CN111209266B - Audit method and device based on Redis database and electronic equipment - Google Patents
Audit method and device based on Redis database and electronic equipment Download PDFInfo
- Publication number
- CN111209266B CN111209266B CN201911330478.XA CN201911330478A CN111209266B CN 111209266 B CN111209266 B CN 111209266B CN 201911330478 A CN201911330478 A CN 201911330478A CN 111209266 B CN111209266 B CN 111209266B
- Authority
- CN
- China
- Prior art keywords
- reply
- message
- data
- request
- storing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012550 audit Methods 0.000 title claims abstract description 29
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 45
- 238000000605 extraction Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 abstract description 7
- 230000008859 change Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000007635 classification algorithm Methods 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/219—Managing data history or versioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to the technical field of data security, in particular to an auditing method, an auditing device and electronic equipment based on a Redis database, wherein the auditing method is implemented by acquiring a message of the Redis database; judging whether the message is a request message or a reply message; if the message is a request message, analyzing the request message according to a first algorithm to obtain request data, and storing the request data; if the message is a reply message, analyzing the reply message according to a second algorithm, obtaining reply data, and storing the reply data. By adopting the mode, different algorithms can be adopted for analyzing different messages, the analysis efficiency is high and accurate, the audit of the Redis database is facilitated to be improved, and the record and the monitoring of various operations in a service system using the Redis database are realized.
Description
Technical Field
The embodiment of the invention relates to the technical field of data security, in particular to an auditing method and device based on a Redis database and electronic equipment.
Background
Redis is used as a NOSQL type database, has the characteristics of high concurrency, high expansion and large data storage, and supports data persistence and abundant data structures for starting the application of the Redis database to a service environment. With the wide application of Redis databases, the data security problem is also more and more important. In order to prevent services using the Redis database from being maliciously accessed, the Redis database used by the services is generally required to be audited, so that the operations of the database are recorded in real time, and users are helped to generate compliance reports, trace the source of accident chasing and improve the safety of data assets afterwards.
In the process of implementing the embodiment of the present invention, the present inventors found that: at present, aiming at the audit of a Redis database, when analyzing the messages in the Redis database, only one analysis algorithm is generally adopted to analyze all types of messages, and the adopted analysis algorithm is complex, so that the analysis efficiency is low, and the audit speed is influenced.
Disclosure of Invention
The technical problem mainly solved by the embodiment of the invention is to provide an auditing method, device and electronic equipment based on a Redis database, which can effectively analyze the Redis protocol, and has high analysis efficiency and accuracy, thereby completing the auditing of the Redis database and realizing the recording and monitoring of various operations in a business system using the Redis database.
In order to solve the technical problems, the embodiment of the invention adopts the following technical scheme:
in order to solve the above technical problem, in a first aspect, an embodiment of the present invention provides an audit method based on a Redis database, which is characterized in that the audit method includes:
obtaining a message of the Redis database;
judging whether the message is a request message or a reply message;
If the message is a request message, analyzing the request message according to a first algorithm to obtain request data, and storing the request data;
If the message is a reply message, analyzing the reply message according to a second algorithm, obtaining reply data, and storing the reply data.
In some embodiments, the steps of parsing the request message according to the first algorithm, obtaining request data, and storing the request data further include:
carrying out grammar analysis on the request message to obtain an operation sentence in the request message;
And storing the operation statement as request data.
In some embodiments, the request data further includes an operation type of the request message, and the auditing method further includes:
Extracting an operation command in the operation statement;
Identifying the type of the operation command to determine the operation type of the request message;
And storing the operation type as request data.
In some embodiments, the step of parsing the reply message according to a second algorithm, obtaining reply data, and storing the reply data further includes;
Identifying an identifier in the reply message;
and acquiring the reply data according to the identifier, and storing the reply data.
In some embodiments, the reply data includes at least one reply parameter, one of the reply parameters corresponding to one of the identifiers in the reply message;
The step of obtaining the reply data according to the identifier and storing the reply data further comprises the steps of:
Acquiring a first identifier in the reply message;
Judging whether the identifier is a batch reply or not;
if yes, extracting the reply parameter after the identifier, and storing the reply parameter;
if not, judging whether the identifier is a plurality of batch replies;
If not, extracting the reply parameter after the identifier, and storing the reply parameter;
If yes, moving to the next identifier in the reply message, and returning to the step of judging whether the identifier is batch reply or not until the reply message is completely resolved.
In some embodiments, further comprising:
And acquiring the sending time of the request message and the client information corresponding to the request message, and storing the sending time and the client information.
In order to solve the above technical problem, in a second aspect, an embodiment of the present invention provides an audit device based on a Redis database, which is characterized in that the audit device includes:
The first acquisition module is used for acquiring the message of the Redis database;
The judging module is used for judging whether the message is a request message or a reply message;
the first analysis module is used for analyzing the request message according to a first algorithm if the message is the request message, acquiring request data and storing the request data;
and the second analysis module is used for analyzing the reply message according to a second algorithm if the message is the reply message, acquiring reply data and storing the reply data.
In some embodiments, further comprising:
the second acquisition module is used for acquiring the sending time of the request message and the client information corresponding to the request message, and storing the sending time and the client information.
In order to solve the above technical problem, in a third aspect, an embodiment of the present invention provides an electronic device, which is characterized in that,
At least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above in the first aspect.
To solve the above technical problem, in a fourth aspect, a computer program product comprising a program code is provided in an embodiment of the present invention, which is characterized in that the computer program product, when run on an electronic device, causes the electronic device to perform the method as described in the first aspect above.
The embodiment of the invention has the beneficial effects that: different from the condition of the prior art, the auditing method based on the Redis database provided by the embodiment of the invention is realized by acquiring the message of the Redis database; judging whether the message is a request message or a reply message; if the message is a request message, analyzing the request message according to a first algorithm to obtain request data, and storing the request data; if the message is a reply message, analyzing the reply message according to a second algorithm, obtaining reply data, and storing the reply data. By adopting the mode, different algorithms can be adopted for analyzing different messages, the analysis efficiency is high and accurate, the audit of the Redis database is facilitated to be improved, and the record and the monitoring of various operations in a service system using the Redis database are realized.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which the figures of the drawings are not to be taken in a limiting sense, unless otherwise indicated.
FIG. 1 is a schematic view of an application environment of an embodiment of a Redis database-based auditing method in an embodiment of the present invention;
FIG. 2 is a flow chart of an audit method based on a Redis database provided by an embodiment of the present invention;
FIG. 3 is a sub-flowchart of step 130 of the method of FIG. 2;
FIG. 4 is a sub-flowchart of step 140 of the method of FIG. 2;
FIG. 5 is a sub-flowchart of step 142 of the method of FIG. 4;
FIG. 6 is a flow chart of another Redis database-based auditing method provided by an embodiment of the present invention;
FIG. 7 is a schematic structural diagram of an audit device based on a Redis database according to an embodiment of the present invention;
fig. 8 is a schematic hardware structure of an electronic device for executing the above auditing method according to an embodiment of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
It should be noted that, if not in conflict, the features of the embodiments of the present application may be combined with each other, which is within the protection scope of the present application. In addition, while functional block division is performed in a device diagram and logical order is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. Moreover, the words "first," "second," "third," and the like as used herein do not limit the data and order of execution, but merely distinguish between identical or similar items that have substantially the same function and effect.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used in this specification includes any and all combinations of one or more of the associated listed items.
In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
Referring to fig. 1, which is a schematic diagram of an application environment of an embodiment of an audit method based on a Redis database according to the present invention, the system includes: database server farm 10, auditing equipment 20, and core switch 30.
The database server group 10, the core switch 30 and the auditing equipment 20 are connected through an auditing line, that is, the auditing line is sequentially connected with the database server group 10, the core switch 30 and the auditing equipment 20.
The auditing apparatus 20 is an apparatus capable of automatically and rapidly processing mass data by program operation, and is generally composed of a hardware system and a software system, for example: a server, etc. The database server farm 10 is populated with Redis databases. The user terminal may access the resources on the database server farm 10 through the core switch 30, and the auditing device 20 intercepts the traffic message of the end user through the core switch 30, so as to audit the traffic message.
Specifically, the dis database in the database server farm 10 generates a message when transmitting data. The traffic message is obtained by mirroring the core switch 30, and a port mirroring mode is set on the core switch 30 or a TAP splitting monitoring mode is adopted, so that the auditing device 20 can monitor all the operations of all the users communicating with the database server group 10 through the core switch 30. Thus, the message is audited, and in particular parsed and stored back-up, by the auditing device 20.
An embodiment of the present invention provides an audit method based on a dis database applied to the application environment, where the audit method may be executed by the audit device 20, referring to fig. 2, and the method includes:
Step 110: obtaining a message of the Redis database;
The message is a data unit for data exchange and transmission in the network, namely a data block to be sent at one time. The message contains complete data information to be sent, and can be divided into a request message sent by a client and a reply message sent by a server. In order to record and monitor the data exchange condition of the Redis database, the message of the Redis database is acquired so as to carry out the next analysis.
Step 120: judging whether the message is a request message or a reply message, if the message is the request message, executing step 130, and if the message is the reply message, executing step 140.
The request message records operations that the client wants the server to perform on the data, such as querying, adding, deleting, logical operation, etc. on the data in the database. In addition, each request message also records the request time, the equipment information of the client and the information of the database, such as the ip address of the client, the ip address and the port of the accessed database, and the time when the client sends the request, thereby knowing the detailed information of data transmission. It will be appreciated that the request message also includes content such as the message format, for example, the identifier, version, message length, and user protocol.
The reply message records the operation result of the server on the data, including the execution state and the execution data, such as the data of the query, the logic judgment result, the operation result and the like. It will be appreciated that the reply message also includes content such as the message format, e.g., identifier, version, message length, and user protocol.
In the Redis database, the request message and the reply message both follow the Redis protocol, the Redis protocol has strong readability, and the request and the reply have fixed formats. The request message and the reply message have different formats, the request message is mainly an operation sentence, the grammar is simple, the reply message mainly comprises data corresponding to the identifier and the operation sentence, and the grammar structure is complex. In the database audit, for a request message, operation sentences are mainly analyzed; for the reply message, the data corresponding to the operation statement is mainly analyzed.
In order to analyze the request message and the reply message more quickly and accurately, different analysis algorithms are adopted to analyze the request message and the reply message respectively according to the respective format characteristics of the request message and the reply message, so that the messages are firstly required to be classified, namely whether the messages are the request message or the reply message is judged.
It can be appreciated that the message classification model can be trained by using an existing classification algorithm to determine whether a message is a request message or a reply message.
Step 130: and analyzing the request message according to a first algorithm, obtaining request data, and storing the request data.
And analyzing the request message by adopting a first algorithm to acquire the request data in the request message. The first algorithm is preset according to the structural characteristics of the request message, and can rapidly and accurately analyze the request message. For example, the first algorithm may be an existing text recognition algorithm, and perform recognition analysis on the request message; and then, for example, according to the grammar characteristics of the request message, the request message is analyzed by identifying the operation command symbol, and at the moment, the first algorithm is an operation command symbol identification algorithm.
In some embodiments, the first algorithm may be a syntax-parsing-based algorithm, referring to fig. 3, and specifically, the step 130 further includes:
Step 131: and carrying out grammar analysis on the request message to obtain an operation statement in the request message.
The grammar analysis refers to splitting and identifying operation sentences in the request message according to the grammar of the request message so as to analyze the operation sentences, wherein the operation sentences are specific languages of the request message, and define the operation on data. Typically, the operation statement includes an element pruned check or the like. Each operation sentence has a respective operation command, and the general operation command is located at the head of the operation sentence, for example, the operation sentence of adding an element is set key value. Therefore, the grammar analysis of the whole request message can be completed by identifying the operation command and then extracting the whole operation statement according to the operation command.
Step 132: and storing the operation statement as request data.
The operation statement records the operation of the data, so that the operation statement is stored as the request data, and the access content of the request message can be known only by reading the operation statement in the process of audit analysis.
To further monitor the database for access requests, in some embodiments, referring to FIG. 3, the auditing method further includes:
step 133: and extracting the operation command in the operation statement.
And extracting an operation command in the operation statement to perform the next identification.
Step 134: and identifying the type of the operation command to determine the operation type of the request message.
The type of the operation command can reflect the access condition of the database, is very important to the safety of the database, and can be defined according to the actual condition. For example, when the authority of the user to the database is divided into a query authority and a change authority, only the user with the query authority can perform a query request on the database, and the user with the change authority can perform a query on the database and change, such as adding, replacing, and the like, and the corresponding operation command is divided into a query command and a change command. The type of the operation command is identified, so that the type of the operation of the request message can be determined, the activity condition of the user can be counted, the user can be audited and analyzed, corresponding protective measures are adopted, for example, when the user without changing the authority is found to have the operation of deleting data, the user is intercepted, and the like.
Step 135: and storing the operation type as request data.
And storing the operation type as request data, and recording the access condition to form an audit report so as to facilitate audit analysis.
Step 140: and analyzing the reply message according to a second algorithm, obtaining reply data, and storing the reply data.
And analyzing the reply message by adopting a second algorithm to acquire reply data in the reply message. The second algorithm is preset according to the structural characteristics of the reply message, and can rapidly and accurately analyze the reply message. For example, the second algorithm may be an existing text recognition algorithm, and perform recognition analysis on the reply message; and identifying the identification symbol according to the grammar characteristics of the reply message, and extracting the data corresponding to the operation statement according to the identification symbol. Wherein the second algorithm may be an identifier recognition algorithm.
In some embodiments, referring to fig. 4, the step 140 further includes:
Step 141: an identifier in the reply message is identified.
The reply message has a fixed format including an identifier, reply data, and a space key "\r\n", and the reply data ends with \r\n. The identifier is located in the first byte of the reply message and is used for indicating the type of the reply, and in the Redis reply protocol, there are five different types of replies, which are respectively: status replies, error replies, integer replies, bulk replies, and multiple bulk replies.
Wherein the identifier of the state reply is "+", the first byte is "+", and the identifier is then the reply state, such as "+OK". The error reply is identified by "-" with the first byte being "-" and the identifier being followed by the error type, e.g., "-ERR". The identifier of the integer reply is ": ", the first byte of which is": the identifier is followed by an integer, such as ": 100/r/n). The identifier of the batch reply is "$", the first byte of which is "$", and the identifier is followed by a value representing the length of the actual reply parameter, e.g., "$6\nfoobar\r\n". The identifier of the plurality of batch replies is "×", the first byte is "×", the identifier is followed by an integer value, the integer value records the number of reply parameters contained in the plurality of batch replies, for example "× 3\r\n$3\r \nset \r $5\r \nmykey \r \n $7 \nmyvalue \r \n" ", and 3 following". Indicates that there are 3 reply parameters in the reply, namely SET, mykey and myvalue.
As can be seen from the above, the different reply types have respective formats. Therefore, by identifying the identifier in the message, quick positioning and extraction of reply data are facilitated.
Step 142: and acquiring the reply data according to the identifier, and storing the reply data.
And determining the format corresponding to the reply message through the identifier, and extracting reply data according to the format. For example, when the reply message is a state reply, an error reply or an integer reply, the reply parameter after the identifier is directly extracted as the reply data; when the reply message is a batch reply or a plurality of batch replies, the identifier and the integer value after the identifier need to be removed, and the reply data can be obtained.
In some embodiments, the reply data includes at least one reply parameter, one of the reply parameters corresponding to one of the identifiers in the reply message.
To reduce the identification of the identifier, referring to fig. 5, the step 142 further includes:
step 1421: and acquiring a first identifier in the reply message.
The reply message may have one or more identifiers, each followed by a reply parameter. And acquiring a first identifier in the reply message so as to sequentially analyze.
Step 1422: whether the identifier is a batch reply is determined, if so, step 1423 is executed, and if not, step 1424 is executed.
Determining whether the identifier is "$", if so, executing step 1423, and if the identifier is "+", "-", and "": or performs step 1424.
Step 1423: and extracting the reply parameters after the identifier, and storing the reply parameters.
The format of the batch reply is the identifier followed by a character length, and then a reply parameter, e.g., "$6\r\nfoobar\r\n". Because only one reply parameter is needed, the reply parameter is only needed to be extracted, specifically, the character length value after the identifier is removed, and the reply parameter corresponding to the character length is stored in the corresponding field.
Step 1424: whether the identifier is a plurality of batch replies is determined, if not, step 1425 is executed, and if yes, step 1426 is executed.
If the identifier is not a plurality of bulk replies "+", the identifier may be a status reply "+", an error reply "-" or an integer reply ": ", step 1425 is performed. If the identifier is a plurality of batch replies ". Times ], then step 1426 is performed.
Step 1425: and extracting the reply parameters after the identifier, and storing the reply parameters.
When the identifier is a status reply "+", error reply "-" or integer reply ": and when the method is used, directly extracting the reply parameters after the identifier, and storing the reply parameters.
Step 1426: move to the next identifier in the reply message and return to step 1422 until the reply message is fully parsed.
Since the plurality of batches are replied to the array form, namely the plurality of reply parameters are included, and each reply parameter is preceded by a respective identifier. Therefore, when the identifier is "x", the method moves to the next identifier in the reply message, returns to step 1422, and determines the next identifier, so steps 1422 to 1426 are repeated, the reply types of the identifiers are sequentially determined, and the reply parameters are extracted, until all the identifiers are identified, and the whole reply message is completely parsed. It can be understood that the end of the message analysis can be determined by the following values, and when the number of the reply parameters obtained by the analysis is the above values, the analysis is completed.
In some embodiments, referring to fig. 6, the method further comprises:
Step 150: and acquiring the sending time of the request message and the client information corresponding to the request message, and storing the sending time and the client information.
The request message includes the sending time, ip address and other client information. And acquiring the sending time of the request message and the client information corresponding to the request message through identifying the sending time and the ip address. And storing and recording the sending time of the request message and the client information corresponding to the request message so as to know the accessed time period of the database and the client information of the accessed database in audit analysis.
In the embodiment of the invention, the message of the Redis database is obtained; judging whether the message is a request message or a reply message; if the message is a request message, analyzing the request message according to a first algorithm to obtain request data, and storing the request data; if the message is a reply message, analyzing the reply message according to a second algorithm, obtaining reply data, and storing the reply data. By the method, different algorithms can be adopted for analyzing different messages, analysis efficiency is high and accurate, auditing efficiency of the Redis database is improved, and recording and monitoring of various operations in a business system using the Redis database are realized.
The embodiment of the present application also provides an audit device based on a dis database, please refer to fig. 7, which shows a structure of the audit device based on the dis database provided by the embodiment of the present application, where the audit device 200 includes: the device comprises a first acquisition module 210, a judgment module 220, a first analysis module 230 and a second analysis module 240.
The first obtaining module 210 is configured to obtain the message of the Redis database. The judging module 220 is configured to judge whether the message is a request message or a reply message. The first parsing module 230 is configured to parse the request message according to a first algorithm if the message is the request message, obtain request data, and store the request data. And the second parsing module 240 is configured to parse the reply message according to a second algorithm if the message is the reply message, obtain reply data, and store the reply data.
In some embodiments, the first parsing module 230 further includes a first parsing unit and a first storage unit (not shown). The first parsing unit is configured to parse the request packet to obtain an operation statement in the request packet. The first storage unit is used for storing the operation statement as request data.
In some embodiments, the first parsing unit 230 further includes an extracting unit, a first identifying unit, and a second storing unit (not shown). The extraction unit is used for extracting the operation command in the operation statement. The first identification unit is used for identifying the type of the operation command so as to determine the operation type of the request message. And the second storage unit is used for storing the operation type as request data.
In some embodiments, the second parsing unit 240 further includes a second identifying unit and an acquiring unit (not shown). The second identifying unit is configured to identify an identifier in the reply message. And the acquisition unit is used for acquiring the reply data according to the identifier and storing the reply data.
In some embodiments, the reply data includes at least one reply parameter, one of the reply parameters corresponding to one of the identifiers in the reply message. The acquiring unit is specifically configured to acquire a first identifier in the reply message; judging whether the identifier is a batch reply or not; if yes, extracting the reply parameter after the identifier, and storing the reply parameter; if not, judging whether the identifier is a plurality of batch replies; if not, extracting the reply parameter after the identifier, and storing the reply parameter; if yes, moving to the next identifier in the reply message, and returning to the step of judging whether the identifier is batch reply or not until the reply message is completely resolved.
In some embodiments, the auditing apparatus further includes a second obtaining module 250, configured to obtain a sending time of the request packet and client information corresponding to the request packet, and store the sending time and the client information.
In this embodiment, the auditing apparatus 200 acquires the message of the dis database through the first acquisition module 210; the judging module 220 judges whether the message is a request message or a reply message; if the message is a request message, the first analysis module 230 analyzes the request message according to a first algorithm, obtains request data, and stores the request data; if the message is a reply message, the second parsing module 240 parses the reply message according to a second algorithm, obtains reply data, and stores the reply data. By adopting the mode, different algorithms can be adopted for analyzing different messages, the analysis efficiency is high and accurate, the audit of the Redis database is facilitated to be improved, and the record and the monitoring of various operations in a service system using the Redis database are realized.
The embodiment of the present invention further provides an electronic device 300, referring to fig. 8, including: at least one processor 310; and a memory 320 communicatively coupled to the at least one processor, one processor being illustrated in fig. 8.
The memory 320 stores instructions executable by the at least one processor 310 to enable the at least one processor 310 to perform the auditing methods described above with respect to fig. 2-6. The processor 310 and the memory 320 may be connected by a bus or otherwise, for example in fig. 8.
Memory 320, as a non-transitory computer readable storage medium, may be used to store non-volatile software programs, non-volatile computer executable programs, and modules, such as program instructions/modules for an auditing method in an embodiment of the present application, for example, the various modules shown in fig. 7. The processor 310 executes various functional applications of the server and data processing, i.e., implements the above-described method embodiment auditing methods, by running non-volatile software programs, instructions, and modules stored in the memory 320.
Memory 320 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created from the use of the data desensitizing device, etc. In addition, memory 320 may include high-speed random access memory 320, and may also include non-volatile memory 320, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, memory 320 optionally includes memory 320 located remotely from processor 310, such remote memory 320 being connectable to the data desensitizing apparatus through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 320 and when executed by the one or more processors 310 perform the auditing methods of any of the method embodiments described above, for example, performing the method steps of fig. 2-6 described above, implementing the functions of the modules in fig. 7.
The product can execute the method provided by the embodiment of the application, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be found in the methods provided in the embodiments of the present application.
Embodiments of the present application also provide a computer program product containing program code, which when executed on an electronic device, causes the electronic device to perform the method for auditing based on a Redis database in any of the method embodiments described above, for example, performing the method steps described above in fig. 2 to 6, and implementing the functions of the modules in fig. 7.
The embodiment of the invention has the beneficial effects that: different from the condition of the prior art, the auditing method based on the Redis database provided by the embodiment of the invention is realized by acquiring the message of the Redis database; judging whether the message is a request message or a reply message; if the message is a request message, analyzing the request message to obtain request data, and storing the request data; if the message is a reply message, the reply message is analyzed, reply data are obtained, and the reply data are stored. By the method, the Redis protocol can be effectively analyzed, the analysis efficiency is high and accurate, the audit of the Redis database is completed, and the recording and monitoring of various operations in a service system using the Redis database are realized.
It should be noted that the above-described apparatus embodiments are merely illustrative, and the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
From the above description of embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus a general purpose hardware platform, or may be implemented by hardware. Those skilled in the art will appreciate that all or part of the processes implementing the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and where the program may include processes implementing the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the invention, the steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (7)
1. An audit method based on a Redis database, comprising the steps of:
obtaining a message of the Redis database;
judging whether the message is a request message or a reply message;
if the message is a request message, analyzing the request message according to a first algorithm to obtain request data, and storing the request data, wherein the request data comprises an operation statement and an operation type of the request message;
if the message is a reply message, analyzing the reply message according to a second algorithm to obtain reply data, and storing the reply data;
The analyzing the request message according to the first algorithm, obtaining request data, and storing the request data, specifically includes:
carrying out grammar analysis on the request message to obtain an operation sentence in the request message;
Storing the operation statement as request data;
Extracting an operation command in the operation statement;
Identifying the type of the operation command to determine the operation type of the request message;
And storing the operation type as request data.
2. The auditing method according to claim 1, wherein the steps of parsing the reply message according to a second algorithm, obtaining reply data, and storing the reply data further comprise:
Identifying an identifier in the reply message;
and acquiring the reply data according to the identifier, and storing the reply data.
3. The auditing method of claim 2, wherein,
The reply data comprises at least one reply parameter, and in the reply message, one reply parameter corresponds to one identifier;
The step of obtaining the reply data according to the identifier and storing the reply data further comprises the steps of:
Acquiring a first identifier in the reply message;
Judging whether the identifier is a batch reply or not;
if yes, extracting the reply parameter after the identifier, and storing the reply parameter;
if not, judging whether the identifier is a plurality of batch replies;
If not, extracting the reply parameter after the identifier, and storing the reply parameter;
If yes, moving to the next identifier in the reply message, and returning to the step of judging whether the identifier is batch reply or not until the reply message is completely resolved.
4. The auditing method of claim 1, further comprising;
And acquiring the sending time of the request message and the client information corresponding to the request message, and storing the sending time and the client information.
5. An audit device based on a Redis database, comprising:
The first acquisition module is used for acquiring the message of the Redis database;
The judging module is used for judging whether the message is a request message or a reply message;
the first analysis module is used for analyzing the request message according to a first algorithm if the message is the request message, acquiring request data and storing the request data;
The second analysis module is used for analyzing the reply message according to a second algorithm if the message is the reply message, acquiring reply data and storing the reply data;
The first analysis module further comprises a first analysis unit and a first storage unit, wherein the first analysis unit is used for carrying out grammar analysis on the request message and obtaining an operation statement in the request message; the first storage unit is used for storing the operation statement as request data;
The first analysis unit further comprises an extraction unit, a first identification unit and a second storage unit, wherein the extraction unit is used for extracting an operation command in the operation statement; the first identification unit is used for identifying the type of the operation command so as to determine the operation type of the request message; the second storage unit is used for storing the operation type as request data.
6. The auditing apparatus of claim 5, further comprising:
the second acquisition module is used for acquiring the sending time of the request message and the client information corresponding to the request message, and storing the sending time and the client information.
7. An electronic device, characterized in that,
At least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911330478.XA CN111209266B (en) | 2019-12-20 | 2019-12-20 | Audit method and device based on Redis database and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911330478.XA CN111209266B (en) | 2019-12-20 | 2019-12-20 | Audit method and device based on Redis database and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111209266A CN111209266A (en) | 2020-05-29 |
| CN111209266B true CN111209266B (en) | 2024-05-24 |
Family
ID=70786224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911330478.XA Active CN111209266B (en) | 2019-12-20 | 2019-12-20 | Audit method and device based on Redis database and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111209266B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112527772A (en) * | 2020-12-11 | 2021-03-19 | 深圳昂楷科技有限公司 | Graph database auditing method and auditing equipment |
| CN114157501B (en) * | 2021-12-08 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Parameter analysis method and device based on TianRui database |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503214A (en) * | 2016-11-03 | 2017-03-15 | 北京中安智达科技有限公司 | A kind of complex rule matching process based on Redis memory databases |
| CN106970939A (en) * | 2017-02-14 | 2017-07-21 | 深圳昂楷科技有限公司 | A kind of database audit method and its system |
| CN107104949A (en) * | 2017-03-24 | 2017-08-29 | 深圳昂楷科技有限公司 | Type of database acquisition methods, device and electronic equipment |
| CN107122417A (en) * | 2017-03-31 | 2017-09-01 | 深圳昂楷科技有限公司 | A kind of database audit method and device |
| CN107465661A (en) * | 2017-07-04 | 2017-12-12 | 重庆邮电大学 | A kind of cloud Method of Database Secure Audit method based on Docker virtualizations |
| CN108763543A (en) * | 2018-05-31 | 2018-11-06 | 郑州信大天瑞信息技术有限公司 | Database audit monitors system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10521446B2 (en) * | 2017-02-13 | 2019-12-31 | American Express Travel Related Services Company, Inc. | System and method for dynamically refactoring business data objects |
-
2019
- 2019-12-20 CN CN201911330478.XA patent/CN111209266B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503214A (en) * | 2016-11-03 | 2017-03-15 | 北京中安智达科技有限公司 | A kind of complex rule matching process based on Redis memory databases |
| CN106970939A (en) * | 2017-02-14 | 2017-07-21 | 深圳昂楷科技有限公司 | A kind of database audit method and its system |
| CN107104949A (en) * | 2017-03-24 | 2017-08-29 | 深圳昂楷科技有限公司 | Type of database acquisition methods, device and electronic equipment |
| CN107122417A (en) * | 2017-03-31 | 2017-09-01 | 深圳昂楷科技有限公司 | A kind of database audit method and device |
| CN107465661A (en) * | 2017-07-04 | 2017-12-12 | 重庆邮电大学 | A kind of cloud Method of Database Secure Audit method based on Docker virtualizations |
| CN108763543A (en) * | 2018-05-31 | 2018-11-06 | 郑州信大天瑞信息技术有限公司 | Database audit monitors system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111209266A (en) | 2020-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108763031B (en) | Log-based threat information detection method and device | |
| CN111522922B (en) | Log information query method and device, storage medium and computer equipment | |
| EP2244418B1 (en) | Database security monitoring method, device and system | |
| CN107656968B (en) | Method and system for exporting large-batch business data | |
| CN107015948B (en) | Log information formatting method and system | |
| CN107870849B (en) | Processing method and device of test log | |
| CN111209266B (en) | Audit method and device based on Redis database and electronic equipment | |
| CN108052824B (en) | Risk prevention and control method and device and electronic equipment | |
| CN111740868B (en) | Alarm data processing method and device and storage medium | |
| CN114328566A (en) | Relationship graph updating method, device, medium, equipment and generating method | |
| CN114461864A (en) | Alarm tracing method and device | |
| CN112241355B (en) | Link tracking method, system, computer readable storage medium and electronic device | |
| CN116346961B (en) | Financial message processing method and device, electronic equipment and storage medium | |
| CN116611416A (en) | Sample data generation and information detection methods, devices, equipment and storage medium | |
| CN114492324A (en) | Component data statistical method and device | |
| CN113949640B (en) | Service data processing method and device | |
| CN107590011B (en) | Method and system for inquiring APP (application) error information of mobile terminal | |
| CN113992436B (en) | Local information generating method, device, equipment and storage medium | |
| CN117176507B (en) | Data analysis method, device, electronic equipment and storage medium | |
| CN111143644A (en) | Identification method and device of Internet of things equipment | |
| CN113141366B (en) | Message submitting method and device, storage medium and electronic equipment | |
| CN114401202B (en) | Data period monitoring method and storage medium | |
| CN115174274B (en) | Data processing method, industrial control system, electronic device, and storage medium | |
| CN115237503B (en) | VR-based ecological model building method and system | |
| CN115277881B (en) | Network message analysis method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |