CN1567182A - Journal log register system and method thereof - Google Patents
Journal log register system and method thereof Download PDFInfo
- Publication number
- CN1567182A CN1567182A CN 03126955 CN03126955A CN1567182A CN 1567182 A CN1567182 A CN 1567182A CN 03126955 CN03126955 CN 03126955 CN 03126955 A CN03126955 A CN 03126955A CN 1567182 A CN1567182 A CN 1567182A
- Authority
- CN
- China
- Prior art keywords
- log
- log information
- demons
- record system
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
This invention provides a log record system and a log record method. The log record system comprises: several log information source used to generate log information; a event logging lib used to format the log information; an event logging daemon used to deliver log information; several log information destinations used to receive log information. Wherein, all the log information need to pass the above log daemon and are transmitted to the above log information destinations by the above log information source. The log record system can change the current log records priority order through amending configuration files and conveniently increase and decrease the contents of the log information.
Description
[technical field]
The present invention is about a kind of diary record system and method, especially about a kind of diary record system and method applicable to the heterogeneous networks InterWorking Equipment.
[background technology]
Along with networks development, network interconnection device is also increasing, as bridge, switch, router, gateway etc.The network user is by network interconnection device access region net (as Intranet or campus network) or wide area network (as Internet).So network interconnection device occupies core position in network, in case they break down, network can't move.And with target of attack equipment, system or network, this moment, network interconnection device became hacker's invasion approach to common hacker by network interconnection device.
For guaranteeing that network interconnection device can normally move to guarantee stability of network, a kind of existing method is to set up a kind of diary record system that is applicable to network interconnection device.The variety of event that this diary record system can take place in every day by special-purpose software program record network interconnection device.By this diary record system, the system manager can observe the running status of network interconnection device at any time, can check its wrong reason that takes place, the invasion record that also traceable hacker stays etc.As seen, diary record system is significant for the reliability and the security of network interconnection device.
Because the variety of event that existing diary record system record network interconnection device took place in every day, thereby cause the content that writes down various, resource cost is big.Simultaneously, because resource cost is big, the incident that grade is low more is not easy to go on record more, thereby causes the low necessary incident of some grade to fail to be recorded.
[summary of the invention]
It is a kind of by revising the diary record system of configuration file with the priority level of change current record log information that fundamental purpose of the present invention is to provide.
Another object of the present invention is to provide a kind of log recording method applicable to above-mentioned diary record system.
In order to realize purpose of the present invention, the invention provides a kind of diary record system, it is applicable to the heterogeneous networks InterWorking Equipment.This diary record system can be divided into three layers from outside to inside: application layer, demons layer and inner nuclear layer.Application layer includes an application program of user, a JournalRecord Hook (Hook), a file system, a mailing system and remote events daily record demons (Remote Event Logging Daemon).Wherein, application program is the log information source, and file system and mailing system are the log information destinations, JournalRecord Hook and remote events daily record demons be the log information source also be the log information destination.Each of demons layer formed the log information that is mainly sent by the log information source in order to reception, and perhaps Distribution Log information is to daily record information destination.The demons layer includes an event log storehouse (Event Logging Lib), core-log demons (Klogd Daemon), event log demons (EventLogging Daemon) and a buffer zone (Internal Buffer).Wherein, the event log demons can dynamically be set up a UNIX territory socket (UMX Domain Socket) or an INET socket (Internet Socket) according to demand.Buffer zone be the log information source also be the log information destination, it is in order to store formatted log information.Inner nuclear layer includes a kernel module, and this kernel module is the log information source.
The present invention further provides a kind of log recording method, it is applicable to above-mentioned diary record system, and it comprises the steps: that (a) log information source sends log information; (b) the event log demons receive log information; (c) event log demons Distribution Log information is to daily record information destination.Wherein, step (a) also comprises the priority level of selection log information destination, log information source and log information.When the log information source is an application program, JournalRecord Hook or kernel module in the step (a), comprise the steps: that also (a1) log information source sends log information to the event log storehouse; (a2) this log information of event log library formatization.Comprise the steps: also in the step (b) that (b10) event log demons set up a UNIX territory socket; (b12) the event log demons are monitored log information by this UNIX territory socket; (b14) the event log storehouse sends formatted log information to the event log demons by this UNIX territory socket.As log information source in the step (a) is kernel module, and step (a1) comprises that also the core-log demons transmit the log information that sent by kernel module to the event log storehouse.When the log information source was remote events daily record demons in the step (a), step (b) comprised the steps: that also (b20) event log demons set up an INET socket; (b22) the event log demons are monitored long-range log information by this INET socket; (b24) remote events daily record demons send long-range log information to the event log demons by this INET socket.
Compare the variety of event that existing diary record system record network interconnection device took place in every day, because the present invention is mainly by sending log information and the resource cost situation of local daily record is monitored to other network interconnection device, do not take a lot of resources and note necessary log information thereby reach.And the present invention can pass through to revise the priority level of configuration file with change current record log information, thereby can increase or reduce the content of log information easily.
[description of drawings]
Fig. 1 is the data flowchart of diary record system of the present invention.
Fig. 2 is the method operation process chart that diary record system of the present invention writes down local log information.
Fig. 3 is the method operation process chart of diary record system record kernel module log information of the present invention.
Fig. 4 is the method operation process chart of diary record system log buffer log information of the present invention.
Fig. 5 is the method operation process chart that diary record system of the present invention writes down long-range log information.
[embodiment]
Consulting Fig. 1, is the data flowchart of diary record system 5 of the present invention.Diary record system 5 of the present invention is based on the embedded software system of Linux environment.This diary record system 5 can be divided into three layers from outside to inside: application layer, demons layer and inner nuclear layer.Application layer includes an application program of user 50, a JournalRecord Hook 51, a file system 52, a mailing system 53 and remote events daily record demons 58.Wherein, application program 50 is log information sources, and file system 52 and mailing system 53 are log information destinations, JournalRecord Hook 51 and remote events daily record demons 58 be the log information source also be the log information destination.Each of demons layer formed the log information that is mainly sent by the log information source in order to reception, and perhaps Distribution Log information is to daily record information destination.The demons layer includes an event log storehouse 54, core-log demons 55, event log demons 57 and a buffer zone 59.Wherein, event log demons 57 can dynamically be set up a UNIX territory socket 570 or an INET socket 572 according to demand.Buffer zone 59 be the log information source also be the log information destination, it is in order to store formatted log information.Inner nuclear layer includes a kernel module 56, and this kernel module 56 is log information sources.
During these diary record system 5 runnings, send log information by the log information source.According to the difference in log information source, the data flow of diary record system 5 is different.When the daily record information source was application program 50, JournalRecord Hook 51 or kernel module 56, the log information source was selected log information destination and log information priority level earlier, sends log information then to event log storehouse 54.After receiving log information, event log storehouse 54 these log informations of format, and by the UNIX territory socket 570 set up by event log demons 57 to send formatted log information.After event log demons 57 are received formatted log information, the situation of the configuration file that has been provided with according to the user (figure does not show), formatted log information is distributed to each log information destination, as JournalRecord Hook 51, file system 52 or buffer zone 59 etc.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.Wherein, when the daily record information source was kernel module 56, kernel module 56 needed to transmit log information to event log storehouse 54 by core-log demons 55.
When the daily record information source was remote events daily record demons 58, remote events daily record demons 58 were selected log information destination and log information priority level.After selection finished, by the INET socket of being set up by event log demons 57 572, remote events daily record demons 58 sent log information to event log demons 57.After event log demons 57 were received formatted log information, the situation of the configuration file that has been provided with according to the user was distributed to each log information destination with formatted log information, as JournalRecord Hook 51, file system 52 or buffer zone 59 etc.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.
When the daily record information source was buffer zone 59, because buffer zone 59 is in order to storing formatted log information, so it directly sent formatted log information to event log demons 57.After event log demons 57 were received formatted log information, the situation of the configuration file that has been provided with according to the user was distributed to each log information destination with formatted log information, as JournalRecord Hook 51, file system 52 or mailing system 53 etc.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.
In the present embodiment, the data flow situation of event log demons Distribution Log information is different according to various objectives ground.If the log information destination is a file system or a control desk (Console), the event log demons will directly be write log information to file system or control desk; If the log information destination is a buffer zone, the event log demons will directly store log information to buffer zone; If the log information destination is a user, the event log demons will use Linux e-mail tool send Email to give the user; If the log information destination is a JournalRecord Hook, the event log demons will be set up a UNIX territory socket to send log information to the daily record hook; If the log information destination is remote events daily record demons, the event log demons will be set up an INET socket to send log information to remote events daily record demons.
In the present embodiment, the above-mentioned log information of format can have following form: Time:<Fac:fac_no〉<Pri:priv_no〉<Type:type_no 〉:<File:filename 〉: log_msg.Wherein, Time is the original time that log information produces.Type represents type of error, owing under identical Fac and Pri, the mistake that some need particularly point out may occur, as Errno commonly used in the C language, the Type value is generally 0.File is in order to indicate the address that log information produces.Log_msg is that the user wanted the suggestion content seen at that time.Fac is the log information source, and its value is as shown in table 1.Pri is the priority level of log information, and its value is as shown in table 2.
Table 1
| Keyword | Explanation |
| ????Daemon | The log information relevant with system daemons |
| ????Kern | The kernel module log information |
| ????Local0 | The FTP log information |
| ????Local1 | The HTTP log information |
| ????Local2 | The SMTP log information |
| ????Local3 | The IDS log information |
| ????Syslog | System log message |
| ????User | Log information by the user application generation |
Table 2
| Keyword | Priority level | Explanation | The Syslog definition |
| Emergencies | ????0 | System is unavailable | LOG_EMERG |
| Alerts | ????1 | The condition that need be modified immediately | LOG-ALERT |
| Critical | ????2 | The error condition that stops some instrument or subsystem function to be realized | LOG_CRIT |
| Errors | ????3 | Prevention instrument or some subsystem be the error condition of function realization partly | LOG_ERR |
| Warnings | ????4 | Early warning information | LOG_WARNING |
| Notifications | ????5 | Usual terms with importance | LOG_NOTICE |
| Informational | ????6 | The message of information is provided | LOG_INFO |
| Debugging | ????7 | The out of Memory that does not comprise function conditioned disjunction problem | LOG_DEBUG |
In the present embodiment, above-mentioned configuration file can have following form: Facility.SeverityActions.Wherein, Facility is the log information source, and it is worth shown in above-mentioned table 1.The default value of Facility be "
*", represent all log information sources.Severity is the priority level of log information, and it is worth shown in above-mentioned table 2.The Severity value can be "
*", represent any one priority level.Actions is the activity of handling log information, and its value is as shown in table 3.Configuration file is set in advance by the user, and its regulation is produced by Facility and priority level is the log information destination that the log information of Severity will be dispensed to the Actions appointment.The user can directly revise configuration file to determine that required log information obtains in the log information destination of appointment, also can be when registration (Register) JournalRecord Hook 51, (Application Program Interface API) revises configuration file to specify the log information destination indirectly by application programming interfaces.
Table 3
| ????Actions | Explanation |
| ????@hostname | Name of remote host |
| ????/dev/tty_name | The Tty file |
| ????|pipe_name | Named pipes |
| ????????M: | Buffer zone |
| ????????S: | The special UNIX territory socket that is used for JournalRecord Hook |
| ????User_name | Designated user |
| ???????? * | All users |
Consulting Fig. 2, is the method operation process chart of the local log information of diary record system 5 records of the present invention.Wherein, local log information source is application program 50 and JournalRecord Hook 51 (consulting Fig. 1).Event log demons 57 are set up a UNIX territory socket 570 (step S610).By this UNIX territory socket 570, event log demons 57 are monitored local log information (step S612).The priority level of log information destination and information is selected in local log information source, sends the log information selecting to finish then to event log storehouse 54 (step S614).After receiving log information, event log storehouse 54 format these log informations (step S616).Event log storehouse 54 is connected to UNIX territory socket 570 (step S618).By this UNIX territory socket 570, event log storehouse 54 sends formatted log information to event log demons 57 (step S620).After receiving formatted log information, the situation of the configuration file that has been provided with according to the user, event log demons 57 are distributed to each log information destination (step S622) with formatted log information.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.Event log storehouse 54 disconnects be connected (the step S624) with UNIX territory socket 570.
Consulting Fig. 3, is the method operation process chart of diary record system 5 record kernel modules 56 log informations of the present invention.Event log demons 57 are set up a UNIX territory socket 570 (step S710).By this UNIX territory socket 570, event log demons 57 are monitored the log information (step S712) of kernel module 56.Kernel module 56 is selected the priority level (step S714) of log information destination and information.Core-log demons 55 are transmitted this log information to event log storehouse 54 (step S716) after reading log information by kernel module 56 places.After receiving this log information, event log storehouse 54 format these log informations (step S718).Event log storehouse 54 is connected to UNIX territory socket 570 (step S720).By this UNIX territory socket 570, event log storehouse 54 sends formatted log information to event log demons 57 (step S722).After receiving formatted log information, the situation of the configuration file that has been provided with according to the user, event log demons 57 are distributed to each log information destination (step S724) with formatted log information.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.Event log storehouse 54 disconnects be connected (the step S726) with UNIX territory socket 570.
Consulting Fig. 4, is the method operation process chart of diary record system 5 log buffers 59 log informations of the present invention.Event log demons 57 are monitored the log information (step S810) of buffer zone 59.Owing to storing formatted log information in the buffer zone 59, so buffer zone 59 directly sends formatted log information to event log demons 57 (step S812).After receiving formatted log information, the situation of the configuration file that has been provided with according to the user, event log demons 57 are distributed to each log information destination (step S814) with formatted log information.When formatted log information is watched in user's request, read formatted log information according to the position of log information destination, and need show it according to the user.
Consulting Fig. 5, is the method operation process chart of the long-range log information of diary record system 5 records of the present invention.Wherein, long-range log information source is remote events daily record demons 58.Event log demons 57 are set up an INET socket 572 (step S910).By this INET socket 572, event log demons 57 are monitored long-range log information (step S912).Remote events daily record demons 58 are selected the priority level (step S914) of log information destination and information.Remote events daily record demons 58 are connected to INET socket 572 (step S916).By this INET socket 572, remote events daily record demons 58 send long-range log information to event log demons 57 (step S918).Behind the receiving remote log information, the situation of the configuration file that has been provided with according to the user, event log demons 57 are distributed to each log information destination (step S920) with long-range log information.When long-range log information is watched in user's request, read long-range log information according to the position of log information destination, and need show it according to the user.Remote events daily record demons 58 disconnect be connected (the step S922) with INET socket 572.
Claims (21)
1. diary record system in order to log information, it includes some log information sources that produce log information, and it is some in order to receive the log information destination of log information, it is characterized in that this diary record system further comprises an event log storehouse in order to the format log information, one event log demons in order to Distribution Log information, wherein, all log informations all need to be distributed to above-mentioned log information destination by above-mentioned event log demons by above-mentioned log information source.
2. diary record system as claimed in claim 1 is characterized in that the log information source is an application program.
3. diary record system as claimed in claim 1 is characterized in that the log information source is a JournalRecord Hook.
4. diary record system as claimed in claim 1 is characterized in that the log information source is a kernel module.
5. diary record system as claimed in claim 1 is characterized in that the log information source is a buffer zone.
6. diary record system as claimed in claim 1 is characterized in that the log information source is remote events daily record demons.
7. as any one described diary record system of claim 2 to 6, it is characterized in that the log information destination is a JournalRecord Hook.
8. diary record system as claimed in claim 7 is characterized in that the log information destination is a buffer zone.
9. diary record system as claimed in claim 8 is characterized in that the log information destination is remote events daily record demons.
10. diary record system as claimed in claim 9 is characterized in that this diary record system further includes core-log demons, these core-log demons in order to the log information of transmitting kernel module to the event log storehouse.
11. diary record system as claimed in claim 10 is characterized in that the event log demons can dynamically set up a UNIX territory socket, this UNIX territory socket is used for transmitting formatted log information between event log storehouse and event log demons.
12. diary record system as claimed in claim 11 is characterized in that the event log storehouse is in order to transmit the log information that sent by application program, JournalRecord Hook or core-log demons to the event log demons.
13. diary record system as claimed in claim 10 is characterized in that the event log demons can dynamically set up an INET socket, this INET socket is used for transmitting long-range log information between remote events daily record demons and event log demons.
14. diary record system as claimed in claim 8 is characterized in that buffer zone can directly store the formatted log information by the distribution of event log demons.
15. diary record system as claimed in claim 14 is characterized in that the event log demons can directly read the formatted log information that is stored in buffer zone.
16. a log recording method, it is applicable to the described diary record system of claim 1, it is characterized in that comprising the steps:
(a) the log information source sends log information;
(b) the event log demons receive log information;
(c) event log demons Distribution Log information is to daily record information destination.
17. diary record system as claimed in claim 16 is characterized in that step (a) also comprises the priority level of selection log information destination, log information source and log information.
18. diary record system as claimed in claim 17 when it is characterized in that in the step (a) that the log information source is an application program, JournalRecord Hook or kernel module, also comprises the steps:
(a1) the log information source sends log information to the event log storehouse;
(a2) this log information of event log library formatization.
19. diary record system as claimed in claim 18, when it is characterized in that the log information source is a kernel module in the step (a), step (a1) comprises that also the core-log demons transmit the log information that sent by kernel module to the event log storehouse.
20. diary record system as claimed in claim 19 is characterized in that also comprising the steps: in the step (b)
(b10) the event log demons are set up a UNIX territory socket;
(b12) the event log demons are monitored log information by this UNIX territory socket;
(b14) the event log storehouse sends formatted log information to the event log demons by this UNIX territory socket.
21. diary record system as claimed in claim 17, when it is characterized in that the log information source is remote events daily record demons, step (b) also comprises the steps:
(b20) the event log demons are set up an INET socket;
(b22) the event log demons are monitored long-range log information by this INET socket;
(b24) remote events daily record demons send long-range log information to the event log demons by this INET socket.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03126955 CN1567182A (en) | 2003-06-20 | 2003-06-20 | Journal log register system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03126955 CN1567182A (en) | 2003-06-20 | 2003-06-20 | Journal log register system and method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1567182A true CN1567182A (en) | 2005-01-19 |
Family
ID=34469130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03126955 Pending CN1567182A (en) | 2003-06-20 | 2003-06-20 | Journal log register system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1567182A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179162A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and system for outputting log |
| CN104969144A (en) * | 2013-03-15 | 2015-10-07 | 起元技术有限责任公司 | Recording program execution |
| CN107391355A (en) * | 2017-07-25 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of method and apparatus for controlling kernel module daily record output |
| US11520681B2 (en) * | 2018-01-23 | 2022-12-06 | Amlogic (Shanghai) Co., Ltd. | System log collection method |
-
2003
- 2003-06-20 CN CN 03126955 patent/CN1567182A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179162A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and system for outputting log |
| CN103179162B (en) * | 2011-12-23 | 2016-08-03 | 阿里巴巴集团控股有限公司 | A kind of method and system of output journal |
| CN104969144A (en) * | 2013-03-15 | 2015-10-07 | 起元技术有限责任公司 | Recording program execution |
| CN104969144B (en) * | 2013-03-15 | 2018-10-19 | 起元技术有限责任公司 | The record that program is executed |
| CN107391355A (en) * | 2017-07-25 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of method and apparatus for controlling kernel module daily record output |
| CN107391355B (en) * | 2017-07-25 | 2020-08-25 | 苏州浪潮智能科技有限公司 | Method and device for controlling log output of kernel module |
| US11520681B2 (en) * | 2018-01-23 | 2022-12-06 | Amlogic (Shanghai) Co., Ltd. | System log collection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3418877B1 (en) | Data writing and reading method and apparatus, and cloud storage system | |
| EP3739826B1 (en) | Communication method, system and apparatus | |
| US10423469B2 (en) | Router management by an event stream processing cluster manager | |
| US6832341B1 (en) | Fault event management using fault monitoring points | |
| KR101176651B1 (en) | Failover scopes for nodes of a computer cluster | |
| CN104993953A (en) | Method for detecting network service state and device detecting network service state | |
| US5781737A (en) | System for processing requests for notice of events | |
| US8209747B2 (en) | Methods and systems for correlating rules with corresponding event log entries | |
| US20130297748A1 (en) | Message management facility for an industrial process control environment | |
| JP2005517234A (en) | Automatic message processing systems and processes | |
| US20080114872A1 (en) | Computer systems and methods for process control environments | |
| US9569295B2 (en) | Indicating states in a telematic system | |
| KR20100031574A (en) | Automatically managing system downtime in a computer network | |
| US5768524A (en) | Method for processing requests for notice of events | |
| CN113141405B (en) | Service access method, middleware system, electronic device, and storage medium | |
| US7415505B2 (en) | System and method for electronic event logging | |
| US5768523A (en) | Program product for processing requests for notice of events | |
| US20100064013A1 (en) | E-Mail Monitoring System | |
| US5781736A (en) | Method for obtaining the state of network resources in a distributed computing environment by utilizing a provider associated with indicators of resource states | |
| US20030208622A1 (en) | Method and system for multiple vendor, multiple domain router configuration backup | |
| CN1567182A (en) | Journal log register system and method thereof | |
| US7010795B2 (en) | Process for sending a notification in a data processing network with distributed applications | |
| US20070208784A1 (en) | Parsing computer system logging information collected by common logging | |
| CN113098715A (en) | Information processing method, device, system, medium and computing equipment | |
| EP1952318B1 (en) | Independent message stores and message transport agents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20050119 |