CN115373933A - Automatic log auditing platform - Google Patents

Abstract

Translated fromChinese

本发明公开了自动化日志审计平台,包括日志审计平台采集信息、设置触发阈值、告警生成、生成事件工单、工单处理、验证处理结果、关闭告警和结束，日志审计平台采通过电路连接设置触发阈值，设置触发阈值通过电路连接告警生成，告警生成通过线缆分别连接生成事件工单和结束，生成事件工单通过电路连接工单处理，工单处理通过电路连接验证处理结果，验证处理结果通过线缆分别连接工单处理和关闭告警，关闭告警通过电路连接结束；本自动化日志审计平台具有减轻运维人员的工作量以及确保故障处理的时效性，提高IT运维服务的质量的优点。

The invention discloses an automated log audit platform, which includes collecting information by the log audit platform, setting trigger thresholds, generating alarms, generating event work orders, processing work orders, verifying processing results, closing alarms and ending, and the log audit platform adopts circuit connection to set triggers Threshold, setting the trigger threshold is generated through the circuit connection alarm, the alarm generation is connected through the cable to generate the event work order and the end, the generated event work order is processed through the circuit connection work order, the work order processing is verified through the circuit connection, and the verification processing result is passed The cables are respectively connected to the work order processing and closing the alarm, and the closing alarm is completed through the circuit connection; this automated log audit platform has the advantages of reducing the workload of the operation and maintenance personnel, ensuring the timeliness of troubleshooting, and improving the quality of IT operation and maintenance services.

Description

Translated fromChinese

自动化日志审计平台Automated log audit platform

技术领域technical field

本发明涉及日志审计技术领域，具体为自动化日志审计平台。The invention relates to the technical field of log auditing, in particular to an automatic log auditing platform.

背景技术Background technique

传统的日志审计平台是通过syslog集中采集系统的安全事件信息、用户登录信息、系统运行日志、系统运行状态信息等，然后经过规范化的识别调和，形成可视化的统计报表，便于运维人员进行事件问题的统计分析，对重要的问题重点关注，通过数据呈现的方式与上级汇报，更具说服力。同时准确的系统数据支撑也便于管理层更加直观明了的了解部门的工作绩效，合理分配资源。但是传统的日志审计平台只可以生成和统计各类的告警，并未能及时处理某些紧急且常见的事件问题，同时需要运维人员手工介入处理，验证无误后关闭事件工单及告警。针对这些事件问题，本发明通过发明一套完整的故障处理流程来解决这个问题。The traditional log audit platform collects system security event information, user login information, system operation logs, system operation status information, etc. through syslog, and then after standardized identification and reconciliation, a visual statistical report is formed, which is convenient for operation and maintenance personnel to solve event problems. Statistical analysis, focusing on important issues, and reporting to superiors through data presentation is more convincing. At the same time, the accurate system data support also facilitates the management to understand the work performance of the department more intuitively and clearly, and allocate resources reasonably. However, the traditional log audit platform can only generate and count various types of alarms, and cannot handle some urgent and common event problems in a timely manner. At the same time, operation and maintenance personnel need to manually intervene in the processing, and close the event work order and alarm after verification is correct. Aiming at these event problems, the present invention solves this problem by inventing a complete set of fault handling procedures.

发明内容Contents of the invention

本发明的目的在于提供自动化日志审计平台，具有通过自动化的流程系统，从触发告警，生成工单，到处理事件，检验故障，最后关闭工单，不需要人工介入处理，从而减轻运维人员的工作量以及确保故障处理的时效性，提高IT运维服务的质量的优点，解决了现有技术中的问题。The purpose of the present invention is to provide an automated log audit platform, with an automated process system, from triggering alarms, generating work orders, to processing events, checking faults, and finally closing work orders, without manual intervention, thereby reducing the workload of operation and maintenance personnel. The advantages of reducing the workload, ensuring the timeliness of troubleshooting, and improving the quality of IT operation and maintenance services solve the problems in the prior art.

为实现上述目的，本发明提供如下技术方案：自动化日志审计平台，包括日志审计平台采集信息、设置触发阈值、告警生成、生成事件工单、工单处理、验证处理结果、关闭告警和结束，所述日志审计平台采集信息通过电路连接设置触发阈值，所述设置触发阈值通过电路连接告警生成，所述告警生成通过线缆分别连接生成事件工单和结束，所述生成事件工单通过电路连接工单处理,所述工单处理通过电路连接验证处理结果，所述验证处理结果通过线缆分电路连接验证处理结果，所述验证处理结果通过线缆分接结束。In order to achieve the above object, the present invention provides the following technical solutions: an automated log audit platform, including collecting information on the log audit platform, setting trigger thresholds, generating alarms, generating event work orders, processing work orders, verifying processing results, closing alarms, and ending. The information collected by the log audit platform is set through a circuit connection to set a trigger threshold. The set trigger threshold is generated through a circuit connection alarm. Single processing, the work order processing verifies the processing result through circuit connection, the verification processing result is connected to the verification processing result through cable branching circuit, and the verification processing result is completed through cable branching.

优选的，所述日志审计平台采集信息后，上传到指定存储服务器中。Preferably, the log audit platform uploads the information to a designated storage server after collecting the information.

优选的，所述设置告警触发阈值，当检测到数值到达阈值时生成告警。Preferably, the alarm trigger threshold is set, and an alarm is generated when the detected value reaches the threshold.

优选的，所述告警生成同时触发事件工单流程，自动生成事件工单。Preferably, the generation of the alarm triggers the event work order process at the same time, and the event work order is automatically generated.

优选的，所述工单生成后根据预先配置好的工单处理流程处理该事件工单。Preferably, after the work order is generated, the event work order is processed according to a pre-configured work order processing flow.

优选的，所述处理完成后验证处理结果是否成功，数值是否在合理范围内，如数值在合理范围内，则关闭告警；如数值仍处于阈值范围外，则继续跳转到工单处理流程处理，直到数值到达合理范围内，然后关闭告警；如人工关闭告警，相对应的工单也会进行关闭。Preferably, after the processing is completed, verify whether the processing result is successful and whether the value is within a reasonable range. If the value is within a reasonable range, the alarm is turned off; if the value is still outside the threshold range, continue to jump to the work order processing flow for processing , until the value reaches a reasonable range, and then close the alarm; if you manually close the alarm, the corresponding work order will also be closed.

与现有技术相比，本发明的有益效果如下：Compared with the prior art, the beneficial effects of the present invention are as follows:

1.本自动化日志审计平台通过设置告警触发阈值进行设置，有利于当检测到数值到达阈值时生成告警，通过处理完成后验证处理结果进行判断是否成功，有利于数值是否在合理范围内，通过告警生成进行同时触发事件工单流程，有利于自动生成事件工单。1. This automated log audit platform is set by setting the alarm trigger threshold, which is conducive to generating an alarm when the detected value reaches the threshold. After the processing is completed, verify the processing result to judge whether it is successful, which is beneficial to whether the value is within a reasonable range. Through the alarm The process of generating and triggering event work orders at the same time is conducive to the automatic generation of event work orders.

附图说明Description of drawings

图1为本发明自动化日志审计平台的整体结构示意图。FIG. 1 is a schematic diagram of the overall structure of the automated log audit platform of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本发明一部分实施例，而不是全部的实施例，基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on The embodiments of the present invention and all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

在本发明的描述中，需要理解的是，术语“上”、“下”、“前”、“后”、“左”、“右”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系，仅是为了便于描述本发明和简化描述，而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作，因此不能理解为对本发明的限制。In describing the present invention, it should be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", " The orientation or positional relationship indicated by "outside", etc. is based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the present invention and simplifying the description, rather than indicating or implying that the referred device or element must have a specific orientation, so as to Specific orientation configurations and operations, therefore, are not to be construed as limitations on the invention.

实施例1：Example 1:

请参阅图1，自动化日志审计平台,包括日志审计平台采集信息、设置触发阈值、告警生成、生成事件工单、工单处理、验证处理结果、关闭告警和结束，日志审计平台采集信息通过电路连接设置触发阈值，设置触发阈值通过电路连接告警生成，告警生成通过线缆分别连接生成事件工单和结束，生成事件工单通过电路连接工单处理,工单处理通过电路连接验证处理结果，验证处理结果通过线缆分电路连接验证处理结果，验证处理结果通过线缆分接结束，日志审计平台采集信息后，上传到指定存储服务器中，设置告警触发阈值，当检测到数值到达阈值时生成告警，告警生成同时触发事件工单流程，自动生成事件工单，工单生成后根据预先配置好的工单处理流程处理该事件工单，处理完成后验证处理结果是否成功，数值是否在合理范围内，如数值在合理范围内，则关闭告警；如数值仍处于阈值范围外，则继续跳转到工单处理流程处理，直到数值到达合理范围内，然后关闭告警；如人工关闭告警，相对应的工单也会进行关闭。Please refer to Figure 1, the automated log audit platform, including collecting information by the log audit platform, setting trigger thresholds, generating alarms, generating event work orders, processing work orders, verifying processing results, closing alarms, and ending. The information collected by the log audit platform is connected through circuits Set the trigger threshold, set the trigger threshold to generate an alarm through the circuit connection, the alarm generation is connected through the cable to generate the event work order and end, and the generated event work order is processed through the circuit connection work order, and the work order is processed through the circuit connection to verify the processing result and verify the processing The result is verified through the cable sub-circuit connection, and the verification processing result is completed through the cable tap. After the log audit platform collects the information, upload it to the designated storage server, set the alarm trigger threshold, and generate an alarm when the detected value reaches the threshold. The alarm generation triggers the event work order process at the same time, and the event work order is automatically generated. After the work order is generated, the event work order is processed according to the pre-configured work order processing flow. After the processing is completed, verify whether the processing result is successful and whether the value is within a reasonable range. If the value is within a reasonable range, close the alarm; if the value is still outside the threshold range, continue to jump to the work order processing process until the value reaches a reasonable range, and then close the alarm; if the alarm is manually closed, the corresponding work order The list will also be closed.

具体的，通过设置告警触发阈值进行设置，有利于当检测到数值到达阈值时生成告警，通过处理完成后验证处理结果进行判断是否成功，有利于数值是否在合理范围内，通过告警生成进行同时触发事件工单流程，有利于自动生成事件工单。Specifically, by setting the alarm trigger threshold, it is beneficial to generate an alarm when the detected value reaches the threshold. After the processing is completed, verify the processing result to judge whether it is successful, which is beneficial to whether the value is within a reasonable range. Simultaneous triggering through alarm generation The incident ticket process is conducive to the automatic generation of incident tickets.

工作原理：本发明自动化日志审计平台，使用时日志审计平台采集信息后，上传到指定存储服务器中，然后设置告警触发阈值，当检测到数值到达阈值时生成告警，告警生成同时触发事件工单流程，自动生成事件工单，工单生成后根据预先配置好的工单处理流程处理该事件工单，处理完成后验证处理结果是否成功，数值是否在合理范围内，如数值在合理范围内，则关闭告警；如数值仍处于阈值范围外，则继续跳转到工单处理流程处理，直到数值到达合理范围内，然后关闭告警；如人工关闭告警，相对应的工单也会进行关闭。Working principle: the automatic log audit platform of the present invention, after the log audit platform collects information during use, uploads it to the designated storage server, and then sets the alarm trigger threshold, and generates an alarm when the detected value reaches the threshold, and the alarm generation triggers the event work order process at the same time , to automatically generate an event work order. After the work order is generated, the event work order is processed according to the pre-configured work order processing flow. After the processing is completed, verify whether the processing result is successful and whether the value is within a reasonable range. If the value is within a reasonable range, then Close the alarm; if the value is still outside the threshold range, continue to jump to the work order processing process until the value reaches a reasonable range, and then close the alarm; if the alarm is manually closed, the corresponding work order will also be closed.

以上显示和描述了本发明的基本原理和主要特征和本发明的优点，对于本领域技术人员而言，显然本发明不限于上述示范性实施例的细节，而且在不背离本发明的精神或基本特征的情况下，能够以其他的具体形式实现本发明；因此，无论从哪一点来看，均应将实施例看作是示范性的，而且是非限制性的，本发明的范围由所附权利要求而不是上述说明限定，因此旨在将落在权利要求的等同要件的含义和范围内的所有变化囊括在本发明内，不应将权利要求中的任何附图标记视为限制所涉及的权利要求。The basic principles and main features of the present invention and the advantages of the present invention have been shown and described above. For those skilled in the art, it is obvious that the present invention is not limited to the details of the above-mentioned exemplary embodiments, and without departing from the spirit or basic principles of the present invention. The present invention can be realized in other specific forms under the condition of certain characteristics; therefore, the embodiments should be regarded as exemplary and non-restrictive in every respect, and the scope of the present invention is determined by the appended claims. Requirements rather than the above description, therefore, it is intended that all changes falling within the meaning and scope of the equivalent elements of the claims are included in the present invention, and any reference signs in the claims should not be regarded as limiting the rights involved. Require.

此外，应当理解，虽然本说明书按照实施方式加以描述，但并非每个实施方式仅包含一个独立的技术方案，说明书的这种叙述方式仅仅是为清楚起见，本领域技术人员应当将说明书作为一个整体，各实施例中的技术方案也可以经适当组合，形成本领域技术人员可以理解的其他实施方式。In addition, it should be understood that although this specification is described according to implementation modes, not each implementation mode only contains an independent technical solution, and this description in the specification is only for clarity, and those skilled in the art should take the specification as a whole , the technical solutions in the various embodiments can also be properly combined to form other implementations that can be understood by those skilled in the art.

Claims (6)

1. Automatic change log audit platform, its characterized in that: including log audit platform collection information, set up trigger threshold, report an emergency and ask for help or increased vigilance and generate, generate event work order, work order processing, verification processing result, close report an emergency and end, log audit platform collection information sets up trigger threshold through circuit connection, set up trigger threshold and report an emergency and generate through circuit connection warning, report an emergency and generate through cable difference connection generation event work order and end, generate event work order and process through circuit connection work order, the work order is handled and is passed through circuit connection verification processing result, verify processing result and divide circuit connection verification processing result through the cable, verify processing result and pass through cable shunting and end.

2. The automated log audit platform of claim 1 wherein: and after the log audit platform collects information, uploading the information to a specified storage server.

3. The automated log audit platform of claim 1 wherein: and setting an alarm triggering threshold, and generating an alarm when the numerical value is detected to reach the threshold.

4. The automated log audit platform of claim 1 wherein: and the alarm generation triggers an event work order flow at the same time, and automatically generates an event work order.

5. The automated log audit platform of claim 1, wherein: and processing the event work order according to a preset work order processing flow after the work order is generated.

6. The automated log audit platform of claim 1, wherein: after the processing is finished, verifying whether the processing result is successful and whether the numerical value is in a reasonable range, and if the numerical value is in the reasonable range, closing the alarm; if the numerical value is still outside the threshold range, continuing skipping to the work order processing flow until the numerical value reaches the reasonable range, and then closing the alarm; if the alarm is turned off manually, the corresponding work order is also turned off.

Images