CN103631572A - Centralized event processing system and processing method - Google Patents
Centralized event processing system and processing method Download PDFInfo
- Publication number
- CN103631572A CN103631572A CN201210304312.2A CN201210304312A CN103631572A CN 103631572 A CN103631572 A CN 103631572A CN 201210304312 A CN201210304312 A CN 201210304312A CN 103631572 A CN103631572 A CN 103631572A
- Authority
- CN
- China
- Prior art keywords
- event
- acquisition
- data
- framework
- collection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a centralized event processing system. The centralized event processing system comprises an event collection framework, an active collection assembly and a passive receiving assembly, wherein the event collection framework acquires event data sent by the passive receiving assembly, calls the active collection assembly and filters events according to rules; the active collection assembly is called by the event collection framework actively and collects different types of data sources by means of a collection method and a collection target configured for the active collection assembly; the passive receiving assembly sends the data to the event collection framework actively and transmits the different types of data sources by means of a collection method and a collection target configured for the passive receiving assembly. According to the centralized event processing system, a collection assembly is expanded to be adapted to collection of the different data sources, and the active collection assembly and the passive receiving assembly are in mutual supplementation. The invention further relates to a centralized event processing method. The centralized event processing method solves the problem that support for multiple types of data sources is poor in the prior art, and can be applied to a management platform where data sources are complex and events need to be monitored and processed in a unified mode.
Description
Technical field
The present invention relates to a kind of disposal system and disposal route thereof, be specifically related to a kind of centralized event handling system and disposal route thereof.
Background technology
In order to safeguard the operation conditions of self system resource, computer system generally all can have corresponding daily record or other logout mechanism register system about date and the timestamp information of daily event or wrong operation alarm.When, system various in application system is huge, if login respectively different system, check its logout, treatment effeciency difficulty too low, that screen problem is too large, so need centralized event acquisition scheme that event information is gathered, by certain policy class, filtration, automatic distinguishing event class is also made different processing.Centralized event acquisition scheme can be classified event and send to the memory location of appointment as the syslog of linux, and the event server of IBM can receive log recording and by certain rule-based filtering, processing.
Existing centralized event acquisition technology is mostly only for the daily record of text, because it is most widely used to aim at enterprise's application text day, intractability is little, is applicable to batch processing.But in current actual environment, application system is varied, event information not only comprises the log recording of text-type, the polytype Event origins such as event that also have data-base recording, SNMP trap event, provide by webservice, original technology is inadequate to the support of these newly-increased data sources, these information be gathered to the event acquisition mode in a kind of easy expansion of needs, the compatible several data of energy source.
Summary of the invention
For the deficiencies in the prior art, the invention provides a kind of centralized event handling system and disposal route thereof, the present invention adapts to the collection in different pieces of information source by expansion acquisition component, initiatively acquisition component and passive receiving unit complement one another, solved prior art poor problem has been supported in multiple types of data source, can be applicable to data source complexity, need unified monitoring to process in the management platform of event.
The object of the invention is to adopt following technical proposals to realize:
A centralized event handling system, its improvements are, described disposal system comprises:
Event acquisition framework: obtain the event data that passive receiving unit sends, active acquisition component is called, by rule-based filtering event;
Active acquisition component: initiatively called by described event acquisition framework, by being the acquisition method of initiatively acquisition component configuration and gathering target, realization to dissimilar (according to the difference of practical application scene, data source may have multiple, as the data source of textual form, SNMP trap event, event of providing by webservice interface etc.) collection of data source;
Passive receiving unit: initiatively send data to described event acquisition framework, by being the acquisition method of passive receiving unit configuration and gathering target, realize the transmission to different types of data source.
Wherein, under described event acquisition framework is positioned at, (centralized event handling system is a distributed system to the Centroid of disposal system, this distributed system comprises a plurality of nodes, effect, the importance of different nodes are different, Centroid is the node at event acquisition framework place, be the core of whole system, be responsible for the management of acquisition component, scheduling.Acquisition component may be on Centroid also may be on other node) on; Compatible initiatively collection and two kinds of event acquisition modes of passive reception; Described active acquisition component and passive receiving unit are mutual with event acquisition frame data respectively.
Wherein, described disposal system comprises storage unit, rule set and event handling unit; Described event acquisition framework is communicated by letter with storage unit; Described storage unit and event handling unit communication; Described rule set respectively with event acquisition framework and event handling unit communication.
Wherein, described event acquisition framework comprises collection scheduling assembly, acquisition interface assembly, rule match assembly and memory interface assembly; Described collection scheduling component call is acquisition component initiatively; Described acquisition interface assembly receives the data that passive receiving unit sends; Described rule match assembly and rule set carry out data interaction; Described memory interface assembly and storage unit are carried out data interaction.
Wherein, described active acquisition component is derived from definition acquisition mode to data; Described self-defining acquisition mode comprises reading database record, reads text log information; The interface of described active acquisition component and configuration are by described event acquisition framework definition; Described configuration comprises scheduling interval, target store path.
Wherein, described passive receiving unit is invisible to described event acquisition framework; Described passive receiving unit is not limited by event acquisition framework in exploitation form, deployed position and the method for operation, according to the data communication protocol of event acquisition framework definition, transmits data.
Wherein, described disposal system is monitored by management platform.
The present invention is based on a kind of centralized event-handling method that another object provides, it is characterized in that, described method comprises the steps:
A, described event acquisition framework initiatively call initiatively acquisition component;
B, described event acquisition framework obtain the event data that passive receiving unit sends;
C, described event acquisition framework are pressed rale store, the processing event data in rule set.
Wherein, in described step C, described event data comprises the event data that passive receiving unit transmits and the event data of obtaining from active acquisition component; Event data storage after processing, in storage unit, is classified the event data after processing by event handling unit.
Centralized for for distributed, distributed in each node status impartial, share out the work and help one another, in centralized configuration master control node status most important, be usually used in data and gather or control other node.
Event summary is for when and where which kind of action who has carried out to what thing, and result how.In computer system, recording events is for system audit or track problems.
Compared with the prior art, the beneficial effect that the present invention reaches is:
1, centralized event handling system provided by the invention can obtain event data by expanding dissimilar acquisition component from dissimilar data source, is easy to expansion;
2, centralized event-handling method provided by the invention, has solved prior art poor problem has been supported in multiple types of data source, can be applicable to data source complexity, needs unified monitoring to process in the management platform of event;
3, centralized event handling system provided by the invention, is initiatively realizing the treatment scheme of traffic aided in collection and passive receiving unit, the treatment scheme of independent of service realizes in event acquisition framework, is easy to multiplexing and transplants.
Accompanying drawing explanation
Fig. 1 is active acquisition mode structural representation provided by the invention;
Fig. 2 is passive acquisition mode structural representation provided by the invention;
Fig. 3 is the workflow diagram of centralized event-handling method provided by the invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
The invention provides a kind of centralized event handling system, comprising: event acquisition framework, active acquisition component, passive receiving unit, storage unit, rule set and event handling unit.
Event acquisition framework run on Centroid it (centralized event handling system is a distributed system, this distributed system comprises a plurality of nodes, effect, the importance of different nodes are different, Centroid is the node at event acquisition framework place, be the core of whole system, be responsible for the management of acquisition component, scheduling.Acquisition component may be on Centroid also may be on other node) upper, upwards obtain event data, press rule-based filtering event downwards, directly carry out data interaction with storage unit; Indirectly carry out data interaction with event handling unit.In event acquisition framework, comprise collection scheduling assembly, acquisition interface assembly, rule match assembly, memory interface assembly.Collection scheduling component call is acquisition component initiatively; Acquisition interface assembly receives the data that passive receiving unit sends; Rule match assembly and rule set carry out data interaction; Memory interface assembly and storage unit are carried out data interaction.
Active acquisition mode structural representation provided by the invention as shown in Figure 1, initiatively acquisition component runs under event acquisition framework, by event acquisition framework, initiatively called, by configuring different acquisition methods and gather target for active acquisition component, realization to dissimilar (according to the difference of practical application scene, data source may have multiple, as the data source of textual form, SNMPtrap event, the event providing by webservice interface etc.) collection of data source, event acquisition framework obtains data from active acquisition component, by predefined rale store, process event data.
Event acquisition framework definition is the interface specification of acquisition component initiatively, and developer is for concrete data source exploitation active acquisition component, and initiatively acquisition component is answered the interface of realization event collection framework definition, so that event acquisition framework calls.Initiatively acquisition component in independent development part to the self-defined acquisition mode of concrete data source, as reading database record, read text log information etc.In the interface of event acquisition framework definition, the definable method interface that initiatively acquisition component must be realized, mandatory or optional configuration item are as inter-module unity of form such as scheduling interval, target store paths but the different parameter of content.
Initiatively acquisition component is applicable to gathering the event data that requirement of real-time is not high, data volume is large, because the scheduling of event acquisition framework has certain interval.Be applicable to the high staff development of event acquisition framework familiarity, because need to understand the interface of event acquisition framework definition, could correctly realize.
Passive acquisition mode structural representation provided by the invention as shown in Figure 2, passive receiving unit runs on outside framework, to event acquisition framework, be sightless, passive receiving unit initiatively sends data to event acquisition framework, and event acquisition framework is by predefine rale store, processing event data.
Passive receiving unit is not limited by event acquisition framework in exploitation form, deployed position, the method for operation, only need to transmit data according to the data communication protocol of event acquisition framework definition.Passive receiving unit equally can be for different data source collection event data, as receive SNMP Trap event or receive the event that third party's system initiatively sends, also image data sends to event acquisition framework to avoid the initiatively not high shortcoming of acquisition component real-time voluntarily.
Passive receiving unit is applicable to gathering data real-time or that data volume is little, is also applicable to personnel event acquisition framework is not understood and cannot during fast Development active acquisition component, be used.
Only use passive receiving unit also can realize the collection of different types of data, but need to control voluntarily collection frequency, the effect of dispatching center can not be given full play to, and due to the uncontrollable data bulk of event acquisition framework, for reaching equal performance index, more resources need be consumed.
As shown in Figure 3, the method comprises the steps: the workflow of centralized event-handling method provided by the invention
A, described event acquisition framework initiatively call initiatively acquisition component;
B, described event acquisition framework obtain the event data that passive receiving unit sends;
C, described event acquisition framework by the rale store in rule set, process event data: event data comprises the event data that passive receiving unit transmits and the event data of obtaining from active acquisition component; Event data storage after processing, in storage unit, is classified the event data after processing by event handling unit.
Centralized event handling system provided by the invention and disposal route thereof, the event acquisition that adapts to different pieces of information source by expansion acquisition component, adopt active acquisition component and passive receiving unit to complement one another, solved prior art poor problem has been supported in multiple types of data source, can be applicable to data source complexity, need unified monitoring to process in the management platform of event.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although the present invention is had been described in detail with reference to above-described embodiment, those of ordinary skill in the field are to be understood that: still can modify or be equal to replacement the specific embodiment of the present invention, and do not depart from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of claim scope of the present invention.
Claims (9)
1. a centralized event handling system, is characterized in that, described disposal system comprises:
Event acquisition framework: obtain the event data that passive receiving unit sends, active acquisition component is called, by rule-based filtering event;
Active acquisition component: initiatively called by described event acquisition framework, by being the acquisition method of initiatively acquisition component configuration and gathering target, the collection of realization to different types of data source;
Passive receiving unit: initiatively send data to described event acquisition framework, by being the acquisition method of passive receiving unit configuration and gathering target, realize the transmission to different types of data source.
2. centralized event handling system as claimed in claim 1, is characterized in that, described event acquisition framework is positioned on the Centroid of affiliated disposal system; Compatible initiatively collection and two kinds of event acquisition modes of passive reception; Described active acquisition component and passive receiving unit are mutual with event acquisition frame data respectively.
3. centralized event handling system as claimed in claim 1, is characterized in that, described disposal system comprises storage unit, rule set and event handling unit; Described event acquisition framework is communicated by letter with storage unit; Described storage unit and event handling unit communication; Described rule set respectively with event acquisition framework and event handling unit communication.
4. centralized event handling system as claimed in claim 1, is characterized in that, described event acquisition framework comprises collection scheduling assembly, acquisition interface assembly, rule match assembly and memory interface assembly; Described collection scheduling component call is acquisition component initiatively; Described acquisition interface assembly receives the data that passive receiving unit sends; Described rule match assembly and rule set carry out data interaction; Described memory interface assembly and storage unit are carried out data interaction.
5. centralized event handling system as claimed in claim 1, is characterized in that, described active acquisition component is derived from definition acquisition mode to data; Described self-defining acquisition mode comprises reading database record, reads text log information; The interface of described active acquisition component and configuration are by described event acquisition framework definition; Described configuration comprises scheduling interval, target store path.
6. centralized event handling system as claimed in claim 1, is characterized in that, described passive receiving unit is invisible to described event acquisition framework; Described passive receiving unit is not limited by event acquisition framework in exploitation form, deployed position and the method for operation, according to the data communication protocol of event acquisition framework definition, transmits data.
7. the centralized event handling system as described in any one in claim 1-6, is characterized in that, described disposal system is monitored by management platform.
8. a centralized event-handling method, is characterized in that, described method comprises the steps:
A, described event acquisition framework initiatively call initiatively acquisition component;
B, described event acquisition framework obtain the event data that passive receiving unit sends;
C, described event acquisition framework are pressed rale store, the processing event data in rule set.
9. centralized event-handling method as claimed in claim 8, is characterized in that, in described step C, described event data comprises the event data that passive receiving unit transmits and the event data of obtaining from active acquisition component; Event data storage after processing, in storage unit, is classified the event data after processing by event handling unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210304312.2A CN103631572A (en) | 2012-08-24 | 2012-08-24 | Centralized event processing system and processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210304312.2A CN103631572A (en) | 2012-08-24 | 2012-08-24 | Centralized event processing system and processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103631572A true CN103631572A (en) | 2014-03-12 |
Family
ID=50212673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210304312.2A Pending CN103631572A (en) | 2012-08-24 | 2012-08-24 | Centralized event processing system and processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103631572A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224440A (en) * | 2015-09-02 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | A kind of log collection management method and system |
| CN106850748A (en) * | 2016-12-26 | 2017-06-13 | 曙光信息产业(北京)有限公司 | The subscription delivery system of cloud desktop |
| CN111597089A (en) * | 2020-05-18 | 2020-08-28 | 广州锦行网络科技有限公司 | Linux system call event acquisition and caching device and method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547120A (en) * | 2003-12-10 | 2004-11-17 | 沈阳东软软件股份有限公司 | Network monitoring management system |
| CN101576988A (en) * | 2009-06-12 | 2009-11-11 | 阿里巴巴集团控股有限公司 | Credit data interactive system and interactive method |
| US20100094981A1 (en) * | 2005-07-07 | 2010-04-15 | Cordray Christopher G | Dynamically Deployable Self Configuring Distributed Network Management System |
| US20100106678A1 (en) * | 2008-10-24 | 2010-04-29 | Microsoft Corporation | Monitoring agent programs in a distributed computing platform |
| CN102075560A (en) * | 2010-11-19 | 2011-05-25 | 福建富士通信息软件有限公司 | Fukutomi enterprise search engine technology based on system coupling |
| CN102457475A (en) * | 2010-10-15 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Integration and conversion system for network security data |
| US8185619B1 (en) * | 2006-06-28 | 2012-05-22 | Compuware Corporation | Analytics system and method |
-
2012
- 2012-08-24 CN CN201210304312.2A patent/CN103631572A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547120A (en) * | 2003-12-10 | 2004-11-17 | 沈阳东软软件股份有限公司 | Network monitoring management system |
| US20100094981A1 (en) * | 2005-07-07 | 2010-04-15 | Cordray Christopher G | Dynamically Deployable Self Configuring Distributed Network Management System |
| US8185619B1 (en) * | 2006-06-28 | 2012-05-22 | Compuware Corporation | Analytics system and method |
| US20100106678A1 (en) * | 2008-10-24 | 2010-04-29 | Microsoft Corporation | Monitoring agent programs in a distributed computing platform |
| CN101576988A (en) * | 2009-06-12 | 2009-11-11 | 阿里巴巴集团控股有限公司 | Credit data interactive system and interactive method |
| CN102457475A (en) * | 2010-10-15 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Integration and conversion system for network security data |
| CN102075560A (en) * | 2010-11-19 | 2011-05-25 | 福建富士通信息软件有限公司 | Fukutomi enterprise search engine technology based on system coupling |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224440A (en) * | 2015-09-02 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | A kind of log collection management method and system |
| CN106850748A (en) * | 2016-12-26 | 2017-06-13 | 曙光信息产业(北京)有限公司 | The subscription delivery system of cloud desktop |
| CN106850748B (en) * | 2016-12-26 | 2020-12-22 | 曙光信息产业(北京)有限公司 | Subscription and publishing system of cloud desktop |
| CN111597089A (en) * | 2020-05-18 | 2020-08-28 | 广州锦行网络科技有限公司 | Linux system call event acquisition and caching device and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110445856B (en) | Internet of things communication assembly management and control system and method supporting multi-protocol access | |
| CN104243185B (en) | A kind of experience type service monitoring system | |
| US10536348B2 (en) | Operational micro-services design, development, deployment | |
| EP2429120A1 (en) | Distributed network management system, network element management server, and data configuration management method | |
| CN104022903A (en) | One-stop automatic operation and maintaining system | |
| Ramesh et al. | The Smart Network Management Automation Algorithm for Administration of Reliable 5G Communication Networks | |
| CN105577446B (en) | Lightweight embedded network management system and method | |
| KR100865015B1 (en) | Realtime unification management information data conversion and monitoring apparatus and method for thereof | |
| CN108932184A (en) | monitoring device and method | |
| CN103188101A (en) | Distributed type collection scheduling method and device | |
| US11436248B2 (en) | Systems and methods for providing dynamically configured responsive storage | |
| CN103856354A (en) | Method for achieving unified management of logs of cluster storage system | |
| CN112804362B (en) | Dispersed data micro-service automation operation and maintenance system | |
| CN101830240A (en) | Track traffic centralized alarming management system and method thereof | |
| CN108924007A (en) | The big data acquisition of communication operation information and storage system and method | |
| CN114189274A (en) | Satellite ground station monitoring system based on microservice | |
| CN109657005A (en) | A kind of data cache method of distributed cluster system, device and equipment | |
| CN103631572A (en) | Centralized event processing system and processing method | |
| Corradi et al. | SIRDAM4. 0: A support infrastructure for reliable data acquisition and management in industry 4.0 | |
| CN109165194A (en) | A kind of data conversion storage method, apparatus, electronic equipment and storage medium | |
| CN102340791A (en) | System used for realizing data consistency and method thereof | |
| EP4024761A1 (en) | Communication method and apparatus for multiple management domains | |
| CN103139806B (en) | Method and base station of the webmaster with base station configuration data decoupling | |
| CN103327062A (en) | A system and method for providing enterprise information technology lifecycle tools synchronization platform | |
| CN103078764A (en) | Operational monitoring system and method based on virtual computing task |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140312 |