CN107635003A - System log management method, device and system - Google Patents
System log management method, device and system Download PDFInfo
- Publication number
- CN107635003A CN107635003A CN201710867793.0A CN201710867793A CN107635003A CN 107635003 A CN107635003 A CN 107635003A CN 201710867793 A CN201710867793 A CN 201710867793A CN 107635003 A CN107635003 A CN 107635003A
- Authority
- CN
- China
- Prior art keywords
- log
- information
- log information
- server
- predetermined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 claims abstract description 30
- 238000001914 filtration Methods 0.000 claims abstract description 11
- 230000002159 abnormal effect Effects 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000012216 screening Methods 0.000 claims description 6
- 230000000007 visual effect Effects 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 4
- 230000002155 anti-virotic effect Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- MWZTVLNYXAKUKY-LBEKAKSKSA-N 4-hydroxy-N-[2-[(1R,13S)-3-methyl-8-oxo-11-azatetracyclo[8.4.0.01,13.02,7]tetradeca-2,4,6,9-tetraene-11-carbonyl]imidazo[1,2-a]pyridin-6-yl]benzamide Chemical compound C=1([C@]23C[C@@H]3C3)C(C)=CC=CC=1C(=O)C=C2N3C(=O)C(N=C1C=C2)=CN1C=C2NC(=O)C1=CC=C(O)C=C1 MWZTVLNYXAKUKY-LBEKAKSKSA-N 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001121 heart beat frequency Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
本发明公开了一种系统日志的管理方法,包括:将收集的日志信息按照预定规则进行筛选;将筛选后的日志信息根据信息类别进行划分;对类别划分后的日志信息按照预定的日志格式进行组合;将组合后的日志信息作为最终日志信息定时推送至日志服务器,以便所述日志服务器对接收到的所述最终日志信息进行存储并进行可视化处理;该方法能够让日志信息足够简练鲜明,方便对日志信息的管理;本发明还公开了一种系统日志的管理装置及系统,具有上述有益效果。
The invention discloses a system log management method, which includes: filtering collected log information according to predetermined rules; dividing the filtered log information according to information categories; sorting the category-divided log information according to a predetermined log format Combining; regularly pushing the combined log information as the final log information to the log server, so that the log server can store and visualize the received final log information; this method can make the log information concise and clear enough, convenient Management of log information; the present invention also discloses a system log management device and system, which have the above beneficial effects.
Description
技术领域technical field
本发明涉及电子技术领域,特别涉及一种系统日志的管理方法、装置及系统。The invention relates to the field of electronic technology, in particular to a system log management method, device and system.
背景技术Background technique
在系统中,日志是一个非常重要的功能组成部分,日志可以记录下系统所产生的所有行为,并按照某种规范表达出来。在系统出现错误时,可以通过日志所记录的信息为系统进行排错,优化系统的性能,或者根据日志信息来调整系统的各种行为,日志在系统中的地位十分重要。In the system, the log is a very important functional component. The log can record all the behaviors generated by the system and express them according to a certain specification. When an error occurs in the system, the information recorded in the log can be used to troubleshoot the system, optimize the performance of the system, or adjust various behaviors of the system according to the log information. The status of the log in the system is very important.
而随着企业规模的扩大,业务变得更加多元,也更加复杂,于是系统变得很大,一个系统中集成的子系统越来越多,一个子系统中产生的日志信息也变得更多,因此一个系统中的日志信息变得十分庞大,从庞大的日志信息中筛选出有用信息显得尤为重要。With the expansion of the scale of the enterprise, the business becomes more diversified and more complex, so the system becomes larger, more and more subsystems are integrated in a system, and the log information generated in a subsystem also becomes more , so the log information in a system becomes very large, and it is particularly important to filter out useful information from the huge log information.
而日志信息按照系统类型进行分类的话,日志信息可以分为操作系统日志、应用系统日志、安全系统日志等等,而每种操作系统的日志都有其自身特有的设计和规范,例如Windows系统的日志通常按照其惯有的应用程序、安全和系统这样的分类方式进行存储,而类似Linux这样的各种Class UNIX系统通常都使用兼容Syslog规范的日志系统;并且很多硬件设备的操作系统也具有独立的日志规范。因此,不同的应用系统都具有根据其自身要求设计的日志,其日志信息格式都不同。If the log information is classified according to the system type, the log information can be divided into operating system logs, application system logs, security system logs, etc., and the logs of each operating system have their own unique design and specifications, such as Windows system Logs are usually stored according to their customary classification methods such as application, security and system, and various Class UNIX systems like Linux usually use a log system compatible with the Syslog specification; and the operating systems of many hardware devices also have independent log specification. Therefore, different application systems have logs designed according to their own requirements, and their log information formats are different.
现有技术中,当整个系统运行时发生故障时,会通过ssh等工具直接连到服务器直接查看所有系统日志信息,而在所有日志信息中进行问题查找和定位十分困难。In the prior art, when a failure occurs during the operation of the entire system, it is directly connected to the server through tools such as ssh to directly view all system log information, and it is very difficult to find and locate problems in all log information.
因此,如何让日志信息足够简练鲜明,方便对日志信息的管理,是本领域技术人员需要解决的技术问题。Therefore, how to make the log information concise and clear enough to facilitate the management of the log information is a technical problem to be solved by those skilled in the art.
发明内容Contents of the invention
本发明的目的是提供一种系统日志的管理方法,该方法能够让日志信息足够简练鲜明,方便对日志信息的管理;本发明的另一目的是提供一种系统日志的管理装置及系统,具有上述有益效果。The purpose of the present invention is to provide a system log management method, which can make the log information concise and clear enough to facilitate the management of the log information; another purpose of the present invention is to provide a system log management device and system, with The beneficial effects mentioned above.
为解决上述技术问题,本发明提供一种系统日志的管理方法,包括:In order to solve the above technical problems, