TWI830610B - How to manage cross-system audit logs - Google Patents
How to manage cross-system audit logs Download PDFInfo
- Publication number
- TWI830610B TWI830610B TW112106614A TW112106614A TWI830610B TW I830610 B TWI830610 B TW I830610B TW 112106614 A TW112106614 A TW 112106614A TW 112106614 A TW112106614 A TW 112106614A TW I830610 B TWI830610 B TW I830610B
- Authority
- TW
- Taiwan
- Prior art keywords
- parameter
- parameter set
- application system
- audit log
- remote
- Prior art date
Links
- 238000012550 audit Methods 0.000 title claims abstract description 77
- 238000007726 management method Methods 0.000 claims abstract description 20
- 230000003993 interaction Effects 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000003339 best practice Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
本發明揭露一種跨系統稽核日誌的管理方法。基於一第一應用系統和一第二應用系統之間的一互動,產生一稽核日誌,該稽核日誌包含一流水編號、一參數集合及一時間戳記,該參數集合由一或多個參數組成。將該稽核日誌的該流水編號、該參數集合及該時間戳記暫存於一共用訊息佇列中。令該共用訊息佇列將該流水編號、該參數集合及該時間戳記傳送至一遠端參數資料庫後儲存。藉此使該稽核日誌的該流水編號、該參數集合及該時間戳記非同步儲存。 The invention discloses a management method for cross-system audit logs. Based on an interaction between a first application system and a second application system, an audit log is generated. The audit log includes a flow number, a parameter set and a time stamp. The parameter set is composed of one or more parameters. The serial number, the parameter set and the timestamp of the audit log are temporarily stored in a common message queue. The common message queue is caused to transmit the serial number, the parameter set and the timestamp to a remote parameter database and then store them. Thereby, the serial number, the parameter set and the timestamp of the audit log are stored asynchronously.
Description
本發明關於一種系統稽核日誌的管理方法,尤其是關於跨系統稽核日誌的管理方法。 The present invention relates to a management method of system audit logs, and in particular to a management method of cross-system audit logs.
網路應用系統運行時,因應系統偵測、營運監控、效能調校與系統使用分析統計等需要,而於系統程式執行時所記錄重要之資訊,大致上可區分為幾種類別,如作業系統(Operation System)底層拋出的系統日誌”System log”,網路伺服器(Web Server)記錄使用者提出之請求所產生的”Access log”,網路伺服器(Web Server)因執行錯誤所產生的”Error log”,由開發者額外設計在重要地方或是錯誤發生時所產出之適當日誌”Trace log”,分析人員依照商業需求在適當地方留下經統計之稽核日誌”Audit log(audit trail)”。 When the network application system is running, in response to the needs of system detection, operation monitoring, performance tuning, and system usage analysis statistics, the important information recorded when the system program is executed can be roughly divided into several categories, such as operating system The system log "System log" thrown by the bottom layer of (Operation System), the "Access log" generated by the Web Server recording the user's request, and the Web Server (Web Server) generated due to execution errors "Error log", the developer additionally designs appropriate logs "Trace log" generated in important places or when errors occur, analysts leave statistical audit logs "Audit log(audit) in appropriate places according to business needs trail)”.
其中,稽核日誌是某種交易過程或系統功能執行後的結果。例如,使用者使用或造訪某個系統之使用紀錄,由於其目的通常是提供系統使用者查詢使用過某系統功能之歷史資訊,因此這些紀錄通常是記錄在資料庫中,以方便查詢。這些紀錄的內容通常需要依據使用者實際的需求而設計,因此在系統需求與分析文件中須加以描述。稽核日誌主要提供稽核人員稽核的需求,或是系統維運人員針對使用人員提出的客訴問題、縮短問題查找的範圍,提供開發者能更快地找到問題的區間,再運用其他類別的日誌定位系統問題。 Among them, the audit log is the result of a certain transaction process or system function execution. For example, the usage records of users using or visiting a certain system are usually used to provide system users with historical information about the use of certain system functions. Therefore, these records are usually recorded in a database to facilitate querying. The content of these records usually needs to be designed based on the actual needs of users, and therefore must be described in the system requirements and analysis documents. Audit logs mainly provide audit needs of auditors, or customer complaints raised by system maintenance personnel against users, shorten the scope of problem search, and provide developers with the opportunity to find the problem area faster, and then use other types of log positioning System problem.
稽核日誌的內容是被定義的,且因應稽核需求而儲存在本地應用系統的資料庫。然而,這般安排通常會產生幾個問題。第一,稽核日誌的資料庫會談(Session)常常與平時的資料庫交易(transaction)綁在一起,當交易因某種原因而回復(rollback)時、稽核日誌也被一併回復,這個與最佳實務是不符的。第二,大量的稽核日誌也會影響到作業的資料庫效能。第三,稽核日誌訊息被完整的記錄在資料庫,當參數以外的訊息內容都相同時,大大地占用資料庫的資源。第四,使用者流程情境通常會流經數個應用系統,如一個購物網站中的一個端到端流程會牽涉到購物網站系統、金流系統、訂單處理系統、票據系統等,各個系統會用各自的紀錄產生稽核日誌。一旦有稽核及查找的需求時,相關人員通常得跨系統、跨組織進行查找。 The content of the audit log is defined and stored in the database of the local application system according to the audit requirements. However, this arrangement often creates several problems. First, the database session of the audit log is often tied to the usual database transaction. When the transaction is rolled back for some reason, the audit log is also restored together. This is related to the final transaction. Best practice is inconsistent. Second, a large number of audit logs will also affect the database performance of the operation. Third, the audit log messages are completely recorded in the database. When the message contents other than parameters are the same, the resources of the database are greatly occupied. Fourth, user process scenarios usually flow through several application systems. For example, an end-to-end process in a shopping website will involve the shopping website system, cash flow system, order processing system, billing system, etc. Each system will use The respective records generate audit logs. Once there is a need for auditing and searching, relevant personnel usually have to search across systems and organizations.
就此,有必要發展一種有效應用資料庫且方便查找跨系統稽核日誌的管理方法。 In this regard, it is necessary to develop a management method that effectively applies the database and facilitates the search for cross-system audit logs.
本發明提供一個流程與機制,以解決當一個使用者的使用情境跨越多個應用系統時所需的稽核日誌需求。並同時提出解決先前儲存、傳送資料量大的諸多缺點。 The present invention provides a process and mechanism to solve the audit log requirements required when a user's usage context spans multiple application systems. At the same time, it is proposed to solve the many shortcomings of previously storing and transmitting large amounts of data.
本發明提出一種跨系統稽核日誌的管理方法,包含:基於一第一應用系統和一第二應用系統之間的一互動,產生一稽核日誌,該稽核日誌包含一流水編號、一參數集合及一時間戳記,該參數集合由一或多個參數組成;將該稽核日誌的該流水編號、該參數集合及該時間戳記暫存於一共用訊息佇列中;令該共用訊息佇列將該流水編號、該參數集合及該時間戳記傳送至一遠端參數資料 庫後儲存;及藉此使該稽核日誌的該流水編號、該參數集合及該時間戳記非同步儲存。 The present invention proposes a cross-system audit log management method, which includes: generating an audit log based on an interaction between a first application system and a second application system. The audit log includes a stream number, a parameter set and a Timestamp, the parameter set consists of one or more parameters; temporarily store the serial number of the audit log, the parameter set and the timestamp in a common message queue; let the common message queue store the serial number , the parameter set and the timestamp are sent to a remote parameter data Stored behind the database; and thereby the serial number, the parameter set and the timestamp of the audit log are stored asynchronously.
在一具體實施例中,所述管理方法更包括:由該第一應用系統或該第二應用系統定義一文字訊息,且該文字訊息代表由該第一應用系統或該第二應用系統自定義的事件及描述。 In a specific embodiment, the management method further includes: defining a text message by the first application system or the second application system, and the text message represents a message customized by the first application system or the second application system. Events and descriptions.
在一具體實施例中,所述管理方法,更包括:令該遠端參數資料庫針對相同的兩筆文字訊息,擇一筆文字訊息儲存,以避免佔用資源。 In a specific embodiment, the management method further includes: causing the remote parameter database to select one text message to store from the same two text messages to avoid occupying resources.
在一具體實施例中,該遠端參數資料庫為非典型的關聯性資料庫。 In a specific embodiment, the remote parameter database is an atypical correlation database.
