WO2010099754A1 - Procédé et appareil de transmission d'informations de journal - Google Patents

Procédé et appareil de transmission d'informations de journal Download PDF

Info

Publication number
WO2010099754A1
WO2010099754A1 PCT/CN2010/070876 CN2010070876W WO2010099754A1 WO 2010099754 A1 WO2010099754 A1 WO 2010099754A1 CN 2010070876 W CN2010070876 W CN 2010070876W WO 2010099754 A1 WO2010099754 A1 WO 2010099754A1
Authority
WO
WIPO (PCT)
Prior art keywords
log
message
log information
processing
information including
Prior art date
Application number
PCT/CN2010/070876
Other languages
English (en)
Chinese (zh)
Inventor
樊滑翔
Original Assignee
成都市华为赛门铁克科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都市华为赛门铁克科技有限公司 filed Critical 成都市华为赛门铁克科技有限公司
Publication of WO2010099754A1 publication Critical patent/WO2010099754A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for transmitting log information. Background technique
  • Log J! An important means of controlling computer and network security, and an important way to assess computer and network security.
  • the log system often adopts a distributed deployment, which collects logs generated by multiple services and/or devices for analysis and processing.
  • the party that generates the ambition is called the log sender.
  • the party collecting the log is called the log receiver, the log sender transmits the log message to the log receiver, and the log receiver receives the log sender from different geographical locations.
  • Syslog is a widely accepted log standard in the industry.
  • the new Syslog standard developed by the IETF allows for larger volume log messages. While the Syslog/TLS standard and the Syslog-sign standard increase the security and reliability of Syslog, they also increase the number of data transmitted by certificates and signatures. At the same time, some applications, such as the pharmaceutical industry, require large log volumes. All of this increases the amount of Syslog log traffic and increases the likelihood of log latency and network congestion. How to deal with various events that occur during Syslog log transmission in a timely manner is an effective means to ensure the reliability and security of the log system.
  • the log receiver cannot detect the occurrence of log transmission events (such as filtering or disorder) in time
  • log transmission events such as filtering or disorder
  • the embodiment of the invention provides a method and a device for transmitting log information, which can enable the log receiver to timely detect the pre-processing event information of the sender on the log, and improve the accuracy of subsequent auditing and analysis of the log.
  • the embodiment of the invention provides a method for sending log information, including:
  • the log sender When the load of the buffer queue of the log sender reaches a preset abnormal threshold, the log sender generates log information including a pre-process event start message and sends the log information to the log receiver.
  • the log sender When the log sender performs a pre-processing operation on the buffer queue, if it detects that the load of the buffer queue does not reach the preset abnormal threshold, the log information including the pre-processing event end message is generated and sent to the log receiver.
  • the pre-processing operation is performed by the log sender on the log of the buffer queue when the load of the buffer queue of the log sender reaches a preset abnormal threshold.
  • the embodiment of the invention further provides an apparatus for sending log information, including:
  • a buffer unit configured to store a log queue to be sent
  • a detecting unit configured to check whether a load of the log queue of the buffer unit reaches a preset abnormal threshold
  • a first log information generating unit configured to: when the detecting unit detects that the load of the buffer queue of the buffer unit reaches a preset abnormal threshold, generate log information including a pre-process event start message; and send log information
  • the first information generation The unit generates the information including the pre-processing event end message, where the pre-processing operation is that the device that sends the log information detects that the load of the buffer queue of the buffer unit reaches a preset abnormal threshold when the detecting unit detects that the load of the buffer queue of the buffer unit reaches a preset abnormal threshold , made to the log information of the buffer unit;
  • a sending unit for collecting the log information including the pre-process event start message and the package
  • the log information including the pre-processing event end message is sent to the log receiver.
  • the log sender generates the log information including the pre-processing event start message or the pre-processing event end message, and sends the log information to the log receiver, so that the log receiver can obtain the load of the log sender in the buffer queue to reach the preset time.
  • the pre-processing information to be sent to the log when the abnormal value is abnormal, and the loss or out-of-order situation when the load of the buffer queue reaches the preset abnormal threshold is improved, which improves the correctness of subsequent auditing and analysis of the log information. .
  • Figure 1 is a schematic structural diagram of a packet header of a Syslog protocol packet
  • FIG. 2 is a schematic flowchart of a method for sending log information according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic flowchart of a method for sending log information according to Embodiment 2 of the present invention.
  • FIG. 4 is a schematic structural diagram of an apparatus for transmitting log information according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an apparatus for transmitting log information according to Embodiment 2 of the present invention. detailed description
  • the log information is described by using a Syslog protocol packet as an example.
  • the Syslog protocol uses the client/server (client/server) mode of communication, and the client is the receiver of event packets.
  • the client can be the originator of the event, such as a device or process, or a relay entity.
  • the relayed entity processes the Syslog time received from other senders (event generators or other relay entities). Send it to other recipients.
  • the Syslog protocol packet consists of three parts: packet header and structured data (Structured Data) Element , SDE ) and the message body.
  • the header includes the following fields: PRI, VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID, and MSGID.
  • PRI indicates the priority
  • VERSION indicates the Syslog protocol version number
  • TIMESTAMP indicates the timestamp generated by the log
  • HOSTNAME indicates the host domain name or address of the log sender
  • APP-NAME indicates the application name that generated the log
  • PROCID indicates the process indicating the log system. No., MSGID indicates the message category of the log.
  • the structured data is composed of a series of structured elements, each of which includes a structured element name and a series of parameter names and parameter value pairs.
  • the message body is free-form text information, and a Syslog log message may not include the message body.
  • FIG. 2 it is a schematic flowchart of a method for sending log information according to an embodiment of the present invention, and the steps include:
  • Step S10 Detect whether the load of the buffer queue of the log sender reaches a preset abnormal threshold.
  • the log sender stores the log to be sent in its buffer queue.
  • the log sender detects whether the load of the buffer queue reaches the preset abnormal threshold in real time. For example, if the length of the buffer queue reaches the preset threshold, Then, the process proceeds to step S12.
  • the log sender will perform pre-processing operations on the log information in the buffer queue, such as filtering the secondary log, prioritizing the important log, or overwriting the old one. Logs, etc.
  • Step S12 The log sender generates log information including a pre-process event start message and sends the message to the recipient, the pre-process event start message including a pre-processed start time message and a pre-processing policy message.
  • the sender After detecting that the load of the buffer queue of the log sender reaches the preset abnormal threshold in step S10, the sender sends a log information including a pre-process event start message, and the log information including the pre-process event start message is The format of the log information in the buffer queue of the log sender is the same.
  • the Syslog log information is used as an example for description.
  • the log information including the pre-processing event start message can be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • An SDE consists of a structured element name and a series of parameter names and parameter value pairs.
  • the SD-ID of the structured data is set to preprocess, and the parameter name and its attributes are described as follows:
  • the "pre-processing action” is used to describe the pre-processing actions of the log sender to the log to be sent in the buffer queue: filtering, out-of-order transmission, etc., wherein filtering may include filtering the secondary log, and the out-of-order transmission may include prioritizing the important log transmission. Or overwrite old logs, etc.
  • “Time Type” indicates that the subsequent "time point” is the timestamp of the earliest preprocessed log or the timestamp of the log that was preprocessed at the latest
  • pre-processing strategy is All logs with a severity greater than 3 (minor log) are filtered out. The first filtered log is generated at "2009-02-13 15:00:00".
  • the receiver After receiving the log information including the pre-processing event start message, the receiver can obtain the pre-processing information of the sender in real time after being parsed, and the sender pre-processes the log that can be learned during subsequent auditing and analysis of the log.
  • the time when the time occurs the pre-processing strategy, by analyzing the time when the pre-processing event occurs, and the pre-processing strategy can learn from what time the log sender has processed the log, which can improve the correctness of the audit and analysis;
  • you After obtaining the log information including the pre-process event start message, you can obtain the extreme situation such as network congestion or a large number of log bursts in time, so as to respond in time.
