Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, fig. 1 is a schematic diagram of a network structure of a method for determining a failure server according to an embodiment of the present application. As shown in fig. 1, the detection server cluster includes a plurality of detection servers, and as shown in fig. 1, the detection server cluster includes a detection server 201, a detection server 202, and a detection server 203. And each detection server in the detection server cluster is used for processing the access message, each detection server is used for processing one access message, and each detection server can process different access messages at the same time. The access message may be sent by a user terminal including, but not limited to, a cell phone, a computer, an intelligent voice interaction device, an intelligent home appliance, a vehicle terminal, etc.
For example, the access message 101 arrives at a detection server cluster through a network, and the detection server 203 in the detection server cluster may process the access message 101. The access message 102 arrives at the detection server cluster through the network, and the detection server 201 in the detection server cluster can process the access message 102. The access message 103 arrives at the detection server cluster via the network, and the detection server 202 in the detection server cluster can process the access message 103.
For any received access message, the access message can be sent to a server detection cluster, any detection server in the detection server cluster carries out security detection on the access message, and a server identifier of the server is added in the access message in the processing process. Taking the access message 102 as an example, the security detection may be performed based on the detection server 201 in the detection server cluster, and the detection server 201 may add a server identifier of the detection server 201 in the access message 102.
Based on the network structure, when receiving the error message returned by the detection server cluster based on any access message, the target server identification carried by the error message can be determined, and then the fault server for processing the error message is determined from the detection server cluster based on the target server identification.
For example, if an error message (access message 102) is detected, a target server identifier carried by the error message may be determined, and based on the target server identifier, a fault server 201 that processes the error message may be determined from the detection server cluster.
The detection server cluster in the embodiment of the present application may be a server set for performing centralized processing on various access messages, including, but not limited to, a data processing server cluster, a cloud computing server cluster, a server cluster corresponding to a Web (Web) application firewall, etc., which may be specifically determined based on actual application scenario requirements, and is not limited herein.
The Web application firewall may be a Web application level intrusion prevention system (Web Application Firewall, WAF), which is a product that provides protection for Web applications specifically by executing a series of security policies for Hypertext transfer protocol (Hypertext TRANSFER PRTCL, HTTP) and/or Hypertext transfer security protocol (Hyper Text Transfer Protocol over SecureSocket Layer, HTTPS), and ensures service processing speed by operating a large number of detection servers simultaneously.
Referring to fig. 2, fig. 2 is a flow chart of a method for determining a failure server according to an embodiment of the present application. As shown in fig. 2, the method for determining a failure server according to the embodiment of the present application may include the following steps:
And step S21, sending each access message to the detection server cluster.
In some possible embodiments, for any access message sent by any requester, after receiving the access message, the access message may be sent to the detection server cluster, so as to process the access message through any server in the detection server cluster.
Each access message is subjected to security detection by any detection server in the detection server cluster, and a server identifier of the detection server is added in the access message.
Specifically, after any access message is received, the access message may be sent to the detection server cluster, and a detection server for processing the access message is determined from the detection server cluster. After receiving the access message, any detection server in the idle state in the detection server cluster can be determined as a detection server for performing security detection on the access message. If each detection server in the detection server cluster has the capability of performing security detection on a plurality of messages, the remaining detection servers with the capability of performing security detection on the messages in the detection server cluster can be determined as detection servers for performing security detection on the access messages.
Optionally, the detection server cluster includes different types of detection servers, and each type of detection server is used for performing security detection on different types of access messages. After a certain access message is sent to the detection server cluster, the type of the access message is determined, and then the security detection is carried out on the access message based on any detection server used for carrying out security detection on the message of the type in the detection server cluster.
The type of the access message may be determined based on the type of the requester, and different types of requesters correspond to different types of access messages. For example, the types of the requesters can be divided based on individual users and enterprise users, or based on the IP addresses of the requesters, and can be specifically determined based on the actual application scene requirements, without limitation.
For example, the detection server cluster includes a detection server for performing security detection on access messages initiated by individual users and a detection server for performing security detection on access messages initiated by enterprise users. After any access message is received and sent to the detection server cluster, a request party of the access message can be determined based on the message content of the access message, and if the request party of the access message is a personal user, a detection server for carrying out security detection on the access message initiated by the personal user can be determined from detection servers in the detection server cluster.
If the request party of the access message is an enterprise user, a detection server for carrying out security detection on the access message initiated by the enterprise user can be determined from detection servers in the detection server cluster.
Optionally, to ensure that the workload of each detection server in the detection server cluster is the same, after any access message is received and sent to the detection server cluster, a detection server for performing security detection on the access message may be determined from the detection server cluster based on a load balancing algorithm. And distributing the detected access messages to all detection servers in the detection server cluster in turn according to the detection sequence so as to ensure that all detection servers realize work load balancing.
In some possible embodiments, for each access message, when the corresponding detection server performs security detection on the access message, the server identifier of the detection server is further added to the access message.
For any detection server, the server identifier of the detection server may be a universally unique identification code (Universally Unique Identifier, UUID). The UUID of each detection server may uniquely identify that detection server based on 32 16-ary digits, so that different detection servers may be identified based on UUIDs.
Specifically, for each access message, after the access message is safely detected based on the corresponding detection server, if the access message is detected abnormally, the access message carrying the server identifier of the detection server is returned to the corresponding requester. If the access message is detected normally, the access message carrying the server identification of the detection server is sent to the corresponding Web site.
For each access message, the access message is an IP message, and when the detection server corresponding to the access message performs security detection on the access message, the access message can be restored to an HTTP message, and feature detection is performed on the message content of the HTTP message.
If the message content of the HTTP message includes a sensitive load, such as a sensitive field, a preset abnormal field, etc., it can be determined that the access message is abnormal in detection. Under the condition that the access message is abnormal in detection, the server identification of the detection server can be added into the access message, and the access message carrying the server identification of the detection server is returned to the requester corresponding to the access message.
When a server identifier of the detection server is added to the access message based on the corresponding detection server for each access message, the server identifier of the detection server can be added to an HTTP message corresponding to the access message, and the HTTP message with the added server identifier is repackaged into an IP message, so that the purpose of adding the server identifier of the detection server to the access message is achieved.
Fig. 3a is a schematic diagram of a scenario for performing security detection on an access message according to an embodiment of the present application, as shown in fig. 3 a. After the access message sent by the requesting party is sent to the corresponding detection server in the detection server cluster, the detection server carries out security detection on the access message. If the access message detects abnormality, UUID of the detection server is added in the access message, and the access message added with UUID is returned to the corresponding requesting party.
As shown in fig. 3b, fig. 3b is a schematic diagram of another scenario for performing security detection on an access message according to an embodiment of the present application. After the access message sent by the requesting party is sent to the corresponding detection server in the detection server cluster, the detection server carries out security detection on the access message. If the access message is detected normally, adding UUID of a detection server in the access message, and sending the access message added with UUID to a Web site corresponding to the access message.
In some possible embodiments, for any Web site, after receiving an access message sent by a detection server in the detection server cluster, the Web site sends a response message for the received access message. At this time, the response message may be sent to the detection server cluster, and a detection server for performing security detection on the response message is determined from the detection server cluster, so as to perform security detection on the response message, and a server identifier of the corresponding detection server is added in the response message.
Optionally, for any response message, any detection server in the detection server cluster that processes the idle state or the detection server with the message security detection capability may be determined as the detection server for performing security detection on the response message.
Optionally, in the case that the detection server cluster includes different types of detection servers, for any response message, the type of the response message may be determined, and then security detection is performed on the response message based on any detection server in the detection server cluster that is used for performing security detection on the type of message. The type of the access message may be determined based on the type of the Web site, the IP address, the site function, the security level, etc., specifically may be determined based on the actual application scenario requirement, and is not limited herein.
For example, web sites have different security levels due to their different site functions. For example, the security level of a Web site for performing data calculation is often higher than that of a Web site for performing data query, so for an access message for requesting to access a different Web site, a corresponding detection server can be determined from a detection server cluster according to the security level of the corresponding Web site to perform security detection on the access message.
