CN116909838A - Abnormal log reporting method, system, terminal equipment and storage medium - Google Patents
Abnormal log reporting method, system, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN116909838A CN116909838A CN202310744076.4A CN202310744076A CN116909838A CN 116909838 A CN116909838 A CN 116909838A CN 202310744076 A CN202310744076 A CN 202310744076A CN 116909838 A CN116909838 A CN 116909838A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- log
- information
- abnormality
- anomaly
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 344
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000005856 abnormality Effects 0.000 claims abstract description 104
- 230000006698 induction Effects 0.000 claims abstract description 99
- 238000013075 data extraction Methods 0.000 claims abstract description 45
- 238000007781 pre-processing Methods 0.000 claims description 32
- 238000012545 processing Methods 0.000 claims description 20
- 238000004458 analytical method Methods 0.000 claims description 18
- 238000012360 testing method Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 11
- 230000006399 behavior Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 5
- 230000000763 evoking effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 239000011521 glass Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- HTRJZMPLPYYXIN-UHFFFAOYSA-N 2-acetamido-3-[[4-[(2-acetamido-2-carboxyethyl)sulfanylcarbothioylamino]phenyl]carbamothioylsulfanyl]propanoic acid Chemical compound CC(=O)NC(C(O)=O)CSC(=S)NC1=CC=C(NC(=S)SCC(NC(C)=O)C(O)=O)C=C1 HTRJZMPLPYYXIN-UHFFFAOYSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
- 210000000707 wrist Anatomy 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
- G06F11/3082—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting the data filtering being achieved by aggregating or compressing the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present application relates to the field of wearable devices, and in particular, to an exception log reporting method, a system, a terminal device, and a storage medium. If the abnormal information does not accord with the preset abnormal setting standard, acquiring and judging whether the key field corresponding to the abnormal information accords with the redundant information eliminating standard; if the redundant information is not matched with the redundant information, extracting a corresponding target key field in the abnormal information, and adding the target key field to the redundant information rejection standard to serve as an updated redundant information rejection standard; if the abnormality information accords with the preset abnormality setting standard, obtaining an abnormality setting grade corresponding to the abnormality information and a corresponding data extraction rule; and extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, and generating a corresponding abnormality log reporting set. The method, the system, the terminal equipment and the storage medium for reporting the abnormal log have the effect of improving the quality of information reported by the abnormal log.
Description
Technical Field
The present application relates to the field of wearable devices, and in particular, to an exception log reporting method, a system, a terminal device, and a storage medium.
Background
Network devices, systems, and service programs, etc., generate a log of events during operation, and each log of each line describes the date, time, user, action, etc. associated operations.
The log records the detailed information of the software system during operation, and system development and operation staff can analyze the abnormal behavior and errors of the system according to the log. For example, when a software program of a certain wearable device runs abnormally, it is generally required to report an abnormality log to an after-sales terminal, analyze the cause of the abnormality by the after-sales terminal through the abnormality log, and further take measures to solve the abnormality.
In practical use, a large amount of redundant information may exist in the content reported by the exception log, which may cause the performance of the wearable device, the program or the system to be reduced or even crashed, so that an administrator or a developer cannot effectively collect substantial system exception information.
Disclosure of Invention
In order to improve the quality of the report information of the abnormal log and facilitate the analysis and diagnosis of the abnormal problem by a system administrator or a developer, the application provides an abnormal log report method, an abnormal log report system, a terminal device and a storage medium.
In a first aspect, the present application provides an exception log reporting method, including the following steps:
obtaining a target log;
if the access authority of the target log accords with the preset access authority, judging whether the target log is abnormal or not according to a preset abnormal identification rule;
if the target log is abnormal, acquiring a corresponding abnormal log type;
identifying the type of the abnormal log and acquiring corresponding abnormal information;
if the abnormal information does not accord with the preset abnormal setting standard, acquiring and judging whether a key field corresponding to the abnormal information accords with a redundant information eliminating standard;
if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard, extracting a corresponding target key field in the abnormal information, and adding the target key field to the redundant information rejection standard to serve as the updated redundant information rejection standard;
if the abnormality information accords with the preset abnormality setting standard, obtaining an abnormality setting grade corresponding to the abnormality information;
acquiring a data extraction rule corresponding to the abnormal setting grade;
and extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, generating a corresponding abnormality log reporting set, and sending the report set to a user display end.
By adopting the technical scheme, the corresponding abnormal information is acquired by identifying the abnormal log type, the abnormality of the system or equipment recorded in the log can be primarily judged through the abnormal information, if the abnormal information does not accord with the preset abnormal setting standard, the current abnormal information is described as redundant information, in order to improve the eliminating effect of the related redundant information in the log, whether the key field in the redundant information accords with the conventional redundant information eliminating standard is further judged, if the key field does not accord with the conventional redundant information eliminating standard, the corresponding target key field is added to the redundant information eliminating standard as the updated redundant information eliminating standard, the current redundant information can be comprehensively eliminated according to the latest redundant information eliminating standard, if the abnormal information accords with the preset abnormal setting standard, the abnormal induction source in the abnormal information and the abnormal influence data corresponding to the abnormal induction source are extracted according to the abnormal setting grade corresponding to the abnormal information and the data extraction rule corresponding to each abnormal setting grade, and the corresponding abnormal report collection of the abnormal log is generated.
Optionally, if the target log is abnormal, acquiring the corresponding abnormal log type includes the following steps:
if the target log is abnormal, judging whether the target log has associated abnormality or not;
if the target log has the association abnormality, acquiring an association log corresponding to the association abnormality;
if the access rights of the associated log do not exist, obtaining rights configuration information corresponding to the associated log;
and combining the associated log and the authority configuration information to generate a corresponding log missing prompt item.
By adopting the technical scheme, the associated log which does not acquire the access rights and the corresponding rights configuration information can be acquired according to the log missing prompt item, so that an administrator can acquire and analyze the associated abnormality of the target log conveniently.
Optionally, after the obtaining the association log corresponding to the association exception if the association exception exists in the target log, the method further includes the following steps:
if the access rights of the associated log exist, acquiring an associated abnormal item corresponding between the target log and the associated log;
if the associated abnormal items are a plurality of, acquiring corresponding abnormal associated grades;
Setting output priorities corresponding to the associated abnormal items according to the abnormal association level;
and outputting the corresponding associated abnormal item according to the output priority.
By adopting the technical scheme, the corresponding associated abnormal item is output according to the output priority, and the information with relatively tight abnormal association of the target log can be analyzed and processed preferentially, so that the quality of the information reported by the abnormal log is improved.
Optionally, extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display end, where the step of generating the corresponding anomaly log reporting set includes:
if the abnormal information is warning information, extracting warning faults in the warning information as the abnormal induction source according to the data extraction rule;
identifying the abnormality induction source, and acquiring corresponding abnormality influence data and an abnormality preprocessing strategy;
and generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data and the abnormal preprocessing strategy, and sending the corresponding abnormal log reporting set to a user display end.
By adopting the technical scheme, an avoidance scheme that the system is likely to fail can be shown for an administrator in advance according to the exception preprocessing strategy, so that the quality of reporting information of the exception log is improved.
Optionally, after the identifying the anomaly induction source, the acquiring the corresponding anomaly impact data and anomaly preprocessing strategy further includes the following steps:
if the abnormal preprocessing strategies are multiple, obtaining corresponding trial-error rates;
setting a processing grade corresponding to the abnormal preprocessing strategy according to the error testing rate, wherein the error testing rate is inversely proportional to the processing grade;
and calling the corresponding exception preprocessing strategy according to the processing grade to process the exception induction source.
By adopting the technical scheme, the corresponding processing grade is set according to the trial-and-error rate corresponding to each abnormal preprocessing strategy, so that the system abnormality repairing efficiency is improved.
Optionally, extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display end, where the step of generating the corresponding anomaly log reporting set includes:
if the abnormal information is error information, extracting a target fault in the error information as the abnormal induction source according to the data extraction rule;
acquiring corresponding abnormal influence data and historical similar faults according to the abnormal induction source;
Acquiring induction frequency associated data corresponding to the similar historical faults;
and generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data, the historical similar faults and the induction frequency associated data, and sending the corresponding abnormal log reporting set to a user display end.
By adopting the technical scheme, according to the historical similar faults corresponding to the target faults and the induction frequency associated data of the historical similar faults, an administrator can perform full-period analysis on the target faults, so that the quality of reporting information of the abnormal logs is improved.
Optionally, extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display end, where the step of generating the corresponding anomaly log reporting set includes:
if the abnormal information is serious error information, extracting serious faults in the serious error information as the abnormal induction source according to the data extraction rule;
identifying the abnormal induction source and acquiring corresponding abnormal influence data and system collapse data;
processing the system crash data according to a preset tracking classification strategy to generate a crash analysis table;
And generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data and the crash analysis table, and sending the corresponding abnormal log reporting set to a user display end.
By adopting the technical scheme, various causes of the crash of the current system and the relation among the causes can be reflected according to the crash analysis table, so that the quality of reporting information of the abnormal log is improved.
In a second aspect, the present application provides an exception log reporting system, including:
the first acquisition module is used for acquiring a target log;
the first identification module is used for judging whether the target log is abnormal or not according to a preset abnormal identification rule if the access right of the target log accords with the preset access right;
the second acquisition module is used for acquiring a corresponding abnormal log type if the target log is abnormal;
the second identification module is used for identifying the type of the abnormal log and acquiring corresponding abnormal information;
the judging module is used for acquiring and judging whether the key field corresponding to the abnormal information accords with a redundant information eliminating standard or not if the abnormal information does not accord with the preset abnormal setting standard;
The updating module is used for extracting a corresponding target key field in the abnormal information and adding the target key field to the redundant information rejection standard as the updated redundant information rejection standard if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard;
the third acquisition module is used for acquiring an abnormality setting grade corresponding to the abnormality information if the abnormality information accords with a preset abnormality setting standard;
a fourth obtaining module, configured to obtain a data extraction rule corresponding to the anomaly setting level;
the generation module is used for extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, generating a corresponding abnormality log reporting set and sending the report set to a user display end.
By adopting the technical scheme, the corresponding abnormal information is obtained according to the type of the abnormal log identified by the first identification module, the abnormality of the system or equipment recorded in the log can be primarily judged through the abnormal information, the current abnormal information is described as redundant information through judging by the judging module, if the abnormal information does not accord with the preset abnormal setting standard, in order to promote the eliminating effect of the related redundant information in the log, whether the key field in the redundant information accords with the conventional redundant information eliminating standard is further judged by the judging module, if the key field does not accord with the conventional redundant information eliminating standard, the corresponding target key field is added to the redundant information eliminating standard through the updating module as the updated redundant information eliminating standard, the current redundant information can be comprehensively eliminated according to the latest redundant information eliminating standard, if the abnormal information accords with the preset abnormal setting standard, the abnormal induction source and the abnormal influence data corresponding to the abnormal induction source in the abnormal information are extracted according to the abnormal setting grade and the data extraction rule corresponding to the abnormal setting grade, and the corresponding abnormal log reporting set is generated through the generating module, and the quality of the abnormal classified information is improved.
In a third aspect, the present application provides a terminal device, which adopts the following technical scheme:
the terminal equipment comprises a memory and a processor, wherein the memory stores computer instructions capable of running on the processor, and the processor adopts the method for reporting the abnormal log when loading and executing the computer instructions.
By adopting the technical scheme, the computer instruction is generated by the method for reporting the abnormal log and is stored in the memory to be loaded and executed by the processor, so that the terminal equipment is manufactured according to the memory and the processor, and the use is convenient.
In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
a computer readable storage medium having stored therein computer instructions which, when loaded and executed by a processor, employ an exception log reporting method as described above.
By adopting the technical scheme, the computer instruction is generated by the method for reporting the abnormal log and is stored in the computer readable storage medium to be loaded and executed by the processor, and the computer instruction is convenient to read and store by the computer readable storage medium.
In summary, the present application includes at least one of the following beneficial technical effects: the method comprises the steps of identifying an abnormal log type to obtain corresponding abnormal information, primarily judging the abnormality of a system or equipment recorded in a log through the abnormal information, if the abnormal information does not meet a preset abnormal setting standard, indicating that the current abnormal information is redundant information, further judging whether a key field in the redundant information meets a conventional redundant information eliminating standard or not in order to improve the eliminating effect of the related redundant information in the log, if the key field does not meet the conventional redundant information eliminating standard, adding a corresponding target key field to the redundant information eliminating standard as an updated redundant information eliminating standard, further comprehensively eliminating the current redundant information according to the latest redundant information eliminating standard, and if the abnormal information meets the preset abnormal setting standard, extracting an abnormal induction source in the abnormal information and abnormal influence data corresponding to the abnormal induction source according to the abnormal setting grade and the data extraction rule corresponding to each abnormal setting grade, and generating a corresponding abnormal log reporting set.
Drawings
Fig. 1 is a schematic flow chart of steps S101 to S109 in an anomaly log reporting method according to the present application.
Fig. 2 is a schematic flow chart of steps S201 to S204 in the method for reporting an exception log according to the present application.
Fig. 3 is a schematic flow chart of steps S301 to S304 in the method for reporting an exception log according to the present application.
Fig. 4 is a schematic flow chart of steps S401 to S403 in the method for reporting an exception log according to the present application.
Fig. 5 is a schematic flow chart of steps S501 to S503 in the method for reporting an exception log according to the present application.
Fig. 6 is a schematic flow chart of steps S601 to S604 in the method for reporting an exception log according to the present application.
Fig. 7 is a flowchart illustrating steps S701 to S704 in an exception log reporting method according to the present application.
FIG. 8 is a block diagram of an exception log reporting system according to the present application.
Reference numerals illustrate:
1. a first acquisition module; 2. a first identification module; 3. a second acquisition module; 4. a second identification module; 5. a judging module; 6. updating a module; 7. a third acquisition module; 8. a fourth acquisition module; 9. and generating a module.
Detailed Description
The application is described in further detail below with reference to fig. 1-8.
The embodiment of the application discloses an exception log reporting method, which is shown in fig. 1 and comprises the following steps:
s101, acquiring a target log;
s102, if the access authority of the target log accords with the preset access authority, judging whether the target log is abnormal or not according to a preset abnormal identification rule;
s103, if the target log is abnormal, acquiring a corresponding abnormal log type;
s104, identifying an abnormal log type and acquiring corresponding abnormal information;
s105, if the abnormal information does not accord with the preset abnormal setting standard, acquiring and judging whether the key field corresponding to the abnormal information accords with the redundant information eliminating standard;
s106, if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard, extracting a corresponding target key field in the abnormal information, and adding the target key field to the redundant information rejection standard to serve as an updated redundant information rejection standard;
s107, if the abnormality information accords with a preset abnormality setting standard, obtaining an abnormality setting grade corresponding to the abnormality information;
s108, acquiring a data extraction rule corresponding to the abnormal setting grade;
s109, extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, generating a corresponding abnormality log reporting set, and sending the report set to a user display end.
In practical application, in order to facilitate description of the present solution, a wearable device and a corresponding system or program are taken as an example for explanation. The wearable device is in the form of a portable accessory with a part of computing function and capable of being connected with a mobile phone and various terminals, and the main product forms comprise wrist-supported watch (including products such as a watch and a wrist strap), foot-supported shoes (including shoes, socks or products worn on other legs in the future), head-supported Glass (including glasses, helmets, a headband and the like), intelligent clothing, schoolbags, crutches, accessories and other various non-main product forms.
In step S101, the target log refers to a log type of the current system occurrence, and the log type may be classified into a system log, an application log, an audit log, a security log, and a performance log. Wherein, the system log records the activity of the operating system; the application program log records the activity of the application program; recording the activity of an audit log recording system; the security log records security events; the performance log records performance monitoring information.
In step S102, the access to the target log needs to have a corresponding access right before, and the log type access right is set to protect data security, prevent malicious users from accessing sensitive information in the system, and thus ensure security of the system. In addition, the setting of access rights can also help a system administrator to better control and manage user access to the system.
Secondly, if the access authority of the target log accords with the preset access authority, the current visitor accords with the access and reading authorities of the target log. The preset access authority refers to a log access authority preset by an administrator, which may be set through system security or set using specific log access control software. For example, different permissions may be set for each user according to different user types to prevent malicious access to system sensitive information.
Further, whether the target log is abnormal or not is judged according to a preset abnormal recognition rule, wherein the preset abnormal recognition rule is that content appearing in the target log is analyzed through a related log analysis tool, and whether the system is abnormal or not is further recognized and judged.
In step S103, if the current target log is abnormal, it is indicated that the system has a related abnormal condition, which may be a technical problem or a problem occurring when the user uses the system, and in order to further perform deep analysis on the abnormality occurring in the log, a corresponding abnormal log type is obtained.
In actual practice, the exception log is a log printed when an exception occurs in a system or a program, and may be only a state or a description of a case when the exception occurs, and does not include error information. The types of anomalies contained in the anomaly log are divided into: file/folder operation anomalies, network anomalies, database anomalies, hardware anomalies, system anomalies, and other anomalies.
The exception log type may be classified into a warning log, an error log, and a serious error log, among others. The warning log relates to the problem that the system may fail; error logs relate to errors that have occurred in a program or system; the critical error log relates to a situation that a system fails seriously and may cause a system crash.
In step S104, by identifying the type of the anomaly log, specific corresponding anomaly information, which is the content of anomaly information corresponding to the type of the anomaly log, can be obtained. For example, if the type of the anomaly log is a warning log, the corresponding anomaly information includes error information possibly occurring in the system, analysis results of the anomaly condition, and information such as system performance change.
In step S105, the preset abnormality setting criterion refers to an abnormality information attention criterion preset by the administrator. For example, the types of information contained in the target log are: the administrator can select the information types as the abnormal information attention standard according to the requirements of combining the actual scenes, if the system resource use condition, the error information and the system performance change as the abnormal information attention standard, namely the preset abnormal setting standard, the current abnormal information is analyzed according to the abnormal information attention standard, and whether the abnormal information belongs to a plurality of pieces of information in the abnormal information attention standard is judged.
If the abnormal information does not meet the preset abnormal setting standard, the current abnormal information is indicated to be not in accordance with the preset abnormal information attention standard, and is classified as redundant information directly, in order to reduce the quantity of junk information in the log and improve the quality of the information reported by the abnormal log, whether a key field corresponding to the abnormal information meets the redundant information rejection standard is judged, the key field refers to a key word field in the redundant information, the redundant information rejection standard is a redundant information identification rejection standard in a preset information refining program, and the information refining program analyzes and compares the abnormal information in the log and rejects the redundant information of the same type in the log according to the set redundant information key field characteristic identification standard, so that the readability of the log is improved.
For example, the redundant information rejection criteria include repeated error reports, repeated warning messages, repeated query requests, and repeated system status update information in the log, and if the critical field of the system identification anomaly information determines that the anomaly information is a repeated error report, the anomaly information can be obtained to meet the redundant information rejection criteria.
In step S106, if the key field corresponding to the abnormal information does not meet the redundant information rejection criteria, it is indicated that the abnormal information is also unimportant information for the user or the administrator, and in order to update the redundant information rejection criteria in real time, the target key field corresponding to the abnormal information is extracted, and the target key field is added to the redundant information rejection criteria as the updated redundant information rejection criteria.
For example, the key field of the abnormal information is identified by the system to judge that the abnormal information is the repeated date information, and the key field corresponding to the abnormal information can be judged to not meet the redundant information rejection standard, then the repeated date in the abnormal information is further extracted as the target key field, and the repeated date is added to the redundant information rejection standard to be used as the updated redundant information rejection standard.
In step S107, if the anomaly information meets the preset anomaly setting criteria, it is indicated that the anomaly information meets the preset anomaly information attention criteria, and in order to refine the indication information of the anomaly of the system and further improve the quality of the acquired information, the anomaly setting level corresponding to the anomaly information is acquired, and the anomaly setting level is the anomaly information importance level preset by the administrator. For example, the preset anomaly setting criteria are a system resource usage, error information and a system performance change, wherein the anomaly setting level corresponding to the system resource usage is 1 level, the anomaly setting level corresponding to the system performance change is 2 level, the anomaly setting level corresponding to the error information is 3 level, the 1 level anomaly setting level is higher than the 2 level anomaly setting level, the 2 level anomaly setting level is higher than the 3 level anomaly setting level, the system resource usage is primary concern anomaly information, the system performance change is secondary concern anomaly information, and the error information is low concern anomaly information for an administrator.
In step S108, the data extraction rule refers to a data extraction method corresponding to different abnormality setting levels. For example, the anomaly setting level is 1, and the corresponding data extraction rule is the CPU usage status, the memory usage status, the network resource usage status and the storage resource usage status among the extraction system resource usage status.
In step S109, the abnormality induction source refers to the source that induces the system failure, and the abnormality influence data refers to the display data affected by the abnormality induction source. For example, the abnormal information is CPU usage abnormal information, the CPU usage abnormal information comprises various operation parameters of the CPU and abnormal display data, and a corresponding abnormal induction source is extracted according to a corresponding data extraction rule to be the CPU temperature is overhigh, and the influence of the abnormal induction source is the system performance display parameter.
According to the method for reporting the abnormal log, the corresponding abnormal information is acquired by identifying the type of the abnormal log, the abnormality of a system or equipment recorded in the log can be primarily judged through the abnormal information, if the abnormal information does not accord with the preset abnormal setting standard, the current abnormal information is indicated to be redundant information, in order to improve the eliminating effect of the related redundant information in the log, whether the key field in the redundant information accords with the conventional redundant information eliminating standard is further judged, if the key field does not accord with the conventional redundant information eliminating standard, the corresponding target key field is added to the redundant information eliminating standard and is used as the updated redundant information eliminating standard, the current redundant information can be comprehensively eliminated according to the latest redundant information eliminating standard, if the abnormal information accords with the preset abnormal setting standard, the abnormal induction source in the abnormal information and the abnormal influence data corresponding to the abnormal induction source are extracted according to the abnormal setting grade and the data extraction rule corresponding to each abnormal setting grade, and the corresponding abnormal log reporting set is generated, and the quality of the abnormal log reporting information is improved.
In one implementation manner of the present embodiment, as shown in fig. 2, step S103, that is, if the target log is abnormal, includes the following steps of:
s201, if the target log is abnormal, judging whether the target log has associated abnormality or not;
s202, if the target log has association abnormality, acquiring an association log corresponding to the association abnormality;
s203, if the access rights of the associated log do not exist, obtaining rights configuration information corresponding to the associated log;
s204, combining the associated log and the authority configuration information to generate a corresponding log missing prompt item.
In step S201 to step S202, the associated anomaly means that the display information corresponding to one of the system anomalies is composed of records corresponding to a plurality of log types. For example, malicious code may run in the system, so that it can be seen that some related information exists in the security log and the performance log, other abnormal conditions may also exist, such as insufficient system memory and network connection, and the related abnormality exists in the target log, so that the corresponding related log is further obtained as the security log and the performance log.
In step S203 to step S204, if there is no access right of the associated log, it is indicated that there is no corresponding log access right for the current user, which results in incomplete collection of log information corresponding to the system exception, and in order to mark such a problem, to prompt the relevant user or administrator to pay attention, the authority configuration information corresponding to the associated log is further obtained, where the authority configuration information includes which users can access the log, which users can modify the log, which users can delete the log, which users can add the log, which logs can be viewed by other users, which logs should be backed up periodically, and so on.
And secondly, generating a corresponding log missing prompting item by combining the associated log and the authority configuration information corresponding to the associated log, and obtaining the corresponding associated log corresponding to the target log and the content of the corresponding authority configuration information of the associated log by a user or an administrator through the log missing prompting item.
According to the abnormal log reporting method provided by the embodiment, the associated log which does not acquire the access rights and the corresponding rights configuration information can be acquired according to the log missing prompt item, so that an administrator can acquire and analyze the associated abnormality of the target log conveniently.
In one implementation manner of the present embodiment, as shown in fig. 3, in step S202, if the target log has an association abnormality, the method further includes the following steps after obtaining an association log corresponding to the association abnormality:
s301, if access rights of the associated log exist, acquiring an associated abnormal item corresponding between the target log and the associated log;
s302, if a plurality of abnormal association items are associated, acquiring corresponding abnormal association levels;
s303, setting output priorities corresponding to the associated abnormal items according to the abnormal association level;
s304, outputting the corresponding associated abnormal item according to the output priority.
In step S301 to step S302, if there is an access right of the association log, it is indicated that the current user may view or analyze the association log, and the association abnormal item refers to an abnormal information association between the association logs, and may include: time, event, request, response, user, address, etc. For example, a user may issue a large number of requests in a short time, and may find that they may be requests issued by automated means such as script, and malicious behavior may exist by analyzing the time, user, and address information between them, which are associated abnormal items, wherein the time and user information are recorded in a security log, and the address information is recorded in a web server log, and the user has access rights to both the security log and the web server.
Further, the abnormal association level of the associated abnormal item is obtained, the abnormal association level refers to an information importance level corresponding to the associated abnormal association level, and the abnormal association level can be preset according to a user or an administrator or can be a default setting of a system. For example, a user sends out a large number of exception requests in a short time, and the corresponding exception association includes a request time, a request event and a request address, wherein the request event corresponds to a level 1 exception association level, the request address corresponds to a level 2 exception association level, and the request time corresponds to a level 3 exception association level.
In step S303 to step S304, according to the obtained abnormal association level, the output priority corresponding to each associated abnormal item is set, where the abnormal association level is proportional to the output priority corresponding to the abnormal association level, that is, the higher the abnormal association level is, the higher the corresponding output priority is, and then the corresponding associated abnormal item is output according to the set output priority.
According to the abnormal log reporting method, corresponding associated abnormal items are output according to the output priority, and the information with relatively tight abnormal association of the target log can be analyzed and processed preferentially, so that the quality of the abnormal log reporting information is improved.
In one implementation manner of the present embodiment, as shown in fig. 4, step S109 is to extract an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to a data extraction rule, generate a corresponding anomaly log reporting set, and send the report set to a user display end, where the step includes the following steps:
s401, if the abnormal information is warning information, a warning fault in the warning information is extracted according to a data extraction rule to serve as an abnormal induction source;
s402, identifying an abnormality induction source, and acquiring corresponding abnormality influence data and an abnormality preprocessing strategy;
S403, generating a corresponding abnormal log reporting set by combining an abnormal induction source, abnormal influence data and an abnormal preprocessing strategy, and sending the report set to a user display end.
In step S401, the warning information refers to problem information related to possible system faults in the warning log, including information such as a time stamp, an event type, a user ID, an IP address, an operating system version, and an application program version; the data extraction rule refers to a data extraction scheme corresponding to the warning information, namely, the warning fault related information in the warning information is extracted as an abnormal induction source, and the abnormal induction source refers to source information causing the warning fault.
For example, when a user attempts to access the system in an illegal manner, the warning information recorded in the warning log is: the information of time, event type (such as access failure), user ID, operating system version, application program version, etc. then extracts the corresponding warning fault including user ID and event type according to the corresponding data extraction rule.
In step S402 to step S403, in order to perform security processing on the warning behavior of the user, the anomaly induction source is identified, so as to obtain corresponding anomaly impact data and an anomaly preprocessing policy, where the anomaly impact data refers to parameter data affected by the anomaly induction source in the system when the warning behavior occurs, and the anomaly preprocessing policy refers to a preset method for preventing the warning behavior, that is, the anomaly induction source, the anomaly impact data and the anomaly preprocessing policy, and then the anomaly induction source, the anomaly impact data and the anomaly preprocessing policy are combined to generate a corresponding anomaly log reporting set and send the anomaly log reporting set to the user display end.
For example, when a user attempts to access a system in an illegal manner, their corresponding exception preprocessing policies are: 1. implementing a security policy to ensure that only authorized users can access the system; 2. periodically and safely scanning the system to find and repair possible loopholes; 3. monitoring a system log, timely finding out abnormal behaviors and taking measures; 4. and (3) system upgrading is carried out regularly, so that the safety of the system is ensured.
According to the method for reporting the abnormal log, provided by the embodiment, an avoidance scheme of possible faults of the system can be shown for an administrator in advance according to the abnormal preprocessing strategy, so that the quality of the information reported by the abnormal log is improved.
In one implementation manner of this example, as shown in fig. 5, in step S402, that is, identifying an anomaly induction source, after obtaining corresponding anomaly impact data and anomaly preprocessing strategies, the method further includes the following steps:
s501, if the abnormal preprocessing strategies are multiple, acquiring corresponding error testing rates;
s502, setting a processing grade corresponding to an abnormal preprocessing strategy according to a trial-error rate, wherein the trial-error rate is inversely proportional to the processing grade;
s503, calling a corresponding exception preprocessing strategy according to the processing grade to process the exception induction source.
In step S501, if the number of abnormal preprocessing strategies is multiple, in order to reduce the probability of system errors caused by the warning behavior, the error testing rate corresponding to each abnormal preprocessing strategy is obtained, the error testing rate refers to the proportion of failed requests in the system, the multiple abnormal preprocessing strategies correspond to different safety protection systems, and generally, a lower error testing rate means that the availability, safety and success rate of the safety protection systems are higher.
In step S502 to step S503, according to the obtained error rate, a processing level corresponding to the abnormal pre-processing policy is set, the error rate is inversely proportional to the processing level, that is, the lower the error rate is, the higher the corresponding processing level is, and then the abnormal induction source is processed according to the processing level calling corresponding abnormal pre-processing policy.
According to the method for reporting the exception log, corresponding processing grades are set according to the error testing rate corresponding to each exception preprocessing strategy, so that the system exception repairing efficiency is improved.
In one implementation manner of the present embodiment, as shown in fig. 6, step S109 is to extract an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to a data extraction rule, generate a corresponding anomaly log reporting set, and send the report set to a user display end, where the step includes the following steps:
S601, if the abnormal information is error information, extracting a target fault in the error information according to a data extraction rule to serve as an abnormal induction source;
s602, acquiring corresponding abnormal influence data and historical similar faults according to an abnormal induction source;
s603, acquiring induction frequency associated data corresponding to similar historical faults;
s604, generating a corresponding abnormal log reporting set by combining an abnormal induction source, abnormal influence data, historical similar faults and induction frequency associated data, and sending the corresponding abnormal log reporting set to a user display end.
In step S601, if the anomaly information is an error information, it is indicated that the error information relates to an error that has occurred in the program or the system, so that the target fault in the error information is extracted as an anomaly induction source according to the data extraction rule corresponding to the error information, and the target fault is a fault corresponding to the error that has occurred. Error information is typically recorded in an error log, the error information including: information such as time of occurrence, type of error, error message, error code, user ID, IP address, operating system version, application version, etc.
For example, when a user attempts to access a resource that is NOT present in the system, the error information recorded in the error log has an error occurrence time, an error type (e.g., 404 NOT FOUND), and a corresponding error code.
Further, through the identification of the error information, the corresponding target faults are extracted, so that the error can be generated from a plurality of sources, including hardware problems, operating system errors, code errors, user input errors and the like, and the error sources can be found by analyzing the error information.
In step S602, in order to facilitate the administrator or the developer to find some repeated error problems, so as to find the sources of the errors more quickly, corresponding abnormal influence data and historical similar faults are obtained according to the abnormal induction sources, wherein the abnormal influence data refers to data parameters of the system possibly affected by the errors recorded in the error information, and the historical similar faults refer to records of errors of a certain type in the past several times.
In steps S603 to S604, in order to analyze the target fault recorded in the error information in depth, the evoked frequency associated data corresponding to the similar fault of the history corresponding to the target fault is obtained, the evoked frequency associated data refers to analysis of similar faults of the history to find out the possibility of error under specific conditions, by analyzing the evoked frequency associated data, the key factors which may cause error can be found out,
Further, by combining the obtained abnormality induction source, the abnormality influence data, the historical similar faults and the induction frequency associated data, a corresponding abnormality log reporting set is generated and sent to a user display end, so that a more targeted solving method for the target faults is conveniently provided for a developer or an administrator.
According to the abnormal log reporting method provided by the embodiment, according to the historical similar faults corresponding to the target faults and the induction frequency associated data of the historical similar faults, an administrator can conduct full-period analysis on the target faults, so that the quality of the abnormal log reporting information is improved.
In one implementation manner of the present embodiment, as shown in fig. 7, step S109 is to extract an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to a data extraction rule, generate a corresponding anomaly log reporting set, and send the report set to a user display end, where the step includes the following steps:
s701, if the abnormal information is serious error information, extracting serious faults in the serious error information as an abnormal induction source according to a data extraction rule;
s702, identifying an abnormal induction source, and acquiring corresponding abnormal influence data and system collapse data;
S703, processing system crash data according to a preset tracking classification strategy to generate a crash analysis table;
s704, generating a corresponding abnormal log reporting set by combining an abnormal induction source, abnormal influence data and a breakdown analysis table, and sending the report set to a user display end.
In step S701, if the exception information is a severe error information, it is indicated that the severe error information indicates a severe fault occurring in the system and may cause a system crash, and then the severe fault in the severe error information is extracted as an exception provoking source according to a data extraction rule corresponding to the severe error information, where the severe fault includes a memory leak, a driver error, a hardware fault, a software bug, a software incompatibility, etc., and if the fault is not found and resolved in time, the system crash may be caused.
In step S702, by identifying an anomaly induction source, corresponding anomaly impact data and system crash data are obtained, wherein the anomaly impact data refer to system data parameters that are affected when a crash occurs in the system, and the system crash data refer to analysis data corresponding to a severe fault. For example, a catastrophic failure is a software incompatibility whose corresponding system crash data includes operating system version inconsistencies, software version inconsistencies, hardware driver incompatibilities, and software installation file corruption.
In step S703 to step S704, in order to continuously pay attention to the system crash data, the system crash data is processed according to a preset tracking and classifying policy, which is a preset system crash data tracking and classifying policy according to attributes, and then the obtained anomaly induction source, anomaly impact data and crash analysis table are combined to generate a corresponding anomaly log reporting set and send the report set to the user display terminal.
For example, the preset tracking classification policy is to perform differential tracking according to the type of system crash data, where the system crash data is inconsistent in operating system version, track situations in the system such as software failure, system crash, device failure to connect normally, device driver incompatibility according to the corresponding preset tracking classification policy, and classify the tracked data in the inconsistent operating system version, so as to form a crash analysis table corresponding to each piece of tracking data under the inconsistent operating system version.
According to the method for reporting the abnormal log, various causes of the crash generated by the current system and the relation among the causes can be reflected according to the crash analysis table, so that the quality of the information reported by the abnormal log is improved.
The embodiment of the application discloses an exception log reporting system, as shown in fig. 8, comprising:
a first acquisition module 1, configured to acquire a target log;
the first identification module 2 is used for judging whether the target log is abnormal or not according to a preset abnormal identification rule if the access right of the target log accords with the preset access right;
the second acquisition module 3 is used for acquiring a corresponding abnormal log type if the target log is abnormal;
the second identifying module 4 is used for identifying the type of the abnormal log and acquiring corresponding abnormal information;
the judging module 5 is used for acquiring and judging whether the key field corresponding to the abnormal information accords with the redundant information eliminating standard or not if the abnormal information does not accord with the preset abnormal setting standard;
the updating module 6 is used for extracting a corresponding target key field in the abnormal information and adding the target key field to the redundant information rejection standard as an updated redundant information rejection standard if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard;
the third obtaining module 7 is used for obtaining an abnormality setting grade corresponding to the abnormality information if the abnormality information accords with a preset abnormality setting standard;
A fourth obtaining module 8, configured to obtain a data extraction rule corresponding to the abnormality setting level;
the generating module 9 is configured to extract an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to a data extraction rule, generate a corresponding anomaly log reporting set, and send the report set to the user display end.
According to the abnormal log reporting system provided by the embodiment, the corresponding abnormal information is obtained according to the abnormal log type identification of the first identification module 2, the abnormality of the system or the equipment recorded in the log can be primarily judged through the abnormal information, the judgment module 5 judges that the current abnormal information is the redundant information if the abnormal information does not accord with the preset abnormal setting standard, in order to promote the eliminating effect of the related redundant information in the log, the judgment module 5 further judges whether the key field in the redundant information accords with the conventional redundant information eliminating standard, if the key field does not accord with the conventional redundant information eliminating standard, the update module 6 adds the corresponding target key field to the redundant information eliminating standard as the updated redundant information eliminating standard, and then the current redundant information can be comprehensively eliminated according to the latest redundant information eliminating standard, if the abnormal information accords with the preset abnormal setting standard, the abnormal induction source in the abnormal information and the abnormal influence data corresponding to the abnormal induction source are extracted according to the abnormal setting grade and the data corresponding to the abnormal setting grade, and the corresponding abnormal log reporting collection is generated through the generation module 9, and the redundant information in the abnormal log is respectively processed, so that the quality of the abnormal log reporting is analyzed.
It should be noted that, the exception log reporting system provided by the embodiment of the present application further includes each module and/or the corresponding sub-module corresponding to the logic function or the logic step of any one of the foregoing exception log reporting methods, so that the same effects as those of each logic function or logic step are achieved, and detailed descriptions thereof are omitted herein.
The embodiment of the application also discloses a terminal device which comprises a memory, a processor and computer instructions which are stored in the memory and can run on the processor, wherein when the processor executes the computer instructions, any one of the abnormal log reporting methods in the embodiment is adopted.
The terminal device may be a computer device such as a desktop computer, a notebook computer, or a cloud server, and the terminal device includes, but is not limited to, a processor and a memory, for example, the terminal device may further include an input/output device, a network access device, a bus, and the like.
The processor may be a Central Processing Unit (CPU), or of course, according to actual use, other general purpose processors, digital Signal Processors (DSP), application Specific Integrated Circuits (ASIC), ready-made programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the general purpose processor may be a microprocessor or any conventional processor, etc., which is not limited in this respect.
The memory may be an internal storage unit of the terminal device, for example, a hard disk or a memory of the terminal device, or an external storage device of the terminal device, for example, a plug-in hard disk, a Smart Memory Card (SMC), a secure digital card (SD), or a flash memory card (FC) provided on the terminal device, or the like, and may be a combination of the internal storage unit of the terminal device and the external storage device, where the memory is used to store computer instructions and other instructions and data required by the terminal device, and the memory may be used to temporarily store data that has been output or is to be output, which is not limited by the present application.
Any one of the exception log reporting methods in the embodiments is stored in the memory of the terminal device through the terminal device, and is loaded and executed on the processor of the terminal device, so that the method is convenient to use.
The embodiment of the application also discloses a computer readable storage medium, and the computer readable storage medium stores computer instructions, wherein when the computer instructions are executed by a processor, any one of the exception log reporting methods in the embodiment is adopted.
The computer instructions may be stored in a computer readable medium, where the computer instructions include computer instruction codes, where the computer instruction codes may be in a source code form, an object code form, an executable file form, or some middleware form, etc., and the computer readable medium includes any entity or device capable of carrying the computer instruction codes, a recording medium, a usb disk, a mobile hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, etc., where the computer readable medium includes but is not limited to the above components.
Any of the exception log reporting methods in the above embodiments is stored in the computer readable storage medium and loaded and executed on the processor by the present computer readable storage medium, so as to facilitate the storage and application of the method.
The above embodiments are not intended to limit the scope of the present application, so: all equivalent changes in structure, shape and principle of the application should be covered in the scope of protection of the application.
Claims (10)
1. The method for reporting the exception log is characterized by comprising the following steps of:
obtaining a target log;
if the access authority of the target log accords with the preset access authority, judging whether the target log is abnormal or not according to a preset abnormal identification rule;
if the target log is abnormal, acquiring a corresponding abnormal log type;
identifying the type of the abnormal log and acquiring corresponding abnormal information;
if the abnormal information does not accord with the preset abnormal setting standard, acquiring and judging whether a key field corresponding to the abnormal information accords with a redundant information eliminating standard;
if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard, extracting a corresponding target key field in the abnormal information, and adding the target key field to the redundant information rejection standard to serve as the updated redundant information rejection standard;
if the abnormality information accords with the preset abnormality setting standard, obtaining an abnormality setting grade corresponding to the abnormality information;
acquiring a data extraction rule corresponding to the abnormal setting grade;
and extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, generating a corresponding abnormality log reporting set, and sending the report set to a user display end.
2. The method for reporting an exception log according to claim 1, wherein if the target log is abnormal, obtaining the corresponding exception log type comprises the following steps:
if the target log is abnormal, judging whether the target log has associated abnormality or not;
if the target log has the association abnormality, acquiring an association log corresponding to the association abnormality;
if the access rights of the associated log do not exist, obtaining rights configuration information corresponding to the associated log;
and combining the associated log and the authority configuration information to generate a corresponding log missing prompt item.
3. The method for reporting an exception log according to claim 2, wherein after the obtaining the association log corresponding to the association exception if the target log has the association exception, further comprises the following steps:
if the access rights of the associated log exist, acquiring an associated abnormal item corresponding between the target log and the associated log;
if the associated abnormal items are a plurality of, acquiring corresponding abnormal associated grades;
setting output priorities corresponding to the associated abnormal items according to the abnormal association level;
And outputting the corresponding associated abnormal item according to the output priority.
4. The method for reporting an anomaly log according to claim 1, wherein the steps of extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display terminal include the following steps:
if the abnormal information is warning information, extracting warning faults in the warning information as the abnormal induction source according to the data extraction rule;
identifying the abnormality induction source, and acquiring corresponding abnormality influence data and an abnormality preprocessing strategy;
and generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data and the abnormal preprocessing strategy, and sending the corresponding abnormal log reporting set to a user display end.
5. The method for reporting an exception log according to claim 4, further comprising the steps of, after said identifying said exception-inducing source, obtaining said corresponding exception-affecting data and exception-preprocessing policy:
if the abnormal preprocessing strategies are multiple, obtaining corresponding trial-error rates;
Setting a processing grade corresponding to the abnormal preprocessing strategy according to the error testing rate, wherein the error testing rate is inversely proportional to the processing grade;
and calling the corresponding exception preprocessing strategy according to the processing grade to process the exception induction source.
6. The method for reporting an anomaly log according to claim 1, wherein the steps of extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display terminal include the following steps:
if the abnormal information is error information, extracting a target fault in the error information as the abnormal induction source according to the data extraction rule;
acquiring corresponding abnormal influence data and historical similar faults according to the abnormal induction source;
acquiring induction frequency associated data corresponding to the similar historical faults;
and generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data, the historical similar faults and the induction frequency associated data, and sending the corresponding abnormal log reporting set to a user display end.
7. The method for reporting an anomaly log according to claim 1, wherein the steps of extracting an anomaly induction source in the anomaly information and anomaly influence data corresponding to the anomaly induction source according to the data extraction rule, generating a corresponding anomaly log reporting set, and sending the report set to a user display terminal include the following steps:
if the abnormal information is serious error information, extracting serious faults in the serious error information as the abnormal induction source according to the data extraction rule;
identifying the abnormal induction source and acquiring corresponding abnormal influence data and system collapse data;
processing the system crash data according to a preset tracking classification strategy to generate a crash analysis table;
and generating a corresponding abnormal log reporting set by combining the abnormal induction source, the abnormal influence data and the crash analysis table, and sending the corresponding abnormal log reporting set to a user display end.
8. An exception log reporting system, comprising:
a first acquisition module (1) for acquiring a target log;
the first identification module (2) is used for judging whether the target log is abnormal or not according to a preset abnormal identification rule if the access authority of the target log accords with the preset access authority;
The second acquisition module (3) is used for acquiring a corresponding abnormal log type if the target log is abnormal;
the second identification module (4) is used for identifying the type of the abnormal log and acquiring corresponding abnormal information;
the judging module (5) is used for acquiring and judging whether the key field corresponding to the abnormal information accords with a redundant information eliminating standard or not if the abnormal information does not accord with the preset abnormal setting standard;
the updating module (6) is used for extracting a corresponding target key field in the abnormal information and adding the target key field to the redundant information rejection standard as the updated redundant information rejection standard if the key field corresponding to the abnormal information does not accord with the redundant information rejection standard;
the third acquisition module (7) is used for acquiring an abnormality setting grade corresponding to the abnormality information if the abnormality information accords with a preset abnormality setting standard;
a fourth obtaining module (8) for obtaining a data extraction rule corresponding to the abnormality setting level;
And the generation module (9) is used for extracting an abnormality induction source in the abnormality information and abnormality influence data corresponding to the abnormality induction source according to the data extraction rule, generating a corresponding abnormality log reporting set and sending the corresponding abnormality log reporting set to a user display end.
9. A terminal device comprising a memory and a processor, wherein the memory stores computer instructions executable on the processor, and wherein the processor, when loading and executing the computer instructions, employs an exception log reporting method according to any one of claims 1 to 7.
10. A computer readable storage medium having stored therein computer instructions which, when loaded and executed by a processor, employ an anomaly log reporting method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310744076.4A CN116909838B (en) | 2023-06-21 | 2023-06-21 | Abnormal log reporting method, system, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310744076.4A CN116909838B (en) | 2023-06-21 | 2023-06-21 | Abnormal log reporting method, system, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116909838A true CN116909838A (en) | 2023-10-20 |
| CN116909838B CN116909838B (en) | 2024-06-21 |
Family
ID=88355434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310744076.4A Active CN116909838B (en) | 2023-06-21 | 2023-06-21 | Abnormal log reporting method, system, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116909838B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN107301120A (en) * | 2017-07-12 | 2017-10-27 | 北京京东尚科信息技术有限公司 | Method and device for handling unstructured daily record |
| CN109284199A (en) * | 2018-09-04 | 2019-01-29 | 深圳市宝德计算机***有限公司 | Server exception processing method, equipment and processor |
| CN112416634A (en) * | 2019-08-22 | 2021-02-26 | 中移(苏州)软件技术有限公司 | File processing method and device and storage medium |
| CN113556254A (en) * | 2021-08-02 | 2021-10-26 | 北京天融信网络安全技术有限公司 | Abnormal alarm method and device, electronic equipment and readable storage medium |
| CN115037597A (en) * | 2022-05-20 | 2022-09-09 | 青岛海信网络科技股份有限公司 | Fault detection method and equipment |
| CN115718450A (en) * | 2022-11-21 | 2023-02-28 | 歌尔科技有限公司 | Equipment wire-stopping monitoring method and device, electronic equipment and system |
| CN115865525A (en) * | 2023-02-16 | 2023-03-28 | 北京微步在线科技有限公司 | Log data processing method and device, electronic equipment and storage medium |
-
2023
- 2023-06-21 CN CN202310744076.4A patent/CN116909838B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
| CN107301120A (en) * | 2017-07-12 | 2017-10-27 | 北京京东尚科信息技术有限公司 | Method and device for handling unstructured daily record |
| CN109284199A (en) * | 2018-09-04 | 2019-01-29 | 深圳市宝德计算机***有限公司 | Server exception processing method, equipment and processor |
| CN112416634A (en) * | 2019-08-22 | 2021-02-26 | 中移(苏州)软件技术有限公司 | File processing method and device and storage medium |
| CN113556254A (en) * | 2021-08-02 | 2021-10-26 | 北京天融信网络安全技术有限公司 | Abnormal alarm method and device, electronic equipment and readable storage medium |
| CN115037597A (en) * | 2022-05-20 | 2022-09-09 | 青岛海信网络科技股份有限公司 | Fault detection method and equipment |
| CN115718450A (en) * | 2022-11-21 | 2023-02-28 | 歌尔科技有限公司 | Equipment wire-stopping monitoring method and device, electronic equipment and system |
| CN115865525A (en) * | 2023-02-16 | 2023-03-28 | 北京微步在线科技有限公司 | Log data processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116909838B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110088744B (en) | Database maintenance method and system | |
| CN112631913B (en) | Method, device, equipment and storage medium for monitoring operation faults of application program | |
| JP6160064B2 (en) | Application determination program, failure detection apparatus, and application determination method | |
| CN111563016A (en) | Log collection and analysis method and device, computer system and readable storage medium | |
| CN109284331B (en) | Certificate making information acquisition method based on service data resources, terminal equipment and medium | |
| KR101444250B1 (en) | System for monitoring access to personal information and method therefor | |
| CN112306833A (en) | Application program crash statistical method and device, computer equipment and storage medium | |
| CN112559489A (en) | Block chain supervision method and equipment based on cross-chain and storage medium | |
| CN113704772B (en) | Safety protection processing method and system based on user behavior big data mining | |
| CN111371581A (en) | Method, device, equipment and medium for detecting business abnormity of Internet of things card | |
| CN116909838B (en) | Abnormal log reporting method, system, terminal equipment and storage medium | |
| CN112306871A (en) | Data processing method, device, equipment and storage medium | |
| CN111752838A (en) | Question checking method and device, server and storage medium | |
| KR101973728B1 (en) | Integration security anomaly symptom monitoring system | |
| CN115757107A (en) | Embedded point detection method, device, server and storage medium | |
| CN115333841A (en) | Data security management and control platform based on IPDR security capability framework | |
| CN114186278A (en) | Database abnormal operation identification method and device and electronic equipment | |
| CN113641702A (en) | Method and device for interactive processing with database client after statement audit | |
| KR102011694B1 (en) | Public institutional income property linkage data verification system and its recording medium | |
| US20190121973A1 (en) | System and method for detecting security risks in a computer system | |
| CN118036080B (en) | Data security treatment method and system based on big data technology | |
| CN117931635B (en) | Analysis method, device, equipment and medium for database test case execution result | |
| WO2024018747A1 (en) | Information processing device | |
| CN118410005A (en) | Log auditing method, equipment, medium and product | |
| CN118118189A (en) | Data discrimination method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Fuxing Warehouse Building, No. 6 Binglang Road, Fubao Community, Fubao Street, Futian District, Shenzhen City, Guangdong Province, 518000 (105, Block A, Building 2, Hetao Creative Bonded Park) Applicant after: Shenzhen Tengxin Baina Technology Co.,Ltd. Address before: 518048 room 1011, hualianfa building, No. 2006, Huaqiang North Road, Futian District, Shenzhen, Guangdong Province Applicant before: Shenzhen Tengxin Baina Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |