WO2012155455A1 - Log analysis method and system based on web platform - Google Patents

Log analysis method and system based on web platform Download PDF

Info

Publication number
WO2012155455A1
WO2012155455A1 PCT/CN2011/081062 CN2011081062W WO2012155455A1 WO 2012155455 A1 WO2012155455 A1 WO 2012155455A1 CN 2011081062 W CN2011081062 W CN 2011081062W WO 2012155455 A1 WO2012155455 A1 WO 2012155455A1
Authority
WO
WIPO (PCT)
Prior art keywords
log
logs
server
collected
module
Prior art date
Application number
PCT/CN2011/081062
Other languages
French (fr)
Chinese (zh)
Inventor
张立
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012155455A1 publication Critical patent/WO2012155455A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • G06F11/3072Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/875Monitoring of systems including the internet

Definitions

  • the invention relates to log management, in particular to a log collection, analysis and search method and system based on a network (WEB) platform.
  • WEB network
  • the object of the present invention is to provide a log analysis method and system based on the WEB platform, and solve the following technical problems: 1.
  • the maintenance personnel are not efficient, and the fault is difficult to locate and eliminate quickly; 2.
  • Statistics on a large amount of log information It is more difficult to audit; third, it is simply collecting the logs of each device, and there is no complete solution for collecting, searching, browsing, analyzing, backing up, and downloading logs.
  • a log analysis method based on a WEB platform includes the following steps:
  • the log collection module periodically collects logs generated by each device on the network, and collects the collected logs. The log is uploaded to the log server;
  • the log server indexes and statistically classifies the logs to obtain index data and statistical classification data.
  • the method further includes: searching, by the log server, the log that matches the search condition from the index data according to a search condition input by the user.
  • the log server performs indexing and statistical categorization of the log to obtain index data and statistical categorization data, and further includes: the log server compressing and backing the log.
  • the step log collection module periodically collects logs generated by each device on the network, including:
  • the log server establishes a connection with each device on the network through the network;
  • the log collection module installed on the device periodically sends a list of log files generated by the device to the log server.
  • the log server selects a log name to be collected from the log file list and sends the log name to the device;
  • the log collection module collects logs according to the selected log name.
  • the uploading the collected log to the log server includes:
  • the log collection module uploads the collected log to the log server by using FTP or SYSLOG.
  • the log server saves the collected logs.
  • the log server indexes and statistically classifies the log, and obtains index data and statistical classification data, including: the log server according to the file name, time, level, error code, and log content Indexing the collected logs to obtain index data; the log server respectively according to four classification criteria: file name, time, level, and error code
  • the collected logs are classified and counted to obtain classified statistical data.
  • a log analysis system based on a WEB platform comprising:
  • the log collection module is configured to periodically collect logs generated by each device on the network, and upload the collected logs to the log server.
  • the log analysis module is configured to index and statistically classify the logs uploaded to the log server, and obtain index data and statistical classification data.
  • the system further includes: a log search module, configured to search for a log that matches the search condition from the index data obtained by the log analysis module; and a log backup download module configured to compress the log uploaded to the log server Backup.
  • a log search module configured to search for a log that matches the search condition from the index data obtained by the log analysis module
  • a log backup download module configured to compress the log uploaded to the log server Backup.
  • the log collection module periodically uploads the collected logs to the log server by means of FTP or SYSLOG.
  • the log analysis module is configured to index the logs uploaded to the log server according to five analysis domains: file name, time, level, error code, and log content, to obtain index data;
  • the log analysis module is configured to perform classification and statistics on the logs uploaded to the log server according to four classification criteria: file name, time, level, and error code, to obtain classified statistical data.
  • the beneficial effects of the present invention are as follows: 1.
  • the maintenance staff's work efficiency is improved, so that the fault can be quickly located and eliminated; 2.
  • the large amount of log information can be counted and audited; Provides a simple collection log, while providing a complete solution for searching, browsing, analyzing, backing up, and downloading.
  • FIG. 1 is a flowchart of a log analysis method based on a WEB platform according to an embodiment of the present invention
  • FIG. 2 is a structural structure of a log analysis system based on a WEB platform according to an embodiment of the present invention
  • FIG. 1 is a flowchart of a log analysis method based on a WEB platform according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps:
  • Step 101 device configuration.
  • the device configuration is completed by the user through the WEB management platform of the log system.
  • the device information that is entered includes the description information of the device, the parameter information that needs to be collected, and so on. Users can view all device information in a list on the management platform.
  • the device information is as shown in Table 1 below:
  • Step 102 log collection.
  • FTP File Transfer Protocol
  • SYSLOG System Log
  • the process of collecting the FTP mode is as follows:
  • the log server communicates with the agent that is installed on the device, that is, the log collection module, and obtains a list of log files on the device through the agent.
  • the log server filters the log file to be collected, and sends the file name to the agent.
  • the agent calls the put command of the FTP client in the operating system to upload the log file to the log server.
  • the log server saves the collected log files by folder, and a device generates a folder.
  • the FTP collection mode initiates the collection task by the log server. Therefore, you need to avoid the repeated collection of logs.
  • the log server identifies the collection status of the log file by the log file name and the last modification time of the log file.
  • the log server saves the information into the database. This information is used to determine whether the log file has been collected before the next acquisition. If the modification time of the log file on the device is the same as the last modification time of the log file in the database, the configuration is not collected. Otherwise, the collection status information of the log file is saved and saved in the database. The log file name in the log directory is deleted. Corresponding files, and save the newly collected log files in the corresponding folder of the device in the log directory.
  • the device In the SYSLOG mode, the device actively reports the log content. After the log server is running, the SYSLOG service is automatically opened. Each device actively uploads logs to the log server through the SYSLOG client. The SYSLOG collection is saved in the same way as FTP. However, since each device only uploads specific log contents, the file name is generated by the log server. Therefore, there is no log duplication.
  • Step 103 log analysis.
  • log analysis There are two tasks in log analysis: one is to index the specific log content to facilitate quick search of the log content, and the other is to classify the log content according to certain classification criteria, such as log level, log time and other classification criteria. .
  • Log indexing and searching is based on the open source Lucene search tool library, which uses Lucene's built-in standard parser to analyze, index, and search log content.
  • the Zhizhi Index contains a total of five analysis domains, as shown in Table 2 below:
  • the statistics are saved into the database. From the WEB management platform of the log system, users can see information such as icons of statistical information, such as histograms and pie charts.
  • Step 104 log search.
  • the user can search the logs according to various conditions through the log management system of the WEB management platform.
  • the search conditions are displayed on the page in the form of a form, and the user selects different combinations of conditions to search according to the specific situation.
  • the log server retrieves from the index data based on the retrieval conditions entered by the user.
  • the log search results are presented to the user on the page in a list. Since the amount of logs is very large, showing all the data is meaningless in most cases, so the log system is paged in reverse order of time and does not exceed the maximum value of the integer (INT) type.
  • the search criteria that the user can select are as shown in Table 3 below:
  • the keyword searches the log content for content that matches the keyword.
  • the keyword is analyzed by the analyzer and searched according to the pre-match plus 80% similarity fuzzy matching.
  • the user can browse the context information of the log by clicking the specific log entry in the search list.
  • the number of browsing rows can be configured through the system.
  • the clicked log entry will be highlighted in the log context.
  • Step 105 log backup.
  • the system uses scheduled tasks to back up according to the configured backup cycle. Backups are classified by device, and the compression method is zip. After the backup, the user can browse all the backup files through the WEB management platform of the log system, and can download, delete, and browse the basic information of the backup log files.
  • the system includes a log collection module 1, a log analysis module 2, a log search module 3, and a log backup download module.
  • the storage module 5 the device management module 6, the system configuration module 7, the user management module 8, the web management platform 9, the interface module 10, the device 11, and the log server 12.
  • the log collection module 1 is configured to collect logs of each device; the log analysis module 1 is configured to analyze the collected logs; the log search module 3 is configured to search logs according to the retrieval conditions; and the log backup download module 4 is configured to download logs and back up;
  • the storage module 5 is configured to store system configuration information, the collection information and the log; the device management module 6 is configured to configure and manage device information; the system configuration module 7 is configured to configure system information; and the user management module 8 is configured to manage the use of the log system.
  • the WEB management platform 9 is used for the user to operate the log system; the interface module 10 is used for the log server 12 to communicate with the log collection module 1 on the device 11; the device 11 is used to generate logs, and the device 11 can be multiple; Server 12 is used to store logs and run various software programs.
  • the user configures the system through the system configuration module 7.
  • the system deploys a WEB application based on the TOMCAT application server. After logging in to the WEB management platform 9 and entering the system configuration page, the system configuration module 7 configures the system, such as setting the log storage directory, the log system collection interval, and the log collection mode. Users can also use the system default configuration.
  • the user completes device information entry through the device management module 6.
  • the user logs in to the WEB management platform 9, and enters the device management page, enters the device information and saves it.
  • the specific device information includes device name, IP address, user name, operating system, and log directory.
  • the device name is used to indicate the name of the device that needs to be managed uniformly.
  • the IP address is the IP address of the device 11 in the network.
  • the log server 12 collects the logs on the device 11, it needs to know the specific IP address of the device 11 to connect.
  • the username is the username of the login device operating system.
  • the operating system is the operating system type of the device 11, such as a Windows system or a Linux system.
  • the log directory is a directory in which the logs to be collected are stored on the device 11, and the directory can be multiple. After the user has configured the device information, all the device information can be viewed in a list on the WEB management platform 9.
  • the user collects logs on the device periodically through the log collection module.
  • the process of collecting the FTP mode is as follows:
  • the interface module 10 periodically communicates with the log collection module 2, which is installed on the device 11, by the device IP, and obtains a log file list on the device 11 through the agent.
  • the interface module 10 filters the log file to be collected, and sends the file name to the agent of the device 11, and the agent invokes the operating system command to actively upload the log file to the log server 12 through the PUT mode of the FTP.
  • the interface module 10 divides the collected log files into files in the log storage directory set by the system. The folder is saved, and a device generates a folder.
  • the FTP collection mode is initiated by the log server 12, so it is necessary to avoid repeated collection of logs.
  • the interface module 10 identifies the collection state of the log file by the log file name and the last modification time of the log file. After the acquisition is complete, save the information into the database. Before this next acquisition, use this information to determine whether the log file has been collected. If the modification time of the log file on the device 11 is the same as the last modification time of the log file in the database, the configuration is not collected. Otherwise, the collection status information of the log file is saved and saved in the database. The file corresponding to the file name, and save the newly collected log file in the folder corresponding to the device in the log save directory.
  • the process of the SYSLOG mode is as follows: After the log system is running, if the collection mode set by the system configuration module 7 is SYSLOG mode, the log server 12 automatically opens the SYSLOG service, and the device 11 actively uploads logs to the log server 12 through the SYSLOG client. 10 Save the log in the folder corresponding to the device in the log save directory.
  • the SYSLOG collection is saved in the same way as FTP. Since the device only uploads specific log content, the file name is generated by the log server 12 and stored in the database. Therefore, there is no problem of repeated log collection.
  • the user periodically analyzes the log through the log analysis module 2.
  • the log analysis module 2 reads the log content collected by the log collection module 2, performs statistical classification and indexing on the log content of the fixed format to provide a quick search.
  • the above work is performed by the system timer at a certain period.
  • the log analysis module 1 mainly performs two tasks: one is to index the specific log content to facilitate quick search of the log content, and the other is to classify the log content according to certain classification criteria.
  • the log index is developed based on the open source Lucene search tool library, and the log content is analyzed and indexed using Lucene's built-in standard analyzer.
  • the log index contains a total of five analysis domains, namely file name, time, level, error code, and log content. Where the classes of the first four analysis domains Types are all "save", and the type of log content analysis field is "Analysis, Save”.
  • the Lucene search tool library generates a log index based on the type of analysis domain and analysis domain.
  • Log classification statistics are information statistics of log data according to a certain classification. For example, according to the classification criteria such as the log level or the log time, the log data is statistically collected, and the obtained log classification statistical information is saved into the database.
  • the user can view the statistical analysis report of the log through the WEB management platform 9.
  • the user enters the analysis statistics page of the WEB management platform 9 and inputs the analysis and statistics conditions.
  • the WEB management platform 9 calls the log analysis module 2, and the log analysis module 2 reads the previously saved classification statistical information or index information from the storage module 5, and uses the data.
  • the form is displayed in the form of a chart, such as a histogram or a pie chart.
  • the user searches the log through the log search module 3 based on the search criteria.
  • the user can perform a quick search of the log according to various search conditions through the WEB management platform 9.
  • the search conditions are displayed on the page in the form of a form, and the user selects different combinations of conditions to search according to the specific situation.
  • the log search module 3 retrieves a log matching the search condition from the index data based on the search condition input by the user.
  • the log search results are presented to the user on the page in a list. Since the volume of the log is very large, displaying all the data is meaningless in most cases, so the log search module 3 displays the pages in reverse order of time, and the maximum does not exceed the maximum value of the INT type.
  • the user can browse the context information of the log by clicking the specific log entry in the search list. The number of browsing rows can be configured through the system configuration module. The clicked log entry will be highlighted in the log context.
  • the search criteria that the user can select are shown in the following table: log file, start time, end time, error code, log level, keyword.
  • the log file indicates which log files need to be searched; the start time is searched in the log printed after the start time; the end time is searched in the log printed before the end time; the error code is based on the log specific The error code is searched; the log level is searched according to the specific level of the log; the keyword searches for the content matching the keyword in the log content, and the keyword is analyzed by the analyzer and fuzzy matching is matched according to the previous match plus 80% similarity Ways to search.
  • the user can also view the error log quick solution through log search module 3.
  • the user logs in to the search page of the WEB management platform 9 and enters the search criteria and submits the search log. If the search log is an error log, you can also click to view the error log quick solution to monitor and troubleshoot the device 11 in the network.
  • the user downloads the module through the log backup 4 to back up and manage the backup file.
  • the log backup download module 4 sorts and compresses the log files in the log save directory according to the configured backup cycle.
  • the compression mode is zip.
  • the present invention solves the following problems by providing a complete log centralized processing platform for log collection, search, browsing, analysis, backup, and download:
  • the maintenance log personnel are not efficient, and faults are difficult to locate quickly. And troubleshooting; it is difficult to collect and audit a large amount of log information; it is simply collecting the logs of each device, and there is no complete solution for collecting, searching, browsing, analyzing, backing up, and downloading logs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Quality & Reliability (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A log analysis method based on WEB platform is provided by the invention. The method comprises: a log collection module periodically collects logs created from each device on the network, the log collection module sends the collected logs to a log server, and the log server performs index and statistic classification to obtain the index data and the statistic classification data. Also, a log analysis system based on WEB platform is provided by the invention. By providing an integrated log convergence process platform for collection, search, browse, analysis, backup, and download log, the invention solves the problem in the prior art that the logs of each device only are simply collected, there is not a integrated scheme for collection, search, browse, analysis, backup, and download log.

Description

一种基于 WEB平台的日志分析方法及系统 技术领域  Log analysis method and system based on WEB platform
本发明涉及日志管理, 特别涉及一种基于网络(WEB )平台的日志采 集、 分析、 搜索方法及系统。 背景技术  The invention relates to log management, in particular to a log collection, analysis and search method and system based on a network (WEB) platform. Background technique
目前处理网络中各台设备的业务日志、 操作系统日志、 数据库日志的 方式是各台设备单独备份, 查看日志时需要连接各台设备获取日志, 然后 人工分析日志内容。 这种处理方式严重影响维护人员的工作效率和故障的 快速定位和排除, 而且在这种工作方式下 ^艮难对大量的日志信息进行信息 统计和审计的工作。  Currently, the service logs, operating system logs, and database logs of each device on the network are backed up separately. When viewing logs, you need to connect to each device to obtain logs, and then manually analyze the log contents. This type of processing seriously affects the maintenance staff's work efficiency and the rapid location and elimination of faults. Moreover, in this mode of work, it is difficult to perform statistical statistics and auditing on a large amount of log information.
现有环境下有一些工具可以对网络中各台设备的日志进行简单的采集 工作, 但是没有针对日志的采集、 搜索、 浏览、 分析、 备份、 下载的整套 解决方案。 发明内容  In the existing environment, there are some tools for simple collection of logs of each device in the network, but there is no complete solution for collecting, searching, browsing, analyzing, backing up, and downloading logs. Summary of the invention
本发明的目的在于提供一种基于 WEB平台的日志分析方法及系统,解 决了以下技术问题: 一、 维护人员工作效率不高、 故障很难快速定位和排 除; 二、 对大量的日志信息进行统计和审计比较困难; 三、 仅是对各台设 备的日志进行简单地采集, 没有针对日志的采集、 搜索、 浏览、 分析、 备 份、 下载的整套解决方案。  The object of the present invention is to provide a log analysis method and system based on the WEB platform, and solve the following technical problems: 1. The maintenance personnel are not efficient, and the fault is difficult to locate and eliminate quickly; 2. Statistics on a large amount of log information It is more difficult to audit; third, it is simply collecting the logs of each device, and there is no complete solution for collecting, searching, browsing, analyzing, backing up, and downloading logs.
根据本发明的一个方面, 提供了一种基于 WEB平台的日志分析方法, 所述方法包括以下步驟:  According to an aspect of the present invention, a log analysis method based on a WEB platform is provided, and the method includes the following steps:
日志采集模块定时采集网络上各台设备产生的日志, 并将所述采集的 日志上传到日志服务器; The log collection module periodically collects logs generated by each device on the network, and collects the collected logs. The log is uploaded to the log server;
所述日志服务器对所述日志进行索引和统计归类, 得到索引数据和统 计归类数据。  The log server indexes and statistically classifies the logs to obtain index data and statistical classification data.
优选的, 在所述日志服务器在得到索引数据和统计归类数据之后, 所 述方法还包括: 所述日志服务器根据用户输入的搜索条件从所述索引数据 中搜索符合所述搜索条件的日志。  Preferably, after the log server obtains the index data and the statistical classification data, the method further includes: searching, by the log server, the log that matches the search condition from the index data according to a search condition input by the user.
优选的, 所述日志服务器对所述日志进行索引和统计归类, 得到索引 数据和统计归类数据的过程, 还包括: 所述日志服务器将所述日志进行压 缩备份。  Preferably, the log server performs indexing and statistical categorization of the log to obtain index data and statistical categorization data, and further includes: the log server compressing and backing the log.
其中, 所述步驟日志采集模块定时采集网络上各台设备产生的日志, 包括:  The step log collection module periodically collects logs generated by each device on the network, including:
所述日志服务器通过网络与网络上各台设备建立连接;  The log server establishes a connection with each device on the network through the network;
安装在所述设备上的日志采集模块定时将所述设备产生的日志文件的 列表发送给所述日志服务器;  The log collection module installed on the device periodically sends a list of log files generated by the device to the log server.
所述日志服务器从所述日志文件列表中选择需要采集的日志名称并发 送给所述设备;  The log server selects a log name to be collected from the log file list and sends the log name to the device;
所述日志采集模块根据所选日志名称采集日志。  The log collection module collects logs according to the selected log name.
其中, 所述将所述采集的日志上传到日志服务器, 包括:  The uploading the collected log to the log server includes:
所述日志采集模块通过 FTP或者 SYSLOG的方式将所述采集的日志上 传给所述日志服务器;  The log collection module uploads the collected log to the log server by using FTP or SYSLOG.
所述日志服务器保存所述采集的日志。  The log server saves the collected logs.
其中, 所述日志服务器对所述日志进行索引和统计归类, 得到索引数 据和统计归类数据, 包括: 所述日志服务器按照文件名、 时间、 级别、 错 误码、 日志内容五个分析域分别对所述采集的日志进行索引, 得到索引数 据; 所述日志服务器按照文件名、 时间、 级别、 错误码四个分类标准分别 对所述采集的日志进行分类统计, 得到分类统计数据。 The log server indexes and statistically classifies the log, and obtains index data and statistical classification data, including: the log server according to the file name, time, level, error code, and log content Indexing the collected logs to obtain index data; the log server respectively according to four classification criteria: file name, time, level, and error code The collected logs are classified and counted to obtain classified statistical data.
根据本发明的另一个方面, 提供了一种基于 WEB 平台的日志分析系 统, 所述系统包括:  According to another aspect of the present invention, a log analysis system based on a WEB platform is provided, the system comprising:
日志采集模块, 设置为定时采集网络上各台设备产生的日志, 并将所 述采集的日志上传到日志服务器;  The log collection module is configured to periodically collect logs generated by each device on the network, and upload the collected logs to the log server.
日志分析模块, 设置为对所述上传到日志服务器的日志进行索引和统 计归类, 得到索引数据和统计归类数据。  The log analysis module is configured to index and statistically classify the logs uploaded to the log server, and obtain index data and statistical classification data.
优选的, 该系统还包括: 日志搜索模块, 设置为从所述日志分析模块 得到的索引数据中搜索符合搜索条件的日志; 日志备份下载模块, 设置为 对所述上传到日志服务器的日志进行压缩备份。  Preferably, the system further includes: a log search module, configured to search for a log that matches the search condition from the index data obtained by the log analysis module; and a log backup download module configured to compress the log uploaded to the log server Backup.
优选的,所述日志采集模块通过 FTP或者 SYSLOG的方式定时将所述 采集的日志上传给所述日志服务器。  Preferably, the log collection module periodically uploads the collected logs to the log server by means of FTP or SYSLOG.
优选的, 所述日志分析模块设置为按照文件名、 时间、 级别、 错误码、 日志内容五个分析域分别对所述上传到日志服务器的日志进行索引, 得到 索引数据;  Preferably, the log analysis module is configured to index the logs uploaded to the log server according to five analysis domains: file name, time, level, error code, and log content, to obtain index data;
所述日志分析模块设置为按照文件名、 时间、 级别、 错误码四个分类 标准分别对所述上传到日志服务器的日志进行分类统计, 得到分类统计数 据。  The log analysis module is configured to perform classification and statistics on the logs uploaded to the log server according to four classification criteria: file name, time, level, and error code, to obtain classified statistical data.
与现有技术相比较, 本发明的有益效果在于: 一、 提高了维护人员的 工作效率, 使其能快速定位故障并排除; 二、 能够对大量的日志信息进行 统计和审计; 三、 不仅仅提供简单的采集日志, 同时提供搜索、 浏览、 分 析、 备份、 下载的整套解决方案。 附图说明  Compared with the prior art, the beneficial effects of the present invention are as follows: 1. The maintenance staff's work efficiency is improved, so that the fault can be quickly located and eliminated; 2. The large amount of log information can be counted and audited; Provides a simple collection log, while providing a complete solution for searching, browsing, analyzing, backing up, and downloading. DRAWINGS
图 1是本发明实施例提供的基于 WEB平台的日志分析方法的流程图; 图 2是本发明实施例提供的基于 WEB平台的日志分析系统的组成结构 示意图。 具体实施方式 1 is a flowchart of a log analysis method based on a WEB platform according to an embodiment of the present invention; FIG. 2 is a structural structure of a log analysis system based on a WEB platform according to an embodiment of the present invention; Schematic. detailed description
以下结合附图对本发明的优选实施例进行详细说明, 应当理解, 以下 所说明的优选实施例仅用于说明和解释本发明, 并不用于限定本发明。  The preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings.
图 1是本发明实施例提供的基于 WEB平台的日志分析方法的流程图, 如图 1所示, 该方法包括以下步驟:  FIG. 1 is a flowchart of a log analysis method based on a WEB platform according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps:
步驟 101 , 设备配置。  Step 101, device configuration.
设备配置由用户通过日志系统的 WEB管理平台完成。录入的设备信息 包括设备的描述信息、 采集需要用到的参数信息等, 用户可以在管理平台 上以列表的方式查看所有的设备信息。  The device configuration is completed by the user through the WEB management platform of the log system. The device information that is entered includes the description information of the device, the parameter information that needs to be collected, and so on. Users can view all device information in a list on the management platform.
设备信息具体如下述的表 1所示:  The device information is as shown in Table 1 below:
Figure imgf000006_0001
Figure imgf000006_0001
表 1  Table 1
步驟 102, 日志采集。  Step 102, log collection.
日志采集分为两种方式: 文件传输协议 ( FTP , File Transfer Protocol ) 和系统日志 (SYSLOG, System Log ), 这两种方式可以通过系统配置进行 切换。  There are two ways to collect logs: File Transfer Protocol (FTP) and System Log (SYSLOG, System Log). These two methods can be switched through system configuration.
FTP方式采集的流程为: 日志服务器通过设备 IP与安装在设备上的代 理程序即日志采集模块通讯, 通过代理程序获取设备上的日志文件列表。 然后日志服务器过滤需要采集的日志文件, 并将文件名发送给代理程序, 由代理程序调用操作系统中 FTP客户端的 put命令将日志文件主动上传至 日志服务器。 日志服务器将采集上来的日志文件按设备进行分文件夹保存, 一个设备生成一个文件夹。 FTP采集方式由日志服务器主动发起采集任务, 因此需要避免日志的重复采集问题。 日志服务器通过日志文件名和日志文 件最后修改时间来标识日志文件的采集状态。 完成采集后, 日志服务器将 该信息保存进入数据库, 下次采集之前通过此信息判断该日志文件是否已 经完成采集。 如果设备上该日志文件的修改时间和数据库中该日志文件的 最后修改时间一致, 则不再采集, 否则重新采集并在数据库中保存日志文 件的采集状态信息, 同时删除日志目录中此日志文件名对应的文件, 并将 新采集到的日志文件保存在日志目录下该设备对应的文件夹中。 The process of collecting the FTP mode is as follows: The log server communicates with the agent that is installed on the device, that is, the log collection module, and obtains a list of log files on the device through the agent. Then, the log server filters the log file to be collected, and sends the file name to the agent. The agent calls the put command of the FTP client in the operating system to upload the log file to the log server. The log server saves the collected log files by folder, and a device generates a folder. The FTP collection mode initiates the collection task by the log server. Therefore, you need to avoid the repeated collection of logs. The log server identifies the collection status of the log file by the log file name and the last modification time of the log file. After the collection is complete, the log server saves the information into the database. This information is used to determine whether the log file has been collected before the next acquisition. If the modification time of the log file on the device is the same as the last modification time of the log file in the database, the configuration is not collected. Otherwise, the collection status information of the log file is saved and saved in the database. The log file name in the log directory is deleted. Corresponding files, and save the newly collected log files in the corresponding folder of the device in the log directory.
SYSLOG 方式由设备主动上报日志内容。 日志服务器运行后, 自动打 开 SYSLOG服务,各设备通过 SYSLOG客户端主动向日志服务器上传日志。 SYSLOG采集的保存方式与 FTP—样, 但由于各设备只上传具体的日志内 容, 文件名由日志服务器来生成, 因此不存在日志重复问题。  In the SYSLOG mode, the device actively reports the log content. After the log server is running, the SYSLOG service is automatically opened. Each device actively uploads logs to the log server through the SYSLOG client. The SYSLOG collection is saved in the same way as FTP. However, since each device only uploads specific log contents, the file name is generated by the log server. Therefore, there is no log duplication.
步驟 103 , 日志分析。  Step 103, log analysis.
日志分析有两个工作: 一是将具体的日志内容进行索引, 以方便对日 志内容进行快速搜索 , 二是将日志内容按照一定的分类标准进行分类信息 统计, 如日志级别, 日志时间等分类标准。  There are two tasks in log analysis: one is to index the specific log content to facilitate quick search of the log content, and the other is to classify the log content according to certain classification criteria, such as log level, log time and other classification criteria. .
日志索引和搜索基于开源的 Lucene搜索工具库进行开发,采用 Lucene 内置的标准分析器对日志内容进行分析、 索引和搜索。  Log indexing and searching is based on the open source Lucene search tool library, which uses Lucene's built-in standard parser to analyze, index, and search log content.
曰志索引共包含 5个分析域, 具体如下述的表 2所示:  The Zhizhi Index contains a total of five analysis domains, as shown in Table 2 below:
名称 类型 描述  Name Type Description
文件名 保存 日志文件的名称  File name save the name of the log file
时间 保存 具体日志的打印时间 级别 保存 日志级别 Time to save the print time of the specific log Level save log level
错误码 保存 日志的错误码, 可以自定义 曰志内容 分析、 保存 日志内容, 需要分析保存, 可以根据 日志中的关键字进行搜索  Error code Save the error code of the log, you can customize the content of the log analysis, save the log content, need to analyze and save, you can search according to the keywords in the log
表 2  Table 2
日志按照一定的分类进行信息统计后, 统计信息会保存进入数据库。 用户从日志系统的 WEB管理平台可以看到统计信息的图标等信息,如柱状 图和饼状图等。  After the logs are categorized according to certain classifications, the statistics are saved into the database. From the WEB management platform of the log system, users can see information such as icons of statistical information, such as histograms and pie charts.
步驟 104, 日志搜索。  Step 104, log search.
用户通过日志系统的 WEB 管理平台可以按照各种条件对日志进行搜 索。 搜索条件以表单的方式在页面上展示, 用户根据具体的情况选择不同 的条件组合进行搜索。 日志服务器根据用户输入的检索条件从索引数据中 进行检索。 日志搜索结果以列表的方式在页面上展现给用户。 由于日志量 非常大, 所以展示所有数据在大部分情况下没有意义, 因此日志系统按照 时间的倒序分页展示, 且最大不超过整数(INT )类型的最大值。 用户可以 选择的搜索条件如下述的表 3所示:  The user can search the logs according to various conditions through the log management system of the WEB management platform. The search conditions are displayed on the page in the form of a form, and the user selects different combinations of conditions to search according to the specific situation. The log server retrieves from the index data based on the retrieval conditions entered by the user. The log search results are presented to the user on the page in a list. Since the amount of logs is very large, showing all the data is meaningless in most cases, so the log system is paged in reverse order of time and does not exceed the maximum value of the integer (INT) type. The search criteria that the user can select are as shown in Table 3 below:
名称 描述  Name Description
日志文件 搜索需要在哪些日志文件中进行  Log file search in which log files need to be performed
开始时间 在开始时间之后打印的日志中进行搜索 结束时间 在结束时间之前打印的日志中进行搜索 错误码 根据日志的具体错误码进行搜索  Start time Search in the log printed after the start time End time Search in the log printed before the end time Error code Search according to the specific error code of the log
日志级别 根据日志的具体级别进行搜索  Log level Search based on the specific level of the log
关键字 在日志内容中搜索与关键字匹配的内容, 关键字 会被分析器分析并按照前匹配加 80%相似度模糊 匹配两种方式进行搜索 表 3 The keyword searches the log content for content that matches the keyword. The keyword is analyzed by the analyzer and searched according to the pre-match plus 80% similarity fuzzy matching. table 3
用户通过点击搜索列表中的具体的日志条目可以浏览该条日志的上下 文信息, 浏览行数可以通过系统进行配置。 点击的日志条目会在日志上下 文中高亮展示。  The user can browse the context information of the log by clicking the specific log entry in the search list. The number of browsing rows can be configured through the system. The clicked log entry will be highlighted in the log context.
步驟 105 , 日志备份。  Step 105, log backup.
系统采用定时任务, 按照配置的备份周期进行备份。 备份按照设备进 行分类, 压缩方式为 zip。 备份后用户可以通过日志系统的 WEB管理平台 浏览所有的备份文件, 并可以对备份的日志文件进行下载、 删除、 浏览基 本信息等操作。  The system uses scheduled tasks to back up according to the configured backup cycle. Backups are classified by device, and the compression method is zip. After the backup, the user can browse all the backup files through the WEB management platform of the log system, and can download, delete, and browse the basic information of the backup log files.
图 2是本发明实施例提供的基于 WEB平台的日志分析系统的结构示意 图, 如图 2所示, 该系统包括日志采集模块 1、 日志分析模块 2、 日志搜索 模块 3、 日志备份下载模块 4、 存储模块 5、 设备管理模块 6、 系统配置模 块 7、 用户管理模块 8、 Web管理平台 9、 接口模块 10、 设备 11、 日志服务 器 12。 其中, 日志采集模块 1用于采集各设备的日志; 日志分析模块 1用 于分析采集到的日志; 日志搜索模块 3 用于根据检索条件搜索日志; 日志 备份下载模块 4用于下载日志并备份; 存储模块 5用于存储系统配置信息、 曰志采集信息和日志; 设备管理模块 6用于配置并管理设备信息; 系统配 置模块 7用于配置系统信息; 用户管理模块 8用于管理使用该日志系统的 用户; WEB管理平台 9用于用户操作该日志系统; 接口模块 10用于日志 服务器 12和设备 11上的日志采集模块 1进行通讯;设备 11用于产生日志, 设备 11可以是多个; 日志服务器 12用于存放日志和运行各种软件程序。  2 is a schematic structural diagram of a log analysis system based on a WEB platform according to an embodiment of the present invention. As shown in FIG. 2, the system includes a log collection module 1, a log analysis module 2, a log search module 3, and a log backup download module. The storage module 5, the device management module 6, the system configuration module 7, the user management module 8, the web management platform 9, the interface module 10, the device 11, and the log server 12. The log collection module 1 is configured to collect logs of each device; the log analysis module 1 is configured to analyze the collected logs; the log search module 3 is configured to search logs according to the retrieval conditions; and the log backup download module 4 is configured to download logs and back up; The storage module 5 is configured to store system configuration information, the collection information and the log; the device management module 6 is configured to configure and manage device information; the system configuration module 7 is configured to configure system information; and the user management module 8 is configured to manage the use of the log system. The WEB management platform 9 is used for the user to operate the log system; the interface module 10 is used for the log server 12 to communicate with the log collection module 1 on the device 11; the device 11 is used to generate logs, and the device 11 can be multiple; Server 12 is used to store logs and run various software programs.
系统工作时, 首先部署 WEB应用。 本系统基于 TOMCAT应用服务器 部署 WEB应用。 日志分析模块 2、 日志搜索模块 3、 日志备份下载模块 4、 存储模块 5、 设备管理模块 6、 系统配置模块 7、 用户管理模块 8、 Web管 理平台 9、接口模块 10存放并运行在日志服务器 12上。 日志采集模块 1存 放并运行在设备 11上, 设备 11可以为多台。 When the system works, first deploy the WEB application. This system deploys WEB applications based on TOMCAT application server. The log analysis module 2, the log search module 3, the log backup download module 4, the storage module 5, the device management module 6, the system configuration module 7, the user management module 8, the web management platform 9, and the interface module 10 are stored and run on the log server 12. on. Log collection module 1 It is put on and operated on the device 11, and the device 11 can be multiple.
用户通过系统配置模块 7进行系统配置。 系统基于 TOMCAT应用服务 器部署 WEB应用。 用户登录 WEB管理平台 9并进入系统配置页面之后, 通过系统配置模块 7对系统进行配置, 比如设置日志的保存目录、 日志系 统采集的时间间隔、 日志的采集方式等。 用户也可以采用系统默认的配置 方式。  The user configures the system through the system configuration module 7. The system deploys a WEB application based on the TOMCAT application server. After logging in to the WEB management platform 9 and entering the system configuration page, the system configuration module 7 configures the system, such as setting the log storage directory, the log system collection interval, and the log collection mode. Users can also use the system default configuration.
用户通过设备管理模块 6完成设备信息录入。用户登录 WEB管理平台 9, 并进入设备管理页面, 录入设备信息并保存。 具体的设备信息包括设备 名称、 IP地址、 用户名、 操作系统、 日志目录。 其中, 设备名称用来标示 需要进行日志统一管理的设备的名称。 IP地址是设备 11在网络中的 IP地 址。 日志服务器 12采集设备 11上的日志时, 需要知道设备 11 的具体 IP 地址从而进行连接。 用户名是登录设备操作系统的用户名。 操作系统是设 备 11的操作系统类型, 比如是 Windows系统或者是 Linux系统等。 日志目 录是需要采集的日志在设备 11上的保存目录, 该目录可以为多个。 用户配 置完设备信息后,还可以在 WEB管理平台 9上以列表的方式查看所有的设 备信息。  The user completes device information entry through the device management module 6. The user logs in to the WEB management platform 9, and enters the device management page, enters the device information and saves it. The specific device information includes device name, IP address, user name, operating system, and log directory. The device name is used to indicate the name of the device that needs to be managed uniformly. The IP address is the IP address of the device 11 in the network. When the log server 12 collects the logs on the device 11, it needs to know the specific IP address of the device 11 to connect. The username is the username of the login device operating system. The operating system is the operating system type of the device 11, such as a Windows system or a Linux system. The log directory is a directory in which the logs to be collected are stored on the device 11, and the directory can be multiple. After the user has configured the device information, all the device information can be viewed in a list on the WEB management platform 9.
用户通过日志采集模块 1周期性的定时采集设备上的日志。  The user collects logs on the device periodically through the log collection module.
日志采集分为两种方式: FTP和 SYSLOG, 这两种方式可以通过系统 配置进行切换。  There are two ways to collect logs: FTP and SYSLOG. These two methods can be switched through system configuration.
FTP方式采集的流程为: 接口模块 10根据系统的定时器周期性地通过 设备 IP与安装在设备 11上的日志采集模块 2即代理程序通讯,通过代理程 序获取设备 11上的日志文件列表。 然后接口模块 10过滤需要采集的日志 文件, 并将文件名发送给设备 11的代理程序, 由代理程序调用操作系统命 令通过 FTP的 PUT方式将日志文件主动上传至日志服务器 12。 接口模块 10将采集上来的日志文件在系统设置的日志保存目录中按设备进行分文件 夹保存, 一个设备生成一个文件夹。 FTP采集方式由日志服务器 12主动发 起采集任务, 因此需要避免日志的重复采集问题。 接口模块 10通过日志文 件名和日志文件最后修改时间来标识日志文件的采集状态。 完成采集后, 将该信息保存进入数据库。 下次采集之前, 通过此信息判断该日志文件是 否已经完成采集。 如果设备 11上的日志文件的修改时间和数据库中的日志 文件的最后修改时间一致, 则不再采集, 否则重新采集并在数据库中保存 日志文件的采集状态信息, 同时删除日志保存目录中此日志文件名对应的 文件, 并将新采集到的日志文件保存在日志保存目录中与设备相对应的文 件夹。 The process of collecting the FTP mode is as follows: The interface module 10 periodically communicates with the log collection module 2, which is installed on the device 11, by the device IP, and obtains a log file list on the device 11 through the agent. The interface module 10 then filters the log file to be collected, and sends the file name to the agent of the device 11, and the agent invokes the operating system command to actively upload the log file to the log server 12 through the PUT mode of the FTP. The interface module 10 divides the collected log files into files in the log storage directory set by the system. The folder is saved, and a device generates a folder. The FTP collection mode is initiated by the log server 12, so it is necessary to avoid repeated collection of logs. The interface module 10 identifies the collection state of the log file by the log file name and the last modification time of the log file. After the acquisition is complete, save the information into the database. Before this next acquisition, use this information to determine whether the log file has been collected. If the modification time of the log file on the device 11 is the same as the last modification time of the log file in the database, the configuration is not collected. Otherwise, the collection status information of the log file is saved and saved in the database. The file corresponding to the file name, and save the newly collected log file in the folder corresponding to the device in the log save directory.
SYSLOG 方式采集的流程为: 日志系统运行后, 如果系统配置模块 7 设置的采集方式是 SYSLOG方式, 则日志服务器 12 自动打开 SYSLOG服 务, 设备 11通过 SYSLOG客户端主动向日志服务器 12上传日志, 接口模 块 10将日志保存在日志保存目录下的设备对应的文件夹中。 SYSLOG采集 的保存方式与 FTP—样, 由于设备只上传具体的日志内容, 文件名由日志 服务器 12来生成并保存在数据库中, 因此不存在日志重复采集问题。  The process of the SYSLOG mode is as follows: After the log system is running, if the collection mode set by the system configuration module 7 is SYSLOG mode, the log server 12 automatically opens the SYSLOG service, and the device 11 actively uploads logs to the log server 12 through the SYSLOG client. 10 Save the log in the folder corresponding to the device in the log save directory. The SYSLOG collection is saved in the same way as FTP. Since the device only uploads specific log content, the file name is generated by the log server 12 and stored in the database. Therefore, there is no problem of repeated log collection.
用户通过日志分析模块 2周期性地分析日志。 日志分析模块 2读取日 志采集模块 2采集上来的日志内容, 针对固定格式的日志内容进行统计归 类并进行索引以提供快速搜索使用。 以上的工作由系统定时器定时按一定 周期执行。  The user periodically analyzes the log through the log analysis module 2. The log analysis module 2 reads the log content collected by the log collection module 2, performs statistical classification and indexing on the log content of the fixed format to provide a quick search. The above work is performed by the system timer at a certain period.
日志分析模块 1主要完成两个工作: 一是将具体的日志内容进行索引, 以方便对日志内容进行快速搜索, 二是将日志内容按照一定的分类标准进 行分类信息统计。  The log analysis module 1 mainly performs two tasks: one is to index the specific log content to facilitate quick search of the log content, and the other is to classify the log content according to certain classification criteria.
日志索引基于开源的 Lucene搜索工具库进行开发,采用 Lucene内置的 标准分析器对日志内容进行分析、 索引。 日志索引共包含五个分析域, 分 别为文件名、 时间、 级别、 错误码和日志内容。 其中, 前四个分析域的类 型都是 "保存", 日志内容分析域的类型是 "分析、 保存"。 Lucene搜索工 具库根据分析域及分析域的类型生成日志索引。 The log index is developed based on the open source Lucene search tool library, and the log content is analyzed and indexed using Lucene's built-in standard analyzer. The log index contains a total of five analysis domains, namely file name, time, level, error code, and log content. Where the classes of the first four analysis domains Types are all "save", and the type of log content analysis field is "Analysis, Save". The Lucene search tool library generates a log index based on the type of analysis domain and analysis domain.
日志分类统计是按照一定的分类对日志数据进行信息统计。 比如按照 日志级别或日志时间等分类标准, 对日志数据进行信息统计, 得到的日志 分类统计信息保存进入数据库。  Log classification statistics are information statistics of log data according to a certain classification. For example, according to the classification criteria such as the log level or the log time, the log data is statistically collected, and the obtained log classification statistical information is saved into the database.
日志分析模块 2每执行一个周期的日志索引、 日志分类统计之后, 用 户就可以通过 WEB的管理平台 9进行日志的分析统计报表查看。用户进入 WEB管理平台 9的分析统计页面, 输入分析统计条件, WEB管理平台 9 调用日志分析模块 2, 日志分析模块 2从存储模块 5中读取之前保存的分类 统计信息或者索引信息, 并以数据的形式或者图表的形式显示出来, 比如 柱状图或饼状图等。  After the log analysis module 2 performs the log index and log classification statistics for one cycle, the user can view the statistical analysis report of the log through the WEB management platform 9. The user enters the analysis statistics page of the WEB management platform 9 and inputs the analysis and statistics conditions. The WEB management platform 9 calls the log analysis module 2, and the log analysis module 2 reads the previously saved classification statistical information or index information from the storage module 5, and uses the data. The form is displayed in the form of a chart, such as a histogram or a pie chart.
用户通过日志搜索模块 3 根据搜索条件搜索日志。 用户就可以通过 WEB的管理平台 9按照各种搜索条件进行日志的快速搜索。 搜索条件以表 单的方式在页面上展示, 用户根据具体的情况选择不同的条件组合进行搜 索。 日志搜索模块 3根据用户输入的搜索条件从索引数据中检索到符合搜 索条件的日志。 日志搜索结果以列表的方式在页面上展现给用户。 由于日 志量非常大, 所以展示所有数据在大部分情况下没有意义, 因此日志搜索 模块 3按照时间的倒序分页展示, 且最大不超过 INT类型的最大值。 用户 通过点击搜索列表中的具体的日志条目可以浏览该条日志的上下文信息, 浏览行数可以通过系统配置模块进行配置。 点击的日志条目会在日志上下 文中高亮展示。  The user searches the log through the log search module 3 based on the search criteria. The user can perform a quick search of the log according to various search conditions through the WEB management platform 9. The search conditions are displayed on the page in the form of a form, and the user selects different combinations of conditions to search according to the specific situation. The log search module 3 retrieves a log matching the search condition from the index data based on the search condition input by the user. The log search results are presented to the user on the page in a list. Since the volume of the log is very large, displaying all the data is meaningless in most cases, so the log search module 3 displays the pages in reverse order of time, and the maximum does not exceed the maximum value of the INT type. The user can browse the context information of the log by clicking the specific log entry in the search list. The number of browsing rows can be configured through the system configuration module. The clicked log entry will be highlighted in the log context.
用户可以选择的搜索条件如下表所示: 日志文件、 开始时间、 结束时 间、 错误码、 日志级别、 关键字。 其中, 日志文件表示需要在哪些日志文 件中进行搜索; 开始时间是在开始时间之后打印的日志中进行搜索; 结束 时间是在结束时间之前打印的日志中进行搜索; 错误码是根据日志的具体 错误码进行搜索; 日志级别是根据日志的具体级别进行搜索; 关键字是在 日志内容中搜索与关键字匹配的内容, 关键字会被分析器分析并按照前匹 配加 80%相似度模糊匹配两种方式进行搜索。 The search criteria that the user can select are shown in the following table: log file, start time, end time, error code, log level, keyword. The log file indicates which log files need to be searched; the start time is searched in the log printed after the start time; the end time is searched in the log printed before the end time; the error code is based on the log specific The error code is searched; the log level is searched according to the specific level of the log; the keyword searches for the content matching the keyword in the log content, and the keyword is analyzed by the analyzer and fuzzy matching is matched according to the previous match plus 80% similarity Ways to search.
用户还可以通过日志搜索模块 3 查看错误日志快速解决方案。 用户登 录 WEB管理平台 9的搜索页面, 输入搜索条件并提交之后, 搜索的日志如 果是错误日志, 还可以点击查看错误日志快速解决方案, 对网络内的设备 11进行监控和故障的快速定位排除。  Users can also view the error log quick solution through log search module 3. The user logs in to the search page of the WEB management platform 9 and enters the search criteria and submits the search log. If the search log is an error log, you can also click to view the error log quick solution to monitor and troubleshoot the device 11 in the network.
用户通过日志备份下载模块 4备份并管理备份文件。 日志备份下载模 块 4根据配置的备份周期定时对日志保存目录下的日志文件按照设备进行 分类压缩备份, 压缩方式为 zip。 备份后, 用户可以通过 WEB管理平台 9 浏览所有的备份文件, 并可以对备份的日志文件进行下载、 删除、 浏览基 本信息等操作。  The user downloads the module through the log backup 4 to back up and manage the backup file. The log backup download module 4 sorts and compresses the log files in the log save directory according to the configured backup cycle. The compression mode is zip. After the backup, the user can browse all the backup files through the WEB management platform 9, and can download, delete, and browse the basic information of the backup log files.
综上所述, 本发明通过提供一个完整的日志采集、 搜索、 浏览、 分析、 备份、 下载的日志集中处理平台, 解决了以下问题: 维护日志的人员工作 效率不高、 故障 [艮难快速定位和排除; 对大量的日志信息进行统计和审计 比较困难; 仅是对各台设备的日志进行简单地采集, 没有针对日志的采集、 搜索、 浏览、 分析、 备份、 下载的整套解决方案。  In summary, the present invention solves the following problems by providing a complete log centralized processing platform for log collection, search, browsing, analysis, backup, and download: The maintenance log personnel are not efficient, and faults are difficult to locate quickly. And troubleshooting; it is difficult to collect and audit a large amount of log information; it is simply collecting the logs of each device, and there is no complete solution for collecting, searching, browsing, analyzing, backing up, and downloading logs.
尽管上文对本发明进行了详细说明, 但是本发明不限于此, 本技术领 域技术人员可以根据本发明的原理进行各种修改。 因此, 凡按照本发明原 理所作的修改, 都应当理解为落入本发明的保护范围。  Although the invention has been described in detail above, the invention is not limited thereto, and various modifications may be made by those skilled in the art in accordance with the principles of the invention. Therefore, modifications made in accordance with the principles of the present invention should be construed as falling within the scope of the present invention.

Claims

权利要求书 Claim
1、 一种基于 WEB平台的日志分析方法, 其中, 所述方法包括以下步 驟:  A log analysis method based on a WEB platform, wherein the method comprises the following steps:
日志采集模块定时采集网络上各台设备产生的日志, 并将所述采集的 日志上传到日志服务器;  The log collection module periodically collects logs generated by each device on the network, and uploads the collected logs to the log server.
所述日志服务器对所述日志进行索引和统计归类, 得到索引数据和统 计归类数据。  The log server indexes and statistically classifies the logs to obtain index data and statistical classification data.
2、 根据权利要求 1所述的方法, 其中, 所述日志服务器在得到索引数 据和统计归类数据之后, 所述方法还包括:  2. The method according to claim 1, wherein, after the log server obtains the index data and the statistical classification data, the method further includes:
所述日志服务器根据用户输入的搜索条件从所述索引数据中搜索符合 所述搜索条件的日志。  The log server searches for the log that matches the search condition from the index data according to a search condition input by the user.
3、 根据权利要求 1所述的方法, 其中, 所述日志服务器对所述日志进 行索引和统计归类, 得到索引数据和统计归类数据的过程, 还包括:  3. The method according to claim 1, wherein the log server indexes and statistically classifies the log, and obtains index data and statistical classification data, and further includes:
所述日志服务器将所述日志进行压缩备份。  The log server performs a compressed backup of the log.
4、 根据权利要求 1所述的方法, 其中, 所述日志采集模块定时采集网 络上各台设备产生的日志, 包括:  4. The method according to claim 1, wherein the log collection module periodically collects logs generated by each device on the network, including:
所述日志服务器通过网络与网络上各台设备建立连接;  The log server establishes a connection with each device on the network through the network;
安装在所述设备上的日志采集模块定时将所述设备产生的日志文件列 表发送给所述日志服务器;  The log collection module installed on the device periodically sends a log file list generated by the device to the log server.
所述日志服务器从所述日志文件列表中选择需要采集的日志名称并发 送给所述设备;  The log server selects a log name to be collected from the log file list and sends the log name to the device;
所述日志采集模块根据所选日志名称采集日志。  The log collection module collects logs according to the selected log name.
5、 根据权利要求 1所述的方法, 其中, 所述将所述采集的日志上传到 日志服务器, 包括: 所述日志采集模块通过文件传输协议 FTP或者系统日 志 SYSLOG的方式将所述采集的日志上传给所述日志服务器; 所述日志服 务器保存所述采集的日志。 The method of claim 1, wherein the uploading the collected log to the log server comprises: the log collecting module collecting the collected log by using a file transfer protocol FTP or a system log SYSLOG Uploaded to the log server; the log service The server saves the collected logs.
6、 根据权利要求 1所述的方法, 其中, 所述日志服务器对所述日志进 行索引和统计归类, 得到索引数据和统计归类数据, 包括:  The method according to claim 1, wherein the log server indexes and statistically classifies the log, and obtains index data and statistical classification data, including:
所述日志服务器按照文件名、 时间、 级别、 错误码、 日志内容五个分 析域分别对所述采集的日志进行索引 , 得到索引数据;  The log server indexes the collected logs according to the file name, time, level, error code, and log content, and obtains index data.
所述日志服务器按照文件名、 时间、 级别、 错误码四个分类标准分别 对所述采集的日志进行分类统计, 得到分类统计数据。  The log server separately classifies and collects the collected logs according to four classification criteria: file name, time, level, and error code, and obtains classified statistical data.
7、 一种基于 WEB平台的日志分析系统, 其中, 所述系统包括: 日志采集模块, 设置为定时采集网络上各台设备产生的日志, 并将所 述采集的日志上传到日志服务器;  A log analysis system based on the WEB platform, wherein the system includes: a log collection module, configured to periodically collect logs generated by each device on the network, and upload the collected logs to a log server;
日志分析模块, 设置为对所述上传到日志服务器的日志进行索引和统 计归类, 得到索引数据和统计归类数据。  The log analysis module is configured to index and statistically classify the logs uploaded to the log server, and obtain index data and statistical classification data.
8、 根据权利要求 7所述的系统, 其中, 所述系统还包括:  8. The system according to claim 7, wherein the system further comprises:
曰志搜索模块, 设置为从所述日志分析模块得到的索引数据中搜索 符合搜索条件的日志;  The search module is configured to search for a log matching the search condition from the index data obtained by the log analysis module;
日志备份下载模块, 设置为对所述上传到日志服务器的日志进行压 缩备份。  The log backup download module is configured to perform a compressed backup on the log uploaded to the log server.
9、 根据权利要求 7所述的系统, 其中, 所述日志采集模块通过 FTP或 者 SYSLOG的方式定时将所述采集的日志上传给所述日志服务器。  9. The system according to claim 7, wherein the log collection module periodically uploads the collected log to the log server by means of FTP or SYSLOG.
10、 根据权利要求 7所述的系统, 其中, 所述日志分析模块设置为按 照文件名、 时间、 级别、 错误码、 日志内容五个分析域分别对所述上传到 日志服务器采集的日志进行索引 , 得到索引数据;  10. The system according to claim 7, wherein the log analysis module is configured to index the logs collected by the upload to the log server according to five analysis domains: file name, time, level, error code, and log content. , get index data;
所述日志分析模块设置为按照文件名、 时间、 级别、 错误码四个分类 标准分别对所述上传到日志服务器采集的日志进行分类统计, 得到分类统 计数据。  The log analysis module is configured to perform classification and statistics on the logs collected by the uploading to the log server according to four classification criteria: file name, time, level, and error code, to obtain classified statistical data.
PCT/CN2011/081062 2011-05-13 2011-10-20 Log analysis method and system based on web platform WO2012155455A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110123629.1A CN102780726B (en) 2011-05-13 2011-05-13 A kind of log analysis method based on WEB platform and system
CN201110123629.1 2011-05-13

Publications (1)

Publication Number Publication Date
WO2012155455A1 true WO2012155455A1 (en) 2012-11-22

Family

ID=47125479

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/081062 WO2012155455A1 (en) 2011-05-13 2011-10-20 Log analysis method and system based on web platform

Country Status (2)

Country Link
CN (1) CN102780726B (en)
WO (1) WO2012155455A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101428740B1 (en) * 2012-12-27 2014-08-08 부산대학교 산학협력단 System and Method for Automatic generating of behavioral model using web server log
CN104579771A (en) * 2014-12-31 2015-04-29 上海格尔软件股份有限公司 Method for analyzing behavior track of user logging in to and out of application system
CN105119762A (en) * 2015-09-23 2015-12-02 普元信息技术股份有限公司 System and method of cloud platform for realizing transaction playback and transaction reworking based on logs
CN106339303A (en) * 2016-08-23 2017-01-18 浪潮电子信息产业股份有限公司 Running log abnormity analysis method
CN107818150A (en) * 2017-10-23 2018-03-20 中国移动通信集团广东有限公司 A kind of log audit method and device
CN107870842A (en) * 2016-09-28 2018-04-03 平安科技(深圳)有限公司 A kind of blog management method and system
CN108509326A (en) * 2018-04-09 2018-09-07 四川长虹电器股份有限公司 A kind of service state statistical method and system based on nginx daily records

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970363A (en) * 2012-11-21 2013-03-13 用友软件股份有限公司 Long-distance journal downloading system and long-distance journal downloading method
CN103914485B (en) * 2013-01-07 2017-05-03 上海宝信软件股份有限公司 System and method for remotely collecting, retrieving and displaying application system logs
CN103152391B (en) * 2013-01-31 2016-08-10 杭州华三通信技术有限公司 A kind of log-output method and device
CN103259677B (en) * 2013-04-22 2016-07-06 杭州全维通信服务有限公司 A kind of method that the AC of realization device log is effectively applied
CN103744890B (en) * 2013-12-23 2017-02-01 清华大学 Log separation method and device
CN103856354A (en) * 2014-03-07 2014-06-11 浪潮电子信息产业股份有限公司 Method for achieving unified management of logs of cluster storage system
CN105335277A (en) * 2014-06-27 2016-02-17 可牛网络技术(北京)有限公司 Fault information processing method and device as well as terminal
CN104065521B (en) * 2014-07-18 2017-09-29 国家电网公司 A kind of collection, analysis and the delivery system and its method of electric power networks device log and configuration file
CN104104734A (en) * 2014-08-04 2014-10-15 浪潮(北京)电子信息产业有限公司 Log analysis method and device
CN106033458A (en) * 2015-03-18 2016-10-19 中兴通讯股份有限公司 Method, device and system for processing big data
CN106162675A (en) * 2015-03-25 2016-11-23 中兴通讯股份有限公司 A kind of data processing method based on call reminding, Apparatus and system
CN104750811A (en) * 2015-03-30 2015-07-01 浪潮通信信息系统有限公司 Mobile communication data file multithread real-time collection method
CN104951529B (en) * 2015-06-16 2016-08-17 焦点科技股份有限公司 A kind of interactive analysis method for web log file
CN105045905B (en) * 2015-08-07 2018-11-30 北京思特奇信息技术股份有限公司 A kind of log maintenance method and system based on full-text search
CN105224440A (en) * 2015-09-02 2016-01-06 上海斐讯数据通信技术有限公司 A kind of log collection management method and system
CN105243147A (en) * 2015-10-22 2016-01-13 浪潮(北京)电子信息产业有限公司 Slow query log management method and system of MySQL database
CN105242969A (en) * 2015-11-11 2016-01-13 浪潮(北京)电子信息产业有限公司 Method for executing commands through multiple servers based on SSHxcute class library
CN106815123B (en) * 2015-12-01 2020-11-20 北京神州泰岳软件股份有限公司 Log data graph showing method and log data graph showing device
CN105550265A (en) * 2015-12-09 2016-05-04 苏州天平先进数字科技有限公司 Quasi-real-time user log collecting and processing method
CN105550264A (en) * 2015-12-09 2016-05-04 苏州天平先进数字科技有限公司 User journal collecting and processing system and method
CN105574096A (en) * 2015-12-10 2016-05-11 惠州Tcl移动通信有限公司 Method and system for obtaining, uploading and analyzing log information
CN105589786A (en) * 2015-12-10 2016-05-18 浪潮(北京)电子信息产业有限公司 Management method and apparatus for Windows log
CN105787135A (en) * 2016-04-11 2016-07-20 久盈世纪(北京)科技有限公司 Method and device for backing up database logs
CN106209455A (en) * 2016-07-11 2016-12-07 税友软件集团股份有限公司 The associated services Fault Locating Method of a kind of cross-system weak coupling and system
CN106294132B (en) * 2016-07-29 2019-02-01 深圳创维-Rgb电子有限公司 A kind of method and device managing log
CN106294672A (en) * 2016-08-08 2017-01-04 杭州玳数科技有限公司 The method and system that a kind of daily record represents in real time and inquires about
CN108062323B (en) * 2016-11-08 2021-10-15 北京国双科技有限公司 Log reading method and device
CN107784050A (en) * 2016-12-14 2018-03-09 平安科技(深圳)有限公司 Log information lookup method and device
CN108268353A (en) * 2016-12-30 2018-07-10 北京国双科技有限公司 The method and apparatus for checking error log
CN106850295A (en) * 2017-02-04 2017-06-13 郑州云海信息技术有限公司 A kind of log collection monitoring method of privatization cloud platform
CN107197040A (en) * 2017-07-03 2017-09-22 北京大生在线科技有限公司 Online remote journal processing method and system for Distance Courseware system
CN107451034A (en) * 2017-08-17 2017-12-08 浪潮软件股份有限公司 A kind of big data cluster log management apparatus, method and system
CN107783880A (en) * 2017-09-01 2018-03-09 郑州云海信息技术有限公司 A kind of log analysis method of server system, device and server system
CN109522177A (en) * 2017-09-20 2019-03-26 阿里巴巴集团控股有限公司 A kind of task daily record processing system, method and device
CN108829537A (en) * 2018-04-06 2018-11-16 长沙开雅电子科技有限公司 A kind of standby system log reporting management method
CN109218401B (en) * 2018-08-08 2021-08-31 平安科技(深圳)有限公司 Log collection method, system, computer device and storage medium
CN110968561B (en) * 2018-09-30 2024-02-13 北京国双科技有限公司 Log storage method and distributed system
CN109684291B (en) * 2018-12-21 2021-05-14 奇安信科技集团股份有限公司 File data acquisition method, system, electronic equipment and medium
CN109947707A (en) * 2019-02-28 2019-06-28 上海浪潮云计算服务有限公司 A kind of log collection analysis system and method for Insight HD platform based on Solr
CN110597687B (en) * 2019-08-27 2022-07-22 厦门亿联网络技术股份有限公司 Log processing method and device
US11853450B2 (en) 2019-11-05 2023-12-26 Saudi Arabian Oil Company Detection of web application anomalies using machine learning
CN112035331B (en) * 2020-11-04 2021-02-19 北京爱奇艺智能科技有限公司 Log collection method for virtual reality equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1394034A (en) * 2001-06-21 2003-01-29 华为技术有限公司 Journal management system of integrated network manager
CN101043375A (en) * 2007-03-15 2007-09-26 华为技术有限公司 Distributed system journal collecting method and system
CN101163046A (en) * 2007-11-22 2008-04-16 北京金山软件有限公司 Distributed website log data acquisition method and distributed website system
CN101197694A (en) * 2006-12-04 2008-06-11 中兴通讯股份有限公司 Central statistics and processing system and method for communication system log

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2327211A1 (en) * 2000-12-01 2002-06-01 Nortel Networks Limited Management of log archival and reporting for data network security systems
CN101969386A (en) * 2010-11-09 2011-02-09 道有道(北京)科技有限公司 Log acquisition device and log acquisition method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1394034A (en) * 2001-06-21 2003-01-29 华为技术有限公司 Journal management system of integrated network manager
CN101197694A (en) * 2006-12-04 2008-06-11 中兴通讯股份有限公司 Central statistics and processing system and method for communication system log
CN101043375A (en) * 2007-03-15 2007-09-26 华为技术有限公司 Distributed system journal collecting method and system
CN101163046A (en) * 2007-11-22 2008-04-16 北京金山软件有限公司 Distributed website log data acquisition method and distributed website system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101428740B1 (en) * 2012-12-27 2014-08-08 부산대학교 산학협력단 System and Method for Automatic generating of behavioral model using web server log
CN104579771A (en) * 2014-12-31 2015-04-29 上海格尔软件股份有限公司 Method for analyzing behavior track of user logging in to and out of application system
CN104579771B (en) * 2014-12-31 2018-04-27 上海格尔软件股份有限公司 A kind of analysis method for the action trail that application system is published to user
CN105119762A (en) * 2015-09-23 2015-12-02 普元信息技术股份有限公司 System and method of cloud platform for realizing transaction playback and transaction reworking based on logs
CN106339303A (en) * 2016-08-23 2017-01-18 浪潮电子信息产业股份有限公司 Running log abnormity analysis method
CN107870842A (en) * 2016-09-28 2018-04-03 平安科技(深圳)有限公司 A kind of blog management method and system
CN107818150A (en) * 2017-10-23 2018-03-20 中国移动通信集团广东有限公司 A kind of log audit method and device
CN108509326A (en) * 2018-04-09 2018-09-07 四川长虹电器股份有限公司 A kind of service state statistical method and system based on nginx daily records
CN108509326B (en) * 2018-04-09 2021-08-27 四川长虹电器股份有限公司 Service state statistical method and system based on nginx log

Also Published As

Publication number Publication date
CN102780726B (en) 2016-12-07
CN102780726A (en) 2012-11-14

Similar Documents

Publication Publication Date Title
WO2012155455A1 (en) Log analysis method and system based on web platform
CN109582551B (en) Log data analysis method and device, computer equipment and storage medium
CN107660283B (en) Method and system for implementing a log parser in a log analysis system
JP5160556B2 (en) Log file analysis method and system based on distributed computer network
CN1278266C (en) System and method for mining work flow
CN110569214B (en) Index construction method and device for log file and electronic equipment
US20080201318A1 (en) Method and system for retrieving network documents
CN107748782A (en) Query statement processing method and processing device
US20040073533A1 (en) Internet traffic tracking and reporting system
US11604789B1 (en) Bi-directional query updates in a user interface
CN112099844A (en) Multi-kernel compatible intelligent browsing system for state network service system
CN110908957A (en) Network security log audit analysis method in power industry
JP2001060165A (en) System and method for deciding importance degree of information set and recording medium recording information set importance degree discrimination program
CN114116872A (en) Data processing method and device, electronic equipment and computer readable storage medium
CN109067619B (en) Elastic capacity scheduling method for micro-service management and processing terminal
CN106250397B (en) User behavior characteristic analysis method and device
CN111241144B (en) Data processing method and system
US7249122B1 (en) Method and system for automatic harvesting and qualification of dynamic database content
CN110175280A (en) A kind of crawler analysis platform based on government affairs big data
KR20050070955A (en) Method of scientific information analysis and media that can record computer program thereof
CN106776754A (en) Collecting method, apparatus and system
CN111104683A (en) Key information content matching and identifying method based on big data
CN111224823B (en) Method based on different network log analysis
CN113886378A (en) Big data management system
CN112685370A (en) Log collection method, device, equipment and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11865775

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11865775

Country of ref document: EP

Kind code of ref document: A1