CN105959147B - Command storage method, client and central server - Google Patents

Command storage method, client and central server Download PDF

Info

Publication number
CN105959147B
CN105959147B CN201610412456.8A CN201610412456A CN105959147B CN 105959147 B CN105959147 B CN 105959147B CN 201610412456 A CN201610412456 A CN 201610412456A CN 105959147 B CN105959147 B CN 105959147B
Authority
CN
China
Prior art keywords
user
client
operation information
central server
user operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610412456.8A
Other languages
Chinese (zh)
Other versions
CN105959147A (en
Inventor
王继宗
于芝涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Hisense Media Network Technology Co Ltd
Original Assignee
Qingdao Hisense Media Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Hisense Media Network Technology Co Ltd filed Critical Qingdao Hisense Media Network Technology Co Ltd
Priority to CN201610412456.8A priority Critical patent/CN105959147B/en
Publication of CN105959147A publication Critical patent/CN105959147A/en
Application granted granted Critical
Publication of CN105959147B publication Critical patent/CN105959147B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a command storage method, a client and a central server. The method comprises the following steps: when monitoring that at least one user logs in a local server corresponding to a client, distributing a respective monitoring process for each user, wherein the monitoring process is used for monitoring an operation command input by the corresponding user; after determining that any monitoring process monitors an operation command input by a user, sending user operation information to a central server, wherein the user operation information comprises the operation command input by the user, an identifier of a client and an identifier of the user; and confirming the reception of an information response message returned by the central server, wherein the information response message is used for indicating that the user operation information is sent to the central server. The command storage method provided by the invention can avoid the user operation information from being changed or deleted, has higher safety and simultaneously improves the working efficiency of an administrator.

