other log information, and storing the obtained original logs into a designated original log set.

As shown in fig. 8, in this embodiment, not all original log information is stored, but the other log information except the target log information is stored separately from the original log information. Therefore, in the process of transmitting the log information to the original log process, according to the manner provided by the embodiment of the application, in the original log information, the judgment mark is judged, so that other log information which is indicated by the judgment mark and is not the target log information is found out, and the other log information is further transmitted to the original log process, so that the original log process generates and stores the corresponding original log based on the other log information.

Therefore, the original log set obtained in the second mode only contains the original log which is not the audit log, and the ordinary log and the audit log are further distinguished, so that the subsequent log consulting efficiency is improved when the log is consulted.

As can be seen from the above description, in the log recording manner provided by the embodiment of the present application, there are two processes for log recording, namely, an audit log process for recording an audit log and an original log process for recording an original log.

The architecture of the two processes and the target process is shown in fig. 9, which is communicatively connected with the target process, and the target process may represent a number of possible processes with different numbers. In the application, when a user sends an operation instruction to a system to perform any operation, a server can acquire the audit log information related to the operation instruction, then the audit log information is transmitted to an audit log process, and then the audit log process converts the audit log information into an audit log and stores the audit log information in an audit log set. Meanwhile, the audit log information can be used as original log information to be transmitted to an original log process, and the original log is generated by the original log process and then stored into an original log set. When the system does not receive the operation instruction for automatic operation, the original log information generated by the system can be generated and stored by the original log process.

The above describes a recording manner of the audit log and the original log provided by the embodiment of the present application, and in particular, in the recording manner, other technical effects may also be achieved through different schemes.

Alternatively, in recording the target log information in the original log information, the server may implement recording the second description information in the following manner:

referring to fig. 10, a flowchart of a method for recording target log information according to an embodiment of the present application is shown. As shown in fig. 10, the method is specifically implemented as follows:

step S1001: when the target process responds to the operation instruction to execute the system task, acquiring second description information of the system task executed by the target process; wherein the second description information at least comprises at least one of the following: the method comprises the steps of an instruction source of an operation instruction, an operation object of the operation instruction, instruction content of the operation instruction and an execution result of the operation instruction;

step S1002: and recording the obtained second description information to target log information in the original log information.

In this manner, when the target process executes the system task in response to the operation instruction, the server correspondingly acquires the second description information to determine the corresponding target log information.

While for the specific recording format of the target log information, a schematic format as shown in fig. 11 may be employed. In the header (header) of the target log information, the pid may indicate the identity number of the process from which the target log information originates, and is_last represents the above mentioned judgment identifier, which is used to indicate whether the log information is the target log information.

Further, when the second description information further includes an execution duration for indicating that the target process responds to the operation instruction, the operation shown in fig. 12 may be specifically executed when the second description information of the system task executed by the target process is obtained in step S1001 described above:

step S1201: acquiring a first time point when the target process receives the operation instruction and acquiring a second time point when the target process finishes processing the operation instruction;

step S1202: and acquiring the execution time length of the target process responding to the operation instruction based on the first time point and the second time point.

In this way, the embodiment of the application newly increases the calculation of the execution time length, and newly increases the information of the execution time length in the target log information, thereby defining the response time of the target process to the operation instruction.

Meanwhile, in a common target log information recording mode, because the system is required to generate corresponding target log information after completing response to the operation instruction, when an error occurs in execution of the operation instruction or the target process is suddenly interrupted by a user, the situation that the related information of the corresponding operation instruction is not recorded by audit log information can occur. In this regard, the embodiment of the present application provides a manner as shown in fig. 13, so as to avoid the foregoing audit log information leakage. The method comprises the following specific implementation steps:

step S1301: if the target process is determined to be responding to the operation instruction and the expected response result cannot be obtained when the system task is executed, corresponding execution error information is obtained; wherein, the executing error information includes: describing information of a target process error execution system task;

step S1302: and recording the execution error information to target log information in the original log information.

The failure to obtain the expected response result indicates that the operation execution instruction is wrong or the target process is suddenly interrupted or closed when the target process responds to the operation instruction.

When such a situation occurs, the server may generate corresponding execution error information based on the exception handling logic, then obtain corresponding target log information based on the execution error information, and then transmit to the audit log process, as shown in fig. 14A. At this time, since the information of the error occurrence of the execution of the operation instruction is not recorded in the original log information but is recorded in the audit log information separately by the server in the manner shown in fig. 13, the inclusion relationship as shown in fig. 14B will be presented between the original log information and the audit log information.

Optionally, in the face of some log information with excessive content, the log information can be divided into a plurality of blocks (chunk) to be sent, so that the situation that a single log information sends excessive content to cause packet loss and even breakdown is reduced.

Referring to fig. 15A, a flowchart of a method for transmitting target log information according to an embodiment of the present application is shown in fig. 15A, where the method specifically includes the following implementation steps:

step S1501: if any one of the at least one target log information is determined, splitting the any one target log information into a plurality of sub-log information corresponding to the any one target log information if the occupied transmission bytes exceed a first threshold; wherein the transmission bytes occupied by the sub-log information are smaller than a second threshold.

The setting of the first threshold and the second threshold can be uniformly configured by a user through GUC parameters, and specific values of the first threshold and the second threshold can be set according to the use requirement of the user.

Step S1502: and respectively transmitting the sub-log information to the audit log process.

After the transmission is completed, the server may generate an audit log corresponding to any one of the target logs based on each of the plurality of sub-log information.

When the content contained in a certain piece of log information is excessive, and the transmission bytes required for transmitting the log information exceed a first threshold value, the server splits the log into a plurality of pieces of sub-log information, and then transmits the plurality of pieces of sub-log information to an audit log process in a chunk form; then the server recalls the audit log process and combines the pieces of sub-log information to generate an audit log corresponding to the original log information.

For example, in a particular implementation application, the server may assemble the corresponding chunk based on the pid in the log message as each sub-log information is transmitted in the format of FIG. 11 as described above. And, the value of the is_last position in the log information in the format can also be used for indicating the corresponding relation between the sub-log information and the target log information, namely, when the value of the trunk at the is_last position is received, the server can determine that the log information is completely received, so as to generate the corresponding audit log.

In addition, as shown in fig. 15B, in the transmission process of the target log information, the audit log process may not only receive the target log information transmitted by one target process (may be transmitted by adopting a plurality of sub-log information modes), but also receive the target log information generated by any other possible process at the same time, and only needs to use the pid corresponding to the process in the target log information to identify the source of the target log information, so that the audit log can receive the target log information from different processes at the same time. It should be noted that, the number of target processes, the number of target log information, and the number of corresponding sub-log information in one target log information in fig. 15B are all illustrated, which is not limited by the present application.

While various possible embodiments have been described above in the process of transmitting the target log information to the audit log, the server may also implement the storage of the audit log by performing the operation steps shown in fig. 16 when the audit log performs the corresponding storage operation on the audit log.

Referring to fig. 16, a flow chart of a method for storing an audit log according to an embodiment of the present application is shown in fig. 16, and the method specifically includes the following implementation steps:

step S1601: acquiring preset audit log configuration parameters; wherein the audit log configuration parameters include at least: the set identification and the set update period.

For example, in the practical application process, the audit log configuration parameters may be specifically set by the GUC parameters, where the audit log configuration parameters may include not only a set identifier and a set update period, but also one or more of the following: audit log buffer size (audio_log_buffer_size), audit log folder (audio_log_direction), and creating a new audit log file (audio_log_rotation_size) after a specified time and/or a current file after a specified size may be included in the aggregate update period.

It should be noted that, specific values in these configuration parameters may be configured by the user according to the usage requirement thereof through the GUC parameters, which is not limited by the present application.

Step S1602: and calling the audit log process, and respectively generating corresponding audit logs based on the at least one target log information.

In this step, the server may perform corresponding processing for the target log information according to the above-mentioned configuration parameter, that is, the size of the audit log buffer. For example, the audit log process may adopt a full buffer mode (IOFBF), and after the buffer is completely written, the audit log generated corresponding to the target log information is stored in the designated audit log set, so that the number of times of disk brushing is reduced, and the service time of the audit log can be effectively prolonged. Or, the audit log process can also adopt a line buffer mode (IOLBF), and the operation of brushing the disk is carried out after one line in the buffer area is fully written, so that the log can be timely saved in the audit log set, and the problem that the buffer is cleared and log information is lost due to unexpected power failure and other conditions is avoided.

Step S1603: and based on the set identifier, respectively storing the obtained at least one audit log into an audit log set corresponding to the set identifier.

In the step, after the audit log process generates the audit log, the audit log can be saved according to the set identifier indicated in the preconfigured audit log configuration parameters and the address stored in the set.

Step S1604: and based on the set updating period, periodically deleting the audit log with the storage duration reaching the set updating period from the audit log set.

For example, the server may process audit logs in a collection of audit logs differently for collection update periods containing different content. For example, when the collection update period includes creating a new audit log file after exceeding a specified time, the corresponding value is the maximum storage time of the audit log, and the server can delete the audit log when the audit log with the storage time reaching the preset maximum storage time exists in the audit log collection. Or when the set updating period comprises that the current file exceeds the designated size, a new audit log file is created, the corresponding value is the size threshold value of the audit log set, and when the size of the audit log set is larger than the threshold value, the audit log with the longest storage time in the audit log set can be deleted.

In order to facilitate understanding of implementation of the foregoing manner, the foregoing manner of recording the audit log is described by combining the foregoing various embodiments.

Referring to fig. 17, a logic schematic diagram of an audit log recording method provided by an embodiment of the present application is shown in fig. 17, when a user issues an operation instruction to a system, each target process running in the system may execute some system tasks in response to the operation instruction, so that a target process executing a task in the system may correspondingly generate some log information, and these log information may be simultaneously used as target log information and original log information and sent to the audit log process and the original log process respectively, so that both processes respectively store the target log information and the original log information, thereby obtaining an audit log set in which audit logs are separately stored and an original log set in which all original logs are stored. Meanwhile, in the transmission process of each log information, when the content of a certain log information is too large, for example, the target log information a and the target log information c can be split, so that the target log information can be transmitted to the corresponding log process in blocks, and the condition that the content is too large in single transmission is avoided.

Based on the same inventive concept, the embodiment of the present application further provides an audit log recording apparatus, referring to fig. 18, which is a schematic structural diagram of the audit log recording apparatus provided in the embodiment of the present application, where the apparatus may be the terminal device or the server or a chip or an integrated circuit thereof, and the apparatus includes a module/unit/technical means for executing the method executed by the terminal device or the server in the foregoing method embodiment.

Illustratively, the apparatus 1800 includes:

the recording module 1801 is configured to record, during an operation of the target process, each piece of original log information generated by the target process; the original log information includes: first description information of a system task executed by a target process;

the processing module 1802 is configured to transmit at least one target log information to an audit log process when at least one target log information exists in each original log information; the target log information includes: second descriptive information of a system task executed by the target process in response to the operation instruction;

and the storage module 1803 is used for calling an audit log process, respectively generating corresponding audit logs based on at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

In a possible implementation manner, the storage module 1803 is configured to invoke an audit log process, generate corresponding audit logs based on at least one target log information, and store the obtained at least one audit log to a specified audit log set, where the method is specifically configured to:

In one possible implementation, the recording module 1801 is configured to, when recording each piece of original log information generated by the target process, specifically:

the recording module 1801 is configured to, when obtaining the second description information of the system task executed by the target process, specifically:

In one possible implementation, the recording module 1801 is configured to, during running of the target process, record each piece of original log information generated by the target process, and further is configured to:

In one possible implementation, the processing module 1802, when configured to transmit at least one target log information to an audit log process, is further configured to:

transmitting the sub-log information to an audit log process respectively;

In one possible implementation, the recording module 1801 is further configured, after being configured to record, during the running of the target process, each piece of original log information generated by the target process, to:

transmitting each original log information to an original log process;

Based on the same inventive concept, the embodiment of the application also provides electronic equipment. In one possible implementation, the electronic device may be a server, such as server 102 shown in FIG. 1. In this embodiment, the electronic device 1900 may include at least a memory 1901, a communication module 1903, and at least one processor 1902, as shown in fig. 19.

A memory 1901 for storing computer programs for execution by the processor 1902. The memory 1901 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, programs required for running an instant communication function, and the like; the storage data area can store various instant messaging information, operation instruction sets and the like.

The memory 1901 may be a volatile memory (RAM) such as a random-access memory (RAM); the memory 1901 may also be a nonvolatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a hard disk (HDD) or a Solid State Drive (SSD); or memory 1901, is any other medium that can be used to carry or store a desired computer program in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 1901 may be a combination of the above memories.

The processor 1902 may include one or more central processing units (central processing unit, CPU) or digital processing units, or the like. Processor 1902 is configured to implement the above-described method for recording audit logs when calling a computer program stored in memory 1901.

The communication module 1903 is used for communicating with a terminal device and other servers.

The specific connection medium between the memory 1901, the communication module 1903, and the processor 1902 is not limited in the embodiment of the present application. The embodiment of the present application is shown in fig. 19, where the memory 1901 and the processor 1902 are connected by a bus 1904, where the bus 1904 is depicted in bold in fig. 19, and the connection between other components is merely illustrative and not limiting. The bus 1904 may be divided into an address bus, a data bus, a control bus, and the like. For ease of description, only one thick line is depicted in fig. 19, but only one bus or one type of bus is not depicted.

The memory 1901 stores a computer storage medium in which computer-executable instructions for implementing the recording method of the audit log according to the embodiment of the present application are stored. The processor 1902 is configured to perform the above-described method of logging audit logs.

In another embodiment, the electronic device may also be other electronic devices, such as the terminal device 101 shown in fig. 1. In this embodiment, the structure of the electronic device may include, as shown in fig. 20: communication assembly 2010, memory 2020, display unit 2030, camera 2040, sensor 2050, audio circuit 2060, bluetooth module 2070, processor 2080 and the like.

The communication component 2010 is for communicating with a server. In some embodiments, a circuit wireless fidelity (Wireless Fidelity, wiFi) module may be included, where the WiFi module belongs to a short-range wireless transmission technology, and the electronic device may help the object to send and receive information through the WiFi module.

Memory 2020 may be used for storing software programs and data. The processor 2080 executes various functions and data processing of the terminal device 101 by executing software programs or data stored in the memory 2020. The memory 2020 may include high-speed random access memory and may also include non-volatile memory such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. The memory 2020 stores an operating system that enables the terminal device 101 to operate. The memory 2020 may store an operating system and various application programs, and may also store a computer program for executing the method for matching a target vehicle according to the embodiment of the present application.

The display unit 2030 may also be used for displaying information input by an object or information provided to the object and a graphical user interface (graphical user interface, GUI) of various menus of the terminal apparatus 101. Specifically, the display unit 2030 may include a display screen 2032 provided on the front surface of the terminal apparatus 101. The display 2032 may be configured in the form of a liquid crystal display, light emitting diodes, or the like. The display unit 2030 may be used for displaying a defect detection interface, a model training interface, and the like in the embodiment of the application.