  • Step S14 When the log sender performs a pre-processing operation on the buffer of the buffer queue, if it is detected that the load of the buffer queue does not reach the preset abnormal threshold, the log information including the pre-processing event end message is generated and sent to the log.
  • the receiver, the pre-processing event end message includes a pre-processed end time message and a pre-processing policy message.
  • the log sender When the log sender performs pre-processing operations on the logs of its buffer queue, for example, all logs with a severity greater than 3 (secondary logs) are filtered out. In the pre-processing operation, the logs in the buffer queue will be less and less. After the time has elapsed, it is detected that the load of the buffer queue (for example, the length of the log in the buffer queue) falls below the preset abnormal threshold, that is, if the preset abnormal threshold is not reached, the log sender will end the pre-processing operation. Generate log information including the pre-processing event end message and send it to the log receiver.
  • the load of the buffer queue for example, the length of the log in the buffer queue
  • the preset abnormal threshold that is, if the preset abnormal threshold is not reached
  • the log information including the pre-processing event end message can also be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • the receiving party can obtain the pre-processing information of the sender in real time after being parsed, and the sender pre-processes the log that can be learned during subsequent auditing and analysis of the log.
  • the time at the end of the time, the pre-processing strategy, the time when the pre-processing event ends, and the pre-processing strategy can learn from the time when the log sender has finished pre-processing the log, which can improve the correctness of the audit and analysis.
  • the log sender generates the log information including the pre-processing event start message or the pre-processing event end message, and sends the log information to the log receiver, so that the log receiver can obtain the load of the log sender in the buffer queue to reach the preset time.
  • the pre-processing information to be sent to the log when the abnormal value is abnormal, and the loss or out-of-order situation when the load of the buffer queue reaches the preset abnormal threshold is improved, which improves the correctness of subsequent auditing and analysis of the log information.
  • the log receiver can timely know the occurrence of extreme situations such as network congestion or a large number of log bursts through the log system itself, so as to respond in time.
  • FIG. 3 it is a schematic flowchart of a method for sending log information according to Embodiment 2 of the present invention, which is similar to the method for sending log information according to Embodiment 1 of the present invention, and the difference is that the packet is further encapsulated before step S10.
  • the packet is further encapsulated before step S10.
  • Step S8 The log sender generates log information including a message describing the importance of the log and sends it to the log receiver.
  • the log information including the message describing the importance of the log is used by the log receiver to analyze the importance of the log according to the description. The message is processed accordingly.
  • the log information including the description of the log importance message can also be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • the log receiver After receiving the log information including the message describing the importance of the log, the log receiver obtains the message describing the importance of the log, and the log receiver identifies which log is an important log by using the message describing the importance of the log. For example, if the log sender sends a log with a severity of less than 3, it is an important log. When the log receiver processes a large number of logs at the same time, the important logs with less severity of 3 can be preferentially processed to ensure the safe and reliable reception and processing of important logs.
  • the log sender generates the log information including the pre-processing event start message or the pre-processing event end message and sends the log information to the log receiver, so that the log receiver can obtain the log sender's load in the buffer queue to reach the preset abnormality in time.
  • the log receiver can timely know the occurrence of extreme conditions such as network congestion or a large number of log bursts through the log system itself, and respond in time; and the log sender generates log information including a message describing the importance of the log and sends it to
  • the log receiver can enable the log receiver to identify important logs and ensure the safe and reliable reception and processing of important logs.
  • the apparatus for sending log information may include a client in a Client/Server mode in a Syslog protocol.
  • the apparatus for transmitting log information includes a buffer unit 52, a detecting unit 54, a first log information generating unit 56, and a log transmitting unit 58.
  • the buffer unit 52 is configured to store a log queue to be sent
  • the detecting unit 54 is configured to detect whether the load of the log queue of the buffer unit 52 reaches a preset.
  • the detection unit 54 detects in real time whether the load of the buffer unit 52 reaches a preset abnormal value, for example, whether the length of the log queue in the buffer unit 52 reaches a preset threshold.
  • the first log information generating unit 56 is configured to generate log information including a pre-process event start message when the detecting unit 54 detects that the load of the log queue of the buffer unit 52 reaches a preset abnormal threshold.
  • the pre-processing event start message includes a pre-processed start time message and a pre-processing policy message; the log sending unit 58 is configured to send the log information including the pre-process event start message generated by the first log information generating unit 56. To the log receiver.
  • the log information including the pre-processing event start message is consistent with the format of the log information in the log queue of the buffer unit 52.
  • the Syslog log information is taken as an example for description.
  • the log information including the pre-processing event start message can be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • An SDE consists of a structured element name and a series of parameter names and parameter value pairs. The syntax is as follows:
  • the SD-ID of the structured data is set to preprocess, and the parameter name and its attributes are described as follows:
  • the "pre-processing action” is used to describe the pre-processing actions of the log sender to the log to be sent in the buffer queue: filtering, out-of-order transmission, etc., wherein filtering may include filtering the secondary log, and the out-of-order transmission may include prioritizing the important log transmission. Or overwrite old logs, etc.
  • “Time Type” indicates that the subsequent "time point” is the timestamp of the earliest preprocessed log or the timestamp of the log that was preprocessed at the latest
  • pre-processing strategy is All logs with a severity greater than 3 (minor log) are filtered out. The first filtered log is generated at "2009-02-13 15:00:00".
  • the log receiver After receiving the log information including the pre-processing event start message, the log receiver can obtain the pre-processing information of the sender in real time after being parsed, and the pre-processing time of the sender to the log can be learned during subsequent auditing and analysis of the log.
  • the time of occurrence, the pre-processing strategy by analyzing the time when the pre-processing event occurs, and the pre-processing strategy can learn from what time the log sender has processed the log, which can improve the correctness of the audit and analysis;
  • the log information including the pre-processing event start message After the log information including the pre-processing event start message is obtained, the extreme situation such as network congestion or a large number of log bursts can be timely acquired, thereby responding in time.
  • the first log information generating unit 56 when the device for transmitting the log information performs a pre-processing operation on the log information of the buffer unit 52, when the detecting unit 54 detects the log queue of the buffer unit 52.
  • the log sending unit 58 It is further configured to send log information including the pre-process event end message generated by the first log information generating unit 56 to the log recipient.
  • the device that transmits the log information performs a pre-processing operation on the log information of the buffer unit 52, and the device that transmits the log information detects the buffer unit at the detecting unit 54.
  • the load of the log queue of 52 reaches the preset abnormal threshold, the log information of the buffer unit 52 is made.
  • the device that sends the log information performs a pre-processing operation on the log information of the buffer unit 52, for example, all logs with a severity greater than 3 (secondary logs) are filtered out, and the logs in the buffer queue will be in the pre-processing operation.
  • the less the device detects the load of the buffer queue after a period of time (for example, the length of the log in the buffer queue) drops below the preset abnormal threshold, that is, the device does not reach the preset abnormal threshold.
  • the pre-processing operation before the end will be completed, and log information including the pre-processing event end message is generated and sent to the log receiver.
  • the log information including the pre-processing event end message can also be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • the receiving party can obtain the pre-processing information of the sender in real time after being parsed, and the sender pre-processes the log that can be learned during subsequent auditing and analysis of the log.
  • the time at the end of the time, the pre-processing strategy, the time to analyze the end of the pre-processing event, and the pre-processing strategy can be learned from the time when the log sender has completed the pre-processing of the log, which can improve the correctness of the audit and analysis, improve the audit and analysis. The correctness.
  • the embodiment of the present invention generates the log information including the pre-processing event start message or the pre-processing event end message to be sent to the log receiver by the first log information generating unit 56, so that the log receiver can acquire the load of the buffer unit 52 in time.
  • the pre-processing information to be sent to the log when the preset abnormal threshold is reached, and the loss or out-of-order situation when the load of the buffer unit 52 reaches the preset abnormal threshold is improved, and the subsequent auditing of the log information is improved.
  • the correctness of the analysis in addition, the receiver can timely know the occurrence of extreme situations such as network congestion or a large number of log surges through the log system itself, so as to respond in time.
  • FIG. 5 it is a schematic structural diagram of an apparatus for transmitting log information according to Embodiment 2 of the present invention, which is similar to the structure of an apparatus for transmitting log information according to Embodiment 1 of the present invention, and further includes: a second log information generating unit 60.
  • the second log information generating unit 60 is configured to generate log information including a message describing the importance of the log and send the log information to the log receiver, where the log information including the message describing the importance of the log is used by the receiver after parsing The received log is processed accordingly according to the message describing the importance of the log.
  • the log information including the description of the log importance message can also be implemented by setting structured data (SDE) in the Syslog log information.
  • SDE structured data
  • the log receiver After receiving the log information including the message describing the importance of the log, the log receiver obtains the message describing the importance of the log, and the log receiver identifies which log is an important log by using the message describing the importance of the log. For example, the log sender sends a display severity less than 3. The log is an important log. When the log receiver processes a large number of logs at the same time, it can preferentially process these important logs with a severity less than 3 to ensure the safe and reliable reception and processing of important logs.
  • the embodiment of the present invention generates the log information including the pre-processing event start message or the pre-processing event end message to be sent to the log receiver by the first log information generating unit 56, so that the log receiver can acquire the load of the buffer unit 52 in time.
  • the pre-processing information to be sent to the log when the preset abnormal threshold is reached, and the loss or out-of-order situation when the load of the buffer unit 52 reaches the preset abnormal threshold is improved, and the subsequent auditing of the log information is improved.
  • the receiving party can timely know the occurrence of extreme situations such as network congestion or a large number of log bursts through the log system itself, thereby responding in time; and the second log information generating unit 60 generates a description log including The log information of the importance message is sent to the log receiver, which enables the log receiver to identify the important log and ensure the safe and reliable reception and processing of the important log.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Les modes de réalisation de la présente invention portent sur un procédé de transmission d'informations de journal comprenant : la détection du fait que la charge sur la file d'attente de tampon d'un émetteur de journal atteint ou non un seuil d'anomalie préréglé (10) ; la génération et l'envoi des informations de journal comprenant un message de début d'évènement de prétraitement par l'émetteur de journal à un récepteur de journal lorsque la charge sur la file d'attente de tampon de l'émetteur de journal atteint le seuil d'anomalie préréglé (12) ; la génération et l'envoi des informations de journal comprenant un message de fin d'évènement de prétraitement par l'émetteur de journal au récepteur de journal s'il est détecté que la charge sur la file d'attente de tampon n'atteint pas le seuil d'anomalie préréglé lorsque l'émetteur de journal effectue une opération de prétraitement pour le journal dans sa file d'attente de tampon (14). Les modes de réalisation de la présente invention portent également sur un appareil de transmission d'informations de journal. Par génération des informations de journal comprenant un message de début d'évènement de prétraitement ou un message de fin d'évènement de prétraitement et envoi de celles-ci au récepteur de journal, les modes de réalisation de la présente invention peuvent augmenter la précision subséquente de vérification et d'analyse des informations de journal.
PCT/CN2010/070876 2009-03-06 2010-03-04 Procédé et appareil de transmission d'informations de journal WO2010099754A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910105892.0 2009-03-06
CN2009101058920A CN101505245B (zh) 2009-03-06 2009-03-06 一种发送日志信息的方法及装置

Publications (1)

Publication Number Publication Date
WO2010099754A1 true WO2010099754A1 (fr) 2010-09-10

Family

ID=40977325

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/070876 WO2010099754A1 (fr) 2009-03-06 2010-03-04 Procédé et appareil de transmission d'informations de journal

Country Status (2)

Country Link
CN (1) CN101505245B (fr)
WO (1) WO2010099754A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2696536A1 (fr) * 2012-08-07 2014-02-12 Broadcom Corporation Suivi de statistiques de tampon

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505245B (zh) * 2009-03-06 2011-01-05 成都市华为赛门铁克科技有限公司 一种发送日志信息的方法及装置
CN101789174B (zh) * 2009-12-29 2013-07-24 北京世纪高通科技有限公司 一种日志的监测方法及装置
CN101859270A (zh) * 2010-04-19 2010-10-13 上海华为技术有限公司 日志管理方法、系统、主控板和本地单板
CN102347831B (zh) * 2010-07-26 2014-12-03 华为技术有限公司 时间消息处理方法、装置及系统
CN102594581B (zh) * 2011-01-12 2016-03-16 鼎桥通信技术有限公司 一种日志数据的记录方法
CN103176888B (zh) * 2011-12-22 2018-01-23 阿里巴巴集团控股有限公司 一种日志记录的方法和系统
CN103338131A (zh) * 2013-06-20 2013-10-02 百度在线网络技术(北京)有限公司 检测日志传输丢失率的方法和设备
CN103617287A (zh) * 2013-12-12 2014-03-05 用友软件股份有限公司 一种分布式环境下的日志管理方法和装置
CN105577431A (zh) * 2015-12-11 2016-05-11 青岛云成互动网络有限公司 一种基于互联网应用的用户信息识别分类方法和系统
CN106126672A (zh) * 2016-06-27 2016-11-16 安徽科成信息科技有限公司 一种班班通网络监控日志的更新方法
CN107480277B (zh) * 2017-08-22 2021-01-26 北京京东尚科信息技术有限公司 用于网站日志采集的方法及装置
CN110324255B (zh) * 2019-07-05 2021-01-29 中南大学 一种面向数据中心网络编码的交换机/路由器缓存队列管理方法
CN114422340B (zh) * 2020-10-12 2023-10-10 华为技术有限公司 日志上报方法、电子设备及存储介质
CN114978729A (zh) * 2022-05-27 2022-08-30 重庆长安汽车股份有限公司 基于can总线车载入侵的检测方法、系统及可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006279727A (ja) * 2005-03-30 2006-10-12 Nippon Telegr & Teleph Corp <Ntt> ネットワーク制御システムおよび方法
CN101072124A (zh) * 2007-06-22 2007-11-14 中兴通讯股份有限公司 一种获取日志的方法
CN101075256A (zh) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 数据库实时审计分析系统及方法
CN101505245A (zh) * 2009-03-06 2009-08-12 成都市华为赛门铁克科技有限公司 一种发送日志信息的方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006279727A (ja) * 2005-03-30 2006-10-12 Nippon Telegr & Teleph Corp <Ntt> ネットワーク制御システムおよび方法
CN101075256A (zh) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 数据库实时审计分析系统及方法
CN101072124A (zh) * 2007-06-22 2007-11-14 中兴通讯股份有限公司 一种获取日志的方法
CN101505245A (zh) * 2009-03-06 2009-08-12 成都市华为赛门铁克科技有限公司 一种发送日志信息的方法及装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2696536A1 (fr) * 2012-08-07 2014-02-12 Broadcom Corporation Suivi de statistiques de tampon

Also Published As

Publication number Publication date
CN101505245B (zh) 2011-01-05
CN101505245A (zh) 2009-08-12

Similar Documents

Publication Publication Date Title
WO2010099754A1 (fr) Procédé et appareil de transmission d&#39;informations de journal
US7593331B2 (en) Enhancing transmission reliability of monitored data
US7650403B2 (en) System and method for client side monitoring of client server communications
US6965917B1 (en) System and method for notification of an event
US20090024722A1 (en) Proxying availability indications in a failover configuration
CN106471778B (zh) 攻击检测装置和攻击检测方法
US10735501B2 (en) System and method for limiting access request
US8601065B2 (en) Method and apparatus for preventing outgoing spam e-mails by monitoring client interactions
WO2014101758A1 (fr) Procédé, appareil et dispositif pour la détection d&#39;un bombardement de messagerie
US20090300153A1 (en) Method, System and Apparatus for Identifying User Datagram Protocol Packets Using Deep Packet Inspection
WO2020119347A1 (fr) Procédé, appareil, dispositif et support de transmission de message
US7478168B2 (en) Device, method and program for band control
CN111988309B (zh) 一种icmp隐蔽隧道检测方法及系统
US8490173B2 (en) Unauthorized communication detection method
US11729184B2 (en) Detecting covertly stored payloads of data within a network
KR20150090216A (ko) 암호화된 세션 모니터링
EP3038032A1 (fr) Procédé et dispositif de transmission de message de service
US11700271B2 (en) Device and method for anomaly detection in a communications network
WO2012172171A1 (fr) Evaluation de la performance globale d&#39;un service d&#39;application interactive
CN108076070B (zh) 一种fasp协议阻断方法、装置及分析系统
EP3971748A1 (fr) Procédé et appareil de demande de connexion réseau
WO2016202025A1 (fr) Procédé et appareil de traitement de message trap
WO2017067224A1 (fr) Procédé et appareil de traitement de paquets
EP2704362A2 (fr) Procédé, appareil et système pour analyser des caractéristiques de transmission de réseau
CN111130993B (zh) 一种信息提取的方法及装置、可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10748344

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27/01/2012)

122 Ep: pct application non-entry in european phase

Ref document number: 10748344

Country of ref document: EP

Kind code of ref document: A1