That is, the detection server cluster includes detection servers with different message detection capabilities, and after any access message is received, the Web site requested to be accessed by the access message can be determined and the security level of the Web site can be determined. And further determining a detection server with message detection capability matched with the security level from the detection server cluster, so as to carry out security detection on the access message based on the determined detection server.
Optionally, for any response message, the response message may be sent to a detection server in the detection server cluster for processing the access message corresponding to the response message, and security detection is performed on the response message based on the detection server, and a server identifier of the detection server is added in the response message.
Further, for each response message, the response message is an IP message, and when the detection server corresponding to the response message performs security detection on the response message, the response message can be restored to an HTTP message, and feature detection is performed on the message content of the HTTP message.
The response message is also an IP message for each access message, so that when the response message is detected based on any detection server, the response message can be restored to an HTTP message as well, and the characteristic detection is performed on the message content of the HTTP message.
If the message content of the HTTP message includes a sensitive load, such as a sensitive field, a preset abnormal field, etc., the response message detection abnormality can be determined. Otherwise, it can be determined that the response message is detected normally.
Further, for the response message of each access message, if the response message detects abnormality, the response message carrying the server identifier is returned to the corresponding Web site. If the response message is detected normally, the response message carrying the server identification is sent to the corresponding requesting party.
When a server identifier of the detection server is added to the response message based on the corresponding detection server, the server identifier of the detection server can be added to an HTTP message corresponding to the response message, and the HTTP message with the added server identifier is repackaged into an IP message, so that the purpose of adding the server identifier of the detection server to the response message is achieved.
Fig. 4a is a schematic diagram of a scenario in which security detection is performed on a response message according to an embodiment of the present application, as shown in fig. 4 a. After the response message sent by the Web site is sent to the corresponding detection server, the detection server carries out security detection on the response message. If the response message detects abnormality, UUID of the detection server is added in the response message, and the response message added with UUID is returned to the corresponding Web site.
As shown in fig. 4b, fig. 4b is a schematic diagram of another scenario of security detection of a response message according to an embodiment of the present application. After the response message sent by the Web site is sent to the corresponding detection server, the detection server carries out security detection on the response message. If the response message is detected normally, adding the UUID of the detection server in the response message, and sending the response message added with the UUID to a requester corresponding to an access message corresponding to the response message.
Based on the implementation manner, the detection server cluster can add the server identification of the corresponding detection server to all the messages in the communication links corresponding to the requester and the Web site, so as to complete the marking of the messages in each communication link.
In some possible embodiments, before each detection server performs security detection on the corresponding access message, identity information reported by the detection server may be acquired. Similarly, before each detection server performs security detection on the corresponding response message, identity information reported by the detection server can be obtained.
Any detection server can report the identity information to the identity server, and then the identity information reported by each detection server can be obtained from the identity server through a query interface of the identity server.
For any detection server, the identity information of the detection server includes the server identifier of the detection server, e.g., the identity information of the detection server includes the UUID of the detection server.
The following describes a message security detection process in the method for determining a fault server according to the embodiment of the present application with reference to fig. 5. Referring to fig. 5, fig. 5 is a schematic structural diagram of a server cluster-based message security detection according to an embodiment of the present application. As shown in fig. 5, a client is a requestor of an access message, typically through a browser, to access the contents of a Web site. The Web site receives an access request (access message) from the client through the HTTP protocol to the external providing server, and returns the relevant data. Among other things, since Web sites themselves are vulnerable to attack by an attacker, it is necessary to detect a server cluster (e.g., WAF) to secure the site.
The detection server cluster is safety detection equipment in the process of accessing the Web site to the client in the architecture, taking WAF as an example, the WAF receives an access message initiated by the client, and analyzes the content of the access message to determine whether the access message is abnormal. And if the access message detection is normal, sending the access message to the Web site, and if the access message detection is abnormal, returning the access message to the client to refuse the access.
Meanwhile, in order to ensure the rate of message analysis and forwarding, the WAF may receive the access message sent by the client through the proxy device, and determine to send the access message to a detection server in the detection server cluster through a load balancing algorithm to perform message detection. Or the response message sent by the received Web site can be determined to be forwarded to one detection server in the detection server cluster for message detection through a load balancing algorithm. In this process, the detection server adds its server identification to the access message and/or response message it detects.
The identity server is used for uniformly storing the identity information of each detection server in the detection server cluster, and provides two interfaces, a registration interface and a query interface to the outside. Each detection server in the detection server cluster reports identity information based on a registration interface, such as reporting an IP address by registration rescue, a detection server hostname, a detection point ID, a server identification, and the like.
Optionally, for any detection server in the detection server cluster, the identity information of the detection server may further include any one or more of information reporting time of the identity information, an IP address of the detection server, a host name of the detection server, and detection information of the detection server, which may specifically be determined based on actual application scenario requirements, and is not limited herein.
The server detection information includes, but is not limited to, detection content of a detection server, identification of a monitoring point, and the like, and may be specifically determined based on actual application scene requirements, which is not limited herein.
If each detection server reports the identity information of the detection server by calling a registration interface of the identity server, the identity information can specifically include information reporting time, server IP address, detection information (detection point ID) and server identification. The specific data structure may be as follows:
{
"information reporting time": 1615647046,
"Server IP address": "123.123.123.123",
"Server identification": 9A09488E-7D1D-4995-9A7D-3AFB736CA3FE ",
"Server hostname": "host01",
"Detection point ID": "ID-34dc45tr"
}
In some possible embodiments, the identity information of each detection server in the detection server cluster may also be stored in a Database (Database), a cloud storage (closed storage) system or a blockchain (Blockchain), which may be specifically determined based on the actual application scenario requirements, which is not limited herein.
The cloud storage system is a new concept which extends and develops in the concept of cloud computing, and the cloud storage system refers to a storage system which integrates a large number of storage devices (storage devices are also called storage nodes) of different types in a network through application software or application interfaces to work cooperatively and provide data storage together through functions of cluster application, grid technology, distributed storage file systems and the like.
The database can be considered as an electronic filing cabinet, namely a place for storing electronic files, and a user can perform operations such as adding, inquiring, updating, deleting and the like on data in the files. A "database" is a collection of data stored together in a manner that can be shared with multiple users, with as little redundancy as possible, independent of the application.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. The blockchain is essentially a decentralised database, which is a series of data blocks generated by association using cryptography, and each data block can store identity information of each detection server in the detection server cluster.
Step S22, when receiving an error message returned by the detection server cluster based on any access message, extracting a target server identification in the error message.
In some possible embodiments, when the detection server in the detection server cluster processes the access message or the meeting message corresponding to the access message and fails, the detection server may return a message based on the corresponding access message or the response message. Namely, the error message returned by the detection server cluster comprises an error message returned based on the access message or an error message returned based on the response message.
The error message may be any access message sent by any requesting party, or may be a response message sent by any Web site for any access request, which may be specifically determined based on the actual application scenario requirement, and is not limited herein.
The error message also carries a corresponding access message or a corresponding server identifier carried by a response message.
The working state of the detection server cluster can be detected in real time in the working process of the detection server cluster, if the error message is detected, the detection server with faults in the detection server cluster can be determined, at the moment, when the error message returned by the detection server is received, the target detection server identification in the error message can be extracted, and then the fault server in the detection server cluster is determined based on the target detection server identification.
And S23, positioning the fault servers in the detection server cluster according to the target server identification.
In some possible embodiments, after determining the target server identifier carried by the error message, the identity information reported by each detection server may be acquired first, and the target identity information matched with the target server identifier may be determined from each identity information.
Specifically, identity information including the target server identifier may be determined from the information identities reported by the detection servers in the detection server cluster, and the identity information may be determined as target identity information matched with the target server identifier.
Optionally, under the condition that each detection server in the detection server cluster reports the identity information to the identity server, the identity information of each detection server can be acquired through a query interface of the identity server, and then the target identity information matched with the target server identification is determined. Or the identity information matched with the target server identifier can be directly queried through the query interface of the identity server, and the identity information can be specifically determined based on the actual application scene requirement without limitation.
Further, a detection server in the detection server cluster that matches the target identity information may be determined to be a failure server that processes the error message. The determined fault server is a detection server which has faults in the process of processing the error message.
Various data, such as configuration information of each server, involved in the method for determining the fault server provided by the embodiment of the application can be stored based on the database cluster. For example, the relevant data may be stored based on a primary database and a backup database, i.e., the relevant data is stored to the primary database, and the backup database synchronizes data from the primary database. The main database carries data read-write work.
When the main database fails and cannot provide data read-write service, the standby server can bear the data read-write service. After the fault of the main database is repaired, the data can be synchronized from the standby database, and the standby database is used as the main database at the moment.
In some possible embodiments, in the process of processing the access message and the response message of the access message based on each detection server in the detection server cluster, log information of each detection server may also be obtained, and the log information of each detection server may be stored, for example, the log information of each detection server is stored in a blockchain, a database, a local storage, a cloud storage system, and the like.
Referring to fig. 6, fig. 6 is a schematic diagram of a scenario in which log information is stored according to an embodiment of the present application. After log information of any one of the detection servers in the detection server cluster is acquired, the log information can be stored in a local storage and a log server so as to prevent the log information from being lost due to the fault of the local storage or the log server.
For any detection server in the detection server cluster, when the log information of the detection server is stored, the corresponding log information can be stored based on the identity information of the detection server, so that when the log information of the detection server is searched and queried, the search or query can be performed based on the identity information of the detection server. For example, the log information of the detection server may be marked based on the server identification of the detection server, and the marked log information may be stored.
Based on the above, after determining the fault server, the log information of the fault server can be obtained based on the target server identifier of the fault server, so that fault analysis can be performed on the fault server and/or the corresponding error message based on the log information of the fault server.
In particular, fault analysis may be performed on the fault server based on log information of different log levels of the fault server. The log level includes ERROR, WARN, INFO, DEBUGs, etc., and the fault server can be subjected to omnibearing fault analysis based on log information of different log levels.
The log information of the ERROR level indicates the highest-level ERROR record, which indicates that the detection server has very serious faults and directly causes the detection server to fail to work normally. The log information of the WARN level is a low-level exception log, which indicates that the detection server triggers an exception process in the operation process, but does not influence the normal operation of the system, and the business process of the next stage can be normally executed. The INFO-level log information typically records critical information during the operation of the detection server, and retains critical operation data during normal operation of the detection server. The log information of the DEBUG level mainly records various detailed detection server operation information, including parameter detailed information, debugging detail related information, operation return information and other various information.
Alternatively, the failure server may be subjected to failure analysis based on different types of log information of the failure server. The log information of each type includes, but is not limited to, configuration log information, monitoring log information, alarm log information, running log information, etc., which can be specifically determined based on the actual application scenario requirements, and is not limited herein.
The configuration log information can record actions such as adding, deleting, modifying and the like of a user on the configuration information of the detection server, monitor log information and monitor actions of the detection server, and the alarm log information can record operation alarm information of the detection server, and the operation log information records related actions of the detection server in an operation process.
The method for determining the failure server according to the embodiment of the present application is further described below with reference to fig. 7. Referring to fig. 7, fig. 7 is a flowchart of a method for determining a failure server according to an embodiment of the present application. And receiving an access message sent by the client to the Web site, and determining a target detection server in the detection server cluster through a load balancing algorithm, wherein the target detection server is used for carrying out security detection on the access message.
Further, security detection is carried out on the access message through the target detection server. The access message can be restored into an HTTP message, and security detection can be performed on the HTTP message. If the access message is detected normally, inserting a server identifier of a target detection server into the access message, repackaging the HTTP message inserted with the server identifier into an IP message, and sending the IP message to a corresponding Web site.
If the access message is abnormal, the server identifier of the target detection server is inserted into the access message, and after the HTTP message inserted with the server identifier is repackaged into an IP message, the IP message can be returned to the client.
Before the security detection of the access message, the target detection server may report the identity information of the target detection server, where the identity information includes the server identifier of the target detection server, information reporting time, server IP address, and the like.
Further, after the error message is detected, a fault server can be determined from the detection server cluster based on the target server identifier carried by the error message, and log information of the fault server is obtained based on the target server identifier, so that fault analysis is performed on the fault server based on the log information of the fault server.
In the embodiment of the application, the fault server can be directly determined from the detection server cluster through the target server identification carried by the error message, and compared with the prior art that the fault server is determined by means of manual inquiry log, the positioning speed of the fault server is improved. The fault server is determined based on the target server identification, so that the fault server can be determined with higher accuracy and high applicability. And moreover, the log information of the fault server can be quickly acquired based on the target server identification, so that the fault analysis efficiency is improved.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a determining apparatus of a failure server according to an embodiment of the present application. The device for determining the fault server provided by the embodiment of the application comprises the following steps:
The message processing module 81 is configured to send each access message to a detection server cluster, where each access message is safely detected by any detection server in the detection server cluster, and a server identifier of the detection server is added to the access message;
The information processing module 82 is configured to extract a target server identifier in an error message returned by the detection server cluster based on any one of the access messages when the error message is received;
The fault analysis module 83 is configured to locate a fault server in the detection server cluster according to the target server identifier.
In some possible embodiments, the information processing module 82 is further configured to:
Before each detection server carries out security detection on the corresponding access message, acquiring identity information reported by the detection server, wherein the identity information reported by the detection server comprises a server identifier of the detection server;
the fault analysis module 83 is configured to:
acquiring identity information reported by each detection server, and determining target identity information matched with the target server identification from the identity information;
and determining a detection server matched with the target identity information in the detection server cluster as a fault server.
In some possible embodiments, each of the above detection servers returns an access message carrying a server identifier of the detection server to a corresponding requester under a condition that the corresponding access message detects an abnormality, and sends the access message carrying the server identifier of the detection server to a corresponding Web site under a condition that the corresponding access message detects a normal condition.
In some possible embodiments, the above-mentioned message processing module 81 is further configured to:
For the response message of each access message, the response message is sent to the detection server corresponding to the access message, the response message is subjected to safety detection by the detection server, and the server identification of the detection server is added in the response message;
the error message comprises an error message returned based on the access or a response message corresponding to the access message.
In some possible embodiments, each of the above detection servers returns a response message carrying the server identifier of the detection server to the corresponding Web site under the condition that the corresponding response message detects an abnormality, and sends the response message carrying the server identifier of the detection server to the corresponding requester under the condition that the corresponding response message detects a normal condition.
In some possible embodiments, each of the access messages is an internet protocol IP message; when each of the above detection servers adds a server identifier of the detection server to a corresponding access message, the message processing module 81 is configured to:
And restoring the corresponding access message into a hypertext transfer protocol (HTTP) message, adding the server identification of the detection server in the HTTP message, and packaging the HTTP message added with the server identification into an IP message carrying the server identification of the detection server.
In some possible embodiments, each of the detection servers reports the corresponding identity information to the identity server through a registration interface of the identity server; the information processing module 82 is configured to:
Acquiring identity information reported by each detection server from the identity server through a query interface of the identity server;
the identity information reported by each detection server further comprises at least one of information reporting time, an IP address of the detection server, a hostname of the detection server or detection information of the detection server.
In a specific implementation, the determining device of the fault server may execute, through each built-in functional module, an implementation manner provided by each step in fig. 2, and specifically, the implementation manner provided by each step may be referred to, which is not described herein again.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 9, the electronic device 1000 in the present embodiment may include: processor 1001, network interface 1004, and memory 1005, and in addition, the electronic device 1000 may further include: a user interface 1003, and at least one communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface, among others. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1004 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also optionally be at least one storage device located remotely from the processor 1001. As shown in fig. 9, an operating system, a network communication module, a user interface module, and a device control application may be included in a memory 1005, which is one type of computer-readable storage medium.
In the electronic device 1000 shown in fig. 9, the network interface 1004 may provide a network communication function; while user interface 1003 is primarily used as an interface for providing input to a user; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:
Sending each access message to a detection server cluster, carrying out security detection on each access message by any detection server in the detection server cluster, and adding a server identifier of the detection server in the access message;
When receiving an error message returned by the detection server cluster based on any one of the access messages, extracting a target server identification in the error message;
and positioning the fault server in the detection server cluster according to the target server identification.
In some possible embodiments, the processor 1001 is further configured to:
Before each detection server carries out security detection on the corresponding access message, acquiring identity information reported by the detection server, wherein the identity information reported by the detection server comprises a server identifier of the detection server;
acquiring identity information reported by each detection server, and determining target identity information matched with the target server identification from the identity information;
and determining a detection server matched with the target identity information in the detection server cluster as a fault server.
In some possible embodiments, each of the above detection servers returns an access message carrying a server identifier of the detection server to a corresponding requester under a condition that the corresponding access message detects an abnormality, and sends the access message carrying the server identifier of the detection server to a corresponding Web site under a condition that the corresponding access message detects a normal condition.
In some possible embodiments, the processor 1001 is further configured to:
For the response message of each access message, the response message is sent to the detection server corresponding to the access message, the response message is subjected to safety detection by the detection server, and the server identification of the detection server is added in the response message;
the error message comprises an error message returned based on the access or a response message corresponding to the access message.
In some possible embodiments, each of the above detection servers returns a response message carrying the server identifier of the detection server to the corresponding Web site under the condition that the corresponding response message detects an abnormality, and sends the response message carrying the server identifier of the detection server to the corresponding requester under the condition that the corresponding response message detects a normal condition.
In some possible embodiments, each of the access messages is an internet protocol IP message; when each of the above detection servers adds a server identifier of the detection server to a corresponding access message, the processor 1001 is configured to:
And restoring the corresponding access message into a hypertext transfer protocol (HTTP) message, adding the server identification of the detection server in the HTTP message, and packaging the HTTP message added with the server identification into an IP message carrying the server identification of the detection server.
In some possible embodiments, each of the detection servers reports the corresponding identity information to the identity server through a registration interface of the identity server; in some possible embodiments, the processor 1001 is configured to:
Acquiring identity information reported by each detection server from the identity server through a query interface of the identity server;
the identity information reported by each detection server further comprises at least one of information reporting time, an IP address of the detection server, a hostname of the detection server or detection information of the detection server.
It should be appreciated that in some possible embodiments, the processor 1001 may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The memory may include read only memory and random access memory and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type.
In a specific implementation, the electronic device 1000 may execute, through each functional module built in the electronic device, an implementation manner provided by each step in fig. 2, and specifically, the implementation manner provided by each step may be referred to, which is not described herein again.
In the embodiment of the application, the fault server can be directly determined from the detection server cluster through the target server identification carried by the error message, and compared with the prior art that the fault server is determined by means of manual inquiry log, the determination speed of the fault server is improved. The fault server is determined based on the target server identification, so that the fault server can be determined with higher accuracy and high applicability. And moreover, the log information of the fault server can be quickly acquired based on the target server identification, so that the fault analysis efficiency is improved.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored and executed by a processor to implement the method provided by each step in fig. 2, and specifically, the implementation manner provided by each step may be referred to, which is not described herein.
The computer readable storage medium may be the determining means of the failure server and/or an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. The computer readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like, which are provided on the electronic device. The computer readable storage medium may also include a magnetic disk, an optical disk, a read-only memory (ROM), a random access memory (randomaccess memory, RAM), or the like. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the electronic device. The computer-readable storage medium is used to store the computer program and other programs and data required by the electronic device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
Embodiments of the present application provide a computer program product comprising a computer program or computer instructions stored on a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of the electronic device, and executed by the processor, cause the computer device to perform the method provided by the steps of fig. 2.
The terms first, second and the like in the claims and in the description and drawings are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or electronic device that comprises a list of steps or elements is not limited to the list of steps or elements but may, alternatively, include other steps or elements not listed or inherent to such process, method, article, or electronic device. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments. The term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.