TW202011725A - Method for generating network event warning and network management device using the same - Google Patents
Method for generating network event warning and network management device using the same Download PDFInfo
- Publication number
- TW202011725A TW202011725A TW107131772A TW107131772A TW202011725A TW 202011725 A TW202011725 A TW 202011725A TW 107131772 A TW107131772 A TW 107131772A TW 107131772 A TW107131772 A TW 107131772A TW 202011725 A TW202011725 A TW 202011725A
- Authority
- TW
- Taiwan
- Prior art keywords
- trap
- event
- specific
- unknown
- programmable
- Prior art date
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
本發明是有關於一種產生告警的方法及其系統,且特別是有關於一種產生網路事件告警的方法及其網路管理裝置。The invention relates to a method and system for generating an alarm, and in particular to a method and network management device for generating an alarm for a network event.
由於網路設備事件告警判斷流程相當複雜,且須因應各類型異質性網路設備之差異而執行,故難以集中管理所有設備事件的規則清單。具體而言,在習知的主動式事件回報機制的判斷過程中,會對各類型設備開發專屬之事件告警判斷流程。在此情況下,若需修改設備的事件規則,必須在完成相關的修改邏輯分析之後,再次針對程式碼進行重新規劃,進而導致整體運作流程的效率較低。Because the network device event alarm judgment process is quite complicated and must be executed in accordance with the differences of various types of heterogeneous network devices, it is difficult to centrally manage the rule list of all device events. Specifically, in the judgment process of the conventional active event reward mechanism, a dedicated event warning judgment process will be developed for each type of device. In this case, if you need to modify the event rules of the device, you must re-plan the code again after completing the relevant modification logic analysis, which leads to a lower efficiency of the overall operation process.
因此,對於本領域技術人員來說,如何簡化上述網路設備告警事件判斷流程以提升整體運作效率,實為一項重要的議題。Therefore, for those skilled in the art, how to simplify the above-mentioned network device alarm event judgment process to improve the overall operation efficiency is actually an important issue.
有鑑於此,本發明提供一種產生網路事件告警的方法及其網路管理裝置,其可用以解決上述技術問題,並提升整體運作效率。In view of this, the present invention provides a method for generating a network event alarm and its network management device, which can be used to solve the above technical problems and improve the overall operation efficiency.
本發明提供一種產生網路事件告警的方法,包括:基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從管理資訊資料庫中找出對應於前述第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的一第一特定設陷;基於前述第一物件值產生用於監控第一特定設陷的一第一可程式化設定檔,其中第一可程式化設定檔包括對應於前述第一物件值的多個第一事件規則;當接收到一未知設陷時,從未知設陷中取出對應於前述第一物件值的多個第一設陷資訊;當前述第一設陷資訊符合第一可程式化設定檔中定義的前述第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔中定義的前述第一事件規則相應地發送未知設陷的一事件告警。The invention provides a method for generating a network event alarm, including: scanning a management information database of a specific device based on a plurality of first object identification codes recorded in an editable document file to find out from the management information database A plurality of first object values corresponding to the first object identification code, wherein the first object identification code corresponds to a first specific trap of a specific device; based on the first object value, a first specific trap is generated for monitoring A first programmable profile, where the first programmable profile includes a plurality of first event rules corresponding to the aforementioned first object values; when an unknown trap is received, the corresponding is extracted from the unknown trap A plurality of first trap information in the first object value; when the first trap information meets the first event rule defined in the first programmable profile, the unknown trap is determined as the first specific trap , And correspondingly send an event alarm of unknown trapping according to the aforementioned first event rule defined in the first programmable profile.
本發明提供一種網路管理裝置,包括儲存電路及處理器。儲存電路儲存多個模組。處理器耦接儲存電路,存取前述模組以執行下列步驟:基於一可編輯文件檔中記載的多個第一物件識別碼掃描一特定設備的一管理資訊資料庫,以從管理資訊資料庫中找出對應於前述第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的一第一特定設陷;基於前述第一物件值產生用於監控第一特定設陷的一第一可程式化設定檔,其中第一可程式化設定檔包括對應於前述第一物件值的多個第一事件規則;當接收到一未知設陷時,從未知設陷中取出對應於前述第一物件值的多個第一設陷資訊;當前述第一設陷資訊符合第一可程式化設定檔中定義的前述第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔中定義的前述第一事件規則相應地發送未知設陷的一事件告警。The invention provides a network management device, including a storage circuit and a processor. The storage circuit stores multiple modules. The processor is coupled to the storage circuit and accesses the aforementioned module to perform the following steps: scan a management information database of a specific device based on a plurality of first object identification codes recorded in an editable document file, from the management information database Find a plurality of first object values corresponding to the first object identification code, wherein the first object identification code corresponds to a first specific trap of a specific device; based on the first object value, a first object value is generated for monitoring the first object value A first programmable profile for a specific trap, where the first programmable profile includes a plurality of first event rules corresponding to the aforementioned first object values; when an unknown trap is received, the trap is unknown Extract multiple pieces of first trap information corresponding to the value of the first object; when the first trap information meets the first event rule defined in the first programmable profile, it is determined that the unknown trap is the first Specific trap, and correspondingly send an event alarm of unknown trap according to the aforementioned first event rule defined in the first programmable profile.
基於上述,本發明提出的產生網路事件告警的方法及其網路管理裝置可讓網管人員將欲在特定設備上監控的第一特定設陷的相關資訊記載在可編輯文件檔中。接著,網路管理裝置可依據前述可編輯文件檔掃描各設備的管理資訊資料庫以產生對應的可程式化設定檔(其包括一或多個事件規則),進而作為在接收到未知設陷時判斷是否發送相關事件告警的比對依據。Based on the above, the method for generating a network event alarm and the network management device thereof provided by the present invention allow network administrators to record information about a first specific trap to be monitored on a specific device in an editable document file. Then, the network management device can scan the management information database of each device according to the aforementioned editable document file to generate a corresponding programmable profile (which includes one or more event rules), which can then be used as an unknown trap Comparison basis for judging whether to send related event alarms.
為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present invention more obvious and understandable, the embodiments are specifically described below in conjunction with the accompanying drawings for detailed description as follows.
請參照圖1,其是依據本發明之一實施例繪示的網路管理系統示意圖。在圖1中,網路管理系統10包括網路管理裝置100及設備111、112、…、11n。在不同的實施例中,設備111~11n可以是各式網路設備,而網路管理裝置100可用於接收設備111~11n所回報的設陷(trap),並在所接收的設陷符合一定的事件規則時,發送相關的事件告警,以供相關的網管人員據以採取維修或除錯等相應措施。Please refer to FIG. 1, which is a schematic diagram of a network management system according to an embodiment of the present invention. In FIG. 1, the
如圖1所示,網路管理裝置100包括儲存電路102及處理器104。儲存電路102例如是記憶體、硬碟或是其他任何可用於儲存資料的元件,而可用以記錄多個程式碼或模組。處理器104耦接於儲存電路102,並可為一般用途處理器、特殊用途處理器、傳統的處理器、數位訊號處理器、多個微處理器(microprocessor)、一個或多個結合數位訊號處理器核心的微處理器、控制器、微控制器、特殊應用集成電路(Application Specific Integrated Circuit,ASIC)、場可程式閘陣列電路(Field Programmable Gate Array,FPGA)、任何其他種類的積體電路、狀態機、基於進階精簡指令集機器(Advanced RISC Machine,ARM)的處理器以及類似品。As shown in FIG. 1, the
在本案中,處理器104可存取儲存電路102中的模組以執行本發明提出的產生網路事件告警的方法,以下將作進一步說明。In this case, the
請參照圖2,其是依據本發明之一實施例繪示的產生網路事件告警的方法流程圖。本實施例的方法可由圖1的網路管理裝置100執行,以下將搭配圖1所示的元件來說明本方法各步驟的細節。Please refer to FIG. 2, which is a flowchart of a method for generating a network event alarm according to an embodiment of the invention. The method of this embodiment can be executed by the
首先,在步驟S210中,處理器104可基於可編輯文件檔中記載的多個第一物件識別碼(object identifier,OID)掃描特定設備的管理資訊資料庫(management information base,MIB),以從MIB中找出對應於第一物件識別碼的多個第一物件值,其中前述第一物件識別碼對應於特定設備的第一特定設陷。具體而言,前述可編輯文件檔例如是可供網管人員或其他相關使用者編輯的電子試算表(例如.csv檔),但可不限於此。First, in step S210, the
在不同的實施例中,網管人員可依據所欲監控的設限態樣來調整上述可編輯文件檔的內容。為便於說明,上述待監控的設限將代稱為第一特定設限,而上述特定設備將假設為設備111,但其並非用以限定本發明可能的實施方式。舉例而言,網管人員可先找出設備111中第一特定設陷的名稱及其OID,並將這些資訊填入上述可編輯文件檔。In different embodiments, the network administrator can adjust the content of the above-mentioned editable file according to the limit setting to be monitored. For ease of description, the above-mentioned set limit to be monitored will be referred to as the first specific set limit, and the above-mentioned specific device will be assumed to be the
在一實施例中,第一特定設陷的名稱可採用索引值來表示,亦即網管人員可將對應於第一特定設陷的名稱的索引值(例如協定資料單元(protocol data unit,PDU))填入上述可編輯文件檔,藉以讓處理器104在掃描MIB時,能夠依據索引值來找出與第一特定設陷有關的多個第一物件值。換言之,網管人員僅需具備簡單的文件處理技術(例如,編輯電子試算表的知識)即可調整所欲監控的設陷及其相關物件值,因而不需進行如習知作法中的規劃程式碼等較複雜行為。In an embodiment, the name of the first specific trap may be represented by an index value, that is, the network administrator may assign an index value corresponding to the name of the first specific trap (for example, a protocol data unit (PDU) ) Fill in the above-mentioned editable document file, so that when the
在另一實施例中,假設網管人員還需監控設備111上的第二特定設限,則網管人員還可一併將第二特定設陷的相關資訊填入上述可編輯文件檔中,以供處理器104讀取,進而據以從MIB中找出與第二特定設陷有關的多個第二物件值,但本發明可不限於此。In another embodiment, assuming that the network administrator also needs to monitor the second specific setting limit on the
在步驟S220中,處理器104可基於第一物件值產生用於監控第一特定設陷的第一可程式化設定檔。在本實施例中,前述第一可程式化設定檔例如是一YAML檔,但在其他實施例中,設計者亦可依需求而採用其他的程式語言來呈現前述第一可程式化設定檔。In step S220, the
請參照圖3,其是依據本發明之一實施例繪示的第一可程式化設定檔示意圖。如圖3所示,第一可程式化設定檔300可包括事件收發OID 310、事件名稱320、事件關聯物件330、事件等級340、事件描述350及PDU物件值360(以下統稱第一事件規則)。在一實施例中,在處理器104讀取網管人員所編輯的上述可編輯文件檔之後,即可基於其中的內容而產生具有如圖3所示結構的第一可程式化設定檔300。之後,第一可程式化設定檔300即可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備111的設陷的監控行為時,僅需讀取第一可程式化設定檔300即可得知網管人員所欲在設備111上監控的第一特定設陷的相關資訊。Please refer to FIG. 3, which is a schematic diagram of a first programmable configuration file according to an embodiment of the present invention. As shown in FIG. 3, the first
此外,若上述可編輯文件檔中存在關聯於第二特定設陷的相關資訊,則處理器104在讀取上述可編輯文件檔之後,還可據以產生關聯於第二特定設陷的第二可程式化設定檔(未繪示),而其結構可與第一可程式化設定檔相似。並且,此第二可程式化設定檔亦可記錄有事件收發、事件名稱、事件關聯物件、事件等級、事件描述及PDU物件值(以下統稱第二事件規則),並可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備111上設陷的監控行為時,僅需讀取第二可程式化設定檔即可得知網管人員所欲在設備111上監控的第二特定設陷的相關資訊。In addition, if there is relevant information associated with the second specific trap in the editable document file, the
請參照圖4,其是依據本發明之一實施例繪示的可編輯文件檔示意圖。在圖4中,網管人員可依所欲在設備(例如,設備112)上監控的設陷態樣而在所示可編輯文件檔400(例如,電子試算表)欄位中填入相應的物件值。藉此,處理器104即可在讀取可編輯文件檔400之後而產生與圖3的第一可程式化設定檔300具有相似結構的另一可程式化設定檔,而所述另一可程式化設定檔同樣可儲存在網路管理裝置100用於管理設備111~11n的服務引擎的目錄下。藉此,當網路管理裝置100執行前述服務引擎以進行對設備112上設陷的監控行為時,僅需讀取上述另一可程式化設定檔即可得知網管人員所欲在設備112上監控的設陷的相關資訊。Please refer to FIG. 4, which is a schematic diagram of an editable document file according to an embodiment of the present invention. In FIG. 4, the network administrator can fill in the corresponding object in the field of the editable document file 400 (for example, electronic spreadsheet) as shown in the trapped state on the device (for example, device 112). value. Thereby, the
請再次參照圖2,在步驟S230中,當接收到未知設陷時,處理器104可從未知設陷中取出對應於第一物件值的多個第一設陷資訊,例如未知設陷的設備Enterprise OID、Trap OID及PDU物件值等。並且,在步驟S240中,當第一設陷資訊符合第一可程式化設定檔300中定義的第一事件規則時,判定未知設陷為第一特定設陷,並依據第一可程式化設定檔300中定義的前述第一事件規則相應地發送未知設陷的事件告警。例如,若未知設陷的設備Enterprise OID、Trap OID及PDU物件值等皆匹配於第一可程式化設定檔300記錄的對應內容時,處理器104即可判定未知設陷即為網管人員欲監控的第一特定設陷。Please refer to FIG. 2 again. In step S230, when an unknown trap is received, the
應了解的是,由於上述第一事件規則(例如設備Enterprise OID、Trap OID及PDU物件值)皆可由網管人員依需求而寫入前述可編輯文件檔中,因此網管人員可輕易地藉由調整前述可編輯文件檔的內容多寡來相應地調整上述比對機制的粗細,而不需再另外進行例如撰寫程式碼等較繁複的行為。It should be understood that, since the above first event rules (such as device Enterprise OID, Trap OID, and PDU object values) can be written into the editable document file by the network administrator as required, the network administrator can easily adjust the foregoing The content of the editable document file can be adjusted accordingly to adjust the thickness of the above-mentioned comparison mechanism accordingly, without the need to perform more complicated activities such as writing code.
在一實施例中,在判定未知設陷為第一特定設陷之後,處理器104即可發送未知設陷的事件告警。舉例而言,處理器104可依據第一可程式化設定檔300中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。藉此,網管人員即可依據事件告警的內容而得知特定設備(例如,設備111)可能已出現問題,進而可採取對應的維護或調校措施。In an embodiment, after determining that the unknown trap is the first specific trap, the
在一實施例中,在若設備111上的問題已被解決,則設備111可自動發出一清除設陷(clear trap)訊息,以告知網路管理裝置100將上述未知設陷清除。In an embodiment, if the problem on the
在其他實施例中,若未知設陷不匹配於第一特定設陷,則處理器104還可接續判斷未知設陷是否對應於第二特定設陷,亦即判斷未知設陷的第一設陷資訊是否符合第二可程式化設定檔中定義的多個第二事件規則。若是,則處理器104可依據第二可程式化設定檔中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。In other embodiments, if the unknown trap does not match the first specific trap, the
綜上所述,本發明提出的產生網路事件告警的方法及其網路管理裝置可讓網管人員輕易地將欲在不同設備上監控的各式設陷態樣及相關事件規則記載在可編輯文件檔中。接著,網路管理裝置可依據前述可編輯文件檔掃描各設備的MIB以產生對應的可程式化設定檔,進而作為在接收到未知設陷時判斷是否發送相關事件告警的比對依據。In summary, the method and network management device for generating network event alarms provided by the present invention can allow network administrators to easily record various types of traps and related event rules to be monitored on different devices in editable In the file. Then, the network management device can scan the MIB of each device according to the aforementioned editable file file to generate a corresponding programmable configuration file, which can be used as a comparison basis for determining whether to send related event alarms when an unknown trap is received.
並且,在判斷未知設陷對應於某個欲監控的特定設陷時,本發明實施例還可依據前述特定設陷對應的可程式化設定檔中定義的事件標題、事件等級、事件敘述及事件標的來發送未知設陷的事件告警,以供相關網管人員參考。藉此,網管人員即可依據事件告警的內容而得知特定設備可能已出現問題,進而可採取對應的維護或調校措施。Moreover, when it is determined that the unknown trap corresponds to a specific trap to be monitored, embodiments of the present invention may also be based on the event title, event level, event description and event defined in the programmable profile corresponding to the specific trap The target is to send an event alert for unknown traps for reference by relevant network management personnel. In this way, the network management personnel can know that the specific device may have a problem based on the content of the event alarm, and then can take corresponding maintenance or adjustment measures.
如此一來,本發明實施例可有效地增加網管人員管理設備上的靈活性及便利性,並還可依需求來調整事件規則的粗細。換言之,本發明實施例提供一種可讓網管人員輕易地集中管理各類網路設備的事件規則的機制,因而可不需如習知作法一般地因應於不同的網路設備而設計專用的網路設備事件告警判斷流程,從而能夠相應地提升管理上的效率及便利性。In this way, the embodiments of the present invention can effectively increase the flexibility and convenience of network management personnel management equipment, and can also adjust the thickness of event rules according to requirements. In other words, the embodiments of the present invention provide a mechanism that allows network administrators to easily centrally manage the event rules of various types of network devices, so that it is not necessary to design special network devices in response to different network devices as is common practice. Event alarm judgment process, which can improve management efficiency and convenience accordingly.
雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above with examples, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention shall be subject to the scope defined in the appended patent application.
10:網路管理系統100:網路管理裝置102:儲存電路104:處理器111、112、…、11n:設備300:第一可程式化設定檔310:事件收發OID320:事件名稱330:事件關聯物件340:事件等級350:事件描述360:PDU物件值400:可編輯文件檔S210~S240:步驟10: Network management system 100: Network management device 102: Storage circuit 104:
圖1是依據本發明之一實施例繪示的網路管理系統示意圖。 圖2是依據本發明之一實施例繪示的產生網路事件告警的方法流程圖。 圖3是依據本發明之一實施例繪示的第一可程式化設定檔示意圖。 圖4是依據本發明之一實施例繪示的可編輯文件檔示意圖。FIG. 1 is a schematic diagram of a network management system according to an embodiment of the invention. FIG. 2 is a flowchart of a method for generating a network event alarm according to an embodiment of the invention. FIG. 3 is a schematic diagram of a first programmable profile according to an embodiment of the invention. 4 is a schematic diagram of an editable document file according to an embodiment of the invention.
S210~S240:步驟 S210~S240: Steps
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107131772A TWI682655B (en) | 2018-09-10 | 2018-09-10 | Method for generating network event warning and network management device using the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107131772A TWI682655B (en) | 2018-09-10 | 2018-09-10 | Method for generating network event warning and network management device using the same |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI682655B TWI682655B (en) | 2020-01-11 |
TW202011725A true TW202011725A (en) | 2020-03-16 |
Family
ID=69942526
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW107131772A TWI682655B (en) | 2018-09-10 | 2018-09-10 | Method for generating network event warning and network management device using the same |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI682655B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI732725B (en) * | 2020-12-11 | 2021-07-01 | 中華電信股份有限公司 | Debugging method for narrowband internet of things terminal and electronic device using the same |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003094031A1 (en) * | 2002-05-03 | 2003-11-13 | Netbotz, Inc. | Method and apparatus for collecting and displaying network device information |
TW200915781A (en) * | 2007-09-20 | 2009-04-01 | Chunghwa Telecom Co Ltd | Monitor and control system for unmanned computer network apparatus room |
TW201208319A (en) * | 2010-08-10 | 2012-02-16 | Chunghwa Telecom Co Ltd | Web-based early warning system and method |
CN102387043B (en) * | 2011-12-07 | 2014-04-16 | 深圳市龙视传媒有限公司 | Alarm analysis method, workstation and system based on simple network management protocol |
CN105187258B (en) * | 2015-09-30 | 2018-10-02 | 北京英诺威尔科技股份有限公司 | A kind of configurable Trap warning analysis processing methods |
-
2018
- 2018-09-10 TW TW107131772A patent/TWI682655B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI682655B (en) | 2020-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109039740B (en) | Method and equipment for processing operation and maintenance monitoring alarm | |
CN110249314A (en) | The system and method monitored for OS Events based on cloud and data access | |
JP6160064B2 (en) | Application determination program, failure detection apparatus, and application determination method | |
WO2020000676A1 (en) | Database automatic alarming method and apparatus, terminal device, and readable storage medium | |
CN114077525A (en) | Abnormal log processing method and device, terminal equipment, cloud server and system | |
US8892703B2 (en) | Cross-cutting event correlation | |
CN112698915A (en) | Multi-cluster unified monitoring alarm method, system, equipment and storage medium | |
US20230125565A1 (en) | Automated monitoring of proximate devices | |
CN112230847B (en) | Method, system, terminal and storage medium for monitoring K8s storage volume | |
CN111431735B (en) | Method, device and apparatus for managing connection pool and storage medium | |
US20210365564A1 (en) | Techniques for monitoring computing infrastructure | |
US20180300199A1 (en) | System and method for maintaining the health of a machine | |
TWI682655B (en) | Method for generating network event warning and network management device using the same | |
CN107885634B (en) | Method and device for processing abnormal information in monitoring | |
CN114172921A (en) | Log auditing method and device for scheduling recording system | |
CN108228417B (en) | Internet of vehicles log processing method and device | |
US10445213B2 (en) | Non-transitory computer-readable storage medium, evaluation method, and evaluation device | |
CN113672912A (en) | Network security monitoring system based on computer hardware indication and behavior analysis | |
CN103916376A (en) | Cloud system with attract defending mechanism and defending method thereof | |
CN110516434B (en) | Privileged account scanning system | |
CN109558300B (en) | Whole cabinet alarm processing method and device, terminal and storage medium | |
CN110727555A (en) | Service interface management method, device, medium and computer equipment | |
CN115757318A (en) | Log query method and device, storage medium and electronic equipment | |
CN115794479A (en) | Log data processing method and device, electronic equipment and storage medium | |
JP2009053896A (en) | Unauthorized operation detector and program |