TWI738277B - Monitoring alarm method and its server end - Google Patents

Monitoring alarm method and its server end Download PDF

Info

Publication number
TWI738277B
TWI738277B TW109110999A TW109110999A TWI738277B TW I738277 B TWI738277 B TW I738277B TW 109110999 A TW109110999 A TW 109110999A TW 109110999 A TW109110999 A TW 109110999A TW I738277 B TWI738277 B TW I738277B
Authority
TW
Taiwan
Prior art keywords
server
login
response time
data
time interval
Prior art date
Application number
TW109110999A
Other languages
Chinese (zh)
Other versions
TW202139142A (en
Inventor
黃士豪
王昭淵
Original Assignee
中國信託商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中國信託商業銀行股份有限公司 filed Critical 中國信託商業銀行股份有限公司
Priority to TW109110999A priority Critical patent/TWI738277B/en
Application granted granted Critical
Publication of TWI738277B publication Critical patent/TWI738277B/en
Publication of TW202139142A publication Critical patent/TW202139142A/en

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

一種用以監控告警的伺服端,透過一經由一通訊網路連接一管理端及一系統,該伺服端儲存有N筆對應於N個連續的先前時間區間且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間及一相關於該登入回應時間的關鍵因子集合,該伺服端根據該等歷史登入資料建立一監控模型,當該伺服端接收到在早於一當前時間區間的第前一個先前時間區間中的該歷史登入資料時,該伺服端利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間,並根據該預測登入回應時間,判斷該系統是否存在一需警告事件。A server for monitoring alarms, which connects a management terminal and a system through a communication network. The server stores N records corresponding to N consecutive previous time intervals and is related to the system's response to the user's login The historical login data of the response status, each historical login data includes a login response time and a set of key factors related to the login response time. The server establishes a monitoring model based on the historical login data. When the server receives When the historical login data in the first previous time interval earlier than a current time interval is reached, the server uses the monitoring model to calculate a predicted login response time related to the current time interval, and based on the prediction Log in response time to determine whether there is a warning event in the system.

Description

監控告警方法及其伺服端Monitoring alarm method and its server end

本發明是有關於一種監控方法,特別是指一種根據現有登入回應資料發送一警告訊息的監控方法。The present invention relates to a monitoring method, in particular to a monitoring method that sends a warning message based on the existing login response data.

現今資訊蓬勃發展,連帶使應用資訊科技的產業也不斷增多,例如金融產業透過資訊科技,建立網路銀行,其中使用者可藉由通訊網路連線至網路銀行,並在網路銀行使用各種金融服務,例如查詢帳戶、轉帳、貸款等服務,而對於金融業者而言,如何確認網路銀行等數位系統正常運作,成為一項重要的課題。Information technology is booming nowadays, and the industries that apply information technology are also increasing. For example, the financial industry uses information technology to establish online banking, in which users can connect to online banking through communication networks and use various types of information in online banking. Financial services, such as account inquiries, transfers, loans, and other services, and how to confirm the normal operation of digital systems such as online banking has become an important issue for financial industry players.

目前關於監控數位系統的方法,主要透過一經由一通訊網路連接該數位系統及一管理端的伺服端來實施,該伺服端儲存有一相關於該數位系統的對照資訊,其中該對照資訊包含相關於該數位系統的一異常狀況,該方法主要包含以下步驟:該數位系統持續傳送一相關於該數位系統的運作資料至該伺服端;該伺服端根據該運作資料及該對照資訊,判斷該數位系統是否發生異常狀況;以及當該伺服端判斷該數位系統發生異常狀況時,該伺服端傳送一相關於該異常狀況的警告訊息至該管理端。The current method of monitoring a digital system is mainly implemented through a server connected to the digital system and a management terminal via a communication network. The server stores a control information related to the digital system, wherein the control information includes information related to the digital system. An abnormal condition of a digital system. The method mainly includes the following steps: the digital system continuously sends an operation data related to the digital system to the server; the server determines whether the digital system is An abnormal condition occurs; and when the server determines that the digital system has an abnormal condition, the server sends a warning message related to the abnormal condition to the management terminal.

雖然上述的方法達到了監控該數位系統的目的,但是仍存在部分困境,其一,該伺服端根據該異常狀況,傳送相關該異常狀況的該警告訊息至該管理端,其中該異常狀況多為使該系統無法運作的重大問題,例如系統無反應或是系統中某一模組損壞等問題,此時發送警告訊息至該管理端僅能達到亡羊補牢的作用,並無法達到防患於未然的功效,再者,該對照資訊係由一管理者根據監控該數位系統的經驗所產生,其中人為經驗不僅可能因人而異而產生誤判,更可能因為人為經驗的錯誤判斷影響對照資訊,導致該伺服端做出不適當的行為產生不良後果。Although the above method achieves the purpose of monitoring the digital system, there are still some dilemmas. First, the server sends the warning message related to the abnormal condition to the management terminal according to the abnormal condition, where the abnormal condition is mostly Major problems that make the system inoperable, such as the system does not respond or a certain module in the system is damaged. At this time, sending a warning message to the management terminal can only achieve the effect of remedying the situation, and cannot achieve the effect of preventing problems before they occur. Moreover, the control information is generated by a manager based on the experience of monitoring the digital system. The human experience may not only cause misjudgments from person to person, but also may affect the control information due to the misjudgment of human experience, leading to the servo Inappropriate behavior at the end has undesirable consequences.

因此,本發明的目的,即在提供一種根據登入資料,判斷是否可能發生異常狀況的監控告警方法。Therefore, the purpose of the present invention is to provide a monitoring and warning method for judging whether an abnormal situation may occur based on the login data.

本發明的另一目的,在於提供一種根據登入資料,判斷是否可能發生異常狀況的伺服端。Another object of the present invention is to provide a server that judges whether an abnormal situation may occur based on the login data.

於是,本發明監控告警方法,透過一經由一通訊網路連接一管理端及一系統的伺服端來實施,該伺服端儲存有N筆對應於N個連續的先前時間區間,且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間,及一相關於該登入回應時間的關鍵因子集合,而本發明監控告警方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D)、一步驟(E),及一步驟(F)。Therefore, the monitoring and alarm method of the present invention is implemented by a server connected to a management terminal and a system via a communication network. The server stores N records corresponding to N consecutive previous time intervals and is related to the system response. The historical login data of the response status of the user's login. Each historical login data includes a login response time and a set of key factors related to the login response time. The monitoring alarm method of the present invention includes steps (A), One step (B), one step (C), one step (D), one step (E), and one step (F).

在該步驟(A)中,該伺服端根據該等歷史登入資料,產生N-1筆訓練資料,其中對於每筆訓練資料包含第前n個先前時間區間之歷史登入資料的該關鍵因子集合,及對應第前n-1個先前時間區間之歷史登入資料的該登入回應時間,其中1>n≦N。In this step (A), the server generates N-1 training data based on the historical login data, where each training data includes the key factor set of the historical login data of the nth previous time interval. And the login response time corresponding to the historical login data of the first n-1 previous time interval, where 1>n≦N.

在該步驟(B)中,該伺服端根據該等訓練資料,分別利用多個不同的機器學習演算法,建立多個用以預測登入該系統之預測登入回應時間的訓練模型。In the step (B), the server uses a plurality of different machine learning algorithms to establish a plurality of training models for predicting the predicted login response time for logging into the system according to the training data.

在該步驟(C)中,該伺服端自該等訓練模型中,選取一用以預測登入該系統之預測登入回應時間的監控模型。In the step (C), the server selects a monitoring model used to predict the predicted login response time for logging into the system from the training models.

在該步驟(D)中,當該伺服端接收到在早於一當前時間區間的第前一個先前時間區間中的該歷史登入資料時,該伺服端根據該歷史登入資料,利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間。In this step (D), when the server receives the historical login data in the first previous time interval earlier than a current time interval, the server uses the monitoring model according to the historical login data, Calculate a predicted login response time related to the current time interval.

在該步驟(E)中,該伺服端根據該預測登入回應時間,判斷該系統是否存在一需警告事件。In the step (E), the server determines whether there is a warning event in the system based on the predicted login response time.

在該步驟(F)中,當該伺服端判斷該系統存在該需警告事件時,該伺服端傳送一警告訊息至該管理端。In the step (F), when the server determines that the system has the warning event, the server sends a warning message to the management terminal.

再者,本發明用以監控告警的伺服端,經由一通訊網路連接一管理端及一系統,該伺服端包含一伺服端通訊模組、一伺服端儲存模組,及一伺服端處理模組。Furthermore, the server for monitoring alarms of the present invention is connected to a management terminal and a system via a communication network. The server includes a server communication module, a server storage module, and a server processing module .

該伺服端通訊模組連接至該通訊網路,該伺服端儲存模組儲存有N筆對應於N個連續的先前時間區間,且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間,及一相關於該登入回應時間的關鍵因子集合。The server-side communication module is connected to the communication network, and the server-side storage module stores N records corresponding to N consecutive previous time intervals and historical login data related to the response status of the system in response to the user's login Each historical login data includes a login response time and a set of key factors related to the login response time.

該伺服端處理模組電連接該伺服端通訊模組及該伺服端儲存模組,該伺服端處理模組根據該等歷史登入資料,產生N-1筆訓練資料,其中對於每筆訓練資料包含第前n個先前時間區間之歷史登入資料的該關鍵因子集合,及對應第前n-1個先前時間區間之歷史登入資料的該登入回應時間,其中1>n≦N,並根據該等訓練資料,分別利用多個不同的機器學習演算法,建立多個用以預測登入該系統之預測登入回應時間的訓練模型,且自該等訓練模型中,選取一用以預測登入該系統之預測登入回應時間的監控模型,當該伺服端處理模組接收到在早於一當前時間區間的第前一個先前時間區間中的該歷史登入資料時,該伺服端處理模組根據該歷史登入資料,利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間,並根據該預測登入回應時間,判斷該系統是否存在一需警告事件,當該伺服端處理模組判斷該系統存在該需警告事件時,傳送一警告訊息至該管理端。The server-side processing module is electrically connected to the server-side communication module and the server-side storage module. The server-side processing module generates N-1 training data based on the historical login data, where each training data includes The key factor set of the historical login data of the first n previous time interval, and the login response time corresponding to the historical login data of the first n-1 previous time interval, where 1>n≦N, and according to the training Data, using a number of different machine learning algorithms to create a number of training models for predicting the predicted login response time for logging in to the system, and from the training models, select a prediction log for predicting logging in to the system Response time monitoring model. When the server-side processing module receives the historical login data in the first previous time interval earlier than a current time period, the server-side processing module uses the historical login data according to the The monitoring model calculates a predicted login response time related to the current time interval, and based on the predicted login response time, determines whether there is a warning event in the system. When the server-side processing module determines that the system has the need In the event of a warning, a warning message is sent to the management terminal.

本發明的功效在於:透過該伺服端根據該前第一個先前時間區間的該歷史登入資料,判斷該系統是否存在該需警告事件,藉此,不僅避免人為經驗影響該伺服端進行決策,同時藉由該伺服端根據該前第一個先前時間區間的該歷史登入資料提前判定該當前時間區間的預測登入回應時間是否異常,可及早預測系統是否可能發生異常狀況,並發出警示以使管理者盡早進行處理進而避免系統因小異常衍生出使該系統無法運作的重大問題,藉此達到防患於未然的功效。The effect of the present invention is that the server determines whether there is the warning event in the system based on the historical login data of the first previous time interval, thereby not only avoiding human experience from affecting the server's decision-making, but also The server determines in advance whether the predicted login response time of the current time period is abnormal according to the historical login data of the first previous time period, and can predict whether abnormal conditions may occur in the system as soon as possible, and issue a warning to enable the administrator Deal with it as soon as possible to avoid major problems that make the system inoperable due to minor abnormalities, thereby achieving the effect of preventing problems before they occur.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same numbers.

參閱圖1,本發明監控告警方法的一實施例藉由一伺服端1來實施,該伺服端1經由一通訊網路100連接一系統2及一管理端3。Referring to FIG. 1, an embodiment of the monitoring and alarm method of the present invention is implemented by a server 1, and the server 1 is connected to a system 2 and a management terminal 3 via a communication network 100.

該伺服端1包含一連接至該通訊網路100的伺服端通訊模組11、一伺服端儲存模組12,及一電連接該伺服端通訊模組11及該伺服端儲存模組12的伺服端處理模組13。該伺服端儲存模組12儲存有N筆對應於N個連續的先前時間區間,且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間,及一相關於該登入回應時間的關鍵因子集合,在本實施例中,該伺服端1的實施態樣可以為一個人電腦、一雲端主機或一伺服器,但不以此為限。The server terminal 1 includes a server terminal communication module 11 connected to the communication network 100, a server terminal storage module 12, and a server terminal electrically connected to the server terminal communication module 11 and the server terminal storage module 12 Processing module 13. The server-side storage module 12 stores N records of historical login data corresponding to N consecutive previous time intervals and related to the response status of the system's response to the user's login. Each historical login data includes a login response time. , And a set of key factors related to the login response time. In this embodiment, the implementation of the server 1 can be a personal computer, a cloud host, or a server, but it is not limited to this.

該系統2為一用以供多個使用者登入的系統,在本實施例中,該系統2的實施態樣可以為一網路銀行、一網購平台或一社群網站,但不以此為限。The system 2 is a system for multiple users to log in. In this embodiment, the implementation of the system 2 can be an online bank, an online shopping platform, or a social group website, but it is not limit.

該管理端3由一對應的管理者所持有,在本實施例中,該管理端3的實施態樣可以為一個人電腦、一筆記型電腦或一行動裝置,但不以此為限。The management terminal 3 is held by a corresponding manager. In this embodiment, the implementation aspect of the management terminal 3 can be a personal computer, a notebook computer or a mobile device, but is not limited to this.

以下將配合所附圖式說明利用該伺服端1所實施的本發明監控告警方法之實施例。Hereinafter, an embodiment of the monitoring and alarm method of the present invention implemented by the server 1 will be described in conjunction with the accompanying drawings.

參閱圖2,本發明監控告警方法說明該伺服端1如何根據相關於該系統2之該等歷史登入資料,產生一警告訊息並傳送至該管理端3,該監控告警方法包含一步驟401、一步驟402、一步驟403、一步驟404、一步驟405,及一步驟406。Referring to Figure 2, the monitoring and alarming method of the present invention illustrates how the server 1 generates a warning message based on the historical login data related to the system 2 and sends it to the management terminal 3. The monitoring and alarming method includes a step 401, a step 401, and a step 401. Step 402, a step 403, a step 404, a step 405, and a step 406.

在該步驟401中,該伺服端處理模組13根據該等歷史登入資料,產生N-1筆訓練資料,其中對於每筆訓練資料包含第前n個先前時間區間之歷史登入資料的該關鍵因子集合,及對應第前n-1個先前時間區間之歷史登入資料的該登入回應時間,其中1>n≦N。In this step 401, the server-side processing module 13 generates N-1 training data based on the historical login data, where each training data includes the key factor of the historical login data of the first n previous time interval Set, and the login response time corresponding to the historical login data of the first n-1 previous time interval, where 1>n≦N.

舉例來說,該伺服端儲存模組12儲存有對應於2020/2/14上午9點至上午9點10分、上午9點10分至上午9點20分、上午9點20至上午9點30分、上午9點30分至上午9點40分、上午9點40分至上午9點50分,及上午9點50分至上午10點的六筆歷史登入資料,則該伺服端處理模組13根據該六筆歷史登入資料,產生五筆訓練資料,其中第一筆訓練資料包含對應第前六個先前時間區間,亦即,上午9點至上午9點10分,之該筆歷史登入資料的該關鍵因子集合,及對應第前五個先前時間區間,亦即,上午上午9點10分至上午9點20分,之該筆歷史登入資料的該登入回應時間,其他筆訓練資料所包含的內容因此類推。For example, the server storage module 12 stores data corresponding to 9:10 am to 9:10 am, 9:10 am to 9:20 am, and 9:20 am to 9 am on February 14, 2020. 30 minutes, 9:30 am to 9:40 am, 9:40 am to 9:50 am, and 9:50 am to 10:00 am for the six historical login data, the server processing mode Group 13 generates five training data based on the six historical log-in data. The first training data contains the historical log-in data corresponding to the first six previous time intervals, that is, from 9 am to 9:10 am The key factor set of, and corresponding to the first five previous time intervals, that is, from 9:10 am to 9:20 am, the log-in response time of the historical log-in data, and the other training data contains The content is so analogized.

值得一提的是,在本實施例中,該關鍵因子集合包含一在線併發點擊數、一在線人數、一登入異常數量,及一系統記憶體用量,但在其他實施例中,該關鍵因子集合還可以包含其他關鍵因子,並不以此為限。It is worth mentioning that in this embodiment, the key factor set includes a number of concurrent online clicks, a number of online users, a number of abnormal logins, and a system memory usage, but in other embodiments, the key factor set Other key factors can also be included, and are not limited to this.

在該步驟402中,該伺服端處理模組13根據該等訓練資料,建立一用以預測登入該系統之預測登入回應時間的監控模型。In this step 402, the server-side processing module 13 establishes a monitoring model for predicting the predicted login response time for logging into the system based on the training data.

搭配參閱圖3,該步驟402中還包含一子步驟4021、一子步驟4022,及一子步驟4023,以下說明該步驟402的子步驟。With reference to FIG. 3, the step 402 also includes a sub-step 4021, a sub-step 4022, and a sub-step 4023. The sub-steps of the step 402 are described below.

在該步驟4021中,該伺服端處理模組13根據該等訓練資料,分別利用多個不同的機器學習演算法,例如線性回歸(Linear Regression)、隨機森林(Random Forest)、決策樹(Decision Tree),或套索算法(Least Absolute Shrinkage and Selection Operator, LASSO),建立多個用以預測登入該系統之預測登入回應時間的訓練模型。In step 4021, the server-side processing module 13 uses a plurality of different machine learning algorithms, such as Linear Regression, Random Forest, and Decision Tree according to the training data. ), or the Least Absolute Shrinkage and Selection Operator (LASSO), to establish multiple training models for predicting the predicted login response time for logging into the system.

在該步驟4022中,對於每一訓練模型,該伺服端處理模組13根據該等訓練資料,獲得該等訓練資料對應該訓練模型的一決定係數及一均方根誤差。In step 4022, for each training model, the server-side processing module 13 obtains a determination coefficient and a root mean square error of the training data corresponding to the training model according to the training data.

在該步驟4023中,該伺服端處理模組13根據每一訓練模型對應的該決定係數及該均方根誤差,自該等訓練模型中,選取該用以預測登入該系統之回應時間的監控模型,舉例來說,該伺服端處理模組13自該等訓練模型中,選取多個其決定係數大於一預設閾值的候選模型,再自該等候選模型中選取一對應有最小值均方根誤差的監控模型,但在其他實施例中,該伺服端處理模組13也可根據該決定係數及該均方根誤差,利用其他方式選取出該監控模型,並不以本實施例為限。In the step 4023, the server-side processing module 13 selects the monitor used to predict the response time of logging into the system from the training models according to the determination coefficient and the root mean square error corresponding to each training model For example, the server-side processing module 13 selects multiple candidate models whose determination coefficients are greater than a predetermined threshold from the training models, and then selects one of the candidate models corresponding to the minimum mean square Root error monitoring model, but in other embodiments, the server-side processing module 13 can also select the monitoring model in other ways based on the determination coefficient and the root mean square error, and it is not limited to this embodiment .

在該步驟403中,當該伺服端處理模組13透過該伺服端通訊模組11,接收到來自該系統2在早於一當前時間區間的第前一個先前時間區間中的該歷史登入資料時,該伺服端處理模組13根據該歷史登入資料,利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間。In step 403, when the server processing module 13 receives the historical login data from the system 2 in the first previous time interval earlier than a current time interval through the server communication module 11 The server-side processing module 13 uses the monitoring model to calculate a predicted login response time related to the current time interval based on the historical login data.

在該步驟404中,該伺服端處理模組13根據該預測登入回應時間,判斷該系統2是否存在一需警告事件,當該伺服端判斷該系統2並不存在該需警告事件時,結束該監控告警方法;當該伺服端判斷該系統2存在該需警告事件時,進行該步驟405。In step 404, the server processing module 13 determines whether there is a warning event in the system 2 based on the predicted login response time. When the server determines that the system 2 does not have the warning event, it ends the Monitoring alarm method; when the server determines that the system 2 has the event that needs to be warned, step 405 is performed.

搭配參閱圖4,該步驟404還包含一子步驟4041、一子步驟4042,及一子步驟4043,以下說明該步驟404的子步驟。With reference to FIG. 4, the step 404 further includes a sub-step 4041, a sub-step 4042, and a sub-step 4043. The sub-steps of the step 404 are described below.

在該子步驟4041中,該伺服端處理模組13自該等N個先前時間區間中,選取出一對應該當前時間區間的目標先前時間區間,在本實施例中,該伺服端處理模組13係自該等N個先前時間區間中,選取出與該當前時間區間不同日期但相同時刻的該目標先前時間區間,舉例來說,該當前時間區間為2020/2/14上午10點至10點10分,則該伺服端處理模組13自該等N個先前時間區間中選取出該目標先前時間區間,其中該目標先前時間區間為一星期前的2020/2/7上午10點至10點10分,但在其他實施例中,該伺服端處理模組13亦能根據其他條件,選取出對應該當前時間區間的該目標先前時間區間,並不以本實施例為限。In the sub-step 4041, the server processing module 13 selects the target previous time interval corresponding to the current time interval from the N previous time intervals. In this embodiment, the server processing module 13 is to select the target previous time interval from the N previous time intervals on a different date but at the same time from the current time interval. For example, the current time interval is 2020/2/14 from 10 am to 10 am At 10 o'clock, the server-side processing module 13 selects the target previous time interval from the N previous time intervals, where the target previous time interval is from 10 am to 10 am on 2020/2/7 a week ago It is 10 o'clock, but in other embodiments, the server-side processing module 13 can also select the target previous time interval corresponding to the current time interval according to other conditions, which is not limited to this embodiment.

在該子步驟4042中,該伺服端處理模組13根據相關於該目標先前時間區間之一目標歷史登入資料的該登入回應時間,獲得一預設閥值,舉例來說,相關於該目標先前時間區間2020/2/7上午10點至10點10分之該目標歷史登入資料的該登入回應時間為0.5秒,則該伺服端處理模組13根據該登入回應時間獲得該預設閥值0.75秒,其中該伺服端處理模組13係將該登入回應時間0.5秒乘以一基數1.5而得到該預設閥值0.75秒,但在其他實施例中,該伺服端處理模組13亦能根據該登入回應時間,透過其他方式獲得該預設閥值,並不以本實施例為限。In the sub-step 4042, the server-side processing module 13 obtains a preset threshold according to the login response time of the target historical login data related to a previous time interval of the target, for example, related to the target previous time interval. The login response time of the target historical login data from 10 am to 10:10 in the time interval 2020/2/7 is 0.5 seconds, and the server-side processing module 13 obtains the default threshold value of 0.75 according to the login response time The server-side processing module 13 multiplies the login response time 0.5 seconds by a base number of 1.5 to obtain the default threshold of 0.75 seconds. However, in other embodiments, the server-side processing module 13 can also be based on The login response time is obtained by other means to obtain the preset threshold, which is not limited to this embodiment.

在該子步驟4043中,該伺服端處理模組13判斷該預測登入回應時間是否大於該預設閥值,當該伺服端處理模組13判斷該預測登入回應時間大於該預設閥值時,代表該伺服端判斷該系統2存在該需警告事件,並進行該步驟405,當該伺服端處理模組13判斷該預測登入回應時間不大於該預設閥值時,代表該伺服端處理模組13判斷該系統2並不存在該需警告事件,並結束該監控告警方法。In the sub-step 4043, the server-side processing module 13 determines whether the predicted login response time is greater than the preset threshold. When the server-side processing module 13 determines that the predicted login response time is greater than the preset threshold, It means that the server side determines that the system 2 has the warning event, and performs step 405. When the server side processing module 13 determines that the predicted login response time is not greater than the preset threshold, it means that the server side processing module 13 It is judged that the system 2 does not have the event that needs to be warned, and the monitoring and warning method is ended.

在該步驟405中,該伺服端處理模組13自對應該第前一個先前時間區間之該歷史登入資料的該關鍵因子集合中,選取出至少一關鍵因子,其中該第前一個先前時間區間為早於該當前時間區間,且與該當前時間區間連續的該先前時間區間,例如該當前時間區間為2020/2/14上午10點至10點10分,則該第前一個先前時間區間為2020/2/14上午9點50分至10點。In step 405, the server processing module 13 selects at least one key factor from the key factor set corresponding to the historical login data of the first previous time interval, wherein the first previous time interval is The previous time interval that is earlier than the current time interval and continuous with the current time interval, for example, if the current time interval is 2020/2/14 from 10 am to 10:10 am, then the first previous time interval is 2020 /2/14 from 9:50 to 10:00 in the morning.

在該步驟406中,該伺服端處理模組13根據該至少一關鍵因子,產生一相關於該至少一關鍵因子的警告訊息,並藉由該伺服端通訊模組11經由該通訊網路100傳送該警告訊息至該管理端3。In the step 406, the server-side processing module 13 generates a warning message related to the at least one critical factor according to the at least one critical factor, and transmits the warning message via the communication network 100 through the server-side communication module 11 Warning message to the management terminal 3.

綜上所述,本發明監控告警方法,透過該伺服端1藉由該等對應該系統2的歷史登入資料,建立該用以預測登入該系統之預測登入回應時間的監控模型,並利用該監控模型判斷是否存在該需警告事件,及當存在該需警告事件時,傳送該警告訊息至該管理端,藉此,該伺服端1能就該等歷史登入資料判斷是否存在該需警告事件,從而避免該伺服端1受到人為經驗的影響導致判斷結果產生誤差,另一方面,該伺服端1在該系統2發生重大事故前,即能透過該等歷史登入資料判斷存在該需警告事件並傳送該警告訊息,藉此及早預測系統是否可能發生異常狀況並發出警示以使管理者盡早進行處理,達到防患於未然的功效,例如在該系統2因為系統記憶體用量耗盡而當機之前,該伺服端1即能透過該預測登入回應時間大於該預設閥值判斷存在該需警告事件,並傳送該相關於該系統記憶體用量的該警告訊息至該管理端3,故確實能達成本發明的目的。In summary, the monitoring alarm method of the present invention uses the historical login data of the corresponding system 2 through the server 1 to establish the monitoring model for predicting the predicted login response time for logging in to the system, and use the monitoring The model judges whether the warning event exists, and when there is the warning event, the warning message is sent to the management terminal, whereby the server 1 can determine whether the warning event exists based on the historical login data, thereby To prevent the server 1 from being affected by human experience and causing errors in the judgment result. On the other hand, the server 1 can judge the existence of the warning event through the historical login data and send the warning before a major accident occurs in the system 2. Warning messages are used to predict whether the system may be abnormal and issue warnings so that the administrator can deal with them as soon as possible to prevent problems before they occur. For example, before the system 2 crashes due to the exhaustion of system memory, the system The server 1 can then judge that the warning event exists through the predicted login response time being greater than the preset threshold, and send the warning message related to the system memory usage to the management terminal 3. Therefore, it can indeed achieve the invention the goal of.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, all simple equivalent changes and modifications made in accordance with the scope of the patent application of the present invention and the content of the patent specification still belong to Within the scope covered by the patent of the present invention.

1:伺服端 100:通訊網路 11:伺服端通訊模組 12:伺服端儲存模組 13:伺服端處理模組 2:系統 3:管理端 401~406:步驟 4021~4023:子步驟 4041~4043:子步驟 1: Server 100: Communication network 11: Server communication module 12: Server-side storage module 13: Server-side processing module 2: system 3: Management side 401~406: steps 4021~4023: Sub-step 4041~4043: sub-step

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明本發明用以監控告警的伺服端的一實施例,該實施例經由一通訊網路連接一系統及一管理端; 圖2是一流程圖,說明該實施例所執行的本發明監控告警方法; 圖3是一流程圖,說明該實施例所執行的本發明監控告警方法中步驟402的子步驟;及 圖4是一流程圖,說明該實施例所執行的本發明監控告警方法中步驟404的子步驟。 Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: Figure 1 is a block diagram illustrating an embodiment of the server for monitoring alarms of the present invention, which is connected to a system and a management terminal via a communication network; Figure 2 is a flowchart illustrating the monitoring and alarming method of the present invention implemented in this embodiment; FIG. 3 is a flowchart illustrating the sub-steps of step 402 in the monitoring and alarm method of the present invention executed by this embodiment; and Fig. 4 is a flowchart illustrating the sub-steps of step 404 in the monitoring alarm method of the present invention executed by this embodiment.

1:伺服端 1: Server

100:通訊網路 100: Communication network

11:伺服端通訊模組 11: Server communication module

12:伺服端儲存模組 12: Server-side storage module

13:伺服端處理模組 13: Server-side processing module

2:系統 2: system

3:管理端 3: Management side

Claims (8)

一種監控告警方法,透過一經由一通訊網路連接一管理端及一用以供多個使用者登入之系統的伺服端來實施,該伺服端儲存有N筆對應於N個連續的先前時間區間,且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間,及一相關於該登入回應時間的關鍵因子集合,該監控告警方法包含以下步驟:(A)該伺服端根據該等歷史登入資料,產生N-1筆訓練資料,其中對於每筆訓練資料包含第前n個先前時間區間之歷史登入資料的該關鍵因子集合,及對應第前n-1個先前時間區間之歷史登入資料的該登入回應時間,其中1<n≦N;(B)該伺服端根據該等訓練資料,分別利用多個不同的機器學習演算法,建立多個用以預測登入該系統之預測登入回應時間的訓練模型;(C)該伺服端自該等訓練模型中,選取一用以預測登入該系統之預測登入回應時間的監控模型;(D)當該伺服端接收到在早於一當前時間區間的第前一個先前時間區間中的該歷史登入資料時,該伺服端根據該歷史登入資料,利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間;(E)該伺服端根據該預測登入回應時間,判斷該系統是否存在一需警告事件,其中,在該步驟(E)還包含以下 子步驟(E-1)該伺服端自該等N個先前時間區間中,選取出一對應該當前時間區間的目標先前時間區間,(E-2)該伺服端根據相關於該目標先前時間區間之一目標歷史登入資料的該登入回應時間,獲得一預設閥值,(E-3)該伺服端判斷該預測登入回應時間是否大於該預設閥值,以及(E-4)當該伺服端判斷該預測登入回應時間大於該預設閥值時,該伺服端判斷該系統存在該需警告事件;及(F)當該伺服端判斷該系統存在該需警告事件時,該伺服端傳送一警告訊息至該管理端。 A monitoring alarm method is implemented by connecting a management terminal and a server terminal of a system for multiple users to log in via a communication network. The server terminal stores N records corresponding to N consecutive previous time intervals. And the historical login data related to the response status of the system in response to the user's login. Each historical login data includes a login response time and a set of key factors related to the login response time. The monitoring alarm method includes the following steps : (A) The server generates N-1 training data based on the historical login data, where each training data contains the key factor set of the historical login data of the first n previous time intervals, and the corresponding first The login response time of the historical login data of n-1 previous time intervals, where 1<n≦N; (B) The server uses a number of different machine learning algorithms to create a number based on the training data. A training model used to predict the predicted login response time of logging into the system; (C) the server selects a monitoring model used to predict the predicted login response time of logging into the system from the training models; (D) when the When the server receives the historical login data in the first previous time interval earlier than a current time interval, the server uses the monitoring model to calculate a related to the current time interval based on the historical login data Predicted login response time; (E) The server determines whether there is a warning event in the system based on the predicted login response time. The step (E) also includes the following Sub-step (E-1) the server selects the target previous time interval corresponding to the current time interval from the N previous time intervals, (E-2) the server according to the previous time interval related to the target The login response time of a target historical login data obtains a preset threshold, (E-3) the server determines whether the predicted login response time is greater than the preset threshold, and (E-4) when the server When the server determines that the predicted login response time is greater than the preset threshold, the server determines that the system has the warning event; and (F) when the server determines that the system has the warning event, the server sends a Warning message to the management terminal. 如請求項1所述的監控告警方法,其中,該步驟(C)還包含以下子步驟:(C-1)對於每一訓練模型,該伺服端根據該等訓練資料,獲得該等訓練資料對應該訓練模型的一決定係數及一均方根誤差;及(C-2)該伺服端根據每一訓練模型對應的該決定係數及該均方根誤差,自該等訓練模型中,選取該用以預測登入該系統之回應時間的監控模型。 The monitoring alarm method according to claim 1, wherein the step (C) further includes the following sub-steps: (C-1) For each training model, the server obtains the pair of training data according to the training data A determination coefficient and a root mean square error of the model that should be trained; and (C-2) The server selects the application from the training models according to the determination coefficient and the root mean square error corresponding to each training model A monitoring model that predicts the response time of logging into the system. 如請求項1所述的監控告警方法,其中,在該步驟(A)中,該關鍵因子集合包含一在線併發點擊數、一在線人數、一登入異常數量,及一系統記憶體用量。 The monitoring alarm method according to claim 1, wherein, in the step (A), the key factor set includes a number of concurrent online clicks, a number of online users, a number of abnormal logins, and a system memory usage. 如請求項3所述的監控告警方法,其中,該步驟(F)還包含以下子步驟:(F-1)該伺服端自對應該第前一個先前時間區間之該歷史登入資料的該關鍵因子集合中,選取出至少一關鍵因子;及(F-2)該伺服端根據該至少一關鍵因子,產生並傳送一相關於該至少一關鍵因子的警告訊息至該管理端。 The monitoring and warning method according to claim 3, wherein the step (F) further includes the following sub-steps: (F-1) the server side self-corresponds to the key factor of the historical login data of the first previous time interval At least one key factor is selected from the set; and (F-2) the server generates and sends a warning message related to the at least one key factor to the management terminal according to the at least one key factor. 一種伺服端,用以監控告警,並經由一通訊網路連接一管理端及一用以供多個使用者登入的系統,且包含一伺服端通訊模組,連接至該通訊網路;一伺服端儲存模組,儲存有N筆對應於N個連續的先前時間區間,且相關於該系統回應於使用者之登入之回應狀況的歷史登入資料,每一歷史登入資料包含一登入回應時間,及一相關於該登入回應時間的關鍵因子集合;及一伺服端處理模組,電連接該伺服端通訊模組及該伺服端儲存模組,該伺服端處理模組根據該等歷史登入資料,產生N-1筆訓練資料,其中對於每筆訓練資料包含第前n個先前時間區間之歷史登入資料的該關鍵因子集合,及對應第前n-1個先前時間區間之歷史登入資料的該登入回應時間,其中1<n≦N,並根據該等訓練資料,分別利用多個不同的機器學習演算法,建立多個用以預測登入該系統之預測登入回應時間的訓練模型,且自該等訓練模型中,選取一用以預測登入該系統之預測登入回應時間的監控模型,當該伺服端處理模組接收到在早於一當前時間區 間的第前一個先前時間區間中的該歷史登入資料時,該伺服端處理模組根據該歷史登入資料,利用該監控模型,計算出一相關於該當前時間區間的預測登入回應時間,並根據該預測登入回應時間,判斷該系統是否存在一需警告事件,當該伺服端處理模組判斷該系統存在該需警告事件時,傳送一警告訊息至該管理端,其中,該伺服端處理模組自該等N個先前時間區間中,選取出一對應該當前時間區間的目標先前時間區間,並根據相關於該目標先前時間區間之一目標歷史登入資料的該登入回應時間,獲得一預設閥值,且判斷該預測登入回應時間是否大於該預設閥值,當判斷該預測登入回應時間大於該預設閥值時,該伺服端處理模組判斷該系統存在該需警告事件。 A server is used to monitor alarms, and is connected to a management terminal and a system for multiple users to log in via a communication network, and includes a server communication module connected to the communication network; a server storage The module stores N historical login data corresponding to N consecutive previous time intervals and related to the response status of the system's response to the user's login. Each historical login data includes a login response time and a related A collection of key factors in the login response time; and a server-side processing module that electrically connects the server-side communication module and the server-side storage module. The server-side processing module generates N- 1 training data, where each training data includes the key factor set of the historical login data of the first n previous time interval, and the login response time corresponding to the historical login data of the first n-1 previous time interval, Among them, 1<n≦N, and according to the training data, a plurality of different machine learning algorithms are used to establish a plurality of training models for predicting the predicted login response time of logging into the system, and from these training models , Select a monitoring model used to predict the predicted login response time for logging into the system, when the server-side processing module receives the When the historical login data in the first previous time interval in the period of time, the server-side processing module uses the monitoring model to calculate a predicted login response time related to the current time interval based on the historical login data, and based on The predicted login response time determines whether there is a warning event in the system. When the server processing module determines that the system has the warning event, it sends a warning message to the management terminal, where the server processing module From the N previous time intervals, select a pair of target previous time intervals corresponding to the current time interval, and obtain a preset valve according to the login response time of the target historical login data related to one of the target previous time intervals Value and determine whether the predicted login response time is greater than the preset threshold. When it is determined that the predicted login response time is greater than the preset threshold, the server-side processing module determines that the system has the warning event. 如請求項5所述的伺服端,其中,對於每一訓練模型,該伺服端處理模組根據該等訓練資料,獲得該等訓練資料對應該訓練模型的一決定係數及一均方根誤差,且該伺服端處理模組根據每一訓練模型對應的該決定係數及該均方根誤差,自該等訓練模型中,選取該用以預測登入該系統之回應時間的監控模型。 The server side according to claim 5, wherein, for each training model, the server side processing module obtains a determination coefficient and a root mean square error of the training data corresponding to the training model according to the training data, And the server-side processing module selects the monitoring model used to predict the response time of logging into the system from the training models according to the determination coefficient and the root mean square error corresponding to each training model. 如請求項5所述的伺服端,其中,該關鍵因子集合包含一在線併發點擊數、一在線人數、一登入異常數量,及一系統記憶體用量。 The server according to claim 5, wherein the set of key factors includes a number of concurrent online clicks, a number of online users, a number of abnormal logins, and a system memory usage. 如請求項7所述的伺服端,其中,當該伺服端處理模組判斷該系統存在該需警告事件時,該伺服端處理模組自對應該第前一個先前時間區間之該歷史登入資料的該關鍵因 子集合中,選取出至少一關鍵因子,並根據該至少一關鍵因子,產生並傳送一相關於該至少一關鍵因子的警告訊息至該管理端。 The server side according to claim 7, wherein, when the server side processing module determines that the system has the warning event, the server side processing module automatically corresponds to the historical login data of the first previous time interval The key reason In the subset, at least one key factor is selected, and based on the at least one key factor, a warning message related to the at least one key factor is generated and sent to the management terminal.
TW109110999A 2020-03-31 2020-03-31 Monitoring alarm method and its server end TWI738277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109110999A TWI738277B (en) 2020-03-31 2020-03-31 Monitoring alarm method and its server end

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109110999A TWI738277B (en) 2020-03-31 2020-03-31 Monitoring alarm method and its server end

Publications (2)

Publication Number Publication Date
TWI738277B true TWI738277B (en) 2021-09-01
TW202139142A TW202139142A (en) 2021-10-16

Family

ID=78777869

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109110999A TWI738277B (en) 2020-03-31 2020-03-31 Monitoring alarm method and its server end

Country Status (1)

Country Link
TW (1) TWI738277B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003007174A1 (en) 2001-07-11 2003-01-23 Panacya Early warning in e-service management systems
WO2003081556A1 (en) 2002-03-18 2003-10-02 Siemens Information And Communication Mobile Llc Methods and apparatus for handling information regarding an alarm for a communication network
TW201140471A (en) * 2010-05-04 2011-11-16 Chunghwa Telecom Co Ltd SOA service quality real-time analysis and warning system and method
CN103534685A (en) * 2010-12-30 2014-01-22 凯尔·克莱因巴特 System and method for online communications management
TW201409968A (en) * 2012-08-17 2014-03-01 Chunghwa Telecom Co Ltd Information and communication service quality estimation and real-time alarming system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003007174A1 (en) 2001-07-11 2003-01-23 Panacya Early warning in e-service management systems
WO2003081556A1 (en) 2002-03-18 2003-10-02 Siemens Information And Communication Mobile Llc Methods and apparatus for handling information regarding an alarm for a communication network
TW201140471A (en) * 2010-05-04 2011-11-16 Chunghwa Telecom Co Ltd SOA service quality real-time analysis and warning system and method
CN103534685A (en) * 2010-12-30 2014-01-22 凯尔·克莱因巴特 System and method for online communications management
TW201409968A (en) * 2012-08-17 2014-03-01 Chunghwa Telecom Co Ltd Information and communication service quality estimation and real-time alarming system and method

Also Published As

Publication number Publication date
TW202139142A (en) 2021-10-16

Similar Documents

Publication Publication Date Title
US20200396119A1 (en) Intelligent network
WO2022068645A1 (en) Database fault discovery method, apparatus, electronic device, and storage medium
US10048996B1 (en) Predicting infrastructure failures in a data center for hosted service mitigation actions
US7953691B2 (en) Performance evaluating apparatus, performance evaluating method, and program
US8161058B2 (en) Performance degradation root cause prediction in a distributed computing system
CN114900369B (en) Chip access safety supervision system based on Internet of things
KR20190075861A (en) Detection method, device, server and storage medium of DoS / DDoS attack
CN110892675B (en) Method and apparatus for monitoring block chains
US9280741B2 (en) Automated alerting rules recommendation and selection
CN116578990A (en) Comprehensive monitoring technology based on digital operation and maintenance of data center
CN115526725A (en) Securities programmed trading risk analysis system based on big data analysis
CN116418653A (en) Fault positioning method and device based on multi-index root cause positioning algorithm
CN110061854A (en) A kind of non-boundary network intelligence operation management method and system
US20220171667A1 (en) Application reliability service
WO2018035765A1 (en) Method and apparatus for detecting network abnormity
TWI738277B (en) Monitoring alarm method and its server end
CN114168435A (en) Alarm processing recommendation method, device, equipment and readable storage medium
CN114285844A (en) Method and device for intelligently fusing server interface, electronic equipment and storage medium
WO2020211251A1 (en) Monitoring method and apparatus for operating system
CN116932324A (en) Memory bank fault prediction method and device and electronic equipment
CN110521233B (en) Method for identifying interrupt, access point, method for remote configuration, system and medium
CN114598556B (en) IT infrastructure configuration integrity protection method and protection system
CN114461437B (en) Data processing method, electronic equipment and storage medium
JP2020035297A (en) Apparatus state monitor and program
US10986014B2 (en) Monitoring system and non-transitory computer-readable recording medium storing monitoring program

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees