CN110224858B - Log-based alarm method and related device - Google Patents

Log-based alarm method and related device Download PDF

Info

Publication number
CN110224858B
CN110224858B CN201910405795.7A CN201910405795A CN110224858B CN 110224858 B CN110224858 B CN 110224858B CN 201910405795 A CN201910405795 A CN 201910405795A CN 110224858 B CN110224858 B CN 110224858B
Authority
CN
China
Prior art keywords
alarm
data
equipment
log
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910405795.7A
Other languages
Chinese (zh)
Other versions
CN110224858A (en
Inventor
谢文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910405795.7A priority Critical patent/CN110224858B/en
Publication of CN110224858A publication Critical patent/CN110224858A/en
Application granted granted Critical
Publication of CN110224858B publication Critical patent/CN110224858B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Alarm Systems (AREA)

Abstract

The embodiment of the invention discloses a log-based alarm method and a related device, and the method is suitable for safety management. The method comprises the following steps: when any one of the terminal devices is detected to be abnormal, the network device acquires a log file generated when any one of the terminal devices is abnormal; the network equipment carries out log formatting processing on the log file to obtain a log file with a target format; the method comprises the steps that the network equipment reads log data in a log file with a target format and obtains characteristic data used for triggering abnormal alarms in the log data; and the network equipment generates alarm indication information based on the characteristic data, sends the alarm indication information to the server and indicates the server to carry out abnormal alarm of any terminal equipment. By adopting the embodiment of the invention, the performance requirements of the equipment and the server can be effectively reduced, the problem of incompatibility of partial equipment protocols is avoided, the alarm speed can be increased, the flexibility is high, and the application range is wide.

Description

Log-based alarm method and related device
Technical Field
The invention relates to the technical field of computers, in particular to a log-based alarm method and a related device.
Background
With the continuous development of scientific technology, the utilization rate of enterprise equipment is higher and higher, and the safety of various equipment is gradually improved. It is understood that the equipment failure may cause the reduction of the whole equipment system working capability and even lead to the breakdown of the whole equipment system. In order to quickly solve the risk and the fault generated by the equipment and monitor the equipment state of each equipment in real time, when the equipment is in fault, the server actively collects alarm data and triggers an alarm, and simultaneously responds to the alarm and equipment maintenance personnel adopt a corresponding processing solution.
However, the existing alarm mode has high performance requirements on equipment and a server, and cannot respond to an alarm or cannot respond in time due to incompatibility of partial equipment protocols, so that property loss is brought to an equipment system, the alarm flexibility is not high, and the applicability is low.
Disclosure of Invention
The embodiment of the invention provides a log-based alarm method and a related device, which can reduce the performance consumption of equipment and a server, solve the problem of incompatible protocols of equipment of part manufacturers, effectively reduce alarm triggering time, and have higher flexibility and wide application range.
In a first aspect, an embodiment of the present invention provides a log-based alarm method, where the method includes:
when any terminal equipment in all terminal equipment is detected to be abnormal, the network equipment acquires a log file generated when any terminal equipment is abnormal;
the network equipment carries out log formatting processing on the log file to obtain a log file with a target format, wherein the target format is the same format as the log file of each terminal equipment after log formatting processing;
the network equipment reads the log data in the log file with the target format and acquires the characteristic data used for triggering abnormal alarm in the log data;
and the network equipment generates alarm indication information based on the characteristic data, sends the alarm indication information to a server and indicates the server to carry out abnormal alarm of any terminal equipment.
In the embodiment of the invention, the network equipment is adopted to actively acquire the log file generated when the terminal equipment is abnormal, thereby avoiding the alarm delay caused by the collection of the log file by the server and effectively reducing the alarm triggering time. Meanwhile, all the terminal devices uniformly generate the log files in the same target format, so that the problem that part of the devices and related protocols are incompatible can be effectively solved, the application range of the embodiment of the invention is expanded, and the flexibility is high.
With reference to the first aspect, in a possible implementation manner, the performing, by the network device, log formatting on the log file to obtain a log file with a target format includes:
the network equipment matches file data of a log file generated by any terminal equipment when the terminal equipment is abnormal with file screening parameters, and determines the file data successfully matched with the file screening parameters as target data;
and the network equipment carries out data formatting processing on the target data to obtain data with a target format, and generates a log file with the target format based on the data with the target format.
In the embodiment of the invention, the target data is screened out through the file screening parameters, so that the file capacity of the log file with the target format can be reduced, the file transmission time is further reduced, the performance consumption of network equipment can be further reduced, and the applicability is high.
With reference to the first aspect, in a possible implementation manner, the obtaining feature data used for triggering an abnormal alarm in the log data includes:
the network equipment intercepts a data segment belonging to a preset alarm attribute from the log data based on the preset alarm attribute, and determines the data segment as feature data for triggering abnormal alarm, wherein the preset alarm attribute comprises one or more combinations of grade, time, reason and position;
and/or the network equipment matches the log data with a preset alarm attribute data segment, and determines a data segment successfully matched with the preset alarm attribute data segment as characteristic data for triggering an abnormal alarm, wherein the preset alarm attribute data segment is a data segment of one or more preset alarm attributes for describing the grade, time, reason and position of the alarm;
the characteristic data comprises one or more combinations of alarm levels corresponding to the levels, alarm occurrence time stamps corresponding to the time, alarm reasons corresponding to the reasons and alarm equipment positions corresponding to the positions.
With reference to the first aspect, in a possible implementation manner, the generating, by the network device, alarm indication information based on the feature data, and sending the alarm indication information to a server includes:
the network equipment determines a data tag corresponding to the characteristic data based on the equipment type of any terminal equipment, wherein the data tag is used for determining a server for receiving the characteristic data;
and the network equipment generates alarm indication information based on the characteristic data and the data label and sends the alarm indication information to the server.
With reference to the first aspect, in a possible implementation manner, the alarm indication information includes alarm level information and alarm information; the instructing the server to perform the abnormal alarm of any one of the terminal devices includes:
the network equipment instructs the server to determine an alarm mode corresponding to any terminal equipment based on the alarm level indicated by the alarm level information based on the alarm indication information; the network equipment judges whether the alarm level is greater than a preset alarm level;
if the alarm level is greater than a preset alarm level, the network equipment instructs the server to send the alarm information to alarm receiving equipment based on the alarm mode;
if the alarm level is not greater than a preset alarm level, the network device instructs the server to send the alarm information to the alarm receiving device based on the alarm mode when the alarm occurrence frequency corresponding to the alarm level is greater than or equal to a preset frequency;
the alarm information at least comprises an alarm event, an alarm equipment identifier, an alarm equipment position, an alarm sending timestamp and an alarm reason.
In the embodiment of the invention, whether the server is instructed to send the alarm information is determined by judging whether the alarm level is greater than the preset alarm level, and the alarm information with higher alarm level can be preferentially sent to the alarm receiving equipment. Meanwhile, the system consumption and the untimely response of high-level alarm caused by sending a large amount of low-level alarm information to the alarm receiving equipment are avoided, and the alarm receiving equipment is convenient to manage the alarm.
With reference to the first aspect, in a possible implementation manner, after the instructing the server to send the alarm information to an alarm receiving device based on the alarm mode, the method further includes:
the network equipment instructs the server to store the alarm information into a database to obtain standby information, wherein the database comprises the alarm information of one or more terminal equipment except any terminal equipment;
and when the alarm information of the target terminal equipment in each terminal equipment is displayed and/or inquired based on the display equipment, indicating the server to acquire the alarm information of the target terminal equipment from the standby information and outputting the alarm information of the target terminal equipment to the display equipment.
In the embodiment of the invention, after the indication server sends the alarm information to the alarm receiving equipment, the network equipment can store the alarm information into the database, and can correct and optimize the similar problems currently existing in the enterprise based on the standby information in the database so as to be used for subsequent upgrading and reconstruction of enterprise equipment, thereby improving the alarm processing speed and accuracy of the enterprise and stopping damage in time.
In a second aspect, an embodiment of the present invention provides a log-based alarm device, where the alarm device includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a log file generated when any one terminal device in each terminal device is detected to be abnormal;
a generating unit, configured to perform log formatting processing on the log file acquired by the acquiring unit to obtain a log file with a target format, where the target format is the same format as the log file of each terminal device after the log formatting processing;
the acquiring unit is configured to read the log data in the log file with the target format obtained by the generating unit, and acquire feature data used for triggering an abnormal alarm in the log data;
and the sending unit is used for generating alarm indication information based on the characteristic data, sending the alarm indication information to a server and indicating the server to carry out abnormal alarm of any terminal equipment.
With reference to the second aspect, in a possible implementation manner, the above-mentioned warning device includes:
the processing unit is used for matching file data of the log file generated by any terminal equipment when an abnormality occurs with file screening parameters, and determining the file data successfully matched with the file screening parameters as target data;
the generating unit is configured to perform data formatting processing on the target data to obtain data in a target format, and generate a log file in the target format based on the data in the target format.
With reference to the second aspect, in a possible implementation manner, the processing unit is configured to:
based on a preset alarm attribute, intercepting a data segment belonging to the preset alarm attribute from the log data, and determining the data segment as feature data for triggering abnormal alarm, wherein the preset alarm attribute comprises one or more combinations of grade, time, reason and position;
and/or matching the log data with a preset alarm attribute data segment, and determining the data segment successfully matched with the preset alarm attribute data segment as characteristic data for triggering abnormal alarm, wherein the preset alarm attribute data segment is a data segment of one or more preset alarm attributes for describing the grade, time, reason and position of the alarm;
the characteristic data comprises one or more combinations of alarm levels corresponding to the levels, alarm occurrence time stamps corresponding to the time, alarm reasons corresponding to the reasons and alarm equipment positions corresponding to the positions.
With reference to the second aspect, in a possible implementation manner, the processing unit is configured to:
determining a data tag corresponding to the characteristic data based on the device type of any terminal device, wherein the data tag is used for determining a server for receiving the characteristic data;
the generating unit is configured to generate alarm indication information based on the feature data and the data tag, and send the alarm indication information to the server.
With reference to the second aspect, in a possible implementation manner, the alarm indication information includes alarm level information and alarm information; the indicating unit is configured to indicate, based on the alarm indication information, the server to determine an alarm mode corresponding to any terminal device based on an alarm level indicated by the alarm level information;
