WO2021120975A1 - Procédé et appareil de surveillance - Google Patents

Procédé et appareil de surveillance Download PDF

Info

Publication number
WO2021120975A1
WO2021120975A1 PCT/CN2020/130169 CN2020130169W WO2021120975A1 WO 2021120975 A1 WO2021120975 A1 WO 2021120975A1 CN 2020130169 W CN2020130169 W CN 2020130169W WO 2021120975 A1 WO2021120975 A1 WO 2021120975A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitoring
host
monitored
plug
historical
Prior art date
Application number
PCT/CN2020/130169
Other languages
English (en)
Chinese (zh)
Inventor
陈扬东
饶俊明
卢道和
郑晓腾
赵文相
吴传民
夏敏捷
吴立
龚治文
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2021120975A1 publication Critical patent/WO2021120975A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3089Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3051Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs

Definitions

  • the present invention relates to the technical field of financial technology (Fintech), in particular to a monitoring method and device.
  • Zabbix is a commonly used open source monitoring framework.
  • Zabbix has a fixed monitoring strategy.
  • a fixed monitoring strategy can only monitor fixed host resources, so the applicable application scenarios are relatively single and cannot adapt to the needs of different application scenarios, resulting in poor flexibility of host monitoring.
  • the embodiment of the present invention provides a monitoring method and device to solve the technical problem of poor flexibility of host monitoring caused by the use of a fixed monitoring strategy to monitor the host in the prior art.
  • a monitoring method provided by an embodiment of the present invention includes:
  • the monitoring request carries the identifier of the host to be monitored, obtain the resource configuration information of the host to be monitored according to the identifier of the host to be monitored, and determine the one that matches the resource configuration information of the host to be monitored Monitoring plug-in, using the monitoring plug-in to monitor the host to be monitored, and obtain the monitoring value of the host to be monitored at the current moment.
  • the solution can be applied to monitoring occasions with different resource configuration information, instead of being limited to fixed monitoring occasions, thereby improving the flexibility of host monitoring. ; Moreover, monitoring the host to be monitored by using a monitoring plug-in matching the resource configuration information of the host to be monitored can also make the monitoring of the host to be monitored more targeted, thereby improving the accuracy of host monitoring.
  • an embodiment of the present invention provides a monitoring device, the device including:
  • the transceiver module is configured to receive a monitoring request, and the monitoring request carries an identifier of the host to be monitored;
  • An obtaining module configured to obtain resource configuration information of the host to be monitored according to the identifier of the host to be monitored
  • the determining module is used to determine the monitoring plug-in matching the resource configuration information of the host to be monitored;
  • the monitoring module is used to monitor the host to be monitored by using the monitoring plug-in to obtain the monitoring value of the host to be monitored at the current moment.
  • a computing device provided by an embodiment of the present invention includes at least one processor and at least one memory, wherein the memory stores a computer program, and when the program is executed by the processor, the The processor executes the monitoring method described in any of the foregoing first aspect.
  • a computer-readable storage medium provided by an embodiment of the present invention stores a computer program that can be executed by a computing device.
  • the computing device executes the above-mentioned first On the one hand, any of the aforementioned monitoring methods.
  • a computer program product provided by an embodiment of the present invention includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer At this time, the computer is caused to execute the steps of any of the monitoring methods described in the first aspect.
  • FIG. 1 is a schematic diagram of an optional system architecture provided by an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart corresponding to a monitoring method provided by an embodiment of the present invention
  • FIG. 3 is a schematic diagram of the architecture of a monitoring system provided by an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a monitoring device provided by an embodiment of the present invention.
  • Fig. 5 is a schematic structural diagram of a computing device provided by an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a possible system architecture provided by an embodiment of the present invention.
  • the system architecture may include a monitoring system 110, a client 120, and at least one host, such as a host 131, a host 132, and a host 133.
  • the monitoring system 110 may be respectively connected with the client 120 and each host to be monitored, for example, it may be connected in a wired manner, or may be connected in a wireless manner, which is not specifically limited.
  • Figure 1 is only an exemplary simple description.
  • the hosts listed are only for the convenience of illustrating the solution, and do not constitute a limitation on the solution.
  • each host can also be deployed according to the deployment situation. It is divided into multiple host groups, so that the monitoring system 110 directly monitors multiple hosts in the host group to be monitored, which is not limited.
  • FIG. 2 is a schematic flowchart of a monitoring method provided by an embodiment of the present invention. The method is applicable to the monitoring system 110. As shown in FIG. 2, the method includes:
  • Step 201 Receive a monitoring request, where the monitoring request carries an identifier of the host to be monitored.
  • the monitoring request may be sent by the client 120 to the monitoring system 110.
  • the client 120 may be any terminal device with an interface display function, such as a mobile phone, a notebook computer, an Ipad, and so on.
  • a web browser is deployed on the client 120, and a World Wide Web (web) server is deployed in the monitoring system 110.
  • the monitoring system 110 can display the monitoring interface to the user through the web browser deployed on the client 120, and the client 120 may generate a monitoring request according to the user's operation on the monitoring interface, and send it to the monitoring system 110.
  • the monitoring system 110 may receive the monitoring request through the following steps:
  • Step a The client 120 sends a login interface access request to the monitoring system 110, and the login interface access request carries a uniform resource locator (URL) address of the login interface.
  • URL uniform resource locator
  • the user when the user has a monitoring requirement for the host, the user can enter a preset link on the web browser of the client 120.
  • the preset link includes the URL address of the login interface.
  • the URL address of the login interface is at least determined by the monitoring system. 110's IP address, port number, and login interface logo.
  • the client 120 monitors the user's input operation on the web browser, it can generate a login interface access request based on the entered URL address of the login interface, and send it to the monitoring system 110.
  • Step b The monitoring system 110 parses the login interface access request to obtain the identification of the login interface, and sends the login interface to the client 120 according to the identification of the login interface.
  • Step c The client 120 displays a login interface through a web browser.
  • step d the client 120 obtains the identity information entered by the user in the login interface, and generates a monitoring interface access request.
  • the monitoring interface access request carries the user's identity information.
  • Step e After the monitoring system 110 parses the monitoring interface access request to obtain the user's identity information, it authenticates the user's identity information, and determines the user's corresponding monitoring interface according to the authentication result.
  • the monitoring system 110 stores a corresponding relationship between identity information and monitoring authority, and the corresponding relationship includes each identity information registered in the monitoring system in advance and the monitoring authority corresponding to each identity information, and the monitoring authority corresponding to each identity information It can be any one or more of ordinary user rights, advanced user rights, administrator rights, and super administrator rights. Among them, different monitoring permissions can correspond to different monitoring interfaces. For example, the monitoring interface corresponding to ordinary user permissions is only used to display monitoring data, and the monitoring interface corresponding to advanced user permissions is used to display monitoring data, and it can also display the monitoring objects to which the monitoring data belongs. The monitoring interface corresponding to the administrator authority is used to display the monitoring data and the security level of the monitored object to which the monitoring data belongs. It can also support users to configure monitoring tasks, early warning rules, etc., the monitoring interface corresponding to the super administrator authority can be used It is used to manage and maintain the monitoring interface of each user.
  • the monitoring interface corresponding to ordinary user permissions is only used to display monitoring data
  • the monitoring interface corresponding to advanced user permissions
  • the monitoring system 110 parses and obtains the user’s identity information, it can first query the corresponding relationship between the identity information and the monitoring authority based on the user’s identity information. If the user’s identity information does not exist in the corresponding relationship, it means that the user is not monitoring. Is registered in the system 110, so the monitoring system 110 can send a response message that the authentication fails to the client 120; accordingly, if the user’s identity information exists in the corresponding relationship, it means that the user has been registered in the monitoring system 110, so the monitoring The system 110 may first determine the monitoring authority corresponding to the user's identity information, and then use the monitoring interface corresponding to the monitoring authority as the monitoring interface corresponding to the user.
  • step f the monitoring system 110 sends the monitoring interface corresponding to the user to the client 120.
  • step g the client 120 displays a monitoring interface corresponding to the user through a web browser.
  • Step h The client 120 obtains the configuration information input or selected by the user in the monitoring interface, and generates a monitoring request according to the configuration information.
  • the configuration information can include the identification of the host to be monitored, and can also include any one or more of the object to be monitored, the triggering condition of the monitoring task, the early warning rules, and the display configuration of the monitoring interface.
  • the object to be monitored refers to the display configuration of the monitoring interface.
  • Monitoring resources, such as memory or disk, the triggering condition of the monitoring task can be the execution time and/or execution period of the monitoring task, and the display configuration of the monitoring interface can be the type of monitoring data displayed in the monitoring interface.
  • Step 202 Obtain resource configuration information of the host to be monitored according to the identifier of the host to be monitored.
  • the monitoring system 110 may also perform configuration management database (CMDB) system in the reception monitoring service system.
  • CMDB configuration management database
  • the CMDB system stores the resource configuration information of each host in the service system to be monitored, such as each Internet Protocol (IP) address of each host, operating operating system, operating system version, open and closed port numbers, life cycle of each port number, and services provided by each open port number ,and many more.
  • IP Internet Protocol
  • the monitoring system 110 parses the monitoring request to obtain the identification of the host to be monitored, it can send a query request to the CMDB system, and carry the identification of the host to be monitored in the query request; accordingly, after the CMDB system receives the query request, The query request can be parsed to obtain the identification of the host to be monitored, and then the built-in CMDB can be queried according to the identification of the host to be monitored to obtain the resource configuration information of the host to be monitored and sent to the monitoring system 110.
  • the monitoring system 110 can also obtain and store the CMDB from the CMDB system, so that after receiving the monitoring request , Directly query the internally stored CMDB to obtain the resource configuration information of the host to be monitored, and the monitoring system 110 can also update the CMDB in real time or periodically.
  • the CMDB system may also store the host group to which each host belongs. In this way, if the monitoring request carries the identifier of the host group to be monitored, the monitoring system 110 may obtain the information from the CMDB system according to the identifier of the host group to be monitored. Obtain each host deployed in the host group to be monitored and the resource configuration information of each host without the need to carry the identification of each host to be monitored in the monitoring request, which reduces the amount of data transmission and improves the monitoring efficiency.
  • Step 203 Determine a monitoring plug-in matching the resource configuration information of the host to be monitored.
  • monitoring plug-ins corresponding to various resource configuration information are encapsulated in the monitoring system 110.
  • the monitoring system 110 may first calculate the resource configuration information of the host to be monitored and the encapsulated information. The similarity of various resource configuration information, and then select the resource configuration information with the similarity greater than the set similarity as the resource configuration information matching the resource configuration information of the host to be monitored, and determine the monitoring plug-in corresponding to the matching resource configuration information as the waiting The monitoring plug-in corresponding to the monitoring host.
  • the monitoring system 110 can randomly select a matching resource configuration information as the resource configuration information matching the resource configuration information of the host to be monitored, or select the resource configuration information with the greatest similarity as the resource configuration information.
  • the resource configuration information that matches the resource configuration information of the host to be monitored is not specifically limited.
  • the monitoring system 110 may also select the equipment that matches the monitored object and the object to be monitored from each monitoring plug-in according to the object to be monitored and the monitoring object corresponding to each monitoring plug-in. Select the monitoring plug-in, and then according to the resource configuration information corresponding to the candidate monitoring plug-in and the resource configuration information of the host to be monitored, select the resource configuration information from the candidate monitoring plug-in.
  • the similarity of the resource configuration information to the resource configuration information of the host to be monitored is greater than the setting Determine the similarity of the target monitoring plug-in, and use the target monitoring plug-in as the monitoring plug-in corresponding to the host to be monitored; alternatively, the monitoring system 110 may firstly select the resource configuration information corresponding to each monitoring plug-in and the resource configuration information of the host to be monitored from each monitoring plug-in.
  • the similarity between the resource configuration information selected in the plug-in and the resource configuration information of the host to be monitored is greater than that of the candidate monitoring plug-in whose similarity is set, and then according to the monitoring object corresponding to the object to be monitored and the candidate monitoring plug-in, select from the candidate monitoring
  • the target monitoring plugin that matches the monitoring object and the target to be monitored is selected from the plugin, and the target monitoring plugin is used as the monitoring plugin corresponding to the host to be monitored.
  • the monitoring system 110 may also support user-defined monitoring plug-ins.
  • the user can customize the monitoring plug-ins.
  • the custom monitoring plug-in can be set based on a custom script file, can also be set based on the existing monitoring plug-in in the monitoring system, or can be set based on the monitoring plug-in of a third-party device, without limitation.
  • Step 1 Receive a plug-in configuration request, where the plug-in configuration request includes resource configuration information and monitoring value output rules corresponding to the monitoring plug-in to be generated.
  • the plug-in configuration request may also include the identification of the monitoring plug-in to be generated.
  • the resource configuration information corresponding to the monitoring plug-in to be generated may be the operating system and release version applicable to the monitoring plug-in to be generated, and the output rule of the monitoring value may be the output format of the monitoring value.
  • the plug-in configuration request can be input or selected by the user on the monitoring interface.
  • the monitoring system 110 can display the identification input to the user through the client 120 Box, output rule input box, operating system selection box and release version selection box.
  • the identification input box is used for the user to input the identification of the monitoring plug-in to be generated
  • the output rule input box is used for the user to define the output format of the monitoring value
  • the operating system selection box It is used for the user to select the operating system for the monitoring plug-in to be generated
  • the release version selection box is used for the user to select the release version of the operating system for the monitoring plug-in to be generated.
  • the monitoring system 110 may generate a plug-in configuration request according to the identification and output rules input by the user, the operating system and release version selected by the user.
  • Step 2 Obtain the initial script file of the monitoring plug-in to be generated.
  • the monitoring system 110 can obtain the script file uploaded by the user on the monitoring interface through interaction with the client 120, and use it as the monitoring plug-in to be generated.
  • Initial script file if the monitoring plug-in to be generated is set based on the existing monitoring plug-ins in the monitoring system 110, the monitoring system 110 can display the identifications of all existing monitoring plug-ins in the monitoring system 110 to the user through the client, and obtain One or more script files of the existing monitoring plug-in selected by the user are used as the initial script file of the monitoring plug-in to be generated; if the monitoring plug-in to be generated is set based on the monitoring plug-in in the third-party device, the monitoring system 110 can obtain it first The identifier of the third-party monitoring plug-in entered by the user is then obtained through communication and interaction with the third-party device, and the script file of the third-party monitoring plug-in is obtained as the initial script file of the monitoring plug-in to be generated.
  • Step 3 Correct the initial script file according to the output rule of the monitoring value to obtain the script file of the monitoring plug-in to be generated; the monitoring value output by the script file of the monitoring plug-in to be generated at runtime meets the output rule of the monitoring value.
  • the monitoring system 110 may first determine the function of the "output monitoring value" type function from the initial script file, and then determine when the function is executed according to the type function.
  • the output initial monitoring value format if the initial monitoring value format is different from the set monitoring value format, the class function can be modified according to the set monitoring value format, so that the monitoring plug-in can follow the set monitoring value format when executing according to the class function Output monitoring value; accordingly, if the format of the initial monitoring value is the same as the format of the set monitoring value, the class function need not be modified.
  • the monitoring system 110 can also modify other configuration information. For example, when the monitoring plug-in to be generated is generated based on a third-party monitoring plug-in, if the identifier of the monitoring plug-in to be generated is required to be a set identifier, the monitoring system 110 The identification of the third-party monitoring plug-in can also be determined according to the identification of the initial script file, class function identification, or method identification of the monitoring plug-in to be generated. If the identification of the third-party plug-in is different from the set identification, the identification of the initial script file, The class function ID or method ID is modified to the set ID.
  • Step 4 Generate the monitoring plug-in to be generated according to the script file of the monitoring plug-in to be generated and the resource configuration information corresponding to the monitoring plug-in to be generated.
  • the monitoring plug-in to be generated can also be packaged in the monitoring system 110, so that the monitoring plug-in to be generated becomes an existing monitoring plug-in in the monitoring system 110.
  • the monitoring system 110 can directly call the monitoring plug-in, or the user can select the monitoring plug-in from the monitoring interface without recreating the monitoring plug-in, thereby reducing useless operations and improving monitoring effectiveness.
  • the monitoring system 110 may simultaneously encapsulate the monitoring plug-ins corresponding to each release version of the Linux operating system, the Windows operating system, the Mac OS X operating system, and the Berkeley Software Distribution (BSD) operating system, such as centos6
  • BSD Berkeley Software Distribution
  • Step 204 Use the monitoring plug-in to monitor the host to be monitored, and obtain the monitoring value of the host to be monitored at the current moment.
  • the monitoring system 110 may also generate a display interface according to the monitoring value, and send the display interface to the client 120; accordingly, the client 120 receives the display interface Later, the display interface can be displayed to the user on the web browser, so that the user can view the monitored value from the display interface.
  • the monitoring system 110 may also store the current monitoring value in the monitoring database to realize the backup of the monitoring value.
  • the monitoring database is used to store the historical monitoring values of each host.
  • the type of the monitoring database can be set by those skilled in the art based on experience. For example, it can be a relational database, a non-relational database, or a Hoodap database. limited.
  • the monitoring system 110 can also jointly monitor the historical monitoring value of the host under the monitoring object in the monitoring database to fit a prediction model, and use the prediction model to predict the change in the value of the host under the monitoring object in the future period.
  • Host risk can be a data model with time as an independent variable and resource usage or load situation as a dependent variable.
  • the fitting model can predict resource consumption or load occupancy in the future period. If determined according to the fitting model In the future, the problem of excessive resource consumption or excessive load occupation will occur, and the monitoring system 110 may also give an early warning to the host, so that the user can repair the host in advance and avoid host failure.
  • the monitoring system 110 may first determine the monitoring object corresponding to the monitoring value, and then use the fitting algorithm corresponding to the monitoring object to fit the historical monitoring value in the monitoring database to obtain the prediction model.
  • the fitting algorithm corresponding to the monitored object can be calculated based on the change rule of the historical monitoring value of the monitored object in the historical period. For example, if the change rule of the historical monitoring value of the monitored object in the historical period conforms to the linear change rule, the monitored object can be The corresponding fitting algorithm is set as a linear regression algorithm. If the change rule of the historical monitoring value corresponding to the monitored object conforms to the periodic change rule, the fitting algorithm corresponding to the monitored object can be set as a period matching algorithm.
  • the monitoring object corresponding to the linear regression algorithm has the following law: the historical monitoring value of the monitoring object in the historical period changes linearly, such as linear increase or linear decrease.
  • the fitting algorithm corresponding to the disk usage may be a linear regression algorithm.
  • the monitoring system 110 can obtain the historical monitoring data of the monitored object within a set period of time from the monitoring database (including the current monitoring value ). Since the monitoring value of the host is usually collected in a discrete monitoring method, the historical monitoring data within a set period of time can include the historical monitoring value of each time. In this way, the monitoring system 110 can first set the initial linear regression model and compare the historical monitoring data of each time. The monitored value is substituted into the initial linear regression model to obtain the values of multiple unknown parameters in the initial linear regression model.
  • the monitoring system 110 can construct a univariate linear regression model corresponding to the monitored object based on the initial linear regression model and the values of the multiple unknown parameters (I.e. predictive model). Wherein, when the historical monitoring value at each time is substituted into the initial linear regression model, the monitoring system 110 may also calculate the historical monitoring value at each time within the set time period based on the least square method to determine the values of multiple unknown parameters. Obtain a univariate linear regression model.
  • the historical monitoring value missing or illegal historical monitoring value (such as the type of historical monitoring value) in the historical monitoring data of the set period can also be calculated.
  • the completion value used in the completion operation can be the average of the previous and next historical monitoring values of the missing or illegal historical monitoring values.
  • It can also be the average value of the historical monitoring value at each time, or the weighted average of the historical monitoring value at each time, the weight corresponding to the historical monitoring value at each time is positively correlated with the time difference from the current time, which is not specifically limited.
  • the linear regression model can be used to predict the occurrence time of the monitoring threshold in the early warning condition. If the monitored value of the monitored object does not reach the monitoring threshold, it means that the monitored object is in In the future, it is in a safe state and does not need to be processed; if there is a monitoring value of the monitored object at a certain moment that may reach the monitoring threshold, an early warning message can be generated according to the monitored object and that time, and an early warning message can be sent to the client before that time , In order to provide early warning to prevent the value of the monitored object from exceeding the monitoring threshold in the future period, and to ensure that the resource usage does not exceed the standard or the load is not overweight.
  • the monitoring object corresponding to the period matching algorithm has the following law: the historical monitoring value of the monitoring object in the historical period changes in a fixed or non-fixed period.
  • the monitoring object is the central processing unit (CPU) usage rate
  • CPU usage rate since the CPU usage rate will gradually increase with the increase of the user’s usage time each time the user turns on, the CPU usage
  • the fitting algorithm corresponding to the rate is the period matching algorithm.
  • the period matching algorithm can include a fixed period matching algorithm and a non-fixed period matching algorithm.
  • the fixed period matching algorithm means that the historical monitoring value of the monitored object in the historical period appears according to the change rule of a fixed period, for example, each change rule corresponds to 10 hours
  • the non-fixed-period matching algorithm means that the historical monitoring value of the monitored object in the historical period appears according to the non-fixed period of change.
  • the monitoring system 110 after determining the monitoring object corresponding to the monitoring value, if the fixed period is T, the monitoring system 110 first obtains the duration including the monitoring value at the current moment from the monitoring database Is the first historical monitoring data of T, and each second historical monitoring data with a duration of T can be obtained from the monitoring database in a sliding window method, and then the similarity between the first historical monitoring data and each second historical monitoring data is calculated, and The second historical monitoring data whose similarity is greater than the similarity threshold is used as the period matching model corresponding to the first historical monitoring data.
  • the method of calculating the similarity can be set by those skilled in the art based on experience. For example, any one or more of the Euclidean distance algorithm, the cosine similarity algorithm or the Euclidean distance similarity algorithm can be used to calculate the similarity. The details are not limited.
  • the second historical monitoring data after determining the period matching model corresponding to the monitored object (that is, the second historical monitoring data whose similarity is greater than the similarity threshold), it can first be determined whether the historical monitoring value of the second historical monitoring data at each time is There is a historical monitoring value at a certain moment that reaches the monitoring threshold in the early warning condition.
  • the historical monitoring value at each time does not reach the monitoring threshold, it means that the monitored object is in a safe state during the period of time, and no processing is required; if there is a certain moment (For ease of description, referred to as the target time) when the historical monitoring value reaches the monitoring threshold, it can be based on the time difference between the start time of the period corresponding to the second historical monitoring data and the start time of the period corresponding to the first historical monitoring data , Correct the target moment to determine the future moment corresponding to the target moment, and can generate an early warning message according to the monitored object and the future moment, and send an early warning message to the client before the future moment to give early warning to avoid the monitored object in the future period The value exceeds the monitoring threshold to ensure that the resource usage does not exceed the standard or the load is not overweight.
  • FIG. 3 is a schematic diagram of the architecture of a monitoring system provided by an embodiment of the present invention.
  • the monitoring system 110 may be provided with a control configuration center, a task execution center, and a data center that are connected to each other, and the control configuration center may also be connected
  • the client 120 and the task execution center may also be connected to each host, and the connection mode may be a wired connection or a wireless connection, which is not specifically limited.
  • control configuration center can be provided with interconnected interface management units, rights management units, equipment management units, and configuration management units.
  • the interface management unit is also connected to the client 120;
  • the task execution center can be provided with mutual interface management units, rights management units, equipment management units, and configuration management units.
  • the task scheduling unit, plug-in management unit and task execution unit are connected.
  • the task scheduling unit is also connected to the configuration management unit, and the task execution unit is also connected to each host;
  • the data center can be equipped with a data processing unit and a monitoring database, and the data processing unit is also connected to tasks Execution unit and interface management unit.
  • the user can send a login interface request message to the interface management unit through the client 120.
  • the login interface request message carries the user's identity.
  • the interface management unit parses the login interface request message to obtain the user's identity, it can send the login interface request message to the interface management unit.
  • the user's identification is sent to the authority management unit to obtain the monitoring authority determined by the authority management unit according to the user's identifier, so that the interface management unit can send the monitoring interface corresponding to the monitoring authority to the client 120, so that the client 120 displays the monitoring interface To the user.
  • the user can select the host to be monitored on the monitoring interface, and can input the trigger condition
  • the client 120 can generate a monitoring request after detecting that the user input is completed, and carry the identification of the host to be monitored and the trigger condition in the monitoring request
  • the monitoring request is sent to the interface management unit, so as to be sent to the configuration management unit via the interface management unit.
  • the configuration management unit parses the monitoring request to obtain the identification and trigger condition of the host to be monitored, it can first obtain the resources corresponding to the host to be monitored from the CMDB database (ie configuration management database) docked with the device management unit according to the identification of the host to be monitored.
  • the configuration information generates a corresponding monitoring task according to the identification of the host to be monitored, the resource configuration information corresponding to the host to be monitored, and the trigger condition, and sends it to the task scheduling unit.
  • the task scheduling unit determines that the trigger condition of the monitoring task is met at the current moment, it can send the identification of the host to be monitored and the resource configuration information corresponding to the host to be monitored to the task processing unit, and the task processing unit can correspond to the host to be monitored
  • the resource configuration information from the plug-in management unit obtains the matching monitoring plug-in, calls the matching monitoring plug-in to monitor the host to be monitored, and obtains the monitoring value of the host to be monitored at the current moment; and the task processing unit can also set the host to be monitored in the current The monitoring value at the moment is sent to the data processing unit.
  • the data processing unit can first determine the monitoring object corresponding to the monitoring value, and then obtain the historical monitoring of the host to be monitored under the monitoring object from the monitoring database Value, and use the fitting algorithm corresponding to the monitored object to fit the current monitoring value and the historical monitoring value to obtain a prediction model.
  • the data processing unit can also use the predictive model to determine whether the value of the host to be monitored under the monitored object meets the preset risk conditions in the future period. If it is satisfied, it means that the monitored object of the host to be monitored in the future period is in a safe state. If it is not satisfied, it means that the monitoring object of the host to be monitored may fail in the future.
  • the data processing unit can also generate an early warning message for the monitoring object of the host to be monitored, and can send the early warning message to the interface management unit, so that the interface management unit It is sent to the client 120 and displayed to the user via the monitoring interface of the client 120.
  • the task execution unit in the embodiment of the present invention can communicate with the host to be monitored through a remote communication protocol-Secure Shell (SSH), so as to obtain the monitoring value of the host to be monitored, without having to be in the host.
  • SSH remote communication protocol-Secure Shell
  • the client is deployed on the monitoring host side, which can reduce monitoring costs, increase monitoring flexibility, and reduce the complexity of the monitoring system.
  • a monitoring request is received, and the monitoring request carries an identification of the host to be monitored, and according to the identification of the host to be monitored, the resource configuration information of the host to be monitored is obtained, and it is determined that it is related to the host to be monitored.
  • the monitoring plug-in matching the resource configuration information of the monitoring host uses the monitoring plug-in to monitor the host to be monitored to obtain the monitoring value of the host to be monitored at the current moment.
  • the solution can be applied to monitoring occasions with different resource configuration information, instead of being limited to fixed monitoring occasions, thereby improving the flexibility of host monitoring. ;
  • monitoring the host to be monitored by using a monitoring plug-in matching the resource configuration information of the host to be monitored can also make the monitoring of the host to be monitored more targeted, thereby improving the accuracy of host monitoring.
  • an embodiment of the present invention also provides a monitoring device, and the specific content of the device can be implemented with reference to the foregoing method.
  • Fig. 4 is a schematic structural diagram of a monitoring device provided by an embodiment of the present invention, including:
  • the transceiver module 401 is configured to receive a monitoring request, where the monitoring request carries an identifier of the host to be monitored;
  • the obtaining module 402 is configured to obtain the resource configuration information of the host to be monitored according to the identifier of the host to be monitored;
  • the determining module 403 is configured to determine a monitoring plug-in matching the resource configuration information of the host to be monitored;
  • the monitoring module 404 is configured to monitor the host to be monitored using the monitoring plug-in to obtain the monitoring value of the host to be monitored at the current moment.
  • the transceiver module 401 is further configured to: receive a plug-in configuration request, the plug-in configuration request including resource configuration information corresponding to the monitoring plug-in and output rules of monitoring values;
  • the obtaining module 402 is also used to obtain the initial script file of the monitoring plug-in;
  • the monitoring module 404 is further configured to: amend the initial script file according to the output rule of the monitoring value to obtain the script file of the monitoring plug-in, and according to the script file of the monitoring plug-in and the corresponding value of the monitoring plug-in
  • the resource configuration information generates the monitoring plug-in; the monitoring value output by the script file of the monitoring plug-in when running meets the output rule of the monitoring value.
  • the obtaining module 402 is specifically configured to:
  • the monitoring module 404 obtains the monitoring value of the host to be monitored at the current moment, it is further used to:
  • fitting algorithm corresponding to the monitoring object uses the fitting algorithm corresponding to the monitoring object to fit the monitoring value and the historical monitoring value to obtain the prediction model of the host to be monitored under the monitoring object; the fitting algorithm corresponding to the monitoring object It is obtained by analyzing the change rule of the historical monitoring value of the monitoring object in the historical period, and the prediction model is used to predict the value of the host to be monitored under the monitoring object in the future period.
  • the fitting algorithm corresponding to the monitored object is a linear regression algorithm
  • the monitoring module 404 is specifically used for:
  • the initial prediction model including a plurality of unknown parameters
  • the prediction model is constructed according to the values of multiple unknown parameters in the initial prediction model.
  • the fitting algorithm corresponding to the monitored object is a fixed-period matching algorithm
  • the monitoring module 404 is specifically used for:
  • first historical monitoring data including the monitoring value at the current moment from the monitoring database; the duration of the first historical monitoring data is the fixed period;
  • the similarity between the first historical monitoring data and each second historical data is calculated, and the second historical monitoring data whose similarity is greater than a similarity threshold is used as the prediction model.
  • a monitoring request is received, and the monitoring request carries the identification of the host to be monitored, and the resource configuration information of the host to be monitored is obtained according to the identification of the host to be monitored.
  • determine the monitoring plug-in matching the resource configuration information of the host to be monitored use the monitoring plug-in to monitor the host to be monitored, and obtain the monitoring value of the host to be monitored at the current moment.
  • the solution can be applied to monitoring occasions with different resource configuration information, instead of being limited to fixed monitoring occasions, thereby improving the flexibility of host monitoring. ;
  • monitoring the host to be monitored by using a monitoring plug-in matching the resource configuration information of the host to be monitored can also make the monitoring of the host to be monitored more targeted, thereby improving the accuracy of host monitoring.
  • an embodiment of the present invention also provides a computing device. As shown in FIG. 5, it includes at least one processor 501 and a memory 502 connected to the at least one processor.
  • the embodiment of the present invention does not limit the processor.
  • the connection between the processor 501 and the memory 502 in FIG. 5 is taken as an example.
  • the bus can be divided into address bus, data bus, control bus and so on.
  • the memory 502 stores instructions that can be executed by at least one processor 501, and the at least one processor 501 can execute the steps included in the foregoing monitoring method by executing the instructions stored in the memory 502.
  • the processor 501 is the control center of the computing device. It can use various interfaces and lines to connect various parts of the computing device. deal with.
  • the processor 501 may include one or more processing units, and the processor 501 may integrate an application processor and a modem processor.
  • the application processor mainly processes an operating system, a user interface, and an application program.
  • the adjustment processor mainly handles issuing instructions. It can be understood that the foregoing modem processor may not be integrated into the processor 501.
  • the processor 501 and the memory 502 may be implemented on the same chip, and in some embodiments, they may also be implemented on separate chips.
  • the processor 501 may be a general-purpose processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of the present invention.
  • the general-purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in combination with the monitoring embodiment can be directly embodied as executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.
  • the memory 502 as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules.
  • the memory 502 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), magnetic memory, disk , CD, etc.
  • the memory 502 is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
  • the memory 502 in the embodiment of the present invention may also be a circuit or any other device capable of realizing a storage function for storing program instructions and/or data.
  • embodiments of the present invention also provide a computer-readable storage medium that stores a computer program executable by a computing device, and when the program runs on the computing device, the computing device executes The steps of the above monitoring method.
  • the embodiments of the present invention provide a computer program product.
  • the computer program product includes a computer program stored on a computer-readable storage medium.
  • the computer program includes program instructions. When executed by a computer, the computer is made to execute the steps of the above-mentioned monitoring method.
  • the embodiments of the present invention can be provided as a method or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un procédé et un appareil de surveillance. Le procédé comprend : la réception d'une demande de surveillance, la demande de surveillance transportant un identifiant d'un hôte à surveiller (201) ; l'acquisition d'informations de configuration de ressource pour ledit hôte selon l'identifiant dudit hôte (202) ; la détermination d'un module d'extension de surveillance qui correspond aux informations de configuration de ressource pour ledit hôte (203) ; et la surveillance dudit hôte à l'aide du module d'extension de surveillance, et l'obtention d'une valeur de surveillance dudit hôte à un instant actuel (204). Des modules d'extension de surveillance correspondant à diverses informations de configuration de ressource sont configurés de sorte que le procédé de la présente invention peut être appliqué pour surveiller des scénarios ayant différentes informations de configuration de ressource et n'est pas limité à un scénario de surveillance fixe, ce qui peut améliorer la souplesse pour surveiller un hôte. De plus, la surveillance d'un hôte à surveiller à l'aide d'un module d'extension de surveillance, qui correspond à des informations de configuration de ressource pour ledit hôte, peut permettre que la surveillance dudit hôte soit plus ciblée, ce qui peut améliorer la précision pour surveiller un hôte.
PCT/CN2020/130169 2019-12-20 2020-11-19 Procédé et appareil de surveillance WO2021120975A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911331007.0A CN111143165A (zh) 2019-12-20 2019-12-20 一种监控方法及装置
CN201911331007.0 2019-12-20

Publications (1)

Publication Number Publication Date
WO2021120975A1 true WO2021120975A1 (fr) 2021-06-24

Family

ID=70519284

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/130169 WO2021120975A1 (fr) 2019-12-20 2020-11-19 Procédé et appareil de surveillance

Country Status (2)

Country Link
CN (1) CN111143165A (fr)
WO (1) WO2021120975A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111143165A (zh) * 2019-12-20 2020-05-12 深圳前海微众银行股份有限公司 一种监控方法及装置
CN111461581A (zh) * 2020-05-17 2020-07-28 商志营 一种智能预警管理系统及实现方法
CN111737084B (zh) * 2020-06-22 2024-05-14 苏州科韵激光科技有限公司 信息的监控方法、装置、智能设备、计算机设备和介质
CN112764995B (zh) * 2021-01-26 2023-04-07 山东云海国创云计算装备产业创新中心有限公司 一种服务器硬件资源监控方法、装置和介质
CN112817937A (zh) * 2021-01-27 2021-05-18 上海臣星软件技术有限公司 大数据监控方法、装置、电子设备及计算机存储介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272481A (zh) * 2008-04-02 2008-09-24 武汉大学 一种视频监控前端设备接入方法
US20120246303A1 (en) * 2011-03-23 2012-09-27 LogRhythm Inc. Log collection, structuring and processing
US20140337508A1 (en) * 2013-05-09 2014-11-13 Telefonaktiebolaget L M Ericsson (Publ) Method and Apparatus for Providing Network Applications Monitoring
CN105760272A (zh) * 2016-01-29 2016-07-13 山东鲁能智能技术有限公司 基于插件的监控后台业务定制方法及其系统
CN107483245A (zh) * 2017-08-14 2017-12-15 上海新炬网络信息技术股份有限公司 一种基于karaf_agent的主动采集实现装置
CN108920324A (zh) * 2018-06-08 2018-11-30 广东轩辕网络科技股份有限公司 It设备存储容量趋势分析和预警的方法、系统及电子装置
CN111143165A (zh) * 2019-12-20 2020-05-12 深圳前海微众银行股份有限公司 一种监控方法及装置

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272481A (zh) * 2008-04-02 2008-09-24 武汉大学 一种视频监控前端设备接入方法
US20120246303A1 (en) * 2011-03-23 2012-09-27 LogRhythm Inc. Log collection, structuring and processing
US20140337508A1 (en) * 2013-05-09 2014-11-13 Telefonaktiebolaget L M Ericsson (Publ) Method and Apparatus for Providing Network Applications Monitoring
CN105760272A (zh) * 2016-01-29 2016-07-13 山东鲁能智能技术有限公司 基于插件的监控后台业务定制方法及其系统
CN107483245A (zh) * 2017-08-14 2017-12-15 上海新炬网络信息技术股份有限公司 一种基于karaf_agent的主动采集实现装置
CN108920324A (zh) * 2018-06-08 2018-11-30 广东轩辕网络科技股份有限公司 It设备存储容量趋势分析和预警的方法、系统及电子装置
CN111143165A (zh) * 2019-12-20 2020-05-12 深圳前海微众银行股份有限公司 一种监控方法及装置

Also Published As

Publication number Publication date
CN111143165A (zh) 2020-05-12

Similar Documents

Publication Publication Date Title
WO2021120975A1 (fr) Procédé et appareil de surveillance
US9882912B2 (en) System and method for providing authentication service for internet of things security
US20190207965A1 (en) System and method for monitoring the trustworthiness of a networked system
US9762566B2 (en) Reducing authentication confidence over time based on user history
US20200092298A1 (en) Avoiding user session misclassification using configuration and activity fingerprints
US8806620B2 (en) Method and device for managing security events
CN111274583A (zh) 一种大数据计算机网络安全防护装置及其控制方法
CN109800160B (zh) 机器学习系统中的集群服务器故障测试方法和相关装置
CN111641563B (zh) 基于分布式场景的流量自适应方法与系统
CN105100032A (zh) 一种防止资源盗取的方法及装置
CN111614761B (zh) 区块链消息传输方法、装置、计算机以及可读存储介质
CN110222535B (zh) 区块链配置文件的处理装置、方法及存储介质
CN111698303A (zh) 数据处理方法、装置、电子设备及存储介质
CN114327803A (zh) 区块链访问机器学习模型的方法、装置、设备和介质
US20230198771A1 (en) Systems and methods for providing secure internet of things data notifications using blockchain
CN109145651B (zh) 一种数据处理方法及装置
CN108234441B (zh) 确定伪造访问请求的方法、装置、电子设备和存储介质
CN103559438A (zh) 进程识别方法及系统
CN113238923B (zh) 基于状态机的业务行为溯源方法及系统
US11251976B2 (en) Data security processing method and terminal thereof, and server
CN113259429B (zh) 会话保持管控方法、装置、计算机设备及介质
CN107181801B (zh) 一种电子附件存储方法及终端
CN113076112A (zh) 数据库部署的方法、装置及电子设备
CN113791792A (zh) 应用调用信息的获取方法、设备以及存储介质
CN111159009A (zh) 一种日志服务系统的压力测试方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20902805

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14.10.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20902805

Country of ref document: EP

Kind code of ref document: A1