CN117336081A - Abnormality log monitoring method, device, equipment and computer storage medium - Google Patents

Abnormality log monitoring method, device, equipment and computer storage medium Download PDF

Info

Publication number
CN117336081A
CN117336081A CN202311393647.0A CN202311393647A CN117336081A CN 117336081 A CN117336081 A CN 117336081A CN 202311393647 A CN202311393647 A CN 202311393647A CN 117336081 A CN117336081 A CN 117336081A
Authority
CN
China
Prior art keywords
log
data
abnormal
target system
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311393647.0A
Other languages
Chinese (zh)
Inventor
杨来志
鲁峥
戚帅
史晶晶
于永贤
符勇男
杨鑫
林子彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202311393647.0A priority Critical patent/CN117336081A/en
Publication of CN117336081A publication Critical patent/CN117336081A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application provides an anomaly log monitoring method, an anomaly log monitoring device, anomaly log monitoring equipment and a computer storage medium. According to the method, the working state of the target system is obtained, and when the working state of the target system is an operation state, whether a log database corresponding to the client is configured at present is judged; if the log database corresponding to the client is configured at present, judging whether abnormal records exist in the log data in a first preset period; when abnormal records exist in a first preset period, acquiring log data in the first preset period, and sending the log data to a server; and when no abnormal record exists in the first preset period, the control log program monitors and records the target system in real time. The method reduces the data processing pressure of the server side caused by high concurrency, avoids the situation that a large amount of data are accumulated on the server side, reduces the pressure of data storage of the server side, realizes the accurate positioning of abnormal problems, and improves the use experience of users.

Description

Abnormality log monitoring method, device, equipment and computer storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an anomaly log monitoring method, an anomaly log monitoring device, and a computer storage medium.
Background
In a system such as a wireless network, the problems of fast data iteration, large data volume, large and abnormal historical data, low and unstable data quality, abnormal logging after system iteration and the like are usually faced. The log monitoring system can record the front and back behavior operation and the abnormal triggering time of the user in the abnormal condition, so that the problem occurrence point can be conveniently and rapidly positioned, a targeted improvement scheme can be formulated in time, and the log monitoring system has great significance in improving the use experience of the user and agile iteration.
In the existing log system, most users perform one operation, and a client sends one log record to a server, so that the effect of log real-time monitoring is achieved; however, since the log is aimed at the effect of realizing rapid positioning when the user is in abnormal condition in the use process, the real-time data transmission can inevitably lead to a large amount of junk data to be accumulated on the server, so that larger data processing and storage pressure is brought to the server, and the real-time data transmission log record has lower practical value and significance.
Therefore, the logs are recorded in a real-time manner, so that a server receives a large amount of operation requests in a short time, a large amount of processing of high concurrency of the logs and massive garbage data are consumed, and when abnormal data are processed, the abnormal data are screened out from the large amount of data, so that a large amount of extra work is added.
Disclosure of Invention
The application provides an abnormal log monitoring method, device, equipment and computer storage medium, which are used for solving the defects that in the prior art, log recording is performed in real time, so that the storage pressure of a server and the data processing requirement are increased, and abnormal data cannot be positioned in time.
In a first aspect, the present application provides an anomaly log monitoring method, including:
acquiring the working state of a target system, wherein the target system is used for indicating a front-end service selected to run by a target user;
when the working state of the target system is an operation state, judging whether a log database corresponding to the client is configured at present;
if the log database corresponding to the client is currently configured, judging whether abnormal records exist in the log data in a first preset period or not;
When the log data in the first preset period has abnormal records, the log data in the first preset period corresponding to the abnormal records is obtained, and the log data is sent to a server.
Optionally, before the determining whether the log data in the first preset period has an abnormal record, the method further includes:
acquiring a login event of the target user, and loading a log program corresponding to the log database, wherein the log program is used for indicating the client to log the target system;
and controlling the log program to record the login event, and controlling the log program to monitor and record the target system in real time.
Optionally, the controlling the log program to monitor and record the target system in real time includes:
controlling the log program to monitor the target system in real time;
determining a click event of the current target system according to the monitoring result of the log program, wherein the click event is used for indicating the real-time operation of the target user;
triggering a recording event of the log program through the clicking event, and controlling the log program to record the log data corresponding to the recording event.
Optionally, the controlling the log program to record the log data corresponding to the recording event includes:
determining a data record program corresponding to the log database according to the log program;
recording the log data to the log database according to the data recording program;
and if the currently recorded log data is abnormal log data, marking the abnormal log data in the log database.
Optionally, the anomaly log monitoring method further includes:
if no abnormal record exists in the first preset period, the log program is controlled to continuously monitor and record the target system in real time;
determining whether an abnormal event occurs to the target system according to the monitoring result;
when the target system has an abnormal event, determining the recorded event corresponding to the abnormal event according to the abnormal event;
controlling the log program to record the abnormal log data corresponding to the record event;
and sending the abnormal log data to the server, and marking the abnormal log data in the log database.
Optionally, the anomaly log monitoring method further includes:
when the log database corresponding to the client is currently configured, acquiring the current date of the target system;
judging whether the current date is consistent with a preset date or not;
if the current date is consistent with the preset date, deleting all log data in a second preset period in the log database;
and if the current date is inconsistent with the preset date, controlling the log program to continuously monitor and record the target system in real time.
Optionally, the anomaly log monitoring method further includes:
if the log database corresponding to the client is not configured, generating a data storage table corresponding to the target system according to the target system;
loading a log program corresponding to the target system;
reestablishing a log database corresponding to the client according to the data storage table and the log program;
and controlling the log program to monitor and record the target system in real time, and storing the log data into the log database.
In a second aspect, the present application provides an anomaly log monitoring device, including:
The acquisition module is used for acquiring the working state of a target system, and the target system is used for indicating the front-end service selected to run by a target user.
And the judging module is used for judging whether a log database corresponding to the client is configured at present when the working state of the target system is an operation state.
And if the log database corresponding to the client is currently configured, the judging module is further configured to judge whether the log data in the first preset period has abnormal records.
The acquisition module is further configured to acquire log data in a first preset period corresponding to the abnormal record when the log data in the first preset period has the abnormal record.
And the sending module is used for sending the log data to a server.
Optionally, the obtaining module is further configured to obtain a login event of the target user.
The abnormality log monitoring device further includes: and a processing module.
The processing module is used for loading a log program corresponding to the log database, and the log program is used for indicating the client to log the target system.
The abnormality log monitoring device further includes: and a control module.
The control module is used for controlling the log program to record the login event and controlling the log program to monitor and record the target system in real time.
Optionally, the control module is further configured to control the log program to monitor the target system in real time.
The abnormality log monitoring device further includes: and a determining module.
And the determining module is used for determining a clicking event of the current target system according to the monitoring result of the log program, wherein the clicking event is used for indicating the real-time operation of the target user.
The control module is further configured to trigger a recording event of the log program through the click event, and control the log program to record the log data corresponding to the recording event.
Optionally, the determining module is further configured to determine, according to the log program, a data record program corresponding to the log database.
The processing module is further configured to record the log data to the log database according to the data recording program.
If the current recorded log data is abnormal log data, the processing module is further configured to mark the abnormal log data in the log database.
Optionally, if no abnormal record exists in the first preset period, the control module is further configured to control the log program to continuously monitor and record the target system in real time.
And the determining module is also used for determining whether the target system has an abnormal event or not according to the monitoring result.
The determining module is further configured to determine, according to the abnormal event, the recorded event corresponding to the abnormal event when the abnormal event occurs in the target system.
The control module is further configured to control the log program to record the abnormal log data corresponding to the recording event.
The sending module is further configured to send the exception log data to the server.
The processing module is further configured to mark the abnormal log data in the log database.
Optionally, the obtaining module is further configured to obtain a current date of the target system when the log database corresponding to the client is currently configured.
The judging module is further used for judging whether the current date is consistent with a preset date or not.
And if the current date is consistent with the preset date, the processing module is further used for deleting all log data in a second preset period in the log database.
And if the current date is inconsistent with the preset date, the control module is further used for controlling the log program to continuously monitor and record the target system in real time.
Optionally, the anomaly log monitoring device further includes: and generating a module.
And if the log database corresponding to the client is not configured, the generating module is used for generating a data storage table corresponding to the target system according to the target system.
The processing module is also used for loading a log program corresponding to the target system.
The generation module is further configured to reestablish a log database corresponding to the client according to the data storage table and the log program.
The processing module is further configured to store the log data to the log database.
In a third aspect, the present application provides an anomaly log monitoring device, comprising:
a memory;
a processor;
wherein the memory stores computer-executable instructions;
the processor executes the computer-executable instructions stored in the memory to implement the method for monitoring an exception log as described in the first aspect and various possible implementations of the first aspect.
In a fourth aspect, the present application provides a computer storage medium having stored thereon computer-executable instructions that are executed by a processor to implement the anomaly log monitoring method as described in the first aspect and various possible implementations of the first aspect.
According to the abnormal log monitoring method, whether a log database corresponding to a client is configured at present is judged by acquiring the working state of the target system and when the working state of the target system is the running state; if the log database corresponding to the client is configured at present, judging whether abnormal records exist in the log data in a first preset period; when the log data in the first preset period has abnormal records, acquiring the log data in the first preset period corresponding to the abnormal records, and sending the log data to a server; when the log data in the first preset period does not have abnormal records, continuously monitoring the operation data, and when an abnormal condition occurs, recording the operation data corresponding to the abnormal condition to obtain corresponding abnormal log data, and sending the abnormal log data to a server. The method reduces the data processing pressure of the server side caused by high concurrency, avoids the situation that a large amount of data are accumulated on the server side, reduces the pressure of data storage of the server side, realizes the accurate positioning of abnormal problems, and improves the use experience of users.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of a scenario of an anomaly log monitoring method provided in the present application;
FIG. 2 is a flowchart illustrating an anomaly log monitoring method according to the present application;
FIG. 3 is a second flow chart of the method for monitoring an anomaly log provided in the present application;
fig. 4 is a schematic structural diagram of an anomaly log monitoring device provided in the present application;
fig. 5 is a schematic structural diagram of an anomaly log monitoring device provided in the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein.
In the embodiments of the present application, words such as "exemplary" or "such as" are used to mean examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection.
In a system such as a wireless network, the problems of fast data iteration, large data volume, large and abnormal historical data, low and unstable data quality, abnormal logging after system iteration and the like are usually faced. The log is data generated by the server when the server runs, and comprises not only network equipment, a system and a service program, but also descriptions of related operations such as date, time, users and actions; through the user's operation log, the developer can be helped to quickly lock the problem, thereby repairing the improved system. The log monitoring system can record the front and back behavior operation and the abnormal triggering time of the user in the abnormal condition, so that the problem occurrence point can be conveniently and rapidly positioned, a targeted improvement scheme can be formulated in time, and the log monitoring system has great significance in improving the use experience of the user and agile iteration.
In the existing log system, the log is usually stored in a server, most users perform one-time operation, and the client sends one-time log record to the server, so that the effect of monitoring the log in real time is achieved; however, since the log is aimed at the effect of realizing rapid positioning when the user is in abnormal condition in the use process, the real-time data transmission can inevitably lead to a large amount of junk data to be accumulated on the server, so that larger data processing and storage pressure is brought to the server, and the real-time data transmission log record has lower practical value and significance.
Therefore, the logs are recorded in a real-time mode, so that a server receives a large number of operation requests in a short time, and a large amount of high concurrency of the logs and massive garbage data are consumed; in addition, when the server stores the data recorded in the log, the stored data may also contain sensitive data of the user, and the user does not want to store the data; when processing abnormal data, the abnormal data needs to be screened out from a large amount of data, and a large amount of extra work is added.
In view of the above problems, the present application provides an anomaly log monitoring method.
First, an implementation scenario according to the present application will be described.
Fig. 1 is a schematic view of a scenario of an anomaly log monitoring method provided in the present application. As shown in fig. 1, a client 1 is communicatively connected to a server 2. The client 1 can monitor whether an abnormal condition exists in the current running process through a self-configured log monitoring program, and when the abnormal condition exists, the client sends corresponding log data to the server 2. The client 1 may be, for example, a user terminal configured with a log monitoring program, and the server 2 may be, for example, a server.
According to the abnormal log monitoring method, the log database is established at the client, the log monitoring system is controlled to monitor and record the running data information, log data can be obtained, and the monitored and recorded log data are stored in the log database; when an abnormal event occurs, the client can acquire the log data corresponding to the abnormal event, namely the abnormal log data, from the log database, and send the abnormal log data to the server to complete the monitoring and recording of the abnormal event at the present time. The method reduces the data processing pressure of the server side caused by high concurrency, avoids the situation that a large amount of data are accumulated on the server side, reduces the pressure of data storage of the server side, realizes the accurate positioning of abnormal problems, and improves the use experience of users.
It can be understood that, in the following embodiments of the present application, the target system selected by the target user is not particularly limited, where the target system is a corresponding front-end service that can be provided for the user in the client, and the front-end service may be, for example, a browser, an online APP, etc., and the following embodiments specifically describe the target system selected by the target user as an example of the browser.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of an anomaly log monitoring method according to an embodiment of the present application. The execution body of the embodiment may be, for example, a user terminal configured with a log monitoring program. As shown in fig. 2, the method for monitoring an exception log provided in this embodiment includes:
s201: and acquiring the working state of the target system.
S202: and when the working state of the target system is an operation state, judging whether a log database corresponding to the client is configured at present.
The target system is used for indicating the front-end service selected by the target user to run, the working state is used for indicating whether the target user logs in the currently selected target system, and the log database is used for storing data information in the running process of the target system.
As can be appreciated, the operating conditions include: an operational state and an unoperated state; the running state indicates that the target user logs in the currently selected target system, and the target system starts to run and generates corresponding running data; the non-running state indicates that the target user does not log in the currently selected target system; the log can record the generated operation data to obtain log data generated by a target user in the process of operating the target system, and the log data are stored in a log database; in order to realize real-time monitoring of data information generated in the running process of the target system, a log monitoring system corresponding to the log database is also configured on the client.
The step of judging whether the current log database corresponding to the client is configured is to determine whether the data information has a storage position or not, and the corresponding log database is built at the client, so that the processing and storage pressure of the data of the server can be reduced.
The working state of the target system can be determined by detecting whether the target user logs in the target system or not; when the working state of the target system is an operation state, judging whether a corresponding log database is configured in the current client side or not, so as to determine the storage position of the currently generated log data; if the current client is configured with a corresponding log database, the current client indicates that normal monitoring and recording can be performed on the log data, and at the moment, a corresponding monitoring program is controlled to monitor and record the log data generated by a target user in the process of operating a target system; if the current client is not configured with the corresponding log database, in order to ensure that the generated log data can be timely and accurately stored, the corresponding log database needs to be established according to the current client.
For example, the target system currently selected by the user may be a browser, and the user terminal may detect whether the user logs into the browser, so as to determine whether an operation currently performed by the user and a browser corresponding to the operation are running; after a user logs in a corresponding browser, detecting whether a log database exists currently or not, wherein the log database can be an index database; after determining that the index database exists, monitoring and recording operation data generated in the operation process of a user through a log monitoring system configured by the user terminal; if the indexed database does not exist, reestablishing the indexed database according to the user terminal. The present embodiment is not particularly limited to the target browser.
S203: if the log database corresponding to the client is currently configured, judging whether abnormal records exist in the log data in a first preset period or not.
The abnormal record is used for indicating corresponding information obtained by recording the abnormal event which occurs in the process of operating the target system by the target user; the first preset period may be, for example, 3 days.
The purpose of judging whether the log data in the first preset period has abnormal records is to determine whether the log data needs to be uploaded to a server.
If the current configuration has the log database corresponding to the client, the log data generated by the target user in the process of operating the target system can be stored and recorded, and the log database currently configured by the client at least stores the log data generated in the previous running, at this time, the data in the log database is judged, and whether the log data in the first preset period has abnormal records is judged.
If the log data in the first preset period has abnormal records, the abnormal events exist in the operation process of the client in the first preset period, the log monitoring system monitors and records the abnormal events, the log data corresponding to the abnormal events are also stored in the log database and marked as the abnormal data, at the moment, in order to ensure that the server can accurately locate and timely process the abnormal events, all the log data in the log database in the first preset period are required to be acquired, and the log data are sent to the server to finish the monitoring of the abnormal log data.
If the log data in the first preset period does not have abnormal records, the operation process of the client in the first preset period is normal operation, no abnormal event exists, the log data in the log database is data information generated in the normal operation process, and at the moment, the current real-time monitoring and recording of the data generated in the operation process of the target system are maintained.
For example, if the current user terminal is configured with an indexed database, the server may be a Web server, and the current date of the current running of the browser is taken as a time node, whether an abnormal record exists in the browser log data within 3 days before the time node is judged, and the abnormal record may be: "interface loading time timeout"; if abnormal records exist in the browser log data in 3 days before the time node, the log monitoring system is indicated to monitor operation abnormality in 3 days before the current time node, the abnormal data are recorded and stored in an index database, at the moment, all log data in 3 days before the current time node are obtained, and all log data are uploaded to a Web server; if the browser log data in 3 days before the time node does not have abnormal records, the log monitoring system is indicated to not monitor abnormal operation in 3 days before the current time node, and the log monitoring system operates normally at the moment and monitors and records the data information generated by the current browser.
Optionally, the method further comprises:
when a log database corresponding to the client is currently configured, acquiring the current date of the target system; judging whether the current date is consistent with the preset date or not; if the current date is consistent with the preset date, deleting all log data in a second preset period in the log database; if the current date is inconsistent with the preset date, the control log program continues to monitor and record the target system in real time.
The second preset period may be, for example, 1 month, and the preset date may be, for example, 1 day of month.
The purpose of judging whether the current date is consistent with the preset date is to determine whether deleting processing is needed for the data in the log database.
When a log database corresponding to the client is currently configured, acquiring the current date of the target system, and judging whether the current date is consistent with the preset date or not; if the current date is consistent with the preset date, indicating that all log data in a second preset period are stored in the current log database, and deleting all log data in the second preset period in the log database in order to reduce the data storage pressure; if the current date is inconsistent with the preset date, the current log data stored in the current log database is indicated to be all log data in a part of time period of the second preset period, and the log database can further store the log data, so that the log program is controlled to continuously monitor and record the target system in real time.
It can be understood that the preset date can be the date established by the log database configured by the current client, or can be set autonomously by the user, and the setting of the preset date is not particularly limited in the application.
For example, when an index database corresponding to a user terminal is currently configured, if the current date of the acquired browser is: the date accords with the condition of 1 day per month, and indicates that the current date is consistent with the preset date, and all log data generated by a browser in the time period of 4 months 1 day to 5 months 1 day are stored in the current index database, and at the moment, all log data in the time period of the index database are deleted; if the current date of the acquired browser is: and (5) 12 days, wherein the date does not meet the condition of 1 day per month, and the current date is inconsistent with the preset date, so that the control log program continuously monitors and records the browser in real time.
Optionally, the method further comprises:
if the log database corresponding to the client is not configured, generating a data storage table corresponding to the target system according to the target system; loading a log program corresponding to a target system; reestablishing a log database corresponding to the client according to the data storage table and the log program; and the control log program monitors and records the target system in real time and stores log data into a log database.
The data storage table is used for indicating a format of data information storage in the log database, the log program is used for monitoring and recording operation data generated in the operation process of the target system, and the log program is loaded in the log monitoring system.
It can be understood that the different clients are configured with log databases adapted to the current user, and the stored log data in the log databases configured by the different clients have differences; according to the usage habits of different users, the front-end services on the corresponding clients are different, so that the operation data to be monitored and recorded are different.
If the current client is not configured with the log database, the current log data obtained by monitoring and recording the target system cannot be stored in the client, and the log data corresponding to the current client needs to be re-established at the moment; according to the target system, determining basic information required by building a log database, and generating a data storage table corresponding to the target system; loading a log program corresponding to the target system, and monitoring and recording data information when the target system runs by the log program; reestablishing a log database corresponding to the client according to the data storage table and the log program; after reestablishing the log database, the control log program monitors and records the target system in real time and stores the log data into the log database.
For example, if the current client is not configured with the index database, it indicates that log data obtained by monitoring and recording the browser cannot be stored in the user terminal, and the index database needs to be re-established at this time; according to the currently running browser, determining basic information required by building a log database, wherein the basic information can be: the user equipment type, the user ID, the browser type and the like, and a data storage table corresponding to the target system is generated; loading a log program corresponding to a target system, so that the user terminal can monitor and record data information of the browser; reestablishing an index database corresponding to the user terminal according to the data storage table and the log program; after reestablishing the indexed database, the control log program monitors and records the browser in real time and stores the log data to the indexed database.
S204: when the log data in the first preset period has abnormal records, the log data in the first preset period corresponding to the abnormal records is obtained, and the log data is sent to a server.
According to the abnormal log monitoring method provided by the embodiment, the working state of the target system is obtained, and when the working state of the target system is the running state, whether a log database corresponding to the client is configured at present is judged; if the log database corresponding to the client is configured at present, judging whether abnormal records exist in the log data in a first preset period; when the log data in the first preset period has abnormal records, the log data in the first preset period corresponding to the abnormal records is obtained, and the log data is sent to the server. The method avoids the situation that a large amount of data are accumulated on the server, reduces the pressure of data storage on the server, and improves the use experience of users.
Fig. 3 is a second flowchart of an anomaly log monitoring method according to an embodiment of the present application. As shown in fig. 3, the present embodiment describes an anomaly log monitoring method in detail based on the embodiment of fig. 2, and the anomaly log monitoring method shown in the present embodiment includes:
s301: and acquiring the working state of the target system.
S302: and when the working state of the target system is an operation state, judging whether a log database corresponding to the client is configured at present.
Steps S301 to S302 are similar to steps S201 to S202 described above, and will not be described again here.
S303: and if the log database corresponding to the client is currently configured, acquiring a login event of the target user, and loading a log program corresponding to the log database.
The login event is used to indicate related information of the target system currently logged in by the target user, and the login event may be, for example: "browser type and version, browser width and height, device type, IP, geocoding". The present embodiment does not particularly limit the login event of the target user.
When the current client is configured with a log database, a login event of the current user is acquired, so that basic information corresponding to a target system which the user logs in currently is obtained, and a log program for monitoring and recording a user terminal is loaded, so that monitoring and recording of operation data of the target system which operates currently are realized.
For example, when the current user terminal is configured with an index database, a login event of the current user is obtained, so that basic information of a browser currently logged in by the user is obtained, and a log program for monitoring and recording the user terminal is loaded, so that monitoring and recording of running data of the current browser are realized.
S304: and controlling the log program to record the login event, and controlling the log program to monitor and record the target system in real time.
The log program is controlled to record the login event acquired currently, so that the basic information of the target system running at present can be obtained, and the basic information is stored in a log database; and controlling the log program to monitor and record the target system in real time, namely the log monitoring system operates normally.
It can be understood that the login event includes sensitive data of the target user, that is, data that needs to be encrypted, so that in the process of uploading log data, encryption processing needs to be performed on the corresponding sensitive data.
For example, the control log program records the currently acquired login event: "browser type and version, browser width and height, device type, IP, geocoding" and storing these basic information into an index database; and the control log monitoring system monitors and records the browser in real time.
Optionally, the control log program monitors and records the target system in real time, including:
the control log program monitors the target system in real time; determining a click event of the current target system according to the monitoring result of the log program; the log program is controlled to record log data corresponding to the recorded event by triggering the recorded event of the log program through clicking the event.
The clicking event is used for indicating real-time operation of a target user, and the recording event is used for indicating the log program to record data information triggered by the clicking event.
It can be understood that the client is configured with the display device, and the target user can perform real-time operation on the display device, that is, the target user operates the display interface on the display device according to the own requirement, and the display interface displays the target system selected by the current target user; each operation of the target user on the display device corresponds to the click events which can be monitored by the log program one by one, so that the real-time operation of the target user can be monitored and recorded according to the click events monitored by the log program; the incidence relation exists between the clicking event and the recording event, and the data information recorded by the recording event is the data information generated by the operation of the target system triggered by the clicking event.
The control log program monitors the target system in real time; determining a click event of the current target system according to the monitoring result of the log program; according to the currently acquired click event, the currently running process and corresponding running data of the target system can be determined, meanwhile, the recording event of the target program is triggered, and the running data corresponding to the currently clicked event is recorded and stored in the log database.
For example, the control log program monitors the browser in real time; according to the monitoring result, the current click event can be obtained as follows: "search for existing cell phone type", the data information recorded by the corresponding recording event includes: "search duration 5 seconds, page access frequency 1 time/day, search interface stay duration 5 minutes, geocode 101", control log program store these data information to index database at this moment; where "geocode 101" indicates that the current user is located in Beijing. The embodiment does not particularly limit the data information corresponding to the recording event.
Optionally, the control log program records log data corresponding to the recorded event, including:
determining a data record program corresponding to the log database according to the log program; recording the log data to a log database according to a data recording program; and if the currently recorded log data is abnormal log data, marking the abnormal log data in a log database.
The data recording program is used for indicating to record the operation data of the target system, and the abnormal log data is used for indicating the corresponding data information when the target system sends the abnormal event.
It can be understood that, during the operation of the target system, the generated operation data includes normal log data and abnormal log data, that is, data information generated during normal operation and data information generated when an abnormal event occurs during operation.
Screening the currently loaded log program to determine a data record program corresponding to the log database; recording the log data to a log database through the data recording program; if the current recorded log data is abnormal log data, indicating that the current target system has abnormal operation, and the obtained abnormal log data cannot be directly stored, wherein the abnormal log data need to be marked in a log database for distinguishing from normal log data; if the current recorded log data is normal log data, other operations are not needed, and the current recorded log data is normally stored in a log database.
For example, screening the currently loaded log program to determine a data record program corresponding to the log database; recording the log data to an index database through the data recording program; if the current recorded log data is abnormal log data, indicating that the current browser runs abnormally, and the acquired abnormal log data cannot be directly stored, and marking the log data as abnormal in a log database; if the current recorded log data is normal log data, the current recorded log data is normally stored in the indexed database.
S305: judging whether abnormal records exist in the log data in a first preset period or not; if yes, go to step S306; if not, step S308 is performed.
S306: and acquiring log data in a first preset period corresponding to the abnormal record.
S307: and sending the log data to a server.
Steps S305 to S307 are similar to steps S203 to S204, and will not be described here.
S308: and controlling the log program to continuously monitor and record the target system in real time.
S309: and determining whether an abnormal event occurs to the target system according to the monitoring result.
When the log data in the first preset period does not have abnormal record, the log program is controlled to continuously monitor and record the target system in real time, namely the log monitoring system is controlled to monitor and record the running process of the target system in real time; in the process of log program monitoring and recording, whether an abnormal event occurs to a target system can be determined according to the real-time monitoring result; when an abnormal event occurs in the target system, the current abnormal event can be generated, corresponding operation data of the target system are obtained, and a recorded event corresponding to the abnormal event is determined; and when no abnormal event occurs in the target system, the control log program performs normal monitoring and recording.
For example, the exception event may be: if the search time is overtime and the browser log data in 3 days before the current time node has no abnormal record, the log monitoring system is indicated to not monitor abnormal operation in 3 days before the current time node, and the log monitoring system operates normally at the moment and monitors and records the data information generated by the current browser; according to the real-time monitoring of the log monitoring system, when the abnormal event 'search duration timeout' occurs in the browser, the abnormal data can be rapidly positioned, so that whether the abnormal event 'search duration timeout' occurs in the browser can be determined in real time in the running process of the browser; when the browser has abnormal event 'search time timeout', determining a record event corresponding to the 'search time timeout' according to the 'search time timeout'; and when the browser does not have abnormal event 'search time timeout', the log program is controlled to perform normal monitoring and recording.
S310: and when the target system has an abnormal event, determining the recorded event corresponding to the abnormal event according to the abnormal event.
S311: and controlling the log program to record the abnormal log data corresponding to the recorded event.
S312: and sending the abnormal log data to the server, and marking the abnormal log data in the log database.
After determining a recording event corresponding to the current abnormal event, recording the corresponding abnormal operation data of the target system to obtain abnormal log data, wherein the abnormal log data need to be marked in a log database at the moment and are used for distinguishing the abnormal log data from normal log data; according to the current date of the target system, acquiring all log data in a first preset period containing the current date, wherein the currently acquired abnormal log data are also contained, and transmitting all the log data to a server side, so that the server side can analyze and process the abnormal log data conveniently; after all log data is sent to the server, the abnormal log data is marked in the log database, which indicates that the abnormal log data is sent.
For example, recording abnormal operation data generated by the current browser operation, storing the data in an index database, and marking the data as abnormal; if the current date is 5 months and 1 day, acquiring all log data stored in a log database on the first two days of 5 months and 1 day and on the day of 5 months and 1 day, and uploading all log data acquired currently to a Web server; after all log data is sent to the Web server, the exception log data is marked as "sent" in the indexed database. The method for marking the log data in the log database is not particularly limited.
According to the abnormal log monitoring method, whether a log database corresponding to a client is configured at present is judged by acquiring the working state of the target system and when the working state of the target system is the running state; if the log database corresponding to the client is configured at present, acquiring a login event of a target user, loading a log program corresponding to the log database, controlling the log program to record the login event, and controlling the log program to monitor a target system in real time; determining a click event of the current target system according to the monitoring result of the log program; triggering a recording event of the log program through the clicking event, and controlling the log program to record log data corresponding to the recording event; judging whether abnormal records exist in the log data in a first preset period or not; when the log data in the first preset period has abnormal records, acquiring the log data in the first preset period corresponding to the abnormal records, and sending the log data to a server; when the log data in the first preset period does not have abnormal records, the log program is controlled to continuously monitor and record the target system in real time, and whether the target system has abnormal events is determined again; and according to the determination result, controlling the log program to perform corresponding recording, and sending corresponding abnormal log data to the server side when an abnormal event exists. The method reduces the data processing pressure of the server side caused by high concurrency, avoids the situation that a large amount of data are accumulated on the server side, reduces the pressure of data storage of the server side, realizes the accurate positioning of abnormal problems, and improves the use experience of users.
Fig. 4 is a schematic structural diagram of an anomaly log monitoring device provided in the present application. As shown in fig. 4, the present application provides an abnormality log monitoring device 400 including:
the obtaining module 401 is configured to obtain an operating state of a target system, where the target system is used to instruct a target user to select a running front-end service.
And the judging module 402 is configured to judge whether a log database corresponding to the client is currently configured when the working state of the target system is an operation state.
If the log database corresponding to the client is currently configured, the determining module 402 is further configured to determine whether an abnormal record exists in the log data in the first preset period.
The obtaining module 401 is further configured to obtain, when there is an abnormal record in the log data in the first preset period, the log data in the first preset period corresponding to the abnormal record.
And the sending module 403 is configured to send the log data to a server.
Optionally, the obtaining module 401 is further configured to obtain a login event of the target user.
The abnormality log monitoring device further includes: a processing module 404.
The processing module 404 is configured to load a log program corresponding to the log database, where the log program is configured to instruct the client to log the target system.
The abnormality log monitoring device further includes: a control module 405.
The control module 405 is configured to control the log program to record the login event, and control the log program to monitor and record the target system in real time.
Optionally, the control module 405 is further configured to control the log program to monitor the target system in real time.
The abnormality log monitoring device further includes: a determination module 406.
The determining module 406 is configured to determine, according to a monitoring result of the log program, a click event of the target system, where the click event is used to indicate a real-time operation of the target user.
The control module 405 is further configured to trigger a recording event of the log program through the click event, and control the log program to record the log data corresponding to the recording event.
Optionally, the determining module 406 is further configured to determine, according to the log program, a data record program corresponding to the log database.
The processing module 404 is further configured to record the log data to the log database according to the data recording program.
If the currently recorded log data is abnormal log data, the processing module 404 is further configured to mark the abnormal log data in the log database.
Optionally, if no abnormal record exists in the first preset period, the control module 405 is further configured to control the log program to continuously monitor and record the target system in real time.
The determining module 406 is further configured to determine whether an abnormal event occurs in the target system according to the monitoring result.
The determining module 406 is further configured to determine, when an abnormal event occurs in the target system, the recorded event corresponding to the abnormal event according to the abnormal event.
The control module 405 is further configured to control the log program to record the abnormal log data corresponding to the recording event.
The sending module 403 is further configured to send the exception log data to the server.
The processing module 404 is further configured to mark the abnormal log data in the log database.
Optionally, the obtaining module 401 is further configured to obtain a current date of the target system when the log database corresponding to the client is currently configured.
The judging module 402 is further configured to judge whether the current date is consistent with a preset date.
If the current date is consistent with the preset date, the processing module 404 is further configured to delete all log data in the second preset period in the log database.
If the current date is inconsistent with the preset date, the control module 405 is further configured to control the log program to continuously monitor and record the target system in real time.
Optionally, the anomaly log monitoring device further includes: a generation module 407.
If the log database corresponding to the client is not configured, the generating module 407 is configured to generate, according to the target system, a data storage table corresponding to the target system.
The processing module 404 is further configured to load a log program corresponding to the target system.
The generating module 407 is further configured to reestablish a log database corresponding to the client according to the data storage table and the log program.
The processing module 404 is further configured to store the log data to the log database.
Fig. 5 is a schematic structural diagram of an anomaly log monitoring device provided in the present application. As shown in fig. 5, the present application provides an abnormality log monitoring apparatus 500 including: a receiver 501, a transmitter 502, a processor 503 and a memory 504.
A receiver 501 for receiving instructions and data;
a transmitter 502 for transmitting instructions and data;
memory 504 for storing computer-executable instructions;
a processor 503 for executing computer-executable instructions stored in the memory 504 to implement the steps executed by the anomaly log monitoring method in the above embodiment. Reference may be made specifically to the description related to the foregoing embodiment of the anomaly log monitoring method.
Alternatively, the memory 504 may be separate or integrated with the processor 503.
When the memory 504 is provided separately, the electronic device further comprises a bus for connecting the memory 504 and the processor 503.
The application also provides a computer readable storage medium, in which computer executable instructions are stored, which when executed by a processor, implement an anomaly log monitoring method as executed by the anomaly log monitoring device.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required in the present application.
It should be further noted that, although the steps in the flowchart are sequentially shown as indicated by arrows, the steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in the flowcharts may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order in which the sub-steps or stages are performed is not necessarily sequential, and may be performed in turn or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments. The technical features of the foregoing embodiments may be arbitrarily combined, and for brevity, all of the possible combinations of the technical features of the foregoing embodiments are not described, however, all of the combinations of the technical features should be considered as being within the scope of the disclosure.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
While the present application has been described in connection with the preferred embodiments illustrated in the accompanying drawings, it will be readily understood by those skilled in the art that the scope of the application is not limited to such specific embodiments, and the above examples are intended to illustrate the technical aspects of the application, but not to limit it; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. An anomaly log monitoring method, the method comprising:
acquiring the working state of a target system, wherein the target system is used for indicating a front-end service selected to run by a target user;
when the working state of the target system is an operation state, judging whether a log database corresponding to the client is configured at present;
if the log database corresponding to the client is currently configured, judging whether abnormal records exist in the log data in a first preset period or not;
when the log data in the first preset period has abnormal records, the log data in the first preset period corresponding to the abnormal records is obtained, and the log data is sent to a server.
2. The method of claim 1, wherein prior to said determining whether there is an abnormal record in the log data within the first predetermined period, the method further comprises:
acquiring a login event of the target user, and loading a log program corresponding to the log database, wherein the log program is used for indicating the client to log the target system;
and controlling the log program to record the login event, and controlling the log program to monitor and record the target system in real time.
3. The method of claim 2, wherein said controlling said logging program to monitor and record said target system in real time comprises:
controlling the log program to monitor the target system in real time;
determining a click event of the current target system according to the monitoring result of the log program, wherein the click event is used for indicating the real-time operation of the target user;
triggering a recording event of the log program through the clicking event, and controlling the log program to record the log data corresponding to the recording event.
4. A method according to claim 3, wherein said controlling said logging program to log said log data corresponding to said logged event comprises:
determining a data record program corresponding to the log database according to the log program;
recording the log data to the log database according to the data recording program;
and if the currently recorded log data is abnormal log data, marking the abnormal log data in the log database.
5. The method according to claim 4, wherein the method further comprises:
If no abnormal record exists in the first preset period, the log program is controlled to continuously monitor and record the target system in real time;
determining whether an abnormal event occurs to the target system according to the monitoring result;
when the target system has an abnormal event, determining the recorded event corresponding to the abnormal event according to the abnormal event;
controlling the log program to record the abnormal log data corresponding to the record event;
and sending the abnormal log data to the server, and marking the abnormal log data in the log database.
6. The method according to claim 4, wherein the method further comprises:
when the log database corresponding to the client is currently configured, acquiring the current date of the target system;
judging whether the current date is consistent with a preset date or not;
if the current date is consistent with the preset date, deleting all log data in a second preset period in the log database;
and if the current date is inconsistent with the preset date, controlling the log program to continuously monitor and record the target system in real time.
7. The method according to claim 1, wherein the method further comprises:
if the log database corresponding to the client is not configured, generating a data storage table corresponding to the target system according to the target system;
loading a log program corresponding to the target system;
reestablishing a log database corresponding to the client according to the data storage table and the log program;
and controlling the log program to monitor and record the target system in real time, and storing the log data into the log database.
8. An anomaly log monitoring device, comprising:
the system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring the working state of a target system, and the target system is used for indicating a front-end service selected to run by a target user;
the judging module is used for judging whether a log database corresponding to the client is configured at present or not when the working state of the target system is an operation state;
if the log database corresponding to the client is currently configured, the judging module is further configured to judge whether the log data in the first preset period has an abnormal record;
The acquisition module is further configured to acquire log data in a first preset period corresponding to the abnormal record when the log data in the first preset period has the abnormal record;
and the sending module is used for sending the log data to a server.
9. An abnormality log monitoring apparatus, characterized by comprising:
a memory;
a processor;
wherein the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the anomaly log monitoring method of any one of claims 1 to 7.
10. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are for implementing the anomaly log monitoring method of any one of claims 1 to 7.
CN202311393647.0A 2023-10-25 2023-10-25 Abnormality log monitoring method, device, equipment and computer storage medium Pending CN117336081A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311393647.0A CN117336081A (en) 2023-10-25 2023-10-25 Abnormality log monitoring method, device, equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311393647.0A CN117336081A (en) 2023-10-25 2023-10-25 Abnormality log monitoring method, device, equipment and computer storage medium

Publications (1)

Publication Number Publication Date
CN117336081A true CN117336081A (en) 2024-01-02

Family

ID=89290234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311393647.0A Pending CN117336081A (en) 2023-10-25 2023-10-25 Abnormality log monitoring method, device, equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN117336081A (en)

Similar Documents

Publication Publication Date Title
US7551922B2 (en) Rule based data collection and management in a wireless communications network
US8208861B2 (en) Data management system server apparatus and method for monitoring a wireless communication network
US7609650B2 (en) Collection of data at target wireless devices using data collection profiles
US8565746B2 (en) Programmable agent for monitoring mobile communication in a wireless communication network
CA2578602C (en) Rule based data collection and management in a wireless communications network
US20060023642A1 (en) Data collection associated with components and services of a wireless communication network
US8509100B2 (en) User-initiated reporting of mobile communication system errors
US10033796B2 (en) SAAS network-based backup system
WO2007005030A2 (en) Rule based data collection and management in a wireless communications network
CN114077525A (en) Abnormal log processing method and device, terminal equipment, cloud server and system
US20170139803A1 (en) Obtaining and analyzing a reduced metric data set
CN109861843B (en) Method, device and equipment for completely collecting and confirming log files
CN111124859A (en) Log processing method, device, equipment and storage medium
CN117336081A (en) Abnormality log monitoring method, device, equipment and computer storage medium
CN112187898A (en) Data access system, method and device based on public security network
CN112788153B (en) Internet of things equipment upgrading management method, device, equipment and storage medium
CN109493442A (en) Patrol method, system, device, computer equipment and the storage medium of river event handling
CN114756530A (en) Client information processing method based on bastion machine
US8868064B1 (en) Mobile device metrics management
CN111259383A (en) Safety management center system
KR100926121B1 (en) Rule based data collection and management in a wireless communications network
CN112132524B (en) Monitoring method, performance management method, client and server
CN111125130B (en) Account type analysis method, system and storage medium for dream database
KR100729507B1 (en) Real-time monitoring system for NeOSSNew Operations Support System and method thereof
CN118283599A (en) USIM card fault diagnosis method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination