TW202011725A - Method for generating network event warning and network management device using the same - Google Patents

Method for generating network event warning and network management device using the same Download PDF

Info

Publication number
TW202011725A
TW202011725A TW107131772A TW107131772A TW202011725A TW 202011725 A TW202011725 A TW 202011725A TW 107131772 A TW107131772 A TW 107131772A TW 107131772 A TW107131772 A TW 107131772A TW 202011725 A TW202011725 A TW 202011725A
Authority
TW
Taiwan
Prior art keywords
trap
event
specific
unknown
programmable
Prior art date
Application number
TW107131772A
Other languages
Chinese (zh)
Other versions
TWI682655B (en
Inventor
丁少威
方澤涵
許真民
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW107131772A priority Critical patent/TWI682655B/en
Application granted granted Critical
Publication of TWI682655B publication Critical patent/TWI682655B/en
Publication of TW202011725A publication Critical patent/TW202011725A/en

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure provides a method for generating a network event warning and a network management device using the same method. The method includes: scanning a management information base (MIB) of specific equipment based on a plurality of object identifiers (OID) recorded in an editable file to retrieve a plurality of object values corresponding to the OIDs, wherein the OIDs correspond to a specific trap of the specific equipment; generating a programmable profile for monitoring the specific trap based on the object values; when an unknown trap is received, retrieving trap information corresponding to the object values; when the trap information matches event rules defined in the programmable profile, determining the unknown trap is the specific trap and sending an event warning of the unknown trap according to the event rules.

Description

產生網路事件告警的方法及其網路管理裝置Method for generating network event alarm and its network management device

本發明是有關於一種產生告警的方法及其系統,且特別是有關於一種產生網路事件告警的方法及其網路管理裝置。The invention relates to a method and system for generating an alarm, and in particular to a method and network management device for generating an alarm for a network event.

由於網路設備事件告警判斷流程相當複雜,且須因應各類型異質性網路設備之差異而執行,故難以集中管理所有設備事件的規則清單。具體而言,在習知的主動式事件回報機制的判斷過程中,會對各類型設備開發專屬之事件告警判斷流程。在此情況下,若需修改設備的事件規則,必須在完成相關的修改邏輯分析之後,再次針對程式碼進行重新規劃,進而導致整體運作流程的效率較低。Because the network device event alarm judgment process is quite complicated and must be executed in accordance with the differences of various types of heterogeneous network devices, it is difficult to centrally manage the rule list of all device events. Specifically, in the judgment process of the conventional active event reward mechanism, a dedicated event warning judgment process will be developed for each type of device. In this case, if you need to modify the event rules of the device, you must re-plan the code again after completing the relevant modification logic analysis, which leads to a lower efficiency of the overall operation process.

因此,對於本領域技術人員來說,如何簡化上述網路設備告警事件判斷流程以提升整體運作效率,實為一項重要的議題。Therefore, for those skilled in the art, how to simplify the above-mentioned network device alarm event judgment process to improve the overall operation efficiency is actually an important issue.

有鑑於此,本發明提供一種產生網路事件告警的方法及其網路管理裝置,其可用以解決上述技術問題,並提升整體運作效率。In view of this, the present invention provides a method for generating a network event alarm and its network management device, which can be used to solve the above technical problems and improve the overall operation efficiency.

本發明提供一種產生網路事件告警的方法,包括:基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從管理資訊資料庫中找出對應於前述第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的一第一特定設陷;基於前述第一物件值產生用於監控第一特定設陷的一第一可程式化設定檔,其中第一可程式化設定檔包括對應於前述第一物件值的多個第一事件規則;當接收到一未知設陷時,從未知設陷中取出對應於前述第一物件值的多個第一設陷資訊;當前述第一設陷資訊符合第一可程式化設定檔中定義的前述第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔中定義的前述第一事件規則相應地發送未知設陷的一事件告警。The invention provides a method for generating a network event alarm, including: scanning a management information database of a specific device based on a plurality of first object identification codes recorded in an editable document file to find out from the management information database A plurality of first object values corresponding to the first object identification code, wherein the first object identification code corresponds to a first specific trap of a specific device; based on the first object value, a first specific trap is generated for monitoring A first programmable profile, where the first programmable profile includes a plurality of first event rules corresponding to the aforementioned first object values; when an unknown trap is received, the corresponding is extracted from the unknown trap A plurality of first trap information in the first object value; when the first trap information meets the first event rule defined in the first programmable profile, the unknown trap is determined as the first specific trap , And correspondingly send an event alarm of unknown trapping according to the aforementioned first event rule defined in the first programmable profile.

本發明提供一種網路管理裝置,包括儲存電路及處理器。儲存電路儲存多個模組。處理器耦接儲存電路,存取前述模組以執行下列步驟:基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從管理資訊資料庫中找出對應於前述第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的一第一特定設陷;基於前述第一物件值產生用於監控第一特定設陷的一第一可程式化設定檔,其中第一可程式化設定檔包括對應於前述第一物件值的多個第一事件規則;當接收到一未知設陷時,從未知設陷中取出對應於前述第一物件值的多個第一設陷資訊;當前述第一設陷資訊符合第一可程式化設定檔中定義的前述第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔中定義的前述第一事件規則相應地發送未知設陷的一事件告警。The invention provides a network management device, including a storage circuit and a processor. The storage circuit stores multiple modules. The processor is coupled to the storage circuit and accesses the aforementioned module to perform the following steps: scan a management information database of a specific device based on a plurality of first object identification codes recorded in an editable document file, from the management information database Find a plurality of first object values corresponding to the first object identification code, wherein the first object identification code corresponds to a first specific trap of a specific device; based on the first object value, a first object value is generated for monitoring the first object value A first programmable profile for a specific trap, where the first programmable profile includes a plurality of first event rules corresponding to the aforementioned first object values; when an unknown trap is received, the trap is unknown Extract multiple pieces of first trap information corresponding to the value of the first object; when the first trap information meets the first event rule defined in the first programmable profile, it is determined that the unknown trap is the first Specific trap, and correspondingly send an event alarm of unknown trap according to the aforementioned first event rule defined in the first programmable profile.

基於上述,本發明提出的產生網路事件告警的方法及其網路管理裝置可讓網管人員將欲在特定設備上監控的第一特定設陷的相關資訊記載在可編輯文件檔中。接著,網路管理裝置可依據前述可編輯文件檔掃描各設備的管理資訊資料庫以產生對應的可程式化設定檔(其包括一或多個事件規則),進而作為在接收到未知設陷時判斷是否發送相關事件告警的比對依據。Based on the above, the method for generating a network event alarm and the network management device thereof provided by the present invention allow network administrators to record information about a first specific trap to be monitored on a specific device in an editable document file. Then, the network management device can scan the management information database of each device according to the aforementioned editable document file to generate a corresponding programmable profile (which includes one or more event rules), which can then be used as an unknown trap Comparison basis for judging whether to send related event alarms.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present invention more obvious and understandable, the embodiments are specifically described below in conjunction with the accompanying drawings for detailed description as follows.

請參照圖1,其是依據本發明之一實施例繪示的網路管理系統示意圖。在圖1中,網路管理系統10包括網路管理裝置100及設備111、112、…、11n。在不同的實施例中,設備111~11n可以是各式網路設備,而網路管理裝置100可用於接收設備111~11n所回報的設陷(trap),並在所接收的設陷符合一定的事件規則時,發送相關的事件告警,以供相關的網管人員據以採取維修或除錯等相應措施。Please refer to FIG. 1, which is a schematic diagram of a network management system according to an embodiment of the present invention. In FIG. 1, the network management system 10 includes a network management device 100 and devices 111, 112, ..., 11n. In different embodiments, the devices 111-11n may be various network devices, and the network management apparatus 100 may be used to receive traps reported by the devices 111-11n, and the received traps meet certain requirements. In the event rules, relevant event alarms are sent for relevant network management personnel to take corresponding measures such as maintenance or debugging.

如圖1所示,網路管理裝置100包括儲存電路102及處理器104。儲存電路102例如是記憶體、硬碟或是其他任何可用於儲存資料的元件,而可用以記錄多個程式碼或模組。處理器104耦接於儲存電路102,並可為一般用途處理器、特殊用途處理器、傳統的處理器、數位訊號處理器、多個微處理器(microprocessor)、一個或多個結合數位訊號處理器核心的微處理器、控制器、微控制器、特殊應用集成電路(Application Specific Integrated Circuit,ASIC)、場可程式閘陣列電路(Field Programmable Gate Array,FPGA)、任何其他種類的積體電路、狀態機、基於進階精簡指令集機器(Advanced RISC Machine,ARM)的處理器以及類似品。As shown in FIG. 1, the network management device 100 includes a storage circuit 102 and a processor 104. The storage circuit 102 is, for example, a memory, a hard disk, or any other device that can be used to store data, and can be used to record multiple codes or modules. The processor 104 is coupled to the storage circuit 102, and may be a general-purpose processor, a special-purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, or one or more combined digital signal processing The core of the processor is the microprocessor, controller, microcontroller, application specific integrated circuit (ASIC), field programmable gate array (FPGA), any other kind of integrated circuit, State machine, processor based on Advanced Reduced Instruction Set Machine (Advanced RISC Machine, ARM) and similar products.

在本案中,處理器104可存取儲存電路102中的模組以執行本發明提出的產生網路事件告警的方法,以下將作進一步說明。In this case, the processor 104 can access the module in the storage circuit 102 to execute the method for generating a network event alarm provided by the present invention, which will be further described below.

請參照圖2,其是依據本發明之一實施例繪示的產生網路事件告警的方法流程圖。本實施例的方法可由圖1的網路管理裝置100執行,以下將搭配圖1所示的元件來說明本方法各步驟的細節。Please refer to FIG. 2, which is a flowchart of a method for generating a network event alarm according to an embodiment of the invention. The method of this embodiment can be executed by the network management device 100 of FIG. 1, and the details of each step of the method will be described below with the components shown in FIG. 1.

首先,在步驟S210中,處理器104可基於可編輯文件檔中記載的多個第一物件識別碼(object identifier,OID)掃描特定設備的管理資訊資料庫(management information base,MIB),以從MIB中找出對應於第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的第一特定設陷。具體而言,前述可編輯文件檔例如是可供網管人員或其他相關使用者編輯的電子試算表(例如.csv檔),但可不限於此。First, in step S210, the processor 104 may scan the management information base (MIB) of a specific device based on a plurality of first object identifiers (OIDs) recorded in the editable document file, from A plurality of first object values corresponding to the first object identification code are found in the MIB, wherein the aforementioned first object identification code corresponds to the first specific trap of the specific device. Specifically, the aforementioned editable document file is, for example, an electronic spreadsheet (for example, a .csv file) that can be edited by a network administrator or other related users, but it is not limited thereto.

在不同的實施例中,網管人員可依據所欲監控的設限態樣來調整上述可編輯文件檔的內容。為便於說明,上述待監控的設限將代稱為第一特定設限,而上述特定設備將假設為設備111,但其並非用以限定本發明可能的實施方式。舉例而言,網管人員可先找出設備111中第一特定設陷的名稱及其OID,並將這些資訊填入上述可編輯文件檔。In different embodiments, the network administrator can adjust the content of the above-mentioned editable file according to the limit setting to be monitored. For ease of description, the above-mentioned set limit to be monitored will be referred to as the first specific set limit, and the above-mentioned specific device will be assumed to be the device 111, but it is not intended to limit the possible implementation manners of the present invention. For example, the network administrator can first find out the name and OID of the first specific trap in the device 111, and fill this information into the editable document file.

在一實施例中,第一特定設陷的名稱可採用索引值來表示,亦即網管人員可將對應於第一特定設陷的名稱的索引值(例如協定資料單元(protocol data unit,PDU))填入上述可編輯文件檔,藉以讓處理器104在掃描MIB時,能夠依據索引值來找出與第一特定設陷有關的多個第一物件值。換言之,網管人員僅需具備簡單的文件處理技術(例如,編輯電子試算表的知識)即可調整所欲監控的設陷及其相關物件值,因而不需進行如習知作法中的規劃程式碼等較複雜行為。In an embodiment, the name of the first specific trap may be represented by an index value, that is, the network administrator may assign an index value corresponding to the name of the first specific trap (for example, a protocol data unit (PDU) ) Fill in the above-mentioned editable document file, so that when the processor 104 scans the MIB, it can find out a plurality of first object values related to the first specific trap according to the index value. In other words, network administrators only need to have simple document processing techniques (for example, knowledge of editing spreadsheets) to adjust the traps and related object values to be monitored, so there is no need to carry out the planning code in the conventional method. Waiting for more complex behaviors.

在另一實施例中,假設網管人員還需監控設備111上的第二特定設限,則網管人員還可一併將第二特定設陷的相關資訊填入上述可編輯文件檔中,以供處理器104讀取,進而據以從MIB中找出與第二特定設陷有關的多個第二物件值,但本發明可不限於此。In another embodiment, assuming that the network administrator also needs to monitor the second specific setting limit on the device 111, the network administrator may also fill in the above-mentioned editable document file with the relevant information of the second specific setting. The processor 104 reads and then finds out a plurality of second object values related to the second specific trap from the MIB, but the invention may not be limited to this.

在步驟S220中,處理器104可基於第一物件值產生用於監控第一特定設陷的第一可程式化設定檔。在本實施例中,前述第一可程式化設定檔例如是一YAML檔,但在其他實施例中,設計者亦可依需求而採用其他的程式語言來呈現前述第一可程式化設定檔。In step S220, the processor 104 may generate a first programmable profile for monitoring the first specific trap based on the first object value. In this embodiment, the aforementioned first programmable profile is, for example, a YAML file, but in other embodiments, the designer may use other programming languages to present the aforementioned first programmable profile according to requirements.

請參照圖3,其是依據本發明之一實施例繪示的第一可程式化設定檔示意圖。如圖3所示,第一可程式化設定檔300可包括事件收發OID 310、事件名稱320、事件關聯物件330、事件等級340、事件描述350及PDU物件值360(以下統稱第一事件規則)。在一實施例中,在處理器104讀取網管人員所編輯的上述可編輯文件檔之後,即可基於其中的內容而產生具有如圖3所示結構的第一可程式化設定檔300。之後,第一可程式化設定檔300即可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備111的設陷的監控行為時,僅需讀取第一可程式化設定檔300即可得知網管人員所欲在設備111上監控的第一特定設陷的相關資訊。Please refer to FIG. 3, which is a schematic diagram of a first programmable configuration file according to an embodiment of the present invention. As shown in FIG. 3, the first programmable profile 300 may include an event sending and receiving OID 310, an event name 320, an event associated object 330, an event level 340, an event description 350, and a PDU object value 360 (hereinafter collectively referred to as the first event rule) . In one embodiment, after the processor 104 reads the above-mentioned editable document file edited by the network administrator, a first programmable configuration file 300 having the structure shown in FIG. 3 can be generated based on the content therein. After that, the first programmable configuration file 300 can be stored in the directory of the service engine used by the network management device 100 to manage the devices 111-11n. In this way, when the network management apparatus 100 executes the aforementioned service engine to monitor the trapping of the device 111, it only needs to read the first programmable configuration file 300 to know that the network administrator wants to be on the device 111 Information about the first specific trap monitored.

此外,若上述可編輯文件檔中存在關聯於第二特定設陷的相關資訊,則處理器104在讀取上述可編輯文件檔之後,還可據以產生關聯於第二特定設陷的第二可程式化設定檔(未繪示),而其結構可與第一可程式化設定檔相似。並且,此第二可程式化設定檔亦可記錄有事件收發、事件名稱、事件關聯物件、事件等級、事件描述及PDU物件值(以下統稱第二事件規則),並可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備111上設陷的監控行為時,僅需讀取第二可程式化設定檔即可得知網管人員所欲在設備111上監控的第二特定設陷的相關資訊。In addition, if there is relevant information associated with the second specific trap in the editable document file, the processor 104 may also generate a second related to the second specific trap after reading the editable document file Programmable configuration file (not shown), and its structure may be similar to the first programmable configuration file. In addition, the second programmable configuration file can also record event sending and receiving, event name, event related object, event level, event description and PDU object value (hereinafter collectively referred to as the second event rule), and can be stored in the network management device 100 is used to manage the service engines 111~11n in the directory of the service engine. In this way, when the network management apparatus 100 executes the aforementioned service engine to monitor the trapping on the device 111, it only needs to read the second programmable configuration file to know that the network administrator wants to monitor on the device 111 Information about the second specific trap.

請參照圖4,其是依據本發明之一實施例繪示的可編輯文件檔示意圖。在圖4中,網管人員可依所欲在設備(例如,設備112)上監控的設陷態樣而在所示可編輯文件檔400(例如,電子試算表)欄位中填入相應的物件值。藉此,處理器104即可在讀取可編輯文件檔400之後而產生與圖3的第一可程式化設定檔300具有相似結構的另一可程式化設定檔,而所述另一可程式化設定檔同樣可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備112上設陷的監控行為時,僅需讀取上述另一可程式化設定檔即可得知網管人員所欲在設備112上監控的設陷的相關資訊。Please refer to FIG. 4, which is a schematic diagram of an editable document file according to an embodiment of the present invention. In FIG. 4, the network administrator can fill in the corresponding object in the field of the editable document file 400 (for example, electronic spreadsheet) as shown in the trapped state on the device (for example, device 112). value. Thereby, the processor 104 can generate another programmable configuration file having a similar structure to the first programmable configuration file 300 of FIG. 3 after reading the editable document file 400, and the other programmable The configuration file can also be stored in the directory of the service engine used by the network management device 100 to manage the devices 111-11n. In this way, when the network management apparatus 100 executes the aforementioned service engine to monitor the trapping on the device 112, it is only necessary to read the above another programmable configuration file to know that the network administrator wants to be on the device 112 Information about monitored trapping.

請再次參照圖2,在步驟S230中,當接收到未知設陷時,處理器104可從未知設陷中取出對應於第一物件值的多個第一設陷資訊,例如未知設陷的設備Enterprise OID、Trap OID及PDU物件值等。並且,在步驟S240中,當第一設陷資訊符合第一可程式化設定檔300中定義的第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔300中定義的前述第一事件規則相應地發送未知設陷的事件告警。例如,若未知設陷的設備Enterprise OID、Trap OID及PDU物件值等皆匹配於第一可程式化設定檔300記錄的對應內容時,處理器104即可判定未知設陷即為網管人員欲監控的第一特定設陷。Please refer to FIG. 2 again. In step S230, when an unknown trap is received, the processor 104 may retrieve a plurality of first trap information corresponding to the first object value from the unknown trap, such as an unknown trap device Enterprise OID, Trap OID and PDU object value etc. Furthermore, in step S240, when the first trap information meets the first event rule defined in the first programmable profile 300, it is determined that the unknown trap is the first specific trap, and the first programmable setting The aforementioned first event rule defined in the file 300 accordingly sends an event alarm of unknown trapping. For example, if the values of the Enterprise OID, Trap OID, and PDU object of the device with unknown trapping all match the corresponding content recorded in the first programmable profile 300, the processor 104 can determine that the unknown trapping is the network administrator's desire to monitor The first specific trap.

應了解的是,由於上述第一事件規則(例如設備Enterprise OID、Trap OID及PDU物件值)皆可由網管人員依需求而寫入前述可編輯文件檔中,因此網管人員可輕易地藉由調整前述可編輯文件檔的內容多寡來相應地調整上述比對機制的粗細,而不需再另外進行例如撰寫程式碼等較繁複的行為。It should be understood that, since the above first event rules (such as device Enterprise OID, Trap OID, and PDU object values) can be written into the editable document file by the network administrator as required, the network administrator can easily adjust the foregoing The content of the editable document file can be adjusted accordingly to adjust the thickness of the above-mentioned comparison mechanism accordingly, without the need to perform more complicated activities such as writing code.

在一實施例中,在判定未知設陷為第一特定設陷之後,處理器104即可發送未知設陷的事件告警。舉例而言,處理器104可依據第一可程式化設定檔300中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。藉此,網管人員即可依據事件告警的內容而得知特定設備(例如,設備111)可能已出現問題,進而可採取對應的維護或調校措施。In an embodiment, after determining that the unknown trap is the first specific trap, the processor 104 may send an event alarm of the unknown trap. For example, the processor 104 may send an event alarm of an unknown trap according to the event title, event level, event description, and event target defined in the first programmable profile 300 for reference by relevant network management personnel. In this way, the network management personnel can know that a specific device (for example, device 111) may have a problem based on the content of the event alarm, and then can take corresponding maintenance or adjustment measures.

在一實施例中,在若設備111上的問題已被解決,則設備111可自動發出一清除設陷(clear trap)訊息,以告知網路管理裝置100將上述未知設陷清除。In an embodiment, if the problem on the device 111 has been resolved, the device 111 may automatically send a clear trap message to inform the network management device 100 to clear the unknown trap.

在其他實施例中,若未知設陷不匹配於第一特定設陷,則處理器104還可接續判斷未知設陷是否對應於第二特定設陷,亦即判斷未知設陷的第一設陷資訊是否符合第二可程式化設定檔中定義的多個第二事件規則。若是,則處理器104可依據第二可程式化設定檔中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。In other embodiments, if the unknown trap does not match the first specific trap, the processor 104 may continue to determine whether the unknown trap corresponds to the second specific trap, that is, to determine the first trap of the unknown trap Whether the information complies with multiple second event rules defined in the second programmable profile. If yes, the processor 104 can send an event alarm of unknown trapping according to the event title, event level, event description, and event target defined in the second programmable profile for reference by relevant network management personnel.

綜上所述,本發明提出的產生網路事件告警的方法及其網路管理裝置可讓網管人員輕易地將欲在不同設備上監控的各式設陷態樣及相關事件規則記載在可編輯文件檔中。接著,網路管理裝置可依據前述可編輯文件檔掃描各設備的MIB以產生對應的可程式化設定檔,進而作為在接收到未知設陷時判斷是否發送相關事件告警的比對依據。In summary, the method and network management device for generating network event alarms provided by the present invention can allow network administrators to easily record various types of traps and related event rules to be monitored on different devices in editable In the file. Then, the network management device can scan the MIB of each device according to the aforementioned editable file file to generate a corresponding programmable configuration file, which can be used as a comparison basis for determining whether to send related event alarms when an unknown trap is received.

並且,在判斷未知設陷對應於某個欲監控的特定設陷時,本發明實施例還可依據前述特定設陷對應的可程式化設定檔中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。藉此,網管人員即可依據事件告警的內容而得知特定設備可能已出現問題,進而可採取對應的維護或調校措施。Moreover, when it is determined that the unknown trap corresponds to a specific trap to be monitored, embodiments of the present invention may also be based on the event title, event level, event description and event defined in the programmable profile corresponding to the specific trap The target is to send an event alert for unknown traps for reference by relevant network management personnel. In this way, the network management personnel can know that the specific device may have a problem based on the content of the event alarm, and then can take corresponding maintenance or adjustment measures.

如此一來,本發明實施例可有效地增加網管人員管理設備上的靈活性及便利性,並還可依需求來調整事件規則的粗細。換言之,本發明實施例提供一種可讓網管人員輕易地集中管理各類網路設備的事件規則的機制,因而可不需如習知作法一般地因應於不同的網路設備而設計專用的網路設備事件告警判斷流程,從而能夠相應地提升管理上的效率及便利性。In this way, the embodiments of the present invention can effectively increase the flexibility and convenience of network management personnel management equipment, and can also adjust the thickness of event rules according to requirements. In other words, the embodiments of the present invention provide a mechanism that allows network administrators to easily centrally manage the event rules of various types of network devices, so that it is not necessary to design special network devices in response to different network devices as is common practice. Event alarm judgment process, which can improve management efficiency and convenience accordingly.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above with examples, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention shall be subject to the scope defined in the appended patent application.

10:網路管理系統100:網路管理裝置102:儲存電路104:處理器111、112、…、11n:設備300:第一可程式化設定檔310:事件收發OID320:事件名稱330:事件關聯物件340:事件等級350:事件描述360:PDU物件值400:可編輯文件檔S210~S240:步驟10: Network management system 100: Network management device 102: Storage circuit 104: Processors 111, 112, ..., 11n: Device 300: First programmable profile 310: Event sending and receiving OID 320: Event name 330: Event correlation Object 340: Event Level 350: Event Description 360: PDU Object Value 400: Editable Document File S210~S240: Steps

圖1是依據本發明之一實施例繪示的網路管理系統示意圖。 圖2是依據本發明之一實施例繪示的產生網路事件告警的方法流程圖。 圖3是依據本發明之一實施例繪示的第一可程式化設定檔示意圖。 圖4是依據本發明之一實施例繪示的可編輯文件檔示意圖。FIG. 1 is a schematic diagram of a network management system according to an embodiment of the invention. FIG. 2 is a flowchart of a method for generating a network event alarm according to an embodiment of the invention. FIG. 3 is a schematic diagram of a first programmable profile according to an embodiment of the invention. 4 is a schematic diagram of an editable document file according to an embodiment of the invention.

S210~S240:步驟 S210~S240: Steps

Claims (10)

一種產生網路事件告警的方法,包括: 基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從該管理資訊資料庫中找出對應於該些第一物件識別碼的多個第一物件值,其中該些第一物件識別碼對應於該特定設備的一第一特定設陷; 基於該些第一物件值產生用於監控該第一特定設陷的一第一可程式化設定檔,其中該第一可程式化設定檔包括對應於該些第一物件值的多個第一事件規則; 當接收到一未知設陷時,從該未知設陷中取出對應於該些第一物件值的多個第一設陷資訊; 當該些第一設陷資訊符合該第一可程式化設定檔中定義的該些第一事件規則時,判定該未知設陷為該第一特定設陷,並依據該第一可程式化設定檔中定義的該些第一事件規則相應地發送該未知設陷的一事件告警。A method for generating a network event alarm includes: scanning a management information database of a specific device based on a plurality of first object identification codes recorded in an editable document file to find the corresponding information from the management information database A plurality of first object values of the first object identification codes, wherein the first object identification codes correspond to a first specific trap of the specific device; generated based on the first object values for monitoring the first object value A first programmable profile for a specific trap, where the first programmable profile includes a plurality of first event rules corresponding to the first object values; when an unknown trap is received, from the Extract a plurality of first trap information corresponding to the first object values from the unknown trap; when the first trap information meets the first event rules defined in the first programmable profile, It is determined that the unknown trap is the first specific trap, and an event alarm of the unknown trap is sent accordingly according to the first event rules defined in the first programmable profile. 如申請專利範圍第1項所述的方法,其中該可編輯文件檔為一電子試算表。The method as described in item 1 of the patent application scope, wherein the editable document file is an electronic spreadsheet. 如申請專利範圍第1項所述的方法,其中該第一可程式化設定檔包括事件收發物件識別碼、事件名稱、事件關聯物件、事件等級、事件描述及協定資料單元物件值。The method as described in item 1 of the patent application scope, wherein the first programmable profile includes an event sending and receiving object identifier, an event name, an event-related object, an event level, an event description, and an agreement data unit object value. 如申請專利範圍第1項所述的方法,更包括: 基於該可編輯文件檔中記載的多個第二物件識別碼掃描該特定設備的該管理資訊資料庫,以從該管理資訊資料庫中找出對應於該些第二物件識別碼的多個第二物件值,其中該些第二物件識別碼對應於該特定設備的一第二特定設陷; 基於該些第二物件值產生用於監控該第二特定設陷的一第二可程式化設定檔,其中該第二可程式化設定檔包括對應於該些第二物件值的多個第二事件規則。The method as described in item 1 of the patent application scope further includes: scanning the management information database of the specific device based on the plurality of second object identification codes recorded in the editable document file to remove the management information database from the management information database Find a plurality of second object values corresponding to the second object identification codes, wherein the second object identification codes correspond to a second specific trapping of the specific device; based on the second object values, generate Monitoring a second programmable profile of the second specific trap, where the second programmable profile includes a plurality of second event rules corresponding to the values of the second objects. 如申請專利範圍第4項所述的方法,更包括: 當該些第一設陷資訊不符合該第一可程式化設定檔中定義的該些第一事件規則時,判斷該些第一設陷資訊是否符合該第二可程式化設定檔中定義的該些第二事件規則; 若是,判定該未知設陷為該第二特定設陷,並依據該第二可程式化設定檔中定義的該些第二事件規則相應地發送該未知設陷的該事件告警。The method as described in item 4 of the patent application scope further includes: when the first trap information does not conform to the first event rules defined in the first programmable profile, determining the first settings Whether the trap information conforms to the second event rules defined in the second programmable profile; if so, determine that the unknown trap is the second specific trap and based on the definition in the second programmable profile The second event rules send the event trap of the unknown trap accordingly. 一種網路管理裝置,包括: 一儲存電路,儲存多個模組;以及 一處理器,耦接該儲存電路,存取該些模組以執行下列步驟: 基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從該管理資訊資料庫中找出對應於該些第一物件識別碼的多個第一物件值,其中該些第一物件識別碼對應於該特定設備的一第一特定設陷; 基於該些第一物件值產生用於監控該第一特定設陷的一第一可程式化設定檔,其中該第一可程式化設定檔包括對應於該些第一物件值的多個第一事件規則; 當接收到一未知設陷時,從該未知設陷中取出對應於該些第一物件值的多個第一設陷資訊; 當該些第一設陷資訊符合該第一可程式化設定檔中定義的該些第一事件規則時,判定該未知設陷為該第一特定設陷,並依據該第一可程式化設定檔中定義的該些第一事件規則相應地發送該未知設陷的一事件告警。A network management device includes: a storage circuit storing a plurality of modules; and a processor coupled to the storage circuit, accessing the modules to perform the following steps: based on the number of records in an editable document file A first object ID scans a management information database of a specific device to find multiple first object values corresponding to the first object IDs from the management information database, wherein the first objects The identification code corresponds to a first specific setting of the specific device; based on the first object values, a first programmable setting file for monitoring the first specific setting is generated, wherein the first programmable setting The file includes a plurality of first event rules corresponding to the first object values; when an unknown trap is received, a plurality of first trap information corresponding to the first object values is extracted from the unknown trap ; When the first trap information meets the first event rules defined in the first programmable profile, determine the unknown trap as the first specific trap, and based on the first programmable The first event rules defined in the configuration file correspondingly send an event alarm of the unknown trap. 如申請專利範圍第6項所述的網路管理裝置,其中該可編輯文件檔為一電子試算表。The network management device as described in item 6 of the patent application scope, wherein the editable document file is an electronic spreadsheet. 如申請專利範圍第6項所述的網路管理裝置,其中該可程式化設定檔包括事件收發物件識別碼、事件名稱、事件關聯物件、事件等級、事件描述及協定資料單元物件值。The network management device as described in item 6 of the patent application scope, wherein the programmable configuration file includes event sending and receiving object identification codes, event names, event related objects, event levels, event descriptions, and protocol data unit object values. 如申請專利範圍第6項所述的網路管理裝置,更包括: 基於該可編輯文件檔中記載的多個第二物件識別碼掃描該特定設備的該管理資訊資料庫,以從該管理資訊資料庫中找出對應於該些第二物件識別碼的多個第二物件值,其中該些第二物件識別碼對應於該特定設備的一第二特定設陷; 基於該些第二物件值產生用於監控該第二特定設陷的一第二可程式化設定檔,其中該第二可程式化設定檔包括對應於該些第二物件值的多個第二事件規則。The network management device as described in item 6 of the scope of the patent application further includes: scanning the management information database of the specific device based on the plurality of second object identification codes recorded in the editable document file to extract the management information from the management information Find a plurality of second object values corresponding to the second object identification codes in the database, wherein the second object identification codes correspond to a second specific trap of the specific device; based on the second object values A second programmable profile for monitoring the second specific trap is generated, wherein the second programmable profile includes a plurality of second event rules corresponding to the values of the second objects. 如申請專利範圍第9項所述的網路管理裝置,更包括: 當該些第一設陷資訊不符合該第一可程式化設定檔中定義的該些第一事件規則時,判斷該些第一設陷資訊是否符合該第二可程式化設定檔中定義的該些第二事件規則; 若是,判定該未知設陷為該第二特定設陷,並依據該第二可程式化設定檔中定義的該些第二事件規則相應地發送該未知設陷的該事件告警。The network management device described in item 9 of the scope of the patent application further includes: when the first trapping information does not conform to the first event rules defined in the first programmable profile, determining the ones Whether the first trap information conforms to the second event rules defined in the second programmable profile; if so, determine that the unknown trap is the second specific trap and based on the second programmable profile The second event rules defined in correspondingly send the event trap of the unknown trap.
TW107131772A 2018-09-10 2018-09-10 Method for generating network event warning and network management device using the same TWI682655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107131772A TWI682655B (en) 2018-09-10 2018-09-10 Method for generating network event warning and network management device using the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107131772A TWI682655B (en) 2018-09-10 2018-09-10 Method for generating network event warning and network management device using the same

Publications (2)

Publication Number Publication Date
TWI682655B TWI682655B (en) 2020-01-11
TW202011725A true TW202011725A (en) 2020-03-16

Family

ID=69942526

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107131772A TWI682655B (en) 2018-09-10 2018-09-10 Method for generating network event warning and network management device using the same

Country Status (1)

Country Link
TW (1) TWI682655B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI732725B (en) * 2020-12-11 2021-07-01 中華電信股份有限公司 Debugging method for narrowband internet of things terminal and electronic device using the same

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003094031A1 (en) * 2002-05-03 2003-11-13 Netbotz, Inc. Method and apparatus for collecting and displaying network device information
TW200915781A (en) * 2007-09-20 2009-04-01 Chunghwa Telecom Co Ltd Monitor and control system for unmanned computer network apparatus room
TW201208319A (en) * 2010-08-10 2012-02-16 Chunghwa Telecom Co Ltd Web-based early warning system and method
CN102387043B (en) * 2011-12-07 2014-04-16 深圳市龙视传媒有限公司 Alarm analysis method, workstation and system based on simple network management protocol
CN105187258B (en) * 2015-09-30 2018-10-02 北京英诺威尔科技股份有限公司 A kind of configurable Trap warning analysis processing methods

Also Published As

Publication number Publication date
TWI682655B (en) 2020-01-11

Similar Documents

Publication Publication Date Title
CN109039740B (en) Method and equipment for processing operation and maintenance monitoring alarm
CN110249314A (en) The system and method monitored for OS Events based on cloud and data access
JP6160064B2 (en) Application determination program, failure detection apparatus, and application determination method
WO2020000676A1 (en) Database automatic alarming method and apparatus, terminal device, and readable storage medium
CN114077525A (en) Abnormal log processing method and device, terminal equipment, cloud server and system
US8892703B2 (en) Cross-cutting event correlation
CN112698915A (en) Multi-cluster unified monitoring alarm method, system, equipment and storage medium
US20230125565A1 (en) Automated monitoring of proximate devices
CN112230847B (en) Method, system, terminal and storage medium for monitoring K8s storage volume
CN111431735B (en) Method, device and apparatus for managing connection pool and storage medium
US20210365564A1 (en) Techniques for monitoring computing infrastructure
US20180300199A1 (en) System and method for maintaining the health of a machine
TWI682655B (en) Method for generating network event warning and network management device using the same
CN107885634B (en) Method and device for processing abnormal information in monitoring
CN114172921A (en) Log auditing method and device for scheduling recording system
CN108228417B (en) Internet of vehicles log processing method and device
US10445213B2 (en) Non-transitory computer-readable storage medium, evaluation method, and evaluation device
CN113672912A (en) Network security monitoring system based on computer hardware indication and behavior analysis
CN103916376A (en) Cloud system with attract defending mechanism and defending method thereof
CN110516434B (en) Privileged account scanning system
CN109558300B (en) Whole cabinet alarm processing method and device, terminal and storage medium
CN110727555A (en) Service interface management method, device, medium and computer equipment
CN115757318A (en) Log query method and device, storage medium and electronic equipment
CN115794479A (en) Log data processing method and device, electronic equipment and storage medium
JP2009053896A (en) Unauthorized operation detector and program