The display unit 2030 may also be used for receiving input numeric or character information, generating signal inputs related to object settings and function control of the terminal apparatus 101, and in particular, the display unit 2030 may include a touch screen 2031 provided on the front surface of the terminal apparatus 101, and may collect touch operations on or near the object, such as clicking buttons, dragging scroll boxes, and the like.

The touch screen 2031 may be covered on the display screen 2032, or the touch screen 2031 and the display screen 2032 may be integrated to implement input and output functions of the physical terminal device 101, and after integration, the touch screen may be simply referred to as a touch screen. The display unit 2030 may display an application program and corresponding operation steps in the present application.

The camera 2040 may be used to capture still images, and the subject may post images captured by the camera 2040 through an application. The camera 2040 may be one or a plurality of cameras. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (charge coupled device, CCD) or a Complementary Metal Oxide Semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, which is then transferred to the processor 2080 for conversion into a digital image signal.

The physical terminal device may further comprise at least one sensor 2050, such as an acceleration sensor 2051, a distance sensor 2052, a fingerprint sensor 2053, a temperature sensor 2054. The terminal device may also be configured with other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, light sensors, motion sensors, and the like.

The audio circuitry 2060, speaker 2061, microphone 2062 may provide an audio interface between the subject and the terminal device 101. The audio circuit 2060 may transmit the received electrical signal converted from audio data to the speaker 2061, and be converted into a sound signal by the speaker 2061 to be output. The physical terminal device 101 may also be configured with a volume button for adjusting the volume of the sound signal. On the other hand, the microphone 2062 converts the collected sound signal into an electrical signal, receives it by the audio circuit 2060 and converts it into audio data, which is then output to the communication component 2010 for transmission to, for example, another physical terminal device 101, or to the memory 2020 for further processing.

The bluetooth module 2070 is used for exchanging information with other bluetooth devices having a bluetooth module through a bluetooth protocol. For example, the physical terminal device may establish a bluetooth connection with a wearable electronic device (e.g., a smart watch) that also has a bluetooth module through the bluetooth module 2070, so as to perform data interaction.

The processor 2080 is a control center of the physical terminal device, connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the terminal device and processes data by running or executing software programs stored in the memory 2020, and calling data stored in the memory 2020. In some embodiments, the processor 2080 may include one or more processing units; the processor 2080 may also integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., and a baseband processor that primarily handles wireless communications. It will be appreciated that the baseband processor described above may not be integrated into the processor 2080. The processor 2080 of the present application may run an operating system, an application, a user interface display, and a touch response, as well as a method for matching a target vehicle according to an embodiment of the present application. In addition, the processor 2080 is coupled to the display unit 2030.

It should be noted that, in the specific embodiment of the present application, the object data related to the predicted physical location model and the like is referred to, and when the above embodiments of the present application are applied to specific products or technologies, the object permission or consent is required to be obtained, and the collection, use and processing of the related data are required to comply with the related laws and regulations and standards of the related countries and regions.

In some possible embodiments, aspects of the method of matching a target vehicle provided by the present application may also be implemented in the form of a program product comprising a computer program for causing a computing electronic device to carry out the steps of the method of matching a target vehicle according to the various exemplary embodiments of the application as described herein above when the program product is run on the electronic device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The program product of embodiments of the present application may take the form of a portable compact disc read only memory (CD-ROM) and comprise a computer program and may be run on an electronic device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with a command execution system, apparatus, or device.

The readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave in which a readable computer program is embodied. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with a command execution system, apparatus, or device.

A computer program embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer programs for performing the operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer program may execute entirely on the consumer electronic device, partly on the consumer electronic device, as a stand-alone software package, partly on the consumer electronic device and partly on the remote electronic device or entirely on the remote electronic device. In the case of remote electronic devices, the remote electronic device may be connected to the consumer electronic device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external electronic device (e.g., connected through the internet using an internet service provider).

It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functions of two or more of the elements described above may be embodied in one element in accordance with embodiments of the present application. Conversely, the features and functions of one unit described above may be further divided into a plurality of units to be embodied.

Furthermore, although the operations of the methods of the present application are depicted in the drawings in a particular order, this is not required to either imply that the operations must be performed in that particular order or that all of the illustrated operations be performed to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims

1. A method of recording an audit log, the method comprising:

in the running process of a target process, recording each original log information generated by the target process; the original log information includes: first description information of a system task executed by the target process;

transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information; the target log information includes: the target process responds to second description information of the system task executed by the operation instruction;

and calling the audit log process, respectively generating corresponding audit logs based on the at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

2. The method of claim 1, wherein the invoking the audit log process, generating respective audit logs based on the at least one target log information, and saving the obtained at least one audit log to a specified audit log set, comprises:

acquiring preset audit log configuration parameters; wherein the audit log configuration parameters include at least: set identification and set update period;

Invoking the audit log process, and respectively generating corresponding audit logs based on the at least one target log information;

and based on the set updating period, periodically deleting the audit log with the storage duration reaching the set updating period from the audit log set.

3. The method of claim 1, wherein said recording each original log information generated by said target process comprises:

when the target process responds to an operation instruction to execute a system task, acquiring second description information of the system task executed by the target process; wherein the second description information at least comprises at least one of the following: the instruction source of the operation instruction, the operation object of the operation instruction, the instruction content of the operation instruction and the execution result of the operation instruction;

4. The method of claim 3, wherein the second description information further includes an execution duration;

The obtaining the second description information of the system task executed by the target process includes:

and acquiring the execution time of the target process responding to the operation instruction based on the first time point and the second time point.

5. The method as set forth in claim 1, wherein when recording each original log information generated by the target process during the running of the target process, the method further comprises:

if the target process is determined to be responding to the operation instruction and the expected response result cannot be obtained when the system task is executed, corresponding execution error information is obtained; wherein the execution error information includes: the target process executes the description information of the system task in error;

6. The method of any of claims 1-5, wherein the transmitting the at least one target log information to an audit log process further comprises:

If any one of the at least one target log information is determined, splitting the any one of the at least one target log information into a plurality of sub-log information corresponding to the any one of the target log information if the occupied transmission bytes exceed a first threshold; wherein, the transmission bytes occupied by the sub-log information are smaller than a second threshold value;

transmitting a plurality of sub-log information to the audit log process respectively;

the step of generating the corresponding audit logs based on the at least one target log information respectively further comprises:

7. The method of any of claims 1-5, wherein after recording each original log information generated by the target process during the running of the target process, the method further comprises:

transmitting each original log information to an original log process;

and calling the original log process, respectively generating corresponding original logs based on the original log information, and storing the obtained original logs into a designated original log set.

8. The method of any of claims 1-5, wherein after recording each original log information generated by the target process during the running of the target process, the method further comprises:

transmitting other log information except the at least one target log information in the original log information to an original log process;

and calling the original log process, respectively generating corresponding original logs based on the other log information, and storing the obtained original logs into a designated original log set.

9. An audit log recording apparatus, the apparatus comprising:

the recording module is used for recording each original log information generated by the target process in the running process of the target process; the original log information includes: first description information of a system task executed by the target process;

the processing module is used for transmitting at least one target log information to an audit log process when the at least one target log information exists in each original log information; the target log information includes: the target process responds to second description information of the system task executed by the operation instruction;

And the storage module is used for calling the audit log process, respectively generating corresponding audit logs based on the at least one target log information, and storing the obtained at least one audit log into a designated audit log set.

10. An electronic device comprising a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1-8.

11. A computer readable storage medium, characterized in that it comprises a program code for causing a computing device to perform the steps of the method of any of claims 1-8, when said program code is run on said computing device.

12. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of any of claims 1-8.