the above-mentioned alarm device includes:
the judging unit is used for judging whether the alarm level is greater than a preset alarm level or not;
the indicating unit is used for indicating the server to send the alarm information to the alarm receiving equipment based on the alarm mode when the alarm level is greater than a preset alarm level;
the indicating unit is configured to, when the alarm level is not greater than a preset alarm level and the alarm occurrence frequency corresponding to the alarm level is greater than or equal to a preset frequency, indicate the server to send the alarm information to the alarm receiving device based on the alarm manner;
the alarm information at least comprises an alarm event, an alarm equipment identifier, an alarm equipment position, an alarm sending timestamp and an alarm reason.
With reference to the second aspect, in a possible implementation manner, the above warning apparatus further includes:
a storage unit, further configured to instruct the server to store the alarm information in a database to obtain standby information, where the database includes alarm information of one or more terminal devices except the any terminal device;
the acquiring unit is further configured to instruct the server to acquire the warning information of the target terminal device from the standby information and output the warning information of the target terminal device to the display device when the warning information of the target terminal device in the terminal devices is displayed and/or queried based on the display device.
In the embodiment of the invention, the alarm can be managed in a grading way based on each module in the alarm device, and the alarm grade of the equipment can be determined based on different alarm modes. Meanwhile, the log files generated by each terminal device when abnormal are formatted to obtain the log files in the same target format, so that the alarm management of the alarm receiving device is facilitated, the performance loss of the alarm receiving device is reduced, the response speed and the management efficiency of the alarm are greatly improved, and the applicability is higher.
In a third aspect, an embodiment of the present invention provides a network device, where the network device includes a processor and a memory, and the processor and the memory are connected to each other. The memory is configured to store a computer program that enables the target device to perform the method provided by the first aspect and/or any one of the possible implementation manners of the first aspect, where the computer program includes program instructions, and the processor is configured to call the program instructions to perform the method provided by the first aspect and/or any one of the possible implementation manners of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, the computer program including program instructions, and when executed by a processor, the processor is configured to perform the method provided by the first aspect and/or any one of the possible implementation manners of the first aspect.
In the embodiment of the invention, under different application scenes and equipment selection, the situation that the terminal equipment and the protocols in the terminal equipment are incompatible can be avoided, the performance requirement of the alarm receiving equipment for receiving the alarm information is greatly reduced, and the alarm response speed is further improved. Different alarm modes are matched for the terminal equipment through different alarm levels, the alarm receiving equipment can directly determine the alarm level of the terminal equipment based on the different alarm modes, and different alarm response measures can be taken according to the different alarm levels. Whether to send the alarm information is determined by judging whether the alarm level is greater than the preset alarm level, and the alarm information with higher alarm level can be preferentially sent to the alarm receiving equipment. Meanwhile, the system consumption and the untimely response of high-level alarm caused by sending a large amount of low-level alarm information to the alarm receiving equipment are avoided, and the alarm receiving equipment is convenient to manage the alarm.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention. For a person skilled in the art, without inventive effort, further figures can be obtained from these figures.
FIG. 1 is a flow chart diagram of a log-based alarm method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a log-based alarm device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The alarm method based on the log provided by the embodiment of the invention can be widely applied to equipment alarm systems consisting of various types of equipment. The network equipment carries out formatting treatment on the log files generated by each terminal equipment when abnormality occurs to obtain the log files in a uniform target format, and the log files are actively reported to the server, so that the alarm time and the performance consumption of the server can be effectively reduced, meanwhile, the log files in the same target format can avoid the problem of protocol incompatibility caused by different equipment, the alarm flexibility is high, and the application range is wide.
The following describes in detail the log-based alarm method and related apparatus provided by the embodiment of the present invention with reference to fig. 1 to 3, respectively.
Referring to fig. 1, fig. 1 is a schematic flowchart of an alarm method based on a log according to an embodiment of the present invention. The log-based alarm method provided by the embodiment of the invention can comprise the following steps S11-S14:
s11, when any terminal device in the terminal devices is detected to be abnormal, the network device acquires a log file generated when any terminal device is abnormal.
In some possible embodiments, the terminal device includes, but is not limited to, a computer, a server, a mobile terminal, a switch, a router, a modem, a door lock, an Uninterruptible Power Supply (UPS), a monitor, a camera, and other devices that can transmit data based on a network, and may be determined according to an actual application scenario, which is not limited herein.
In some feasible embodiments, because each terminal device generates a log to record the working condition of the terminal device itself during the operation process, when any terminal device in each terminal device is detected to be abnormal, the network device can directly acquire the log file generated by any terminal device when the any terminal device is abnormal. At this time, the data recorded in the log file is abnormal data of any one of the terminal devices when an abnormality occurs, that is, the log file acquired by the network device at this time includes the abnormality information of any one of the terminal devices. It is easy to understand that the software and hardware information of any terminal device, the error in the checking configuration process and the reason of the error can be known in time by checking the log file. Therefore, in order to conveniently collect and uniformly manage the log file, the network device may obtain the abnormal information generated by any one of the terminal devices when an abnormality occurs, by means of a manner including, but not limited to, a wireless network, bluetooth, a cellular mobile network, and the like. It can be understood that, the adoption of the network device to actively acquire the log file generated when any one of the terminal devices is abnormal does not affect the server or the performance of each terminal device, and can effectively shorten the time for acquiring the log file generated when any one of the terminal devices is abnormal. It should be particularly noted that the exception occurring in any terminal device may be a software exception generated by the terminal device in the processes including but not limited to interface logic operation, interface call, data filtering, data configuration, and the like, or may also be a hardware (physical) fault generated by the terminal device in the operation process, which may be specifically determined according to an actual application scenario, which is not limited herein. Meanwhile, the network device may perform real-time detection on the operation conditions of the terminal devices, and when any one of the terminal devices is abnormal, the network device may acquire the log file generated when any one of the terminal devices is abnormal, or may not perform real-time detection on the operation conditions of the terminal devices, and when any one of the terminal devices is abnormal, the network device may be triggered to acquire the log file generated when any one of the terminal devices is abnormal based on the abnormal information when any one of the terminal devices is abnormal, which may be determined according to an actual application scenario, and is not limited herein.
And S12, the network equipment performs log formatting processing on the log file to obtain the log file with a target format, wherein the target format is the same format as the log file of each terminal equipment after log formatting processing.
In some possible embodiments, after the network device obtains the log file, in order to increase the transmission speed of the log, the log file may be subjected to log formatting processing to obtain a log file with a target format. It should be noted that the target format is the same format that the log files of the terminal devices have after the log formatting process, that is, the format of the log files after the log formatting process of the network device is the same format. The log formatting may be implemented by a format conversion tool, or implemented by a predetermined program or control in the network device, which is not limited herein.
In some possible embodiments, since a log file generated by any of the terminal devices when an abnormality occurs may include a large amount of unnecessary information, in order to ensure that the capacity of the log file uploaded by the network device is as small as possible to increase the transmission speed, the network device may further process the log file after acquiring the log file. That is, the network device may match file data of a log file generated by any terminal device when an abnormality occurs with the file screening parameter, and determine the file data successfully matched with the file screening parameter as the target data. The network device may further perform data formatting on the target data to obtain data in a target format, and generate a log file in the target format based on the data in the target format. It is understood that the target format in the data with the target format is the same format that the target data in the log of each terminal device has after the data formatting process. The data formatting may be implemented by a format conversion tool, a data processing tool, or by a predetermined program or control in the network device, which is not limited herein. The target data may include file data in log files of important information such as faults and/or vulnerabilities and/or optimizations and/or warnings and/or anomalies, the file screening parameters include file screening parameters and/or custom file screening parameters in historical data search records, the file screening parameters may be in the form of keywords and/or character strings and/or service categories and/or problem types, and the like, and may be specifically determined according to an actual application scenario, which is not limited herein.
It should be noted that, in the specific operation process of the network device, different manners of obtaining a log file with a target format may be adopted according to the actual application scenario and the actual terminal device, that is, the log file may be directly subjected to log formatting processing to obtain the log file with the target format, and file data in the log file may also be screened to obtain target data, so as to generate the log file with the target format. However, in the process of simultaneously using the two manners for obtaining the log file with the target format, the finally obtained target formats are all in the same format, and the target formats include but are not limited to common formats such as TXT, XML, TIF, and TMP, which is not limited herein. For example, when the target format is the TXT format, since the data in the TXT format and the log file in the TXT format are lighter, the transmission rate of the log file in the TXT format can be increased, and the time for responding to the alarm is shorter. In addition, the log file with the TXT format can be compatible with all manufacturer equipment, so that the problems of protocol incompatibility caused by different equipment of different manufacturers and further alarm failure and the like can be avoided, and the applicability is higher.
And S13, the network equipment reads the log data in the log file with the target format and acquires the characteristic data used for triggering the abnormal alarm in the log data.
In some possible embodiments, in order to enable the server to quickly receive the related alarm data sent by the network device, and further increase the device alarm speed, after the network device obtains the log file with the target format, the network device may perform further data processing on the log file with the target format to reduce the data volume. In a specific implementation, the network device may read log data in the log file with the target format, and further obtain feature data for triggering an abnormal alarm from the log data. Optionally, the network device may intercept at least one data segment belonging to a preset alarm attribute from the log data, where the preset alarm attribute includes one or more combinations of a level, a time, a reason, and a location, and at this time, the intercepted at least one data segment is feature data for triggering an abnormal alarm. Optionally, the network device may also match the log data with a preset alarm attribute data segment, and determine a data segment successfully matched with the preset alarm attribute data segment as feature data for triggering an abnormal alarm. The preset alarm attribute data segment is a data segment for describing one or more preset alarm attributes of the level, time, reason and position of the alarm, and the matching mode includes, but is not limited to, a string matching algorithm, a regular expression, a matching method implemented based on a custom function, and the like, and is not limited herein. As can be seen from the foregoing implementation manner, the feature data obtained based on the foregoing implementation manner includes one or more combinations of an alarm level corresponding to the foregoing level attribute, an alarm timestamp corresponding to the foregoing time attribute, an alarm reason corresponding to the foregoing reason attribute, and an alarm device location corresponding to the foregoing location attribute.
And S14, the network equipment generates alarm indication information based on the characteristic data, sends the alarm indication information to a server and indicates the server to carry out abnormal alarm of any terminal equipment.
In some possible embodiments, since the amount of data processed by the server itself is large, in order to reduce the operation load of the server and avoid an alarm failure caused by a data error that may be caused when the server processes the feature data, after obtaining the feature data from the log file having the target format, the network device may further process the feature data. Optionally, when the characteristic data amount is large, the characteristic data may be compressed to reduce the characteristic data amount, so as to improve the data transmission speed. Optionally, in the process of obtaining the feature data, the same feature data may be obtained, so after obtaining the feature data, the network device may perform data cleaning on the feature data based on a data screening algorithm, a data screening tool, and the like, so as to remove duplicate feature data in the feature data and invalid data in the feature data, and a specific screening manner is not limited herein.
In some possible embodiments, after obtaining the feature data, the network device may determine a data tag according to a data source of the feature data, that is, a device type of a terminal device corresponding to the feature data, where the data tag includes, but is not limited to, one or more combinations of numbers, letters, and characters. When there is a limitation on the servers for processing the data generated by the terminal device, that is, when different servers respectively process the data generated by different terminal devices, the device type corresponding to the terminal device corresponding to the feature data may be determined based on the data tag. That is, the data tag can be used to determine a server that receives the characteristic data (for convenience of description, the target server can be taken as an example for illustration). Optionally, in order to increase a data transmission rate and facilitate an increase of a data processing rate of the target server after receiving the feature data, the network device may generate alarm indication information from the feature data and the data tag, and then send the alarm indication information to the target server, so as to reduce a data error caused by sending the feature data and the data tag at the same time. The feature data and the data tag may be combined according to a preset permutation and combination manner to obtain a data segment, and the obtained data segment is sent to a target server as alarm indication information, where an permutation manner of the multiple data segments of the feature data and an permutation manner of the feature data and the data tag may be determined by an actual scene, which is not limited herein. The feature data and the data tag may be subjected to data processing based on a data packet generation tool to obtain a data packet, that is, the feature data and the data tag may be sent to a target server in the form of a data packet as alarm indication information. The characteristic data and the data label may also be encapsulated into a message, and the message is sent to the target server as the alarm indication information, and the specific implementation manner is not limited herein. It should be particularly noted that the alarm indication information generated by the network device includes alarm level information and alarm information. The alarm level information includes an alarm level corresponding to the characteristic data, the alarm level information is used to determine an alarm mode corresponding to any terminal device, and the alarm information at least includes an alarm event, an alarm device identifier, an alarm device location, an alarm sending timestamp, an alarm reason, and the like.
In some possible embodiments, when the network device instructs the target server to transmit the alarm information to the alarm receiving device based on the alarm indication information, the network device may instruct the target server to determine an alarm manner corresponding to the target device based on an alarm level indicated by the alarm level information based on alarm level information included in the alarm indication information, and instruct the target server to transmit the alarm information to the alarm receiving device based on the alarm manner based on the alarm indication information. Namely, the network device can distinguish the alarm levels of different terminal devices in different alarm modes to adopt different emergency responses and stop loss in time. The distribution of the alarm levels can be determined according to actual application scenarios, for example, in a common office area, the alarm levels can be divided into a first alarm level and a second alarm level due to the fact that the types of equipment are simple, and in a machine room where a core server is located, the alarm levels of merchants can be divided into a first alarm level to an eighth alarm level due to the fact that the machine room equipment is important and the types of equipment are many, so that the alarm levels of all equipment in the machine room can be distinguished without limitation. It should be particularly noted that the above-mentioned alert modes include, but are not limited to, telephone, email, system push, etc., and are not limited herein.
In some possible embodiments, if the alarm level is a first alarm level, the network device instructs, based on the alarm indication information, the target server to determine a first alarm manner corresponding to the first alarm level as a target alarm manner corresponding to any terminal device. And if the alarm level is a second alarm level, the network device indicates the target server to determine a second alarm mode corresponding to the second alarm level as a target alarm mode corresponding to any terminal device based on the alarm indication information. Wherein the alarm instantaneity of the first alarm mode is higher than that of the second alarm mode, and the first alarm mode is different from the second alarm mode. It should be noted that, the above alarm levels may include not only the first alarm level and the second alarm level, but also other alarm levels, which may be determined according to an actual application scenario, and are not limited herein. For example, for a network device in a certain computer room, the alarm generated by the core layer network device may cause the whole network to be disabled due to a small problem, and the network device may instruct the target server to determine the alarm level of the core layer network device as the first alarm level based on the alarm indication information and set the alarm mode to be the alarm through telephone. For the alarm generated by the aggregation layer network device, because the aggregation layer network device is the aggregation point of a plurality of access layer network devices, the network device can indicate the target server to determine the alarm level of the aggregation layer network device as the second alarm level based on the alarm indication information, and the alarm mode is set to alarm through a short message. For the access layer network device, the access layer provides the user with the capability of accessing the application system in the local network segment, and the network device may indicate the target server to determine the alarm level of the access layer device as the third alarm level based on the alarm indication information, and set the alarm mode to be an alarm by mail. The alarm instantaneity of the telephone alarm is higher than that of the short message alarm, and the alarm instantaneity of the short message alarm is higher than that of the mail alarm, and the alarm instantaneity of the short message alarm can be determined according to an actual application scene, and is not limited herein.
In some possible embodiments, in some application scenarios, tens of thousands of devices may be operated simultaneously, so that even if only the devices belonging to a certain alarm level are checked, the number of alarm messages generated at the same time and/or within a certain period of time is very large, and the severity of the fault of each terminal device in the same alarm level is different. At this time, if the network device instructs the target server to send each piece of alarm information generated by the device to the alarm receiving device in real time based on the alarm indication information, the difficulty and workload of device maintenance are also very large. Therefore, for alarm information with a small degree of failure, delayed alarms may be selected.
In some possible embodiments, in practical applications, when the alarm level is a first-level alarm, it may be determined that a serious fault or a major error occurs during operation of the device, and then the network device may instruct, based on the alarm indication information, the target server to immediately send the alarm information to a corresponding alarm receiving device in a target alarm manner corresponding to the alarm level, so as to timely troubleshoot a fault of the terminal device after receiving the alarm information. When the alarm level is a secondary alarm, it usually indicates that although an error event occurs in the device, the continuous operation of the system is still not affected, at this time, the network device may count the number of times that the terminal device generates the secondary alarm, and when the number of times of the secondary alarm is greater than or equal to a preset number of times of the secondary alarm, the network device may instruct, based on the alarm indication information, the target server to send the alarm information to the corresponding alarm receiving device in a target alarm mode corresponding to the secondary alarm. When the alarm level is a third-level alarm, it usually indicates that a potential error may occur in the terminal device, at this time, the network device may count the number of times that the terminal device generates the third-level alarm, and when the number of times of the third-level alarm is greater than or equal to a preset number of times of the third-level alarm, the network device may instruct, based on the alarm indication information, the target server to send the alarm information to a corresponding alarm receiving device in a target alarm mode corresponding to the third-level alarm. The preset times of the alarms of the above levels of alarms may be the same or different, and are specifically determined according to an actual application scenario, which is not limited herein. It can be understood that, when the alarm times of any level of alarm is less than the preset times, the network device will not instruct the target server to send out the alarm information based on the alarm indication information, and the number of alarms received by the alarm receiving device can be greatly reduced by delaying the alarm, thereby avoiding a large number of repeated alarms.
In general, when the alarm level is a first-level alarm, since the alarm event is the most serious, the network device may instruct, based on the alarm indication information, the target server to match the first alarm mode corresponding to the first alarm level with the first-level alarm so as to ensure that the first-level alarm can be responded with the highest timeliness and take corresponding response measures. When the alarm level is a second-level alarm, the network device instructs the target server to respond to the second-level alarm in a second alarm mode corresponding to the second alarm level matched with the second alarm mode based on the alarm indicating information, and takes corresponding response measures in an instantaneity lower than that of the first alarm mode, and so on, and other alarm levels are not described herein again. It should be particularly noted that the specific alarm mode corresponding to the alarm level may be determined according to the actual application scenario. For example, in a certain scenario, due to actual requirements, only the first-level alarm needs to be matched with the second alarm mode corresponding to the second alarm level, that is, the second alarm mode corresponding to the second alarm level can satisfy the alarm information sending instantaneity and sending mode of the first-level alarm at that time, and other alarm levels, such as the second-level alarm, can be matched with the first alarm mode corresponding to the first alarm level under certain special requirements, and can also be matched with the alarm mode with lower timeliness, without limitation.
Optionally, in some possible embodiments, the network device may further determine whether the alarm level of the terminal device is greater than a preset level by comparing the alarm level with the preset level. And if the alarm level is not greater than the preset level, the network equipment instructs the target server to send the alarm information to the alarm receiving equipment based on the alarm mode when the alarm occurrence frequency corresponding to the alarm level is greater than or equal to the preset frequency. And when the times of the alarm levels are greater than or equal to the preset times, the network equipment instructs the target server to send the alarm information to alarm receiving equipment based on the alarm mode. It can be understood that, when the number of times of occurrence of the alarm level is less than the preset number of times, the network device will not instruct the target server to send out alarm information.
In some possible embodiments, when the network device instructs the server to send the alarm information to the alarm receiving device in a text manner based on the above alarm manner, the detailed device location, importance degree, failure and/or risk reason, device type, device parameter, and the like of the terminal device may be displayed on the front page of the alarm device, which is not limited herein. Therefore, the detailed information of the alarm device can be more detailed and intuitively known based on the displayed information, and corresponding emergency response measures can be conveniently taken based on the alarm information.
In the concrete implementation, after the terminal equipment gives an alarm, the network equipment can instruct the server to send different alarm information according to the importance degree of the current terminal equipment, the position of the alarm equipment can be automatically confirmed at the first time when the alarm information is generated, the enterprise staff can conveniently position the alarm equipment in time, and emergency response measures are taken. After the alarm is released, the alarm information is not sent, and meanwhile, the position information, the alarm reason, the importance degree, the adopted emergency response measures and the like of the alarm equipment can be fed back to a related system database. When the alarm information of the target terminal device in the terminal devices is displayed and/or inquired based on the display device, the network device may obtain the alarm information of the target terminal device from the standby information and output the alarm information of the target terminal device to the display device. Similar problems existing in enterprises at present can be corrected and optimized so as to be supplied for subsequent enterprise equipment upgrading and reconstruction, thereby improving the alarm processing speed and accuracy of the enterprises and stopping damage in time. It should be noted here that, after the device generates an alarm, the timeliness of the system response alarm is triggered in seconds, the response speed is far higher than that of the current traditional alarm mode, and meanwhile, the alarm information can be sent to the corresponding enterprise staff with the same timeliness. Under the condition that the timeliness of responding to the alarm and transmitting the alarm information is triggered in the second level, the time consumed from the alarm generation of the equipment to the transmission of the alarm information to the staff of the enterprise is greatly shortened, and therefore the enterprise can take emergency response measures in the first time. The method and the system not only facilitate the enterprise to process the equipment alarm, but also can prevent serious consequences possibly caused by the fact that the terminal equipment alarm cannot be solved for a long time.
In the embodiment of the invention, under different application scenes and equipment selection, the situation that the terminal equipment and the protocols in the terminal equipment are incompatible can be avoided, the performance requirement of the alarm receiving equipment for receiving the alarm information is greatly reduced, and the alarm response speed is further improved. Different alarm modes are matched for the terminal equipment through different alarm levels, the alarm receiving equipment can directly determine the alarm level of the terminal equipment based on different alarm modes, and different alarm response measures can be taken according to different alarm levels. Whether to send the alarm information is determined by judging whether the alarm level is greater than the preset alarm level, and the alarm information with higher alarm level can be preferentially sent to the alarm receiving equipment. Meanwhile, the system consumption caused by sending a large amount of low-level alarm information to the alarm receiving equipment and the situation that the high-level alarm response is not timely are avoided, and the alarm receiving equipment is convenient to manage the alarm.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a log-based alarm device according to an embodiment of the present invention. The alarm device based on the log provided by the embodiment of the invention comprises:
an obtaining unit 21, configured to, when it is detected that any one of the terminal devices is abnormal, obtain a log file generated when any one of the terminal devices is abnormal;
a generating unit 22, configured to perform log formatting on the log file acquired by the acquiring unit 21 to obtain a log file with a target format, where the target format is the same format as the log file of each terminal device after the log formatting;
the acquiring unit 21 is configured to read log data in the log file with the target format obtained by the generating unit, and acquire feature data used for triggering an abnormal alarm in the log data;
a sending unit 23, configured to generate alarm indication information based on the feature data, send the alarm indication information to a server, and instruct the server to perform an abnormal alarm of any terminal device.
In some possible embodiments, the warning device includes:
the processing unit 24 is configured to match file data of a log file generated by any one of the terminal devices when an abnormality occurs with a file screening parameter, and determine file data successfully matched with the file screening parameter as target data;
the generating unit 22 is configured to perform data formatting processing on the target data to obtain data in a target format, and generate a log file in the target format based on the data in the target format.
In some possible embodiments, the processing unit 24 is configured to:
based on a preset alarm attribute, intercepting a data segment belonging to the preset alarm attribute from the log data, and determining the data segment as feature data for triggering abnormal alarm, wherein the preset alarm attribute comprises one or more combinations of grade, time, reason and position;
and/or matching the log data with a preset alarm attribute data segment, and determining the data segment successfully matched with the preset alarm attribute data segment as characteristic data for triggering abnormal alarm, wherein the preset alarm attribute data segment is a data segment of one or more preset alarm attributes for describing the grade, time, reason and position of the alarm;
the characteristic data comprises one or more combinations of alarm levels corresponding to the levels, alarm occurrence timestamps corresponding to the time, alarm reasons corresponding to the reasons and alarm equipment positions corresponding to the positions.
In some possible embodiments, the processing unit 24 is configured to:
determining a data tag corresponding to the characteristic data based on the device type of any terminal device, wherein the data tag is used for determining a server for receiving the characteristic data;
the generating unit 22 is configured to generate alarm indication information based on the feature data and the data tag, and send the alarm indication information to the server.
In some possible embodiments, the alarm indication information includes alarm level information and alarm information;
the indicating unit 25 is configured to instruct, based on the alarm indication information, the server to determine an alarm mode corresponding to any terminal device based on the alarm level indicated by the alarm level information;
the above-mentioned alarm device includes:
a judging unit 26, configured to judge whether the alarm level is greater than a preset alarm level;
the indicating unit 25 is configured to, when the alarm level is greater than a preset alarm level, instruct the server to send the alarm information to an alarm receiving device based on the alarm manner;
the indicating unit 25 is configured to, when the alarm level is not greater than a preset alarm level and the alarm occurrence frequency corresponding to the alarm level is greater than or equal to a preset frequency, instruct the server to send the alarm information to the alarm receiving device based on the alarm manner;
the alarm information at least comprises an alarm event, an alarm equipment identifier, an alarm equipment position, an alarm sending timestamp and an alarm reason.
In some possible embodiments, the above-mentioned warning device further includes:
a storage unit 27, further configured to instruct the server to store the alarm information in a database to obtain standby information, where the database includes alarm information of one or more terminal devices except any terminal device;
the obtaining unit 21 is further configured to instruct the server to obtain the warning information of the target terminal device from the standby information and output the warning information of the target terminal device to the display device when the warning information of the target terminal device in the terminal devices is displayed and/or queried based on the display device.
In a specific implementation, the apparatus may perform, through its built-in modules, the implementation manner provided in each step of fig. 1. For example, the obtaining unit 21 may be configured to, when it is detected that any one of the terminal devices is abnormal, obtain an implementation manner such as a log file generated when any one of the terminal devices is abnormal, which may specifically refer to the implementation manners provided in the foregoing steps and is not described herein again. The generating unit 22 may be configured to perform log formatting processing on the log file acquired by the acquiring unit 21 to obtain an implementation manner such as a log file with a target format, which may specifically refer to the implementation manner provided in each step, and is not described herein again. The sending unit 23 may be configured to generate alarm indication information based on the feature data, send the alarm indication information to a server, and instruct the server to perform implementation manners such as an abnormal alarm of any terminal device. The processing unit 24 may be configured to match file data of a log file generated when an abnormality occurs in any terminal device with a file screening parameter, and determine file data successfully matched with the file screening parameter as implementation manners such as target data, which may specifically refer to the implementation manners provided in the foregoing steps and are not described herein again. The indicating unit 25 may be configured to, when the alarm level is greater than a preset alarm level, indicate the server to send the alarm information to an alarm receiving device based on the alarm mode, which may specifically refer to the implementation modes provided in the foregoing steps, and details are not described here again. The determining unit 26 may be configured to determine whether the alarm level is greater than a preset alarm level, and for details, refer to the implementation manners provided in the above steps, which are not described herein again. The storage unit 27 may be configured to instruct the server to store the alarm information in a database to obtain implementation manners such as standby information, which may specifically refer to the implementation manners provided in the above steps, and will not be described herein again.
In the embodiment of the invention, the alarm can be managed in a grading way based on each module in the alarm device, and the alarm grade of the equipment can be determined based on different alarm modes. Meanwhile, the log files generated by each terminal device when abnormal are formatted to obtain the log files in the same target format, so that the alarm management of the alarm receiving device is facilitated, the performance loss of the alarm receiving device is reduced, the response speed and the management efficiency of the alarm are greatly improved, and the applicability is higher.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a network device according to an embodiment of the present invention. As shown in fig. 3, the network device in this embodiment may include: one or more processors 31 and memory 32. The processor 31 and the memory 32 are connected by a bus 33. The memory 32 is used for storing a computer program comprising program instructions, and the processor 31 is used for executing the program instructions stored in the memory 32 and executing the following operations:
when any terminal equipment in all terminal equipment is detected to be abnormal, acquiring a log file generated when any terminal equipment is abnormal;
performing log formatting processing on the log file acquired by the acquisition unit to obtain a log file with a target format, wherein the target format is the same format as the log file of each terminal device after the log formatting processing;
the network equipment reads the log data in the log file with the target format and acquires the characteristic data used for triggering abnormal alarm in the log data;
and the network equipment generates alarm indication information based on the characteristic data, sends the alarm indication information to a server and indicates the server to carry out abnormal alarm of any terminal equipment.
In some possible embodiments, the processor 31 is configured to:
matching file data of a log file generated by any terminal equipment when an abnormality occurs with file screening parameters, and determining the file data successfully matched with the file screening parameters as target data;
and performing data formatting processing on the target data to obtain data with a target format, and generating a log file with the target format based on the data with the target format.
In some possible embodiments, the processor 31 is configured to:
based on a preset alarm attribute, intercepting a data segment belonging to the preset alarm attribute from the log data, and determining the data segment as feature data for triggering an abnormal alarm, wherein the preset alarm attribute comprises one or more combinations of grade, time, reason and position;
and/or matching the log data with a preset alarm attribute data segment, and determining the data segment successfully matched with the preset alarm attribute data segment as characteristic data for triggering abnormal alarm, wherein the preset alarm attribute data segment is a data segment of one or more preset alarm attributes for describing the grade, time, reason and position of the alarm;
the characteristic data comprises one or more combinations of alarm levels corresponding to the levels, alarm occurrence timestamps corresponding to the time, alarm reasons corresponding to the reasons and alarm equipment positions corresponding to the positions.
In some possible embodiments, the processor 31 is configured to:
determining a data tag corresponding to the characteristic data based on the device type of any terminal device, wherein the data tag is used for determining a server for receiving the characteristic data;
and generating alarm indication information based on the characteristic data and the data label, and sending the alarm indication information to the server.
In some possible embodiments, the alarm indication information includes alarm level information and alarm information; the processor 31 is configured to:
instructing the server to determine an alarm mode corresponding to any terminal device based on the alarm level indicated by the alarm level information based on the alarm indication information;
judging whether the alarm level is greater than a preset alarm level;
when the alarm level is greater than a preset alarm level, instructing the server to send the alarm information to alarm receiving equipment based on the alarm mode;
when the alarm level is not greater than a preset alarm level and the alarm occurrence frequency corresponding to the alarm level is greater than or equal to a preset frequency, instructing the server to send the alarm information to the alarm receiving equipment based on the alarm mode;
the alarm information at least comprises an alarm event, an alarm equipment identifier, an alarm equipment position, an alarm sending timestamp and an alarm reason.
In some possible embodiments, the processor 31 is further configured to:
instructing the server to store the alarm information into a database to obtain standby information, wherein the database comprises the alarm information of one or more terminal devices except any one terminal device;
and when the alarm information of the target terminal equipment in the terminal equipment is displayed and/or inquired based on the display equipment, indicating the server to acquire the alarm information of the target terminal equipment from the standby information and outputting the alarm information of the target terminal equipment to the display equipment.
It should be understood that, in some possible embodiments, the processor 31 may be a Central Processing Unit (CPU), and the processor 31 may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field-programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and so on. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 32 may include both read-only memory and random access memory and provides instructions and data to the processor 31. A portion of the memory 32 may also include non-volatile random access memory. For example, the memory 32 may also store device type information.
In a specific implementation, the target device may execute the implementation manners provided in the steps in fig. 1 through the built-in functional modules, which may specifically refer to the implementation manners provided in the steps, and are not described herein again.
In the embodiment of the invention, under different application scenes and equipment selection, the situation that the terminal equipment and the terminal equipment protocol are incompatible can be avoided, the performance requirement of the alarm receiving equipment for receiving the alarm information is greatly reduced, and the alarm response speed is further improved. Different alarm modes are matched for the terminal equipment through different alarm levels, the alarm receiving equipment can directly determine the alarm level of the terminal equipment based on the different alarm modes, and different alarm response measures can be taken according to the different alarm levels. Whether the alarm information is sent is determined by judging whether the alarm level is greater than a preset alarm level, and the alarm information with higher alarm level can be preferentially sent to the alarm receiving equipment. Meanwhile, the system consumption caused by sending a large amount of low-level alarm information to the alarm receiving equipment and the situation that the high-level alarm response is not timely are avoided, and the alarm receiving equipment is convenient to manage the alarm.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, where the computer program includes program instructions, and the program instructions, when executed by a processor, implement the method provided in each step in fig. 1, which may specifically refer to the implementation manner provided in each step, and are not described herein again.
The computer readable storage medium may be the task processing apparatus provided in any of the foregoing embodiments or an internal storage unit of the target device, such as a hard disk or a memory of an electronic device. The computer readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) card, a flash memory card (flash card), and the like, provided on the electronic device. The computer readable storage medium may further include a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), and the like. Further, the computer readable storage medium may also include both an internal storage unit and an external storage device of the electronic device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the electronic device. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
The terms "first", "second", and the like in the claims and in the description and drawings of the present invention are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments. The term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.

Claims (9)

1. A log-based alerting method, the method comprising:
when any terminal device in each terminal device is detected to be abnormal, the network device acquires a log file generated when any terminal device is abnormal through a wireless network, a Bluetooth or a cellular mobile network, wherein the terminal device comprises at least one device for transmitting data based on a network, such as a computer, a server, a mobile terminal, a switch, a router, a modem, an entrance guard, an Uninterruptible Power Supply (UPS), a monitor and a camera;
the network equipment performs log formatting processing on the log file to obtain a log file with a target format, wherein the target format is the same format of the log file of each terminal equipment after the log formatting processing;
the network equipment reads the log data in the log file with the target format and acquires the characteristic data used for triggering abnormal alarm in the log data;
the network equipment determines the equipment type of any terminal equipment based on the data source of the characteristic data, and determines a data tag corresponding to the characteristic data based on the equipment type, wherein the data tag is used for determining a server for receiving the characteristic data;
the network equipment packages the characteristic data and the data label into a message, and sends the message serving as alarm indication information to the server, wherein the alarm indication information comprises alarm level information;
when the alarm level information indicates that the alarm level corresponding to the characteristic data is a first alarm level, the network equipment indicates the server to perform abnormal alarm of any terminal equipment through telephone alarm based on the alarm indication information; when the alarm level information indicates that the alarm level corresponding to the characteristic data is a second alarm level, the network equipment indicates the server to perform abnormal alarm of any terminal equipment through short message alarm based on the alarm indication information; when the alarm level information indicates that the alarm level corresponding to the characteristic data is a third alarm level, the network device indicates the server to perform abnormal alarm of any terminal device through mail alarm based on the alarm indication information, the alarm instantaneity of the telephone alarm is higher than that of the short message alarm, and the alarm instantaneity of the short message alarm is higher than that of the mail alarm.
2. The method of claim 1, wherein the network device performs log formatting on the log file to obtain a log file with a target format comprises:
the network equipment counts the number of the log files generated by any terminal equipment when abnormality occurs
Matching the file screening parameters, and determining the file data successfully matched with the file screening parameters as target data;
and the network equipment carries out data formatting processing on the target data to obtain data with a target format, and generates a log file with the target format based on the data with the target format.
3. The method according to claim 1 or 2, wherein the obtaining of the feature data for triggering the abnormal alarm in the log data comprises:
the network equipment intercepts a data segment belonging to a preset alarm attribute from the log data based on the preset alarm attribute, and determines the data segment as feature data for triggering abnormal alarm, wherein the preset alarm attribute comprises one or more combinations of grade, time, reason and position;
and/or the network equipment matches the log data with a preset alarm attribute data segment, and determines a data segment successfully matched with the preset alarm attribute data segment as characteristic data for triggering abnormal alarms, wherein the preset alarm attribute data segment is a data segment of one or more preset alarm attributes for describing the grade, time, reason and position of the alarm;
the characteristic data comprises one or more combinations of alarm levels corresponding to the levels, alarm occurrence timestamps corresponding to the time, alarm reasons corresponding to the reasons and alarm equipment positions corresponding to the positions.
4. The method according to claim 3, wherein the alarm indication information further includes alarm information; the method further comprises the following steps:
the network equipment indicates the server to determine an alarm mode corresponding to any terminal equipment based on the alarm level indicated by the alarm level information based on the alarm indication information, wherein the alarm mode comprises a telephone alarm, a short message alarm or a mail alarm;
the network equipment judges whether the alarm level is greater than a preset alarm level;
if the alarm level is greater than a preset alarm level, the network equipment indicates the server to send the alarm information to alarm receiving equipment through the telephone alarm, the short message alarm or the mail alarm;
if the alarm level is not greater than a preset alarm level, the network equipment instructs the server to send the alarm information to the alarm receiving equipment through the telephone alarm, the short message alarm or the mail alarm when the alarm occurrence frequency corresponding to the alarm level is greater than or equal to the preset frequency;
the alarm information at least comprises an alarm event, an alarm equipment identifier, an alarm equipment position, an alarm sending timestamp and an alarm reason.
5. The method of claim 4, further comprising:
the network equipment instructs the server to store the alarm information into a database to obtain standby information, wherein the database comprises the alarm information of one or more terminal equipments except any terminal equipment;
when the alarm information of the target terminal equipment in each terminal equipment is displayed and/or inquired based on the display equipment, the network equipment indicates the server to acquire the alarm information of the target terminal equipment from the standby information and outputs the alarm information of the target terminal equipment to the display equipment.
6. A log-based alerting device, the alerting device comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a log file generated when any terminal equipment in each terminal equipment is detected to be abnormal through a wireless network, a Bluetooth or a cellular mobile network, and the terminal equipment comprises at least one equipment for transmitting data based on a network in a computer, a server, a mobile terminal, a switch, a router, a modem, an entrance guard, an uninterrupted power supply UPS, a monitor and a camera;
the generating unit is used for performing log formatting processing on the log file acquired by the acquiring unit to obtain a log file with a target format, wherein the target format is the same format as the log file of each terminal device after the log formatting processing;
the acquiring unit is used for reading the log data in the log file with the target format obtained by the generating unit and acquiring the characteristic data used for triggering the abnormal alarm in the log data;
the processing unit is used for determining the equipment type of any terminal equipment based on the data source of the characteristic data, determining a data label corresponding to the characteristic data based on the equipment type, determining a server for receiving the characteristic data based on the data label, packaging the characteristic data and the data label into a message, and sending the message serving as alarm indication information to the server, wherein the alarm indication information comprises alarm grade information;
a sending unit, configured to instruct, based on the alarm indication information, the server to perform an abnormal alarm of any terminal device through a telephone alarm when the alarm level information indicates that the alarm level corresponding to the feature data is a first alarm level; when the alarm level information indicates that the alarm level corresponding to the characteristic data is a second alarm level, indicating the server to perform abnormal alarm of any terminal equipment through short message alarm based on the alarm indication information; and when the alarm level information indicates that the alarm level corresponding to the characteristic data is a third alarm level, indicating the server to perform abnormal alarm of any terminal equipment through mail alarm based on the alarm indication information, wherein the alarm instantaneity of the telephone alarm is higher than that of the short message alarm, and the alarm instantaneity of the short message alarm is higher than that of the mail alarm.
7. The apparatus of claim 6, wherein the alerting means comprises:
the processing unit is used for matching file data of the log file generated by any terminal equipment when abnormality occurs with file screening parameters, and determining the file data successfully matched with the file screening parameters as target data;
the generating unit is used for carrying out data formatting processing on the target data to obtain data with a target format, and generating a log file with the target format based on the data with the target format.
8. A network device comprising a processor and a memory, the processor and memory being interconnected;
the memory for storing a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any of claims 1 to 5.
9. A computer-readable storage medium, characterized in that it stores a computer program comprising program instructions which, when executed by a processor, cause the processor to carry out the method according to any one of claims 1 to 5.
CN201910405795.7A 2019-05-16 2019-05-16 Log-based alarm method and related device Active CN110224858B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910405795.7A CN110224858B (en) 2019-05-16 2019-05-16 Log-based alarm method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910405795.7A CN110224858B (en) 2019-05-16 2019-05-16 Log-based alarm method and related device

Publications (2)

Publication Number Publication Date
CN110224858A CN110224858A (en) 2019-09-10
CN110224858B true CN110224858B (en) 2022-12-02

Family

ID=67821047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910405795.7A Active CN110224858B (en) 2019-05-16 2019-05-16 Log-based alarm method and related device

Country Status (1)

Country Link
CN (1) CN110224858B (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830438A (en) * 2019-09-25 2020-02-21 杭州优行科技有限公司 Abnormal log warning method and device and electronic equipment
CN110620790B (en) * 2019-10-10 2021-11-02 国网山东省电力公司信息通信公司 Network security device linkage processing method and device
CN110851332B (en) * 2019-11-13 2023-09-26 上海闻泰电子科技有限公司 Log file processing method, device, equipment and medium
CN111106953B (en) * 2019-12-16 2024-04-16 深圳前海微众银行股份有限公司 Method and device for analyzing abnormal root cause
CN111478889B (en) * 2020-03-27 2022-09-02 新浪网技术(中国)有限公司 Alarm method and device
CN113535500A (en) * 2020-04-10 2021-10-22 北京沃东天骏信息技术有限公司 Method and device for monitoring service
CN111564027B (en) * 2020-05-08 2022-05-13 北京深演智能科技股份有限公司 Alarm information processing method and device
CN111708679A (en) * 2020-05-08 2020-09-25 中国建设银行股份有限公司 Log monitoring method, system, device and storage medium
CN111740868B (en) * 2020-07-07 2023-12-15 腾讯科技(深圳)有限公司 Alarm data processing method and device and storage medium
CN111881156A (en) * 2020-07-24 2020-11-03 广东省信息工程有限公司 Abnormal log processing method, device, medium and terminal equipment
CN111953541B (en) * 2020-08-10 2023-12-05 腾讯科技(深圳)有限公司 Alarm information processing method, device, computer equipment and storage medium
CN114650218B (en) * 2020-12-17 2023-12-12 中移(苏州)软件技术有限公司 Data acquisition method, device, system and storage medium
CN112767636A (en) * 2021-01-14 2021-05-07 广州穗能通能源科技有限责任公司 Fire alarm method, fire alarm device, computer equipment and storage medium
CN113395179B (en) * 2021-06-11 2022-04-19 中国科学技术大学 Method for improving readability of BGP peer jitter alarm information in IP network
CN113660107B (en) * 2021-06-29 2024-04-19 广东电网有限责任公司广州供电局 Fault locating method, system, computer equipment and storage medium
CN113900755B (en) * 2021-10-11 2024-04-16 重庆紫光华山智安科技有限公司 Alarm page processing method and device, computer equipment and readable storage medium
CN115913896A (en) * 2022-11-09 2023-04-04 中国联合网络通信集团有限公司 Device detection method, server and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385331A (en) * 2016-09-08 2017-02-08 努比亚技术有限公司 Method and system for monitoring alarm based on log
CN106992876A (en) * 2017-03-04 2017-07-28 郑州云海信息技术有限公司 Cloud platform blog management method and system
CN108933791A (en) * 2018-07-09 2018-12-04 国网山东省电力公司信息通信公司 One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device
CN109324996A (en) * 2018-10-12 2019-02-12 平安科技(深圳)有限公司 Journal file processing method, device, computer equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8990378B2 (en) * 2007-07-05 2015-03-24 Interwise Ltd. System and method for collection and analysis of server log files

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385331A (en) * 2016-09-08 2017-02-08 努比亚技术有限公司 Method and system for monitoring alarm based on log
CN106992876A (en) * 2017-03-04 2017-07-28 郑州云海信息技术有限公司 Cloud platform blog management method and system
CN108933791A (en) * 2018-07-09 2018-12-04 国网山东省电力公司信息通信公司 One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device
CN109324996A (en) * 2018-10-12 2019-02-12 平安科技(深圳)有限公司 Journal file processing method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110224858A (en) 2019-09-10

Similar Documents

Publication Publication Date Title
CN110224858B (en) Log-based alarm method and related device
CN110661659B (en) Alarm method, device and system and electronic equipment
CN111290918B (en) Server running state monitoring method and device and computer readable storage medium
CN109726072B (en) WebLogic server monitoring and alarming method, device and system and computer storage medium
CN113238913B (en) Intelligent pushing method, device, equipment and storage medium for server faults
CN103220173B (en) A kind of alarm monitoring method and supervisory control system
CN108572907B (en) Alarm method, alarm device, electronic equipment and computer readable storage medium
CN110232006B (en) Equipment alarm method and related device
US9009307B2 (en) Automated alert management
CN112311617A (en) Configured data monitoring and alarming method and system
CN104202201B (en) A kind of log processing method, device and terminal
CN112631913B (en) Method, device, equipment and storage medium for monitoring operation faults of application program
CN110166290A (en) Alarm method and device based on journal file
WO2020228276A1 (en) Network alert method and device
CN110554930B (en) Data storage method and related equipment
US20200327045A1 (en) Test System and Test Method
CN112395156A (en) Fault warning method and device, storage medium and electronic equipment
EP3806392A1 (en) Fault management method and related device
CN107968727A (en) A kind of detection method, device and the medium of CIFS services
CN110674149A (en) Service data processing method and device, computer equipment and storage medium
CN109150626A (en) FTP service monitoring method, device, terminal and computer readable storage medium
CN116483663A (en) Abnormality warning method and device for platform
CN109634814A (en) Fault early warning method, equipment, storage medium and device based on log stream
CN109144800A (en) A kind of collection method, device and the relevant device of server failure information
CN112882892B (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant