CN105635329A - Online log generation method and apparatus - Google Patents
Online log generation method and apparatus Download PDFInfo
- Publication number
- CN105635329A CN105635329A CN201410614457.1A CN201410614457A CN105635329A CN 105635329 A CN105635329 A CN 105635329A CN 201410614457 A CN201410614457 A CN 201410614457A CN 105635329 A CN105635329 A CN 105635329A
- Authority
- CN
- China
- Prior art keywords
- user
- private network
- information
- nat
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an online log generation method and apparatus. The method comprises the steps of acquiring private network information of a user through a user control panel message GTP-C of a network; acquiring network address translation (NAT) of the user; and generating an online log of the user based on the acquired private network information and the NAT information. The invention can be used for solving the problems in the prior art that the private network information of the user cannot be acquired through an Radius message and thus cannot be combined with the NAT information to generate log information of the user, acquisition of the private network information of the user through the GTP-C provides mobile user online data query support for national security regulatory authorizes, and the reliability and scalability are also very high.
Description
Technical field
The present invention relates to the communications field, generate method and apparatus in particular to a kind of internet log.
Background technology
In recent years, along with 3G (Third Generation) Moblie 3G and Long Term Evolution (LongTermEvolution, referred to as LTE) etc. the fast development of mobile access technology, and combine along with the mobile terminal with highly intelligence so that mobile data services have mobile communication and the Internet advantage concurrently. But, whole world public network IP address quantity convergence is withered most. Generally, telecom operators adopt a kind of firewall technology to solve this problem, fire wall is the critical point connecting mobile access network and internet, it has network address translation (NetworkAddressTranslation, referred to as NAT) function, private network Internet Protocol (InternetProtocol, referred to as IP) address can be converted to public network IP address idle in fire wall address pool. Specifically, the telecom operation chamber of commerce distributes a private network IP address to the mobile subscriber preparing to access the Internet, by the nat feature of fire wall, user private network IP address is converted to public network IP address, this addresses the problem the problem that public network IP address is in short supply, it is possible to make the many station terminals of LAN share network and connect.
The content sources of mobile Internet is complicated, in order to strengthen network monitoring, state security department requires that basic telecommunication enterprise provides necessary management and control function, implements the retention of user's mobile Internet access daily record, looks into and deposit and report, actively develops user's internet log inquiry system construction. but, existence due to the current firewall network architecture, make Internet Server can only record the public network IP address after fire wall NAT processes, Internet Server cannot pass through this public network IP address knows the private network IP address of correspondence further, international mobile subscriber identity (InternationalMobileSubscriberIdentificationNumber, referred to as IMSI), and mobile subscriber international number (MobileSubscriberInternationalISDN/PSTNNumber, referred to as MSISDN) etc. mark user identity key message.
In the related, the patent No. is in the Chinese patent " mobile internet user's internet log realizes the managing device and the method that merge " of 103532752, remote authentication dial-in user service (RemoteAuthenticationDialInUserService, referred to as the Radius) message receiving the transmission of mobile Internet gateway that places one's entire reliance upon obtains the corresponding relation between user profile (such as phone number) and private network IP address. But, in real network is disposed, owing to different vendor's equipment room uses the restriction of authority, or operator is based on the consideration of safety and stabilizing factor, may result in obtaining Radius message, thus the corresponding relation between private network IP address and user profile cannot be known. Additionally, under Large Copacity network environment, this patented technology adopts single NAT daily record and Radius message fusion treatment module to hold sanction Network, because business rises the situation beyond the process performance limit occurs, occurs that overload system cannot meet collection demand. Meanwhile, once interrupted communication link occurs, cause that whole Log Collect System is paralysed. The reliability of system, extendible capacity are poor.
In the related, the patent No. be 103731515 Chinese patent " a kind of IP source tracing method, equipment and system " in the association process of the mapping table such as user profile and public network IP carry out in NAT device. I.e. NAT device, needs to undertake basic private IP address and public network IP address translation function on the one hand, has needed on the other hand to merge generation relationship maps table. This is likely to need NAT device is transformed, and such cost is huge. Meanwhile, when network traffic is bigger, it is possible to cause NAT device full-load operation, the possibility of paralysis even occurs.
Therefore, in the related, exist when Radius message cannot be obtained, just cannot to the problem of the internet log record generating user.
Summary of the invention
The invention provides a kind of internet log and generate method and apparatus, at least to solve in the related, exist when Radius message cannot be obtained, just cannot to the problem of the internet log record generating user.
According to an aspect of the invention, it is provided a kind of internet log generates method, including: the private network information of user is obtained by the user chain of command message GTP-C of network; Obtain the network address translation NAT information of described user; According to the described private network information obtained, and described NAT information generates the internet log of described user.
Preferably, before obtained the described private network information of described user by the user chain of command message GTP-C of network, also include: judge whether possess the authority obtaining described private network information from Radius message; When judged result is no, obtained the described private network information of user by the described GTP-C of network.
Preferably, after judging whether to possess the authority obtaining described private network information from Radius message, also include: when judged result is for being, from described Radius message, obtain described private network information according to network gateway; The internet log of described user is generated according to the described private network information obtained from described Radius message and described NAT information.
Preferably, in the described private network information according to acquisition, and after the internet log of the described NAT information described user of generation, also include: receive the inquiry request for inquiring about user's internet log; According to the described inquiry request that receives to inquiry request side's feedback query result.
Preferably, the described private network information of described user includes at least one of: international mobile subscriber identity IMSI, mobile subscriber international number MSISDN, packet data protocol (PDP) activating time.
Preferably, the described NAT information of described user includes at least one of: source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time.
According to a further aspect in the invention, it is provided that a kind of internet log generates device, including: the first acquisition module, for being obtained the private network information of user by the user chain of command message GTP-C of network; Second acquisition module, for obtaining the network address translation NAT information of described user; Generation module, for the described private network information according to acquisition, and described NAT information generates the internet log of described user.
Preferably, this device also includes: judge module, for judging whether possess the authority obtaining described private network information from Radius message; Described first acquisition module, is additionally operable to when the judged result of described judge module is no, is obtained the described private network information of user by the described GTP-C of network.
Preferably, this device also includes: the 3rd acquisition module, for when the judged result of described judge module is for being, obtaining described private network information according to network gateway from described Radius message; Described generation module, is additionally operable to generate the internet log of described user according to the described private network information obtained from described Radius message and described NAT information.
Preferably, this device also includes: receiver module, for receiving the inquiry request for inquiring about user's internet log; Feedback module, for according to the described inquiry request that receives to inquiry request side's feedback query result.
Adopt the private network information being obtained user by the user chain of command message GTP-C of network; Obtain the network address translation NAT information of described user; According to the described private network information obtained, and described NAT information generates the internet log of described user, solve and correlation technique cannot be passed through Radius message acquisition user private network information, and then the problem that the log information generating user cannot be combined with NAT information, the private network information of user is obtained by GTP-C, not being only national security supervision department provides the inquiry of mobile subscriber's Internet data to support, and reliability, extendible capacity are very strong.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, and the schematic description and description of the present invention is used for explaining the present invention, is not intended that inappropriate limitation of the present invention. In the accompanying drawings:
Fig. 1 is the flow chart that internet log according to embodiments of the present invention generates method;
Fig. 2 is the structured flowchart that internet log according to embodiments of the present invention generates device;
Fig. 3 is the preferred structure block diagram one that internet log according to embodiments of the present invention generates device;
Fig. 4 is the preferred structure block diagram two that internet log according to embodiments of the present invention generates device;
Fig. 5 is the preferred structure block diagram three that internet log according to embodiments of the present invention generates device;
Fig. 6 is the structural representation according to the preferred embodiment of the present invention 1;
Fig. 7 is the workflow diagram of the Radius message processing module according to the preferred embodiment of the present invention 1;
Fig. 8 is the structural representation according to the preferred embodiment of the present invention 2;
Fig. 9 is the workflow diagram of the signal collecting processing module according to the preferred embodiment of the present invention 2;
Figure 10 is the workflow diagram of the NAT log processing module 3 according to the preferred embodiment of the present invention 3;
Figure 11 is according to the structured flowchart of daily record merging treatment module 4 in the preferred embodiment of the present invention 3;
Figure 12 is according to the flow chart of data processing figure of daily record merging treatment module 4 in the preferred embodiment of the present invention 3;
Figure 13 is according to application service module 5 structured flowchart in the preferred embodiment of the present invention 3;
Figure 14 carries out, according to user's internet log record in the preferred embodiment of the present invention 3, the workflow diagram inquired about.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments. It should be noted that when not conflicting, the embodiment in the application and the feature in embodiment can be mutually combined.
In the present embodiment, it is provided that a kind of internet log generates method, and Fig. 1 is the flow chart that internet log according to embodiments of the present invention generates method, as it is shown in figure 1, this flow process comprises the steps:
Step S102, obtains the private network information of user by the user chain of command message GTP-C of network;
Step S104, obtains the network address translation NAT information of user;
Step S106, according to the private network information obtained, and NAT information generates the internet log of user.
Pass through above-mentioned steps, the private network information of user is obtained by GTP-C, relative in correlation technique, it is only capable of obtaining the private network information of user according to Radius message, when Radius message cannot be obtained, the problem that cannot generate user's internet log record, by a kind of new mode obtaining user private network information, not only solve in correlation technique when Radius message cannot be obtained, the problem that cannot generate user's internet log record, achieve when Radius message cannot be obtained, it is also possible to generate user's internet log.
Preferably, before obtained the private network information of user by the user chain of command message GTP-C of network, it is also possible to judge whether possess the authority obtaining private network information from Radius message; When judged result is no, just obtained the private network information of user by the GTP-C of network. And when judged result is for being, from Radius message, obtain private network information according to network gateway; The internet log of user is generated according to the private network information obtained from Radius message and NAT information. Namely by the combination of two kinds of acquisition user private network information modes, it is possible to all can effectively get user private network information under multiple network environment, thus being effectively realized the generation of user's internet log.
In the private network information according to acquisition, and after the internet log of NAT information generation user, it is also possible to this internet log generated is stored, to provide follow-up inquiry work, such as, after this internet log is stored, receive the inquiry request for inquiring about user's internet log; According to the inquiry request that receives to inquiry request side's feedback query result.
It should be noted that the private network information of above-mentioned user can include multiple, for instance, it is possible to include at least one of: international mobile subscriber identity IMSI, mobile subscriber international number MSISDN, packet data protocol (PDP) activating time.
The NAT information of above-mentioned user can also include multiple, for example, it is possible to include at least one of: source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time.
Additionally providing a kind of internet log in the present embodiment and generate device, this device is used for realizing above-described embodiment and preferred implementation, has be carried out repeating no more of explanation. As used below, term " module " can realize the software of predetermined function and/or the combination of hardware. Although the device described by following example preferably realizes with software, but hardware, or the realization of the combination of software and hardware is also likely to and is contemplated.
In the present embodiment, additionally providing a kind of internet log and generate device, Fig. 2 is the structured flowchart that internet log according to embodiments of the present invention generates device, as shown in Figure 2, this device includes the first acquisition module the 22, second acquisition module 24 and generation module 26, below this device is illustrated.
First acquisition module 22, for obtaining the private network information of user by the user chain of command message GTP-C of network; Second acquisition module 24, is connected to above-mentioned first acquisition module 22, for obtaining the network address translation NAT information of user; Generation module 26, is connected to above-mentioned first acquisition module 22 and the second acquisition module 24, and for the private network information according to acquisition, and NAT information generates the internet log of user.
Fig. 3 is the preferred structure block diagram one that internet log according to embodiments of the present invention generates device, as it is shown on figure 3, this device is except including all modules shown in Fig. 2, also includes: judge module 32, below this judge module 32 is illustrated.
Judge module 32, is connected to above-mentioned first acquisition module 22, for judging whether to possess the authority obtaining private network information from Radius message; First acquisition module 22, is additionally operable to when the judged result of judge module is no, is obtained the private network information of user by the GTP-C of network.
Fig. 4 is the preferred structure block diagram two that internet log according to embodiments of the present invention generates device, and as shown in Figure 4, this device, except including all modules shown in Fig. 3, also includes: the 3rd acquisition module 42, below the 3rd acquisition module 42 is illustrated.
3rd acquisition module 42, is connected to above-mentioned judge module 32, for when the judged result of judge module is for being, obtaining private network information according to network gateway from Radius message; Generation module, is additionally operable to generate the internet log of user according to the private network information obtained from Radius message and NAT information.
Fig. 5 is the preferred structure block diagram three that internet log according to embodiments of the present invention generates device, and as shown in Figure 4, this device, except including all modules shown in Fig. 2, also includes: receiver module 52 and feedback module 54, below this device is illustrated.
Receiver module 52, is connected to above-mentioned generation module 26, for receiving the inquiry request for inquiring about user's internet log; Feedback module 54, is connected to above-mentioned receiver module 52, for according to the inquiry request that receives to inquiry request side's feedback query result.
Claimed below for what realize in correlation technique: in disposing the network system with nat feature, it is provided that the scheme that a kind of user's internet behavior is traced to the source. namely pass through log system and itemized record can access the log informations such as the public network IP address of the Internet, private net address, the IMSI of user, Mobile Subscriber International ISDN Number in certain time period, and external inquiry interface is provided, can review and position the user of online based on querying condition, thus being of value to operator to complete the requirement of the national correlation department security maintenance to mobile data interconnection net and management and control. in the present embodiment, provide a kind of internet log and generate method scheme, by disposing user chain of command signaling message (GPRSTunnellingProtocol-Control in probe collection network, referred to as GTP-C), or the Radius message that collection mobile Internet gateway sends is (based on heterogeneous networks topology, both select one), combine with fire wall NAT daily record, set up IMSI, public network IP address corresponding relation when the key subscriber information such as Mobile Subscriber International ISDN Number and online, form detailed internet log record to carry out storing and inquiry system being provided, the inquiry of mobile subscriber's Internet data is provided to support for national security supervision department.
It addition, in the present embodiment, additionally provide a kind of distributed networking strategy, for the Network demand of big data quantity, dynamically dispose the fire wall NAT log processing server of varying number and daily record merging treatment server in a network. It is intended to uniformly share network traffic, improves system processing power and reliability.
Below, scene demands different in real network environment it is directed to, it is provided that two kinds illustrate based on distributed internet log backtracking process method:
One, when having the authority being obtained Radius message by internet gateway, by being connected to internet gateway therefrom to obtain Radius message and to parse user totem information (IMSI, MSISDN) and private network IP address. Simultaneously, Firewall Log processing module is connected to fire wall NAT device, mutual by signal collecting device and two kinds of network elements of Firewall Log processing module, obtain IMSI, MSISDN and the user terminal of the online user public network IP address after fire wall NAT conversion and port numbers, set up the corresponding relation of user totem information and public network IP address, and generate detailed user's internet log record, query function is provided simultaneously.
Two, when the acquisition authority of Radius message is severely limited, when namely cannot obtain the Radius that internet gateway sends, by signal collecting device being connected in a mirror-image fashion network control face message coffret, obtaining corresponding signaling message GTP-C and parsing user totem information therein. Subsequent step is with identical described in above-mentioned one.
In conjunction with above-mentioned distributed internet log backtracking process method, in the present embodiment, additionally provide a kind of distributed internet log backtracking process system, this system is provided with: Radius message processing module (function is equivalent to above-mentioned 3rd acquisition module 42) 1, signal collecting processing module (function is equivalent to the first acquisition module 22) 2, Firewall Log processing module (function is equivalent to the second acquisition module 24) 3, daily record merging treatment module (function is equivalent to generation module 26) 4, application service module (function is equivalent to receiver module 52 and feedback module 54) 5 and daily record memory module 6 totally six ingredients. wherein, Radius message processing module 1 and signal collecting processing module 2 are deployed in different network scenarios respectively. various piece function is as follows:
Radius message processing module 1: obtain the Radius right to use in limited time when having from internet gateway, dispose in a network and dock with internet gateway. It is responsible for receiving Radius message to include: the IMSI of user, MSISDN, private network IP address, private network port numbers are equivalent. Therefore, the Radius message received is done dissection process to extract user totem information by this module, and identification information is sent to daily record merging treatment module 4.
Signal collecting processing module 2: when obtaining the limited authority of Radius message from internet gateway, need to replace Radius message processing module 1 to dispose in systems signal collecting processing module 2, and be connected to the user's chain of command message interface in network in a mirror-image fashion. Signal collecting processing module 2 can intactly capture and flow through this interface all users chain of command signaling message GTP-C, and user chain of command signaling message GTP-C is carried out depth analysis, to excavate user totem information: IMSI, MSISDN, private network IP address and private network port numbers. And these user totem informations are sent to daily record merging treatment module 4.
Firewall Log processing module 3: dock with the NAT device of network firewall, is responsible for receiving the NAT daily record that fire wall NAT device sends. The NAT daily record received is done dissection process by Firewall Log processing module 3, obtain NAT transitional information therein: source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time, and the NAT transitional information group bag these got is sent to daily record merging treatment module 4.
Daily record merging treatment module 4: be connected with Radius message processing module 1, signal collecting processing module 2 and Firewall Log processing module 3. The work of three aspects of primary responsibility:
1) the NAT transitional information that user totem information Radius message processing module 1 or signal collecting processing module 2 sent and Firewall Log processing module 3 send is associated merging, and generates the detailed user internet log record including user IMSI, MSISDN, source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time;
2) it is saved in daily record memory module 6 with rear internet log record according to certain strategy by what generate;
3), after receiving the inquiry request including querying condition, it is responsible for providing user's internet log record queries function, and by Query Result feedback query command request end.
Application service module 5: be connected respectively with Radius message processing module 1, Firewall Log processing module 3 and daily record merging treatment module 4, undertake the role at management and control center. The function of two aspects can be provided:
1) providing detailed user's internet log record queries function, the query interface that personnel query can provide according to application service module 5, input needs the querying conditions such as the public network IP address that the initial time of inquiry log, end time, user use. Querying condition is sent to the daily record merging treatment module 4 being attached thereto, and Query Result is fed back to personnel query by query interface. Query Result includes: IMSI, MSISDN, source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time.
2) webmaster parameter configuration management and control center is provided, can providing parameter configuration interface for network management personnel, arranging Radius message processing module 1 needs connection mobile interchange network management address, signal collecting processing module 2 to need the fire wall address connecting the switch address of chain of command mirror image interface, Firewall Log processing module 3 needs connect, daily record merging treatment module 4 to need the Radius message processing module 1 of connection and the address of Firewall Log processing module 3.
Daily record storage module 6: be connected with daily record merging treatment module 4, is used for the user's internet log record after preserving merging treatment, inquires about for staff in the future.
In order to reach system to the disposal ability of big data quantity level business and the purpose ensureing reliability, in the present embodiment, additionally provide a kind of distributed networking strategy, in the multiple daily record merging treatment module 4 of network design, being connected in Firewall Log processing module 3 by the mode of direct connection, these daily record merging treatment modules 4 divide equally storage and query task jointly. Radius message processing module 1 and signal collecting processing module 2 and each daily record merging treatment module 4 direct connection, the IMSI of user, MSISDN, private network IP address and private network port numbers are sent to each daily record merging treatment module 4 by the mode broadcasted by Radius message processing module 1 or signal collecting processing module 2, and the fire wall NAT transitional information received with daily record merging treatment module 4 merges.
Compared with correlation technique, the embodiment of the present invention is capable of following effect:
One, in real network environment from mobile Internet gateway obtain Radius message authority be restricted time, signaling plane message is gathered from network, and parse key user's identification informations such as IMSI, MSISDN, user private network IP address, private network port numbers, complete to be similar to the function directly obtaining Radius message from mobile Internet gateway, and be associated merging with fire wall NAT daily record, it is provided that a detailed user internet log information. Make user's internet log backtracking system and method can be applicable to different network environments, it is provided that range of application and value.
Two, in embodiments of the present invention, additionally providing a kind of distributed networking strategy, to adapt under the business demand of big data quantity, network element shares whole network traffic load parallel, improves the service process performance of network. Meanwhile, when there is interruption or fault at certain net element communication link, other network element in distributed network takes over this net element business, and whole network operation state is not interrupted, it is ensured that the stability of network and reliability.
Below the preferred embodiment for the present invention is illustrated.
Preferred embodiment 1:
Fig. 6 is the structural representation according to the preferred embodiment of the present invention 1, as shown in Figure 6, the network scenarios that can obtain Radius message from mobile Internet gateway, in the present embodiment, adopt the log acquisition apparatus structure composition of the mode of distributed deployment, deployed position and data flow thereof as follows:
This distributed devices be operator in the related mobile data network in by increase network element mode realize. Mobile data network fabric topology is disposed Radius message processing module 1, it is made to access mobile Internet gateway, Radius message processing module 1 is responsible for obtaining Radius message from mobile Internet gateway, resolves Radius message and obtains user totem information IMSI, MSISDN, PDP activation time and private network IP address and private network port numbers.
Fig. 7 is the workflow diagram of the Radius message processing module according to the preferred embodiment of the present invention 1, as it is shown in fig. 7, this flow process comprises the steps:
Step S202: obtain Radius message from internet gateway;
Step S204: resolve Radius message, to obtain the field value of user totem information IMSI, MSISDN, PDP activation time and private network IP address and private network port numbers;
Step S206: these fields are re-encoded as a data block, is sent to all coupled daily record merging treatment modules 4.
Preferred embodiment 2:
Fig. 8 is the structural representation according to the preferred embodiment of the present invention 2, as shown in Figure 8, when mobile Internet gateway cannot be passed through obtains Radius message, namely Radius message obtains under the network environment that condition is limited, and the structure composition of user's internet log harvester, deployed position and data flow thereof are as follows:
This device be also operator in the related mobile data network in realized by the mode of newly-increased network element. It is disposed signal collecting processing module 2 in mobile data network fabric topology and accesses the interface between Internet service support node (in 3G network MME (MobilityManagementEntity) in SGSN (ServingGPRSSUPPORTNODE), 4G network) and mobile Internet gateway, and Firewall Log processing module 3 accesses NAT fire wall. Mutual by two network elements, signal collecting processing module 2 obtains user's chain of command message from interface in the way of mirror image collection, and extracts user totem information IMSI, MSISDN and PDP activation time and private network IP address, private network port numbers.
Fig. 9 is the workflow diagram of the signal collecting processing module according to the preferred embodiment of the present invention 2, and as shown in Figure 4, this flow process comprises the steps:
Step S302: capture user's chain of command message packet of serving GPRS support node and the interface of mobile Internet gateway;
Step S304: resolve this chain of command message, to obtain the user totem information field values such as MSISDN, IMSI, PDP activation time;
Step S306: these fields are re-encoded as a data block, is sent to coupled daily record merging treatment module 4.
The distributed mobile Internet access behavior backtracking system of above preferred embodiment 1 and preferred embodiment 2 have employed distributed group planar network architecture, namely adopts the multiple daily record merging treatment module 4 of distributed networking architecture arrangement in a network.
Multiple merging treatment modules 4 are connected with Firewall Log processing module 3 respectively, according to polling schemas, multiple merging treatment modules 4 of corresponding serial number receive the NAT transitional information that Firewall Log processing module 3 processes every time, associate merging, the generation of user's internet log record, inquiry and store tasks for what jointly divide equally user totem information and NAT transitional information;
Above-mentioned multiple merging treatment module 4 is connected with Radius message processing module 1 and signal collecting processing module 2 respectively, for receiving the user totem information that Radius message processing module 1 or signal collecting processing module 2 send with broadcast mode.
Preferred embodiment 3:
Firewall Log processing module 3 is connected with the NAT device of network firewall, NAT daily record is obtained from the NAT device of network firewall, and NAT daily record is carried out parsing obtain NAT transitional information, NAT transitional information includes: source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time, and NAT transitional information group bag is sent to the user totem information that daily record data merging module 4 is used for sending with Radius message processing module 1 or signal collecting processing module 2, private network IP address and private network port numbers are associated merging treatment,
Figure 10 is the workflow diagram of the NAT log processing module 3 according to the preferred embodiment of the present invention 3, as it is shown in figure 5, this flow process comprises the steps:
Step S402: receive the NAT daily record data bag that network firewall sends;
Step S404: resolve NAT daily record data bag and obtain NAT transitional information field value, it may be assumed that the field values such as source private network IP address and port numbers, source public network IP address and port numbers, destination address and port numbers, NAT time started and NAT end time;
Step S406: NAT transitional information field value is reassembled into a new data block, is sent to connected daily record merging treatment module 4.
Above-mentioned daily record merging treatment module 4 is connected with Radius message processing module 1, signal collecting processing module 2 and Firewall Log processing module 3 respectively, the NAT transitional information sent for user totem information Radius message processing module 1 or signal collecting processing module 2 sent, private network IP address and private network port numbers and Firewall Log processing module 3 is associated merging, and generates detailed user's internet log record.
Figure 11 is according to the structural framing figure of daily record merging treatment module 4 in the preferred embodiment of the present invention 3, and as shown in figure 11, this daily record merging treatment module 4 mainly comprises following components:
First communicator module 401: be connected with Radius message processing module 1, signal collecting processing module 2, for receiving Radius message processing module 1 or the user totem information of signal collecting processing module 2 transmission, private network IP address and private network port numbers, and user totem information, private network IP address and private network port numbers are pushed in process queue submodule 403;
Second communication submodule 402: be connected with Firewall Log processing module 3, for receiving the NAT transitional information that Firewall Log processing module 3 sends, and NAT transitional information is split into several wall scrolls NAT transitional information log recording, and this log recording is pushed in process queue submodule 403;
Processing queue submodule 403: be connected with the first communicator module 401 and second communication submodule 402, the NAT transitional information that user totem information, private network IP address and the private network port numbers for the first communicator module 401 being pushed pushes with second communication submodule 402 is sent to and associates merging submodule 404;
Association merges submodule 404 (performing the function that above-mentioned generation module 26 is identical): be connected with processing queue submodule 403, for receiving user totem information, private network IP address and the private network port numbers and NAT transitional information processing queue submodule 403 and sending; Using private network IP address as keyword, it is associated merging as maps values using user totem information, generates complete user's internet log record, and sub module stored 405 is put in user's internet log record;
Association merges submodule 404 and safeguards a Map data area structure, and using private network IP address as keyword, user totem information is as maps values. When process queue submodule 403 distribute be user totem information, private network IP address and private network port numbers time, first this message is carried out resolve operation, extract private network IP address field value therein. And using this private network IP address as key assignments retrieves in Map container whether comprise a corresponding record. If it does not exist, then user totem information is added in this Map container; Otherwise, do not process.
When process that queue submodule 403 distributes be fire wall NAT transitional information message time, extract wherein private network IP address and retrieve the user totem information record whether comprising this key assignments in Map container using this private network IP address as key assignments. If existed, then this record and fire wall NAT transitional information are merged, generate a whole user internet log record including IMSI, MSISDN, source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started, NAT end time and protocol type. If there is no respective record, then only generate an internet records (this record lacks the information such as IMSI, MSISDN) by fire wall NAT transitional information self.
Sub module stored 405: merge submodule 404 with association and be connected, be used for receiving user's internet log record, and be written into daily record memory module 6;
Figure 12 is that as shown in figure 12, this flow process comprises the steps: according to the flow chart of data processing figure of daily record merging treatment module 4 in the preferred embodiment of the present invention 3
Step S502: receive the fire wall NAT transitional information after slave firewall log acquisition module 3, Radius message processing module 1 or signal collecting processing module 2 process and user totem information packet respectively.
Step S504: receive packet and be pushed to process queue submodule 403, take out packet from queue head, it is necessary to resolution data Packet type, distribute according to different strategies. If type of data packet is not fire wall NAT transitional information packet, it is user totem information packet, then performs step S406. Otherwise, then step S414 is performed.
Step S506: judge the integrity of user totem information packet, if completely, then performs decoding operation, to obtain the field values such as private IP address, port numbers, IMSI, MSISDN, PDP activation time to packet; Otherwise, then abandon.
Step S508: using private IP address as key assignments, search the record that whether there is this key assignments in Map container. If it does not exist, then perform step S410; Otherwise, step S412 is performed.
Step S510: using this private IP address as index key, adds a record in Map container, and IMSI in ID message, MSISDN, PDP activation time field value are as the mapping value of this record. Meanwhile starting intervalometer, this private IP address is as intervalometer index value. If time-out time arrives, then from Map container, remove this record.
Step S512: update original memorial square in Map container by the value of each field in new information.
Step S514: fire wall NAT transitional information packet is decapsulated, splits into several fire walls NAT transitional information message blocks by packet.
Step S516: check the effectiveness of each data block, and extract private IP address field. Using this private IP address as key assignments, whether inquiry Map container exists the record comprising this key assignments. If it does, perform step S418; Otherwise, step S420 is performed.
Step S518: judge IP address class type in fire wall NAT transitional information data block, namely take out in Map container the IMSI number of this record, Mobile Subscriber International ISDN Number, PDP activation time field value (i.e. user totem information part), and be reassembled into a complete internet log record comprising user profile with the source private IP address in the record of fire wall NAT transitional information and port numbers, source public network IP address and port numbers, purpose IP address and port numbers, NAT time started, NAT end time and protocol type field.
Step S520: no longer obtain the field values such as IMSI, MSISDN, PDP activation time from Map container, but directly these field values are set to 0, then merge with fire wall NAT transitional information again, reconfigure an internet log record not comprising user totem information.
Step S522: the user's internet log record write daily record memory module 6 after reconsolidating is stored.
In order to facilitate management personnel that user's internet log record of storage is inquired about, as shown in figure 13, it is also provided with corresponding application service module 5, is connected with daily record merging treatment module 4; Application service module 5 includes internet log inquiry terminal 501, for providing query interface for personnel query, query interface is for receiving user's internet log record queries condition of input, and querying condition is sent to connected daily record merging treatment module 4, and user's internet log record daily record merging treatment module 4 fed back is displayed by query interface and consults for personnel query;
Correspondingly daily record merging treatment module 4 is provided with and inquires about, with internet log, the third communication submodule 406 that terminal 501 is docked, third communication submodule 406 is for receiving the inquiry request command comprising querying condition that internet log inquiry terminal 501 sends, and after being resolved by querying condition, it is sent to inquiry submodule 407 (performing the function that above-mentioned feedback module 54 is identical), it is simultaneously used for Query Result feeds back to internet log inquiry terminal 501; Inquiry submodule 407 contains efficient search algorithm, is connected with daily record memory module 6, for performing to search coupling in daily record memory module 6 according to querying condition, and lookup result feeds back to third communication submodule 406.
User's internet log record queries condition includes: the public network IP address that the initial time of user's internet log record, end time and user use. Query Result includes: IMSI, MSISDN, source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started, NAT end time and protocol type.
Figure 14 carries out, according to user's internet log record in the preferred embodiment of the present invention 3, the workflow diagram inquired about, and as shown in figure 14, this flow process comprises the steps:
Step S602: user includes in the internet log inquiry terminal 51 input inquiry condition of application service processing module 5: time started, end time, public network IP address.
Step S604: this inquiry request packet is sent to coupled daily record merging treatment module 4 by application service processing module 5.
Step S606: the inquiry of daily record merging treatment module 4 has listened to inquiry request packet and arrived, by the querying condition in this packet and be converted into: from date, Close Date, session hour and public network IP address. And above search for, at the daily record storage module (LSU) connected, the log recording satisfied condition.
Step S608: all log recordings satisfied condition are formed packet and are sent to application service processing module 5 by daily record merging treatment module 4.
Step S610: application service processing module 5 receives the Query Result packet that each daily record merging treatment module 4 returns, and is shown in by final result on the query interface of application service processing module 5.
As shown in figure 13, application service module 5 additionally provides the corresponding network management configurating terminal 502 for network being managed and configure simultaneously; Network management configurating terminal 502 is used for arranging with Radius message processing module 1, signal collecting processing module 2 and Firewall Log processing module 3 respectively:
Radius message processing module 1 needs the mobile interchange network management address connected;
Signal collecting processing module 2 needs the switch address of the user's chain of command mirror image interface connected;
Firewall Log processing module 3 needs the fire wall address connected; And,
Daily record merging treatment module 4 needs the address of Radius the message processing module 1 and Firewall Log processing module 3 connected.
By above-described embodiment and preferred implementation, by disposing user's chain of command signaling message GTP-C (GPRSTunnellingProtocol-Control) in probe collection network, or the Radius message that collection mobile Internet gateway sends is (based on heterogeneous networks topology, both select one), combine with fire wall NAT daily record, set up IMSI, public network IP address corresponding relation when the key subscriber information such as Mobile Subscriber International ISDN Number and online, form detailed internet log record to carry out storing and inquiry system being provided, thus solving in correlation technique mobile Internet access behavior retrogressive method and system in real network is disposed, when Radius message cannot be obtained, the problem that can not obtain user's internet log record, the inquiry of mobile subscriber's Internet data is provided to support for national security supervision department. meanwhile, when network traffic is bigger, adopting above-mentioned internet log to generate method and apparatus and be prevented from interrupted communication link, cause that whole Log Collect System is paralysed, reliability, extendible capacity are very strong.
Obviously, those skilled in the art should be understood that, each module of the above-mentioned present invention or each step can realize with general calculation element, they can concentrate on single calculation element, or it is distributed on the network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, can be stored in storage device is performed by calculation element, and in some cases, shown or described step can be performed with the order being different from herein, or they are fabricated to respectively each integrated circuit modules, or the multiple modules in them or step are fabricated to single integrated circuit module realize. so, the present invention is not restricted to the combination of any specific hardware and software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (10)
1. an internet log generates method, it is characterised in that including:
The private network information of user is obtained by the user chain of command message GTP-C of network;
Obtain the network address translation NAT information of described user;
According to the described private network information obtained, and described NAT information generates the internet log of described user.
2. method according to claim 1, it is characterised in that before obtained the described private network information of described user by the user chain of command message GTP-C of network, also include:
Judge whether possess the authority obtaining described private network information from Radius message;
When judged result is no, obtained the described private network information of user by the described GTP-C of network.
3. method according to claim 2, it is characterised in that after judging whether to possess the authority obtaining described private network information from Radius message, also include:
When judged result is for being, from described Radius message, obtain described private network information according to network gateway;
The internet log of described user is generated according to the described private network information obtained from described Radius message and described NAT information.
4. method according to claim 1, it is characterised in that in the described private network information according to acquisition, and after the internet log of the described NAT information described user of generation, also include:
Receive the inquiry request for inquiring about user's internet log;
According to the described inquiry request that receives to inquiry request side's feedback query result.
5. method according to any one of claim 1 to 4, it is characterised in that the described private network information of described user includes at least one of:
International mobile subscriber identity IMSI, mobile subscriber international number MSISDN, packet data protocol (PDP) activating time.
6. method according to any one of claim 1 to 4, it is characterised in that the described NAT information of described user includes at least one of:
Source private network IP address, source private network port numbers, source public network IP address, source public network port number, purpose IP address, destination slogan, NAT time started and NAT end time.
7. an internet log generates device, it is characterised in that including:
First acquisition module, for obtaining the private network information of user by the user chain of command message GTP-C of network;
Second acquisition module, for obtaining the network address translation NAT information of described user;
Generation module, for the described private network information according to acquisition, and described NAT information generates the internet log of described user.
8. device according to claim 7, it is characterised in that also include:
Judge module, for judging whether possess the authority obtaining described private network information from Radius message;
Described first acquisition module, is additionally operable to when the judged result of described judge module is no, is obtained the described private network information of user by the described GTP-C of network.
9. device according to claim 8, it is characterised in that also include:
3rd acquisition module, for when the judged result of described judge module is for being, obtaining described private network information according to network gateway from described Radius message;
Described generation module, is additionally operable to generate the internet log of described user according to the described private network information obtained from described Radius message and described NAT information.
10. device according to claim 7, it is characterised in that also include:
Receiver module, for receiving the inquiry request for inquiring about user's internet log;
Feedback module, for according to the described inquiry request that receives to inquiry request side's feedback query result.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410614457.1A CN105635329A (en) | 2014-11-03 | 2014-11-03 | Online log generation method and apparatus |
| PCT/CN2015/082563 WO2016070633A1 (en) | 2014-11-03 | 2015-06-26 | Network log generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410614457.1A CN105635329A (en) | 2014-11-03 | 2014-11-03 | Online log generation method and apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105635329A true CN105635329A (en) | 2016-06-01 |
Family
ID=55908513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410614457.1A Pending CN105635329A (en) | 2014-11-03 | 2014-11-03 | Online log generation method and apparatus |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105635329A (en) |
| WO (1) | WO2016070633A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106067880A (en) * | 2016-06-13 | 2016-11-02 | 国家计算机网络与信息安全管理中心 | A kind of source tracing method of IP address based on 4G network |
| CN107864062A (en) * | 2016-12-14 | 2018-03-30 | 中国电子科技网络信息安全有限公司 | A kind of container firewall system dispositions method |
| CN110351373A (en) * | 2019-07-15 | 2019-10-18 | 阳光电源股份有限公司 | A kind of long-distance monitoring method and device in power station |
| CN110855503A (en) * | 2019-11-22 | 2020-02-28 | 叶晓斌 | Fault cause determining method and system based on network protocol hierarchy dependency relationship |
| CN114827126A (en) * | 2022-03-24 | 2022-07-29 | 中通服创立信息科技有限责任公司 | IPTVDN user play log reporting method and system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3652973B1 (en) * | 2017-07-12 | 2022-06-29 | Nokia Solutions and Networks Oy | Identifier mapping in edge computing within radio networks |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101252592A (en) * | 2008-04-14 | 2008-08-27 | ***电信传输研究所 | Method and system for tracing network source of IP network |
| CN101854360A (en) * | 2010-05-21 | 2010-10-06 | 恒安嘉新(北京)科技有限公司 | Device and method for tracing to the source of mobile subscriber cellphone number according to IP (Internet Protocol) address |
| US20120170512A1 (en) * | 2010-12-29 | 2012-07-05 | Industrial Technology Research Institute | System and method for application layer gateway assisted local ip access at a femto base station by network address translation |
| CN102790812A (en) * | 2012-07-31 | 2012-11-21 | 中国联合网络通信集团有限公司 | IP (internet protocol) address source tracing method, equipment and system based on mobile terminal |
| CN103532752A (en) * | 2013-10-10 | 2014-01-22 | 北京首信科技股份有限公司 | Management device and method for realizing integration of surfing logs of mobile internet users |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9036540B2 (en) * | 2007-09-28 | 2015-05-19 | Alcatel Lucent | Method and system for correlating IP layer traffic and wireless layer elements in a UMTS/GSM network |
| CN103731515A (en) * | 2014-01-15 | 2014-04-16 | 中国联合网络通信集团有限公司 | Internet protocol (IP) source tracing method, device and system |
-
2014
- 2014-11-03 CN CN201410614457.1A patent/CN105635329A/en active Pending
-
2015
- 2015-06-26 WO PCT/CN2015/082563 patent/WO2016070633A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101252592A (en) * | 2008-04-14 | 2008-08-27 | ***电信传输研究所 | Method and system for tracing network source of IP network |
| CN101854360A (en) * | 2010-05-21 | 2010-10-06 | 恒安嘉新(北京)科技有限公司 | Device and method for tracing to the source of mobile subscriber cellphone number according to IP (Internet Protocol) address |
| US20120170512A1 (en) * | 2010-12-29 | 2012-07-05 | Industrial Technology Research Institute | System and method for application layer gateway assisted local ip access at a femto base station by network address translation |
| CN102790812A (en) * | 2012-07-31 | 2012-11-21 | 中国联合网络通信集团有限公司 | IP (internet protocol) address source tracing method, equipment and system based on mobile terminal |
| CN103532752A (en) * | 2013-10-10 | 2014-01-22 | 北京首信科技股份有限公司 | Management device and method for realizing integration of surfing logs of mobile internet users |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106067880A (en) * | 2016-06-13 | 2016-11-02 | 国家计算机网络与信息安全管理中心 | A kind of source tracing method of IP address based on 4G network |
| CN106067880B (en) * | 2016-06-13 | 2019-05-31 | 国家计算机网络与信息安全管理中心 | A kind of source tracing method of the IP address based on 4G network |
| CN107864062A (en) * | 2016-12-14 | 2018-03-30 | 中国电子科技网络信息安全有限公司 | A kind of container firewall system dispositions method |
| CN110351373A (en) * | 2019-07-15 | 2019-10-18 | 阳光电源股份有限公司 | A kind of long-distance monitoring method and device in power station |
| CN110351373B (en) * | 2019-07-15 | 2022-04-08 | 阳光电源股份有限公司 | Remote monitoring method and device for power station |
| CN110855503A (en) * | 2019-11-22 | 2020-02-28 | 叶晓斌 | Fault cause determining method and system based on network protocol hierarchy dependency relationship |
| CN114827126A (en) * | 2022-03-24 | 2022-07-29 | 中通服创立信息科技有限责任公司 | IPTVDN user play log reporting method and system |
| CN114827126B (en) * | 2022-03-24 | 2023-07-14 | 中通服创立信息科技有限责任公司 | IPTVCDN user play log reporting method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016070633A1 (en) | 2016-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105635329A (en) | Online log generation method and apparatus | |
| CN104811371B (en) | A kind of brand-new instantaneous communication system | |
| CN102055816A (en) | Communication method, business server, intermediate equipment, terminal and communication system | |
| CN102684969B (en) | VPN (virtual private network) node, VPN node identification analysis agency and method, VPN server | |
| CN101282503A (en) | Method for implementing carrying number as well as method for processing short message of number-carried user | |
| CN107667550A (en) | The method of request and its equipment are handled by polling channel in wireless communication system | |
| CN101442475A (en) | Distributed business acting method, network system and network appliance | |
| CN106331187A (en) | NAT (Network Address Translation) penetration method, device and system | |
| US20200367302A1 (en) | Method for accessing local network, and related device | |
| CN102209020B (en) | Service routing method, apparatus and system thereof | |
| CN101345657B (en) | Method and system for cluster management of multiple network elements based on simple network management protocol | |
| CN104253748A (en) | Routing method based on distributed architecture and routing system based on distributed architecture | |
| CN104883339A (en) | User privacy protecting method, equipment and system thereof | |
| CN103986902A (en) | Cloud video exchange conference device | |
| CN102970391B (en) | Inquiry of the domain name processing method, server and system | |
| CN106533884B (en) | A kind of message transmitting method, convergence device, interchanger and VRRP system | |
| CN104506405B (en) | The method and device of cross-domain access | |
| CN101690087A (en) | Lawful intercept to the data of roaming mobile node | |
| CN104811827A (en) | Message transmitting method, and code stream processing method and device | |
| CN112104680B (en) | Method, device and equipment for determining edge application and storage medium | |
| MX2007012292A (en) | Authentication method and authentication unit. | |
| US6880001B1 (en) | System for managing and exchanging telecommunication system subscriber data stored in a single logical subscriber database | |
| CN100450030C (en) | Mapping method for implementing connection from calling service grade to carrying calling | |
| CN114697885A (en) | LAN group charging method and related device | |
| CN106330831A (en) | User management method and system of government and enterprise network, service server and communication core network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160601 |