Description

Command storage method, client and central server
Technical Field
The present invention relates to the field of computers, and in particular, to a command storage method, a client, and a central server.
Background
With the development of computer technology, the application field of computers is wider and wider, more and more data are stored in the computers, and more analysis, calculation and simulation depend on the operating systems of the computers. Meanwhile, the computer and the operating system may have problems due to improper operations of the user or attacks of malicious users, so that recording commands executed by the user is necessary for subsequently analyzing operating system problems and protecting the computer operating system and data security.
When the existing operating system such as LINUX monitors that a user logs in the operating system, commands executed by the user are stored in a memory, and when the user logs out of the operating system, the commands of the user stored in the memory are transferred to a storage file. However, the user may delete or modify the command stored in the memory or in the storage file. Therefore, the existing command storage method has the problem of low safety.
Disclosure of Invention
The invention provides a command storage method, a client and a central server, which are used for solving the problem of low safety degree of the existing command storage method.
In a first aspect, the present invention provides a command storage method applied to clients, where each client corresponds to a local server, and the method includes:
when monitoring that at least one user logs in a local server corresponding to the client, allocating a respective monitoring process for each user, wherein the monitoring process is used for monitoring an operation command input by the corresponding user;
after determining that any monitoring process monitors an operation command input by a user, sending user operation information to a central server, wherein the user operation information comprises the operation command input by the user, the identification of the client and the identification of the user;
and confirming the reception of an information response message returned by the central server, wherein the information response message is used for indicating that the user operation information is sent to the central server.
The command storage method as described above, where sending the user operation information to the central server includes:
reading the operation command input by the user from an internal memory of the local server, and determining the user operation information according to the operation command input by the user, the identifier of the client and the identifier of the user; wherein the identity of the client is determined according to at least one of: a serial number of the local server, a MAC address of the local server, an IP address of the local server;
and encrypting the user operation information, and sending the encrypted user operation information to the central server.
In the command storage method, if it is determined that the information response message returned by the central server is not received within the preset time, the method further includes:
encrypting the user operation message to obtain encrypted user operation information, and storing the encrypted user operation message in an external memory;
and when any message sent by the central server is received, reading the encrypted user operation information from the external memory, and sending the encrypted user operation information to the central server.
The command storage method as described above, the method further comprising:
sending heartbeat information to the central server according to a preset time interval so that the central server can determine that the connection between the client and the central server is normal;
and confirming to receive a heartbeat response message returned by the central server, wherein the heartbeat response message is used for indicating that the heartbeat information is sent to the central server.
In a second aspect, the present invention provides a command storage method applied to a central server, including:
receiving user operation information sent by at least one client, and storing each piece of user operation information into an external memory of the central server, wherein each piece of user operation information comprises an operation command input by the user, an identifier of the client and an identifier of the user;
and sending an information response message to each client, wherein the information response message is used for indicating that the user operation information is sent to the central server.
Before receiving the user operation information sent by at least one client, the command storage method further includes:
judging whether heartbeat information sent by the client side is received within a preset time interval;
if so, sending a heartbeat response message to the client, wherein the heartbeat response message is used for indicating that heartbeat information is sent to the central server;
if not, sending an abnormal connection alarm message, wherein the abnormal connection alarm message comprises an identifier of the client with abnormal connection.
The command storage method described above, where the receiving user operation information sent by at least one client and storing each piece of the user operation information in an external memory of the central server, includes:
receiving encrypted user operation information sent by at least one client, and decrypting each encrypted user operation information to obtain decrypted user operation information;
and storing the operation command input by the user into an external memory of the central server according to the identification of the user and/or the identification of the client.
After receiving the user operation information sent by at least one client and storing each piece of user operation information in the external memory of the central server, the command storage method further includes:
judging whether the operation command input by the user in each user operation information accords with a preset alarm rule stored in an external memory of the central server;
and if so, sending an operation command abnormity warning message, wherein the operation command abnormity warning message comprises user operation information to which the illegal operation command belongs.
In a third aspect, the present invention provides a client, where each client corresponds to a local server, and the client includes:
the monitoring module is used for allocating a respective monitoring process to each user when monitoring that at least one user logs in a local server corresponding to the client, wherein the monitoring process is used for monitoring an operation command input by the corresponding user;
the user operation information sending module is used for sending user operation information to a central server after determining that any monitoring process monitors an operation command input by a user, wherein the user operation information comprises the operation command input by the user, the identification of the client and the identification of the user;
and the response message confirmation module is used for confirming that an information response message returned by the central server is received, wherein the information response message is used for indicating that the user operation information is sent to the central server.
In a fourth aspect, the present invention provides a central server, including:
the user operation information receiving and storing module is used for receiving user operation information sent by at least one client and storing each piece of user operation information into an external memory of the central server, wherein each piece of user operation information comprises an operation command input by the user, an identifier of the client and an identifier of the user;
and the response message sending module is used for sending an information response message to each client, wherein the information response message is used for indicating that the user operation information is sent to the central server.
According to the command storage method, the client and the central server provided by the invention, the client detects the operation command input by the user in the local server in real time, and sends the user operation information containing the operation command to the central server, so that the user operation information is prevented from being changed or deleted, the higher safety is achieved, meanwhile, the user operation information on at least one local server is uniformly sent to the central server, an administrator can conveniently manage the user operation information of a plurality of servers at the same time, the problem can be found in time, and the work efficiency of the administrator is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of an application scenario of an embodiment of a command storage method provided in the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a command storage method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of a command storage method according to the present invention;
FIG. 4 is a flowchart illustrating a third embodiment of a command storage method according to the present invention;
FIG. 5 is a flowchart illustrating a fourth embodiment of a command storage method according to the present invention;
FIG. 6 is a flowchart illustrating a fifth embodiment of a command storage method according to the present invention;
FIG. 7 is a flowchart illustrating a sixth embodiment of a command storage method according to the present invention;
FIG. 8 is a flowchart illustrating a seventh embodiment of a command storage method according to the present invention;
FIG. 9 is a signaling flow diagram of an embodiment of a command storage method provided by the present invention;