在一具體實施例中,所述管理方法還包含:基於在一使用者終端所輸入的一參數搜尋請求,查找該遠端參數資料庫,其中該參數搜尋請求指示由一或多個目標參數組成的一目標參數集合;根據一目標參數集合,從該遠端參數資料庫儲存的多筆參數集合中關聯出至少一參數集合,以及根據該至少一參數集合及該參數集合對應的時間戳記,自儲存有一模板的一遠端儲存單元關聯出一目標文字訊息;及格式化所關聯出的該至少一參數集合及該目標文字訊息,以重現一目標稽核日誌。 In a specific embodiment, the management method further includes: searching the remote parameter database based on a parameter search request input from a user terminal, wherein the parameter search request indication consists of one or more target parameters. A target parameter set; according to a target parameter set, associate at least one parameter set from multiple parameter sets stored in the remote parameter database, and according to the at least one parameter set and the time stamp corresponding to the parameter set, automatically A remote storage unit storing a template associates a target text message; and formats the associated at least one parameter set and the target text message to reproduce a target audit log.
在一具體實施例中,該遠端參數資料庫配置成具有一非加密儲存區及一加密儲存區,該加密儲存區配置成允許特定權限之存取。 In a specific embodiment, the remote parameter database is configured to have an unencrypted storage area and an encrypted storage area, and the encrypted storage area is configured to allow access by specific permissions.
在一具體實施例中,所述管理方法還包含:該稽核日誌的文字訊息儲存於該共用訊息佇列之前,將該文字訊息暫時儲存於該第一應用系統或該第二應用系統的本地儲存裝置,以因應對該共用訊息佇列的傳送失敗。 In a specific embodiment, the management method further includes: storing the text message of the audit log before the shared message queue, and temporarily storing the text message in the local storage of the first application system or the second application system. Device in response to delivery failure for this shared message queue.
在一具體實施例中,所述管理方法,還包含:當該稽核日誌的該流水編號、該參數集合及該時間戳記暫存於該共用訊息佇列失敗時,該流水編號、該參數集合及該時間戳記暫時儲存於該第一應用系統或該第二應用系統的本地儲存裝置。 In a specific embodiment, the management method further includes: when the serial number, the parameter set and the timestamp of the audit log fail to be temporarily stored in the common message queue, the serial number, the parameter set and The timestamp is temporarily stored in a local storage device of the first application system or the second application system.
100:應用系統 100:Application system
101:應用系統 101:Application system
102:稽核日誌處理模組 102: Audit log processing module
103:共用訊息佇列 103:Shared message queue
104:參數寫入模組 104: Parameter writing module
105:遠端參數資料庫 105:Remote parameter database
200:使用者終端 200:User terminal
201:使用者終端 201: User terminal
202:參數搜尋請求 202: Parameter search request
203:參數讀取模組 203: Parameter reading module
204:格式化模組 204:Format module
參照下列圖式與說明,可更進一步理解本發明。非限制性與非窮舉性實例系參照下列圖式而描述。在圖式中的部件並非必須為實際尺寸;重點在於說明結構及原理。 The present invention can be further understood with reference to the following drawings and descriptions. Non-limiting and non-exhaustive examples are described with reference to the following figures. Parts in the drawings are not necessarily to actual size; emphasis is placed on illustrating structure and principles.
第一圖示意本發明跨系統稽核日誌的管理方法(儲存)流程。 The first figure illustrates the management method (storage) process of cross-system audit logs according to the present invention.
第二圖例示根據本發明方法所產生的一筆稽核日誌。 The second figure illustrates an audit log generated according to the method of the present invention.
第三圖示意本發明跨系統稽核日誌的管理方法(搜尋)流程。 The third figure illustrates the cross-system audit log management method (search) process of the present invention.
底下將參考圖式更完整說明本發明,並且藉由例示顯示特定範例具體實施例。不過,本主張主題可具體實施於許多不同形式,因此所涵蓋或申請主張主題的建構並不受限於本說明書所揭示的任何範例具體實施例;範例具體實施例僅為例示。同樣,本發明在於提供合理寬闊的範疇給所申請或涵蓋之主張主題。除此之外,例如主張主題可具體實施為方法、裝置或系統。因此,具體實施例可採用例如硬體、軟體、韌體或這些的任意組合(已知並非軟體)之形式。 The present invention will now be described more fully with reference to the accompanying drawings, in which specific example embodiments are shown by way of illustration. However, the claimed subject matter can be embodied in many different forms, and therefore the construction of the covered or claimed subject matter is not limited to any example embodiments disclosed in this specification; the example embodiments are only for illustration. Likewise, this invention is intended to provide a reasonably broad scope to the claimed subject matter as claimed or covered. Additionally, for example, the claimed subject matter may be embodied as a method, apparatus, or system. Thus, embodiments may take the form of, for example, hardware, software, firmware, or any combination of these (not known as software).
本說明書內使用的詞彙「實施例」並不必要參照相同具體實施例,且本說明書內使用的「其他(一些/某些)實施例」並不必要參照不同的具體實施例。其目的在於例如主張的主題包括全部或部分範例具體實施例的組合。 The term "embodiment" used in this specification does not necessarily refer to the same specific embodiment, and the term "other (some/certain) embodiments" used in this specification does not necessarily refer to different specific embodiments. It is intended, for example, that the claimed subject matter includes combinations of all or part of the exemplary embodiments.
第一圖示意本發明跨系統稽核日誌的管理方法流程,其使用非同步儲存策略將產生的稽核日誌與儲存的結果非同步,達到節省儲存空間之目的。 The first figure illustrates the process of the cross-system audit log management method of the present invention, which uses an asynchronous storage strategy to asynchronously generate audit logs and stored results to achieve the purpose of saving storage space.
應用系統(100)及應用系統(101)為因應不同目的和需求所建立的系統,如以網路購物應用為例,應用系統(100)可為購物網站的商品展示系統,應用系統(101)可為交易金流系統或配送物流系統,各應用系統執行各別專用的應用程式,但本發明不以此為限制。 The application system (100) and the application system (101) are systems established for different purposes and needs. For example, taking an online shopping application, the application system (100) can be a product display system for a shopping website, and the application system (101) It can be a transaction cash flow system or a distribution logistics system, and each application system executes its own dedicated application program, but the present invention is not limited to this.
本發明管理方法包含基於應用系統(100)和應用系統(101)之間的一互動,產生一稽核日誌。例如,購物網站的應用系統與交易金流系統彼此互動,以因應一筆購物訂單的請求及付款。根據所述互動中的內容,應用系統(100)和應用系統(101)可各自產生一或多個稽核日誌,並傳送至一稽核日誌處理模組(102)。 The management method of the present invention includes generating an audit log based on an interaction between the application system (100) and the application system (101). For example, the application system of a shopping website interacts with the transaction flow system to respond to the request and payment of a shopping order. According to the content of the interaction, the application system (100) and the application system (101) can each generate one or more audit logs and transmit them to an audit log processing module (102).
基本上,稽核日誌至少包含由應用系統自行定義的一流水編號、一文字訊息、一參數集合及一時間戳記。文字訊息指示應用系統(100)與應用系統(101)於所述互動過程期間的每一筆訊息。參數集合由一或多個參數組成。時間戳記指示稽核日誌產生的時間。 Basically, the audit log contains at least a first-class number defined by the application system, a text message, a parameter set and a timestamp. The text message indicates each message between the application system (100) and the application system (101) during the interaction process. A parameter set consists of one or more parameters. The timestamp indicates when the audit log was generated.
第二圖為一筆稽核日誌的範例,包含複數個欄位分別為”App ID”、”ConditionID”、”Level”、”Event”、”Requestor”、”Severity”、”Originator”、”Parameters”及”Text”。 The second picture is an example of an audit log, including multiple fields: "App ID", "ConditionID", "Level", "Event", "Requestor", "Severity", "Originator", "Parameters" and "Text".
”App ID”及”ConditionID”為由應用系統自行定義的流水編號,其通常依在應用系統的事件發生時間前後關係給予流水編號。 "App ID" and "ConditionID" are serial numbers defined by the application system. They are usually given serial numbers based on the time of event occurrence in the application system.
”Level”、”Event”、”Requestor”、”Severity”、”Originator”及”Text”屬於文字訊息,係由該第一應用系統或該第二應用系統定義的,且該文字訊息代表由該第一應用系統或該第二應用系統自定義的事件及描述。”Text”為稽核日誌事件的描述,如”%1:create new role profile(%2)”。 "Level", "Event", "Requestor", "Severity", "Originator" and "Text" are text messages, which are defined by the first application system or the second application system, and the text message represents the Events and descriptions customized by the first application system or the second application system. "Text" is the description of the audit log event, such as "%1: create new role profile(%2)".
”Parameters”為參數集合。在此例子中,稽核日誌的參數集合有兩個參數分別是”user id”和”role name”。 "Parameters" is a collection of parameters. In this example, the audit log parameter set has two parameters: "user id" and "role name".
接下來,稽核日誌處理模組(102)將所述稽核日誌的流水編號、參數集合及時間戳記傳送至共用訊息佇列進行暫存。共用訊息佇列(103)取代傳統的本地儲存,將應用系統(100或101)生成的稽核日誌的文字訊息進行佇列暫存於一暫存單元中,藉此降低本地應用系統的儲存負擔。換言之,本發明係採取非同步的手段,將每筆稽核日誌的流水編號、參數集合及時間戳記,分別非同步地儲存於共用訊息佇列(103)及遠端參數資料庫(105)。由於文字訊息通常資訊量較大,若依習知逐筆儲存稽核日誌,可能會降低儲存的效率,並累積龐大等待儲存資料。因此,利用共用訊息佇列(103)暫存每筆稽核日誌的流水編號、參數集合及時間戳記,直到發送至遠端參數資料庫(105)。 Next, the audit log processing module (102) transmits the serial number, parameter set and timestamp of the audit log to the shared message queue for temporary storage. The shared message queue (103) replaces the traditional local storage and queues the text messages of the audit log generated by the application system (100 or 101) in a temporary storage unit, thereby reducing the storage burden of the local application system. In other words, the present invention adopts asynchronous means to asynchronously store the serial number, parameter set and time stamp of each audit log in the shared message queue (103) and the remote parameter database (105). Since text messages usually have a large amount of information, if the audit log is stored one by one according to the conventional practice, it may reduce the efficiency of storage and accumulate a huge amount of data waiting to be stored. Therefore, the common message queue (103) is used to temporarily store the serial number, parameter set and time stamp of each audit log until it is sent to the remote parameter database (105).
參數寫入模組(104)將具有對應關係的流水編號、所述參數集合及對應的時間戳記寫入遠端參數資料庫(105)。例如,將第二圖的參數集合的兩個參數”user id”和”role name”寫入遠端參數資料庫,且該兩個參數所對應的流水編號”W001”及”10001”和時間戳記亦一併對應儲存。 The parameter writing module (104) writes the corresponding serial number, the parameter set and the corresponding time stamp into the remote parameter database (105). For example, write the two parameters "user id" and "role name" of the parameter set in the second figure into the remote parameter database, and the serial numbers "W001" and "10001" and timestamps corresponding to these two parameters. Also stored accordingly.
所述文字訊息是根據各應用系統(100或101)的事件名稱而自行定義。如第二圖為例,可包括”Level”、”Event”、”Requestor”、”Severity”、”Originator”及”Text”。所述文字訊息可以是儲存在應用系統(100或101)或其他遠端系統的模板(template),以便應用系統(100或101)因應事件而生成稽核日誌。由於應用系統(100或101)是因應事件而產生稽核日誌,不同時間所發生的相同事件可在系統中產生具有相同文字訊息之不同筆稽核日誌。為了避免重複儲存具有相同內容的稽核日誌而佔用電腦資源,本發明較佳為僅採取儲存單一筆文字訊息於所述模板中,而模板可儲存在應用系統本地或遠端儲存單元(即遠端參數資料庫105以外的任何儲存單元)。後續,可利用對應規則將文字訊息和遠端參數資料庫(105)的流水編號、參數集合重新組合可重現每筆稽核日誌完整或部分內容。在一實施例中,文字訊息和參數集合之間的所述對應關係,可基於時間戳記將兩者關聯而對應,但本發明不以此為限制。 The text message is defined according to the event name of each application system (100 or 101). Take the second picture as an example, it can include "Level", "Event", "Requestor", "Severity", "Originator" and "Text". The text message may be a template stored in the application system (100 or 101) or other remote systems, so that the application system (100 or 101) can generate audit logs in response to events. Since the application system (100 or 101) generates audit logs in response to events, the same event occurring at different times may generate different audit logs with the same text message in the system. In order to avoid repeatedly storing audit logs with the same content and occupying computer resources, the present invention preferably only stores a single text message in the template, and the template can be stored in the local or remote storage unit of the application system (ie, remote storage unit). any storage unit other than parameter database 105). Subsequently, corresponding rules can be used to recombine the text message and the serial number and parameter set of the remote parameter database (105) to reproduce the complete or partial content of each audit log. In one embodiment, the correspondence between the text message and the parameter set can be based on a time stamp, but the present invention is not limited to this.
在一實施例中,遠端參數資料庫(105)可配置成一加密儲存區及一非加密儲存區。當參數涉及應用系統的(100、101)的安全性時,可依預先設定的規則儲存至遠端參數資料庫(105)的加密儲存區,其僅允許特定權限的訪問。此外,遠端參數資料庫(105)可以採非典型的關聯式資料庫,如”NoSQL”。 In one embodiment, the remote parameter database (105) can be configured into an encrypted storage area and an unencrypted storage area. When the parameters involve the security of the application system (100, 101), they can be stored in the encrypted storage area of the remote parameter database (105) according to preset rules, which only allows access by specific permissions. In addition, the remote parameter database (105) can adopt an atypical relational database, such as "NoSQL".
在一可行的實施例中,應用系統(100、101)或稽核日誌處理模組(102)可配置成當對共用訊息佇列(103)傳送失敗時,可將待傳送之流水編號、參數集合及時間戳記暫時儲存在本地的儲存裝置中,並待傳送管道回復後再將訊息傳送至共用訊息佇列(103)。 In a feasible embodiment, the application system (100, 101) or the audit log processing module (102) can be configured to send the serial number and parameter set to be sent when the transmission of the common message queue (103) fails. and the timestamp are temporarily stored in the local storage device, and the message is sent to the shared message queue (103) after the transmission channel is restored.
第三圖示意本發明跨系統稽核日誌的管理方法流程中的搜尋流程。不同應用系統的使用者終端(200、201),如維運單位、稽核單位,可搜尋過去跨系統互動所產生的稽核日誌。使用者終端(200、201)可各自依稽核目的輸入一參數搜尋請求(202),其至少包含輸入一或多個目標參數,且所述參數為應用系統定義的參數。例如,參數搜尋請求(202)中所輸入的參數可根據目標應用系統或目標事件(即待觀察事項)而決定,像是第二圖例示的”user id”或”role name”。所述參數為本領域技術者根據各種稽核需求而可自行擬定,故不在此繁複列舉。 The third figure illustrates the search process in the cross-system audit log management method process of the present invention. User terminals (200, 201) of different application systems, such as maintenance units and audit units, can search audit logs generated by past cross-system interactions. The user terminals (200, 201) can each input a parameter search request (202) according to the audit purpose, which at least includes inputting one or more target parameters, and the parameters are parameters defined by the application system. For example, the parameters entered in the parameter search request (202) may be determined according to the target application system or the target event (ie, the matter to be observed), such as the "user id" or "role name" illustrated in the second figure. The parameters mentioned above can be formulated by those skilled in the art according to various audit requirements, so they are not listed here in detail.
所述參數搜尋請求(202)可進一步包含一時間條件,以限定搜尋範圍。所述時間條件可指示,但不限於,在一時間之前、在一時間之後或至少一時間區間。因此,所述參數搜尋請求(202)可為一參數組合和一時間條件的組合。在其他可能的實施例中,所述參數搜尋請求(202)更可進一步包含其他搜尋條件,像是應用系統名稱、網介元件名稱等,以更明確搜尋範圍。 The parameter search request (202) may further include a time condition to limit the search scope. The time condition may indicate, but is not limited to, before a time, after a time, or at least a time interval. Therefore, the parameter search request (202) may be a combination of a parameter combination and a time condition. In other possible embodiments, the parameter search request (202) may further include other search conditions, such as application system name, network component name, etc., to further clarify the search scope.
根據參數搜尋請求(202)於遠端參數資料庫(105)進行查找,以識別出滿足請求之一或多筆參數集合。參數讀取模組(203)基於參數搜尋請求(202)所指示的參數集合,於儲存有多筆參數集合的遠端參數資料庫(105)中進行查找,並調用符合請求指示之一或多筆於不同時間所儲存的參數集合。當參數搜尋請求(202)含有所述時間條件時,參數讀取模組(203)能根據每筆參數集合與時間戳記的關係,從儲存的多筆參數集合中進一步篩選出對應所述時間條件的參數集合。參數讀取模組(203)最終將每筆參數集合及每筆參數資料儲存時所對應的時間戳記傳送給格式化模組(204)。 Search the remote parameter database (105) according to the parameter search request (202) to identify one or more parameter sets that satisfy the request. Based on the parameter set indicated by the parameter search request (202), the parameter reading module (203) searches in the remote parameter database (105) that stores multiple parameter sets, and calls one or more parameters that match the request instructions. A collection of parameters stored by the pen at different times. When the parameter search request (202) contains the time condition, the parameter reading module (203) can further filter out the corresponding time condition from the stored multiple parameter sets based on the relationship between each parameter set and the time stamp. set of parameters. The parameter reading module (203) finally transmits each parameter set and the time stamp corresponding to each parameter data storage to the formatting module (204).
格式化模組(204)根據每筆參數集合對應的時間戳記從儲存有文字訊息模板中關聯出並調用與每筆參數集合對應的文字訊息,將所述參數集合和文字訊息格式化以重現一稽核日誌。以第二圖舉例而言,格式化模組(204)根據關聯出的參數集合”User id”及”role name”及其儲存時所對應的流水編號和時間戳記。 The formatting module (204) associates and calls the text message corresponding to each parameter set from the stored text message template according to the time stamp corresponding to each parameter set, and formats the parameter set and text message for reproduction. An audit log. Taking the second figure as an example, the formatting module (204) uses the associated parameter set "User id" and "role name" and the corresponding serial number and time stamp when storing them.
接著利用流水編號(如W001及10001)對應出事件之識別代碼,由於事件識別代碼是已知的系統定義,即可從儲存文字訊息的模板中對應出與事件代碼相應的文字訊息(如Text:%1:create new role profile(%2)),並據以生成如第二圖的稽核日誌格式。換言之,每筆關聯出的參數集合藉由其儲存時對應的時間戳記而與對應的文字訊息產生關聯並整合,以重現初始因應跨系統互動所產生的稽核日誌。格式化後的稽核日誌可回傳至不同的使用者終端(200、201)。 Then use the serial number (such as W001 and 10001) to correspond to the identification code of the event. Since the event identification code is a known system definition, the text message corresponding to the event code (such as Text: %1: create new role profile(%2)), and generate the audit log format as shown in the second picture accordingly. In other words, each associated parameter set is associated and integrated with the corresponding text message through the corresponding timestamp when it is stored, so as to reproduce the audit log generated in response to the initial cross-system interaction. The formatted audit log can be sent back to different user terminals (200, 201).
進一步說明,由於本發明為了整合多個應用系統的稽核日誌,僅將各應用系統所產生的該流水編號、該參數集合及該時間戳記傳送出來後先暫存於一共用訊息佇列中,最後才儲存至該遠端參數資料庫,僅傳輸了少數的必要資料。如此一來,除了可以有效降低傳輸資料的負擔之外,若不幸被盜取資料,則盜取者也不容易看出這些資料代表何種意義。也因為這些資料的可讀性較差,不容易被人所理解,所以本發明還包括有多組文字訊息(模板),透過格式化模組(204)將參數集合結合文字訊息(模板)後,相關人員就可以讀取出完整的稽核日誌以理解其代表的內容。 To further explain, in order to integrate the audit logs of multiple application systems, the present invention only transmits the serial number, the parameter set and the timestamp generated by each application system and temporarily stores them in a common message queue. Only a small amount of necessary data is transferred to the remote parameter database. In this way, in addition to effectively reducing the burden of transmitting data, if unfortunately the data is stolen, it will not be easy for the thief to see what the data means. Also because the readability of these data is poor and difficult for people to understand, the present invention also includes multiple sets of text messages (templates). After the parameter set is combined with the text messages (templates) through the formatting module (204), Relevant personnel can read the complete audit log to understand what it represents.
需要特別說明的是,流水編號的”App ID”及”ConditionID”係作為每一筆稽核日誌的主鍵(Primary key)。具體而言”App ID”表示的”W001”可代表為特定的系統,而”ConditionID”表示的”10001”可代表特定的狀況。 It should be noted that the "App ID" and "ConditionID" of the serial number are used as the primary key of each audit log. Specifically, "W001" represented by "App ID" can represent a specific system, and "10001" represented by "ConditionID" can represent a specific condition.
雖然為了清楚瞭解已經用某些細節來描述前述本發明,吾人將瞭解在申請專利範圍內可實施特定變更與修改。因此,以上實施例僅用於說明,並不設限,並且本發明並不受限於此處說明的細節,但是可在附加之申請專利範圍的領域及等同者下進行修改。 Although the foregoing invention has been described in certain details for the purpose of clarity of understanding, it will be understood that certain changes and modifications can be made within the scope of the claims. Therefore, the above embodiments are only for illustration and not limitation, and the present invention is not limited to the details described here, but may be modified within the scope of the appended claims and equivalents.
100:應用系統 100:Application system
101:應用系統 101:Application system
102:稽核日誌處理模組 102: Audit log processing module
103:共用訊息佇列 103:Shared message queue
104:參數寫入模組 104: Parameter writing module
105:遠端參數資料庫 105:Remote parameter database
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112106614A TWI830610B (en) | 2023-02-23 | 2023-02-23 | How to manage cross-system audit logs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112106614A TWI830610B (en) | 2023-02-23 | 2023-02-23 | How to manage cross-system audit logs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI830610B true TWI830610B (en) | 2024-01-21 |
| TW202435068A TW202435068A (en) | 2024-09-01 |
Family
ID=90459302
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW112106614A TWI830610B (en) | 2023-02-23 | 2023-02-23 | How to manage cross-system audit logs |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI830610B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI688914B (en) * | 2016-07-08 | 2020-03-21 | 英商凱理普特恩國際有限公司 | Distributed transaction processing and authentication system |
| TW202036264A (en) * | 2018-07-17 | 2020-10-01 | 美商米瑟迪可麥德公司 | Graphical user interface system |
| TW202138988A (en) * | 2019-12-27 | 2021-10-16 | 美商米瑟迪可麥德公司 | Graphical user interface system |
-
2023
- 2023-02-23 TW TW112106614A patent/TWI830610B/en active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI688914B (en) * | 2016-07-08 | 2020-03-21 | 英商凱理普特恩國際有限公司 | Distributed transaction processing and authentication system |
| TW202036264A (en) * | 2018-07-17 | 2020-10-01 | 美商米瑟迪可麥德公司 | Graphical user interface system |
| TW202138988A (en) * | 2019-12-27 | 2021-10-16 | 美商米瑟迪可麥德公司 | Graphical user interface system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11361057B2 (en) | Consent receipt management systems and related methods | |
| US20200183655A1 (en) | Data processing systems for integration of consumer feedback with data subject access requests and related methods | |
| US9189356B2 (en) | Data audit module for application software | |
| US7779300B2 (en) | Server outage data management | |
| US10061863B2 (en) | Asset manager | |
| US11913811B2 (en) | Enhanced meter management solution | |
| US20080062885A1 (en) | Major problem review and trending system | |
| CN114003568A (en) | Data processing method and related device | |
| TWI830610B (en) | How to manage cross-system audit logs | |
| CN116049901B (en) | Detection task traceable management system based on timestamp encryption | |
| CN116071152A (en) | Data processing method and device, electronic equipment and storage medium | |
| US11625502B2 (en) | Data processing systems for identifying and modifying processes that are subject to data subject access requests | |
| TW202435068A (en) | How to manage cross-system audit logs | |
| CA2522764C (en) | Systems and methods for recovery audit scope determination | |
| CN115423595B (en) | File information processing method and device, computer equipment and storage medium | |
| US11232243B1 (en) | System and method for employing model repository | |
| KR20080065364A (en) | System and method for managing data quality by using data source classified code and program recording medium | |
| CN116823436A (en) | Credit data reporting method, device and equipment | |
| TW202334888A (en) | Accounting system with a ghg statistics function and a method for statistics of ghg | |
| CN118193508A (en) | Data checking method, device, computer equipment and storage medium | |
| JP2001117798A (en) | Electronic data integration data management system | |
| CN118820360A (en) | Financial data synchronization method and system | |
| CN117668124A (en) | Big data management method, related device, equipment and storage medium | |
| CN117235151A (en) | Unified audit platform | |
| CN117033452A (en) | Database processing method, device, computer equipment and storage medium |