FIG. 10 is a schematic structural diagram of a first embodiment of a client according to the present invention;
fig. 11 is a schematic structural diagram of a second embodiment of a client according to the present invention;
fig. 12 is a schematic structural diagram of an embodiment of a central server provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Although the processing capacity of the processor and the transmission capability of the network are gradually increased, the amount of data to be processed in the actual use process of the processor is also greatly increased, the data processing capacity of a single server cannot meet the requirement of the big data era, and the mode of processing data by adopting a plurality of servers is more and more common. The plurality of servers can be dispersed at different positions far away from each other according to requirements, and can also be arranged at the same position, so that operation commands of users logging in the operating system need to be recorded for conveniently analyzing problems in the operating system of the servers and protecting the operating system and data safety. However, each server records the operation command of the user logged in the respective operating system, and the logged-in user can change the operation command record, so that an administrator can check whether the operating system and data of the current server have problems only by checking the changed user operation command record in the server on site, and the existing command storage method has low security and low efficiency because only on-site checking is available. The invention aims at the problems, and provides a command storage method, which uniformly sends the operation commands of users on a plurality of servers to a central server, the central server stores the operation command records of the users of the servers, and an administrator can master the operation commands of the users of all the servers in real time only by logging in the central server or keeping connection with the central server, thereby facilitating the management of the administrator on the servers, improving the safety of command storage and improving the efficiency.
Fig. 1 is a schematic view of an application scenario of an embodiment of a command storage method provided in the present invention. As shown in fig. 1, it comprises a central server 1 and at least one local server 2. Each server is provided with an operating system and a client for monitoring the operating system, and one server corresponds to one client. The client may be implemented by software or hardware, which is not limited by the present invention. The central server 1 further includes an external storage for receiving user operation information including user operation commands and records sent by the clients, and the external storage may be a hard disk, a floppy disk, an optical disk, a removable magnetic disk, or the like. Optionally, the central server 1 may further include a server corresponding to the client, where the server replaces the central server 1 to perform information interaction with the client, and the server on which the server is installed is the central server. In the following embodiments of the present invention, the method in which the execution main body is the central server may be replaced by a server side, and details are not described again. The server side may be implemented by software or hardware, which is not limited by the present invention. Each local server 2 is connected to the center server 1 and can perform data communication. Illustratively, the central server 1 and the local server 2 may be specifically any intelligent device such as a computer, a mobile phone, a tablet computer, a base station, and the like. The administrator can select any one of the local servers 2 as the central server 1 among the plurality of servers as needed.
The following embodiments of the present invention, with reference to the application scenario diagram provided in fig. 1, adopt specific embodiments to describe in detail the command storage method provided in the present invention.
Fig. 2 is a flowchart illustrating a first command storage method according to an embodiment of the present invention. As shown in fig. 2, the command storage method provided by the present invention is applied to clients, each client corresponds to a local server, and the method includes:
s201, when monitoring that at least one user logs in a local server corresponding to a client, distributing a respective monitoring process for each user, wherein the monitoring process is used for monitoring an operation command input by the corresponding user;
s202, after determining that any monitoring process monitors an operation command input by a user, sending user operation information to a central server, wherein the user operation information comprises the operation command input by the user, an identifier of a client and an identifier of the user;
s203, confirming the reception of the information response message returned by the central server, wherein the information response message is used for indicating that the user operation information is sent to the central server.
Specifically, in step 201, the client may be used as a background task running on the local server in the background of the operating system, and keep running state all the time, and automatically run and start monitoring when the operating system is started, and stop running when the operating system is closed. When the client monitors that the user logs in a local server corresponding to the client, a monitoring process is distributed for the user so as to monitor an operation command input by the user. When the client monitors that a plurality of users log in the operating system, a respective monitoring process is allocated to each user. For example, taking an operating system as a LINUX operating system as an example, the client may call a system command who carried by the LINUX operating system to monitor a user logged in the LINUX operating system, and the client may call a system command strace as a monitoring process to monitor an operating command input by the user. Optionally, the monitoring process may be a command carried by the operating system, or may also be a software or hardware functional module installed in the operating system, for example, when the operating system is a FreeBSD operating system, the monitoring process may be a watch system command in the FreeBSD operating system.
When the monitoring process monitors that the user inputs an operation command, the monitoring process stores the operation command input by the user, the time for the user to input the operation command and other information in an internal memory of the local server.
Specifically, in step 202, since when the user inputs the operation command, the information related to the operation command is stored in the internal memory of the local server, and the internal memory is a temporary storage module in direct communication with the processor, when the server is powered off, the data in the internal memory is lost, and the operation command record stored in the internal memory is recorded, which is not only easy to be lost and inconvenient for the administrator to view, but also has a risk of being modified by the user logged in the local server, when the client confirms that the monitoring process has the operation command input by the user, the client immediately sends the user operation information related to the operation command to the central server. When an administrator finds that an operating system or data has a problem, the local server with the problem can be determined according to the user operation information, and the user operation command causing the problem can be determined. For example, before sending the user operation information to the central server, the client receives a central server identifier preset by an administrator or sent by the central server, and each client determines to send the user operation information to the central server corresponding to the central server identifier according to the received central server identifier.
Optionally, on the basis of the embodiment shown in fig. 2, fig. 3 is a schematic flowchart of a second embodiment of a command storage method provided by the present invention, and details of sending the user operation information to the central server are described. As shown in fig. 3, step 202 specifically includes:
s301, reading an operation command input by a user from an internal memory of the local server, and determining user operation information according to the operation command input by the user, the identification of the client and the identification of the user;
s302, encrypting the user operation information and sending the encrypted user operation information to the central server.
Wherein the identity of the client is determined according to at least one of: a serial number of the local server, a MAC address of the local server, an IP address of the local server.
Specifically, the client reads an operation command input by the user from the internal memory of the local server. For example, taking the LINUX operating system as an operating system, the client may call a system command history carried by the LINUX operating system to read the user-input operating command stored in the internal memory.
And then the client determines the user operation information according to the operation command input by the user, the identification of the client and the identification of the user. Wherein the identity of the client is determined according to at least one of: a serial number of the local server, a Media Access Control (MAC) Address of the local server, and an Internet Protocol Address (IP Address) of the local server. For example, the identification of the client may also be other identifications that can distinguish different local servers, and the identification of the user may be a user name of the user, etc. The user identification can also comprise a user group, the user group represents the operation authority of the user, and the operation authority of the user determines which operation commands can be executed by the user.
And finally, the client encrypts the user operation information and sends the encrypted user operation information to the central server. Illustratively, the client transmits the user operation information by using a Hyper Text transfer protocol over Secure Socket Layer (HTTPS), so as to implement encrypted transmission. When the user operation information is intercepted, the intercepting party cannot acquire a specific operation command input by the user, and cannot modify and replace the encrypted user operation information, so that the safety of user command storage is ensured, and even if the user modifies the record of the user operation command stored in the local server, an administrator can acquire a real user operation command according to the user operation information stored in the central server. Optionally, the user operation information further includes time when the user logs in the local server, time when the user inputs each operation command, and the like.
Specifically, in step 203, the client confirms that the information response message returned by the central server is received, and when the client sends the user operation information to the central server once, the central server returns one information response message for indicating that the user operation information has been sent to the central server, and the central server may send corresponding information response messages for different user operation information, or may use the same information response message. Meanwhile, the client confirms that the connection between the client and the central server is normal by receiving an information response message returned by the central server.
The command storage method provided by the invention has the advantages that the client detects the operation command input by the user in the local server in real time, and sends the user operation information containing the operation command to the central server, so that the user operation information is prevented from being changed or deleted, the higher safety is realized, meanwhile, the user operation information on at least one local server is uniformly sent to the central server, the convenience is brought to an administrator to manage the user operation information of a plurality of servers simultaneously, the problem can be found in time, and the working efficiency of the administrator is improved.
Further, with reference to the embodiment shown in fig. 2 or fig. 3, fig. 4 is a schematic flowchart of a third embodiment of a command storage method provided by the present invention, and as shown in fig. 4, the command storage method provided by the present invention includes:
s401, when monitoring that at least one user logs in a local server corresponding to a client, distributing a respective monitoring process for each user, wherein the monitoring processes are used for monitoring operation commands input by the corresponding users;
s402, after determining that any monitoring process monitors an operation command input by a user, sending user operation information to a central server, wherein the user operation information comprises the operation command input by the user, an identifier of a client and an identifier of the user;
s403, judging whether an information response message returned by the central server is received within a preset time length; if yes, ending; if not, executing S404;
s404, encrypting the user operation message to obtain encrypted user operation information, and storing the encrypted user operation message in an external memory;
s405, when any message sent by the center server is received, the encrypted user operation information is read from the external memory, and the encrypted user operation information is sent to the center server.
Specifically, step 401 and step 402 are the same as step 201 and step 202 in the embodiment shown in fig. 2, and are not described again in the present invention.
Specifically, in step 403, it is determined whether an information response message returned by the central server is received within a preset time duration, if yes, steps 401 to 403 are the same as steps 201 to 203 in the embodiment shown in fig. 2, and details of the present invention are not repeated.
If the client does not receive the information response message returned by the central server within the preset time length, the connection between the client and the central server is abnormal, and the user operation information sent by the client cannot be determined to be received by the central server. Therefore, in step 404, the client encrypts the user operation message to obtain encrypted user operation information, and stores the encrypted user operation information in the external memory. Illustratively, the user operation information may be encrypted according to an Advanced Encryption Standard (AES). The user operation message is encrypted and then is transferred to the external memory, so that the user operation message can be prevented from being changed by a user or being lost due to power failure of the server, and the user operation message is encrypted, so that the security is high. Alternatively, the external memory may be a hard disk, a floppy disk, an optical disk, a removable magnetic disk, etc. of the local server. Alternatively, the external memory may be an external memory in a backup server connected to the local server.
Whether the connection between the client and the central server is abnormal or not, the client tries to send user operation information to the central server every time when monitoring an operation command input by a user, and the user operation information is transferred to the external memory after the information response message is not received, so that the client can automatically recover to send the user operation information to the central server when the connection between the client and the central server is normal.
Specifically, in step 405, when the client receives any message sent by the central server, it indicates that the connection between the client and the central server is restored to normal, so that the encrypted user operation information is read from the external memory and sent to the central server. Specifically, any message may be a connection normal indication message sent by the central server and received by the client, or an information response message corresponding to a certain user operation message and sent by the central server. By sending the user operation information to the central server in time, the safety is improved.
Optionally, when the client finds that the connection is abnormal, the client may also forward the user operation information to the external memory of the local server, and no longer send the forwarded user operation information to the central server; and informing the administrator of the abnormal connection, and waiting for the administrator to perform field examination to determine the problem.
Further, with reference to any of the above embodiments, fig. 5 is a schematic flowchart of a fourth embodiment of a command storage method provided by the present invention, and as shown in fig. 5, the command storage method provided by the present invention further includes:
s501, sending heartbeat information to a central server according to a preset time interval so that the central server can determine that the connection between the client and the central server is normal;
s502, confirming that a heartbeat response message returned by the central server is received, wherein the heartbeat response message is used for indicating that heartbeat information is sent to the central server.
Specifically, in step 501, the client sends heartbeat information to the central server according to a preset time interval, where the preset time interval may be set in advance for an administrator, or may be a preset time interval sent by the central server. Alternatively, the preset time interval is typically short, and may be 1 second. When the heartbeat information sent by the client is received by the central server every 1 second, the normal connection between the client and the central server can be confirmed, and the client is always kept online. Illustratively, the heartbeat information may include an identification of the client, time information, and the like.
Specifically, in step 502, the client confirms to receive a heartbeat response message returned by the central server, where the heartbeat response message is used to indicate that heartbeat information has been sent to the central server. Optionally, when the client does not receive the heartbeat response information returned by the central server within the preset time interval, the client may send an alarm message, which may be sent to a terminal device held or logged in by an administrator, or may alarm the administrator through a speaker, an alarm lamp, or the like.
Another aspect of the present invention provides a command storage method, where an execution subject of the method is a central server, and the method corresponds to the method embodiment shown in fig. 2 to 5 where the execution subject is a client, and has the same technical features and technical effects. Fig. 6 is a schematic flowchart of a fifth embodiment of a command storage method provided by the present invention, as shown in fig. 6, the method includes:
s601, receiving user operation information sent by at least one client, and storing each user operation information into an external memory of a central server, wherein each user operation information comprises an operation command input by a user, an identifier of the client and an identifier of the user;
s602, sending an information response message to each client, wherein the information response message is used for indicating that the user operation information is sent to the central server.
Specifically, in step 601, the central server receives user operation information sent by a plurality of clients, and stores each user operation information in an external memory of the central server. For example, before the central server receives the user operation information sent by the plurality of clients, the central server sends a central server identifier to the plurality of clients, and each client determines to send the user operation information to the central server corresponding to the central server identifier according to the received central server identifier. Optionally, when storing the user operation information, the central server may store the user operation information in an external memory of the central server according to the sequence of the receiving times, and optionally, the external memory may be a hard disk, a floppy disk, an optical disk, a removable disk, or the like of the local server, and may also be a database with a preset format.
Optionally, on the basis of the embodiment shown in fig. 6, fig. 7 is a schematic flowchart of a sixth embodiment of a command storage method provided by the present invention, and details of storing the user operation information in the external memory are described. As shown in fig. 7, step 601 specifically includes:
s701, receiving encrypted user operation information sent by at least one client, and decrypting each encrypted user operation information to obtain decrypted user operation information;
s702, storing the operation command input by the user into an external memory of the central server according to the identification of the user and/or the identification of the client.
Specifically, in step 701, the central server receives encrypted user operation information sent by the client, and decrypts each encrypted user operation information to obtain decrypted user operation information. Illustratively, the central server and the client transmit the user operation information by using HTTPS, thereby implementing encrypted transmission.
Specifically, in step 702, since each piece of decrypted user operation information includes the operation command input by the user, the identifier of the client, and the identifier of the user, the operation command input by the user may be stored in the external memory of the central server according to the identifier of the user and/or the identifier of the client.
For example, taking the LINUX operating system as an operating system corresponding to the client, the central server receives four pieces of user operation information sent by the client as follows,
message1{rm client1user1};
message2{ls client1user1};
message3{rm client2user2};
message4{cp client1user3};
when the central server stores the operation command according to the user identifier and/or the client identifier, the operation command input by the user may be stored in different files according to the difference between the user identifier and the client identifier, for example, the deletion (rm) in the message1 and the file (ls) in the viewing directory in the message2 are stored in the same file1 because the user identifier and the client identifier are the same, the rm in the message3 is stored in the file2, the copy (cp) in the message4 is stored in the file3, and the message4, the message1 and the message2 are from the same client, the file1 and the file3 may be stored in the same directory; when the central server receives new user operation information message5{ find client2user2}, since the user identifier and the client identifier in the message5 are both the same as the user identifier and the client identifier in the message3, the lookup (find) in the message5 is stored in the file 2.
Specifically, in step 602, after receiving the user operation information, the central server sends an information response message to the client that sent the user operation information, indicating that the user operation information has been sent to the central server. Optionally, the central server may generate different information response messages for each client according to different user operation information.
The command storage method provided by the invention has the advantages that the user operation information sent by the client is received, the user operation information is stored in the external memory, and the information response message is sent to the client, so that the user operation information is prevented from being changed or deleted at the client, the higher safety is realized, meanwhile, the user operation information sent by a plurality of clients is received and uniformly stored, the administrator can conveniently manage the user operation information of a plurality of local servers at the same time, the problems can be found in time, and the working efficiency of the administrator is improved.
With reference to the embodiment shown in fig. 6 or fig. 7, fig. 8 is a schematic flowchart of a seventh embodiment of a command storage method provided by the present invention, as shown in fig. 8, before step 601, the method further includes:
s801, judging whether heartbeat information sent by a client side is received within a preset time interval; if yes, go to S802; if not, executing S803;
s802, sending a heartbeat response message to the client, wherein the heartbeat response message is used for indicating that heartbeat information is sent to the central server;
s803, sending a connection abnormity warning message, wherein the connection abnormity warning message comprises the identification of the client with abnormal connection.
Specifically, the central server determines whether heartbeat information sent by the client is received within a preset time interval, where the preset time interval may be set by an administrator. Alternatively, the preset time interval is typically short, and may be 1 second. When the heartbeat information sent by the client is received by the central server every 1 second, the normal connection between the client and the central server can be confirmed, and the client is always kept online. Illustratively, the heartbeat information may include an identification of the client, time information, and the like.
When receiving the heartbeat information sent by the client, the center server executes step 802, and sends a heartbeat response message to the client, where the heartbeat response message is used to indicate that the heartbeat information has been sent to the center server.
When not receiving the heartbeat message sent by the client, the central server executes step 803, and sends a connection abnormity warning message, where the connection abnormity warning message includes an identifier of the client with abnormal connection. Optionally, for example, the warning message may be sent to a terminal device held by an administrator, or may also be sent to a terminal device logged in by a communication account of the administrator. Optionally, the administrator may be alerted through a speaker, an alarm lamp, or the like. The terminal device can be a server logged in by an administrator or a portable device such as a mobile phone and a tablet computer. The communication account can be a mailbox, a mobile phone number, a chat account and the like. Optionally, the connection abnormality warning message includes information such as an identifier and time of the client, so as to facilitate an administrator to quickly confirm the local server with the connection abnormality.
Optionally, on the basis of any of the above embodiments, after the central server stores the received user operation information in the external storage, the method further includes:
judging whether the operation command input by the user in each user operation information accords with a preset alarm rule stored in an external memory of the central server;
and if so, sending an operation command abnormity warning message, wherein the operation command abnormity warning message comprises user operation information to which the illegal operation command belongs.
Specifically, the central server determines whether an operation command input by a user in the received user operation information conforms to a preset alarm rule, and illustratively, an auditing module is arranged in the central server and is used for immediately auditing the operation command input by the user when the user operation information sent by the client is received and discovering possible illegal operations. Optionally, a preset alarm rule set by an administrator is prestored in the central server, the preset alarm rule is set according to the local server corresponding to the client, the identifier of the user, the operation command, the time and the like, the preset alarm rule may specifically be a common illegal operation, and when the operation command matches the preset alarm rule, the operation may be considered as an illegal operation.
When the operation command input by the user conforms to the preset alarm rule, the central server sends an operation command exception alarm message, which may be sent to a terminal device held by an administrator, or sent to a terminal device logged in by a communication account of the administrator, for example. Optionally, the administrator may be alerted through a speaker, an alarm lamp, or the like. The terminal device can be a server logged in by an administrator or a portable device such as a mobile phone and a tablet computer. The communication account can be a mailbox, a mobile phone number, a chat account and the like. The operation command abnormality warning message includes user operation information to which the illegal operation command belongs, so that an administrator can conveniently and quickly confirm information such as a local server and a user corresponding to the client side with the illegal operation.
The following describes the command storage method provided by the present invention by taking a client as an example by using a specific embodiment. The command storage method of multiple clients and central service is similar to the case of one client, and is not described in detail in the present invention.
Fig. 9 is a signaling flowchart of an embodiment of a command storage method provided in the present invention, as shown in fig. 9, including:
s901, configuring basic information;
specifically, the administrator configures basic information for the central server, where the basic information includes preset alarm rules, preset time intervals of heartbeat information, and the like.
S902, sending a preset time interval;
specifically, the central server sends a preset time interval of the heartbeat information to the client, and optionally, the preset time interval further includes a central server identifier.
S903, sending heartbeat information;
specifically, the client sends heartbeat information to the central server according to a preset time interval, and step 903 may be executed multiple times in a single operation command storage process.
S904, returning a heartbeat response message;
specifically, the central server judges whether heartbeat information sent by the client is received within a preset time interval, if so, S904 is executed, and a heartbeat response message is returned to the client; if not, sending a connection abnormity warning message, finishing the operation command storage process, and waiting for the confirmation of the problem by the administrator to recover the connection.
S905, monitoring an operation command input by a user;
specifically, the client monitors a user logged in to the local server, and monitors an operation command input by the user.
S906, sending user operation information;
illustratively, after monitoring that a user inputs an operation command, the client encrypts and transmits the operation command, the client identifier and the user identifier stored in the internal memory to the central server.
S907, returning an information response message;
specifically, after receiving the user operation information sent by the client, the central server returns an information response message to the client to indicate that the user operation information has been successfully sent. Illustratively, the client confirms that the connection between the client and the central server is normal through the information response message, and the central server confirms that the connection between the client and the central server is normal through the heartbeat message.
S908, checking user operation information;
specifically, the central server checks an operation command input by a user of the depositor according to a preset alarm rule, and if no illegal operation is found, the operation command storage process is finished; and if the illegal operation is found, sending an operation command abnormal alarm message to remind an administrator to check.
The present invention further provides a client and a central server, which are respectively used for executing the command storage method in the above embodiments, and have the same technical features and technical effects, and the present invention is not described in detail herein.
Another aspect of the present invention provides a client, where each client corresponds to a local server, and fig. 10 is a schematic structural diagram of a first embodiment of a client provided by the present invention, as shown in fig. 10, including:
the monitoring module 1001 is configured to, when it is monitored that at least one user logs in a local server corresponding to a client, allocate a respective monitoring process to each user, where the monitoring process is used to monitor an operation command input by the corresponding user;
the user operation information sending module 1002 is configured to send user operation information to the central server after determining that any monitoring process monitors an operation command input by a user, where the user operation information includes the operation command input by the user, an identifier of the client, and an identifier of the user;
a response message confirmation module 1003, configured to confirm that the information response message returned by the central server is received, where the information response message is used to indicate that the user operation information has been sent to the central server.
Optionally, with reference to the foregoing embodiment, the user operation information sending module 1002 includes:
a user operation information obtaining unit, configured to read an operation command input by a user from an internal memory of the local server, and determine user operation information according to the operation command input by the user, an identifier of the client, and an identifier of the user; wherein the identity of the client is determined according to at least one of: the serial number of the local server, the MAC address of the local server and the IP address of the local server;
and the user operation information encryption sending unit is used for encrypting the user operation information and sending the encrypted user operation information to the central server.
Optionally, on the basis of any of the above embodiments, fig. 11 is a schematic structural diagram of a second client embodiment provided by the present invention, and as shown in fig. 11, the second client embodiment includes:
the monitoring module 1101 is configured to, when it is monitored that at least one user logs in a local server corresponding to a client, allocate a respective monitoring process to each user, where the monitoring process is used to monitor an operation command input by the corresponding user;
the user operation information sending module 1102 is configured to send user operation information to the central server after determining that any monitoring process monitors an operation command input by a user, where the user operation information includes the operation command input by the user, an identifier of the client, and an identifier of the user;
a response message determining module 1103, configured to determine whether an information response message returned by the central server is received, where the information response message is used to indicate that the user operation information has been sent to the central server;
a response message storage module 1104, configured to encrypt the user operation message to obtain encrypted user operation information if the response message determining module 1103 determines that the information response message returned by the central server is not received within a preset time duration, and store the encrypted user operation message in an external memory;
the user operation information sending module 1102 is further configured to, when receiving any message sent by the central server, read the encrypted user operation information from the external memory, and send the encrypted user operation information to the central server.
Optionally, on the basis of the foregoing embodiment, the client further includes:
the heartbeat message sending module is used for sending heartbeat information to the central server according to a preset time interval so that the central server can determine that the connection between the client and the central server is normal;
the response message confirmation module 1003 is further configured to confirm that the heartbeat response message returned by the central server is received, where the heartbeat response message is used to indicate that the heartbeat information has been sent to the central server.
Another aspect of the present invention provides a central server, fig. 12 is a schematic structural diagram of an embodiment of the central server provided in the present invention, as shown in fig. 12, including:
a user operation information receiving and storing module 1201, configured to receive user operation information sent by at least one client, and store each user operation information in an external memory of the central server, where each user operation information includes an operation command input by a user, an identifier of the client, and an identifier of the user;
a response message sending module 1202, configured to send an information response message to each client, where the information response message is used to indicate that the user operation information has been sent to the central server.
Optionally, on the basis of the foregoing embodiment, the central server further includes:
the heartbeat information judging module is used for judging whether heartbeat information sent by the client side is received within a preset time interval;
the alarm message sending module is used for sending abnormal connection alarm messages when the heartbeat information sent by the client is not received, wherein the abnormal connection alarm messages comprise the identification of the client with abnormal connection;
the response message sending module is further configured to send a heartbeat response message to the client when receiving the heartbeat message sent by the client, where the heartbeat response message is used to indicate that the heartbeat message has been sent to the central server.
Optionally, on the basis of the foregoing embodiment, the user operation information receiving and storing module 1201 includes:
the decryption unit is used for receiving the encrypted user operation information sent by at least one client and decrypting each encrypted user operation information to obtain decrypted user operation information;
and the storage unit is used for storing the operation command input by the user into an external memory of the central server according to the identification of the user and/or the identification of the client.
Optionally, on the basis of the foregoing embodiment, the central server further includes:
the user operation information judging module is used for judging whether the operation command input by the user in each user operation information accords with a preset alarm rule stored in an external memory of the central server;
the alarm message sending module is further used for sending an operation command exception alarm message when the operation command input by the user accords with a preset alarm rule, wherein the operation command exception alarm message comprises user operation information to which the illegal operation command belongs.
Optionally, the user operation information determining module in the foregoing embodiment may be disposed in the central server, or may be disposed outside the central server, and is connected through a network. When the server side and the client side are communicated in the same mode, the user operation information judging module and the server side are two different modules arranged on the central server.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1. A command storage method is applied to clients, each client corresponds to a local server, and the command storage method comprises the following steps:
when monitoring that at least one user logs in a local server corresponding to the client, allocating a respective monitoring process for each user, wherein the monitoring process is used for monitoring an operation command input by the corresponding user;
after determining that any monitoring process monitors an operation command input by a user, sending user operation information to a central server, wherein the user operation information comprises the operation command input by the user, the identification of the client and the identification of the user;
confirming that an information response message returned by the central server is received, wherein the information response message is used for indicating that the user operation information is sent to the central server;
the sending of the user operation information to the central server includes:
reading the operation command input by the user from an internal memory of the local server, and determining the user operation information according to the operation command input by the user, the identifier of the client and the identifier of the user; wherein the identity of the client is determined according to at least one of: a serial number of the local server, a MAC address of the local server, an IP address of the local server;
and encrypting the user operation information, and sending the encrypted user operation information to the central server.
2. The method according to claim 1, wherein if it is determined that the information response message returned by the central server is not received within a preset time period, the method further comprises:
encrypting the user operation message to obtain encrypted user operation information, and storing the encrypted user operation message in an external memory;
and when any message sent by the central server is received, reading the encrypted user operation information from the external memory, and sending the encrypted user operation information to the central server.
3. The method of claim 1, further comprising:
sending heartbeat information to the central server according to a preset time interval so that the central server can determine that the connection between the client and the central server is normal;
and confirming to receive a heartbeat response message returned by the central server, wherein the heartbeat response message is used for indicating that the heartbeat information is sent to the central server.
4. A command storage method is applied to a central server, each client corresponds to a local server, and the command storage method comprises the following steps:
receiving user operation information sent by at least one client, and storing each piece of user operation information into an external memory of the central server, wherein each piece of user operation information comprises an operation command input by the user, an identifier of the client and an identifier of the user; wherein the identity of the client is determined according to at least one of: the serial number of the local server, the MAC address of the local server and the IP address of the local server;
sending an information response message to each client, wherein the information response message is used for indicating that the user operation information is sent to the central server;
the receiving user operation information sent by at least one client and storing each user operation information in an external memory of the central server includes:
receiving encrypted user operation information sent by at least one client, and decrypting each encrypted user operation information to obtain decrypted user operation information;
and storing the operation command input by the user into an external memory of the central server according to the identification of the user and/or the identification of the client.
5. The method according to claim 4, wherein before receiving the user operation information sent by the at least one client, the method further comprises:
judging whether heartbeat information sent by the client side is received within a preset time interval;
if so, sending a heartbeat response message to the client, wherein the heartbeat response message is used for indicating that heartbeat information is sent to the central server;
if not, sending an abnormal connection alarm message, wherein the abnormal connection alarm message comprises an identifier of the client with abnormal connection.
6. The method according to claim 4 or 5, wherein after receiving the user operation information sent by at least one client and storing each user operation information in an external memory of the central server, the method further comprises:
judging whether the operation command input by the user in each user operation information accords with a preset alarm rule stored in an external memory of the central server;
and if so, sending an operation command abnormity warning message, wherein the operation command abnormity warning message comprises user operation information to which the illegal operation command belongs.
7. A client, wherein each client corresponds to a local server, comprising:
the monitoring module is used for allocating a respective monitoring process to each user when monitoring that at least one user logs in a local server corresponding to the client, wherein the monitoring process is used for monitoring an operation command input by the corresponding user;
the user operation information sending module is used for sending user operation information to a central server after determining that any monitoring process monitors an operation command input by a user, wherein the user operation information comprises the operation command input by the user, the identification of the client and the identification of the user;
a response message confirmation module, configured to confirm that an information response message returned by the central server is received, where the information response message is used to indicate that the user operation information has been sent to the central server;
the user operation information sending module comprises:
a user operation information obtaining unit, configured to read an operation command input by the user from an internal memory of the local server, and determine the user operation information according to the operation command input by the user, the identifier of the client, and the identifier of the user; wherein the identity of the client is determined according to at least one of: a serial number of the local server, a MAC address of the local server, an IP address of the local server;
and the user operation information encryption sending unit is used for encrypting the user operation information and sending the encrypted user operation information to the central server.
8. A central server, wherein each client corresponds to a local server, comprising:
the user operation information receiving and storing module is used for receiving user operation information sent by at least one client and storing each piece of user operation information into an external memory of the central server, wherein each piece of user operation information comprises an operation command input by the user, an identifier of the client and an identifier of the user; wherein the identity of the client is determined according to at least one of: the serial number of the local server, the MAC address of the local server and the IP address of the local server;
a response message sending module, configured to send an information response message to each client, where the information response message is used to indicate that user operation information has been sent to the central server;
the user operation information receiving and storing module comprises:
the decryption unit is used for receiving the encrypted user operation information sent by at least one client and decrypting each encrypted user operation information to obtain decrypted user operation information;
and the storage unit is used for storing the operation command input by the user into an external memory of the central server according to the identification of the user and/or the identification of the client.
CN201610412456.8A 2016-06-13 2016-06-13 Command storage method, client and central server Active CN105959147B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610412456.8A CN105959147B (en) 2016-06-13 2016-06-13 Command storage method, client and central server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610412456.8A CN105959147B (en) 2016-06-13 2016-06-13 Command storage method, client and central server

Publications (2)

Publication Number Publication Date
CN105959147A CN105959147A (en) 2016-09-21
CN105959147B true CN105959147B (en) 2019-12-24

Family

ID=56909054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610412456.8A Active CN105959147B (en) 2016-06-13 2016-06-13 Command storage method, client and central server

Country Status (1)

Country Link
CN (1) CN105959147B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107730221A (en) * 2017-11-30 2018-02-23 上海宝冶集团有限公司 A kind of information of building project coupling management method based on information exchange platform
CN112044057B (en) * 2020-09-17 2024-06-25 网易(杭州)网络有限公司 Game state monitoring method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101639866A (en) * 2008-07-31 2010-02-03 株式会社理光 Operations information management system
CN102170494A (en) * 2011-03-30 2011-08-31 深圳市五巨科技有限公司 Method and system for recording operation process of mobile terminal as well as mobile terminal
CN103188092A (en) * 2011-12-28 2013-07-03 ***通信集团北京有限公司 Remote equipment control method, remote equipment control device and control server
CN103631673A (en) * 2012-08-22 2014-03-12 鸿富锦精密工业(深圳)有限公司 Electronic equipment and user operation information backup method
CN104793836A (en) * 2014-01-16 2015-07-22 中兴通讯股份有限公司 Information processing method and device based on user operations and terminal
CN104809057A (en) * 2014-01-29 2015-07-29 株式会社Sji Application test system, application test method and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101639866A (en) * 2008-07-31 2010-02-03 株式会社理光 Operations information management system
CN102170494A (en) * 2011-03-30 2011-08-31 深圳市五巨科技有限公司 Method and system for recording operation process of mobile terminal as well as mobile terminal
CN103188092A (en) * 2011-12-28 2013-07-03 ***通信集团北京有限公司 Remote equipment control method, remote equipment control device and control server
CN103631673A (en) * 2012-08-22 2014-03-12 鸿富锦精密工业(深圳)有限公司 Electronic equipment and user operation information backup method
CN104793836A (en) * 2014-01-16 2015-07-22 中兴通讯股份有限公司 Information processing method and device based on user operations and terminal
CN104809057A (en) * 2014-01-29 2015-07-29 株式会社Sji Application test system, application test method and storage medium

Also Published As

Publication number Publication date
CN105959147A (en) 2016-09-21

Similar Documents

Publication Publication Date Title
US11157630B2 (en) Migrating data between databases
JP6082589B2 (en) Encryption key management program, data management system
EP3155754B1 (en) Methods, systems and computer program product for providing encryption on a plurality of devices
JP2021022945A (en) Data security using request-supplied keys
US9825932B2 (en) Storage system and method of storing and managing data
KR101966767B1 (en) System for managing encryption keys for cloud services
US20150312243A1 (en) Storage system and method of storing and managing data
CN110661748B (en) Log encryption method, log decryption method and log encryption device
CN104520873A (en) Systems and methods for securing and restoring virtual machines
CN109450777B (en) Session information extraction method, device, equipment and medium
CN110855699B (en) Flow auditing method and device, server and auditing equipment
JP6371184B2 (en) Data management system, data management method, and client terminal
US20210350017A1 (en) Encryption system
CN103973715B (en) Cloud computing security system and method
CN110888778B (en) Cloud desktop-based log file monitoring system and method
CN104967591A (en) Cloud storage data read-write method and device, and read-write control method and device
CN105530266A (en) Exequatur management method, device and system
CN108289074B (en) User account login method and device
EP2942899B1 (en) Information processing method, trust server and cloud server
CN106919850B (en) File encryption and decryption method and device
WO2013008351A1 (en) Data distributed storage system
CN105959147B (en) Command storage method, client and central server
CN105183402A (en) Data storage method
CN107231245B (en) Method and device for reporting monitoring log, and method and device for processing monitoring log
EP3839924A1 (en) System and method for secret sharing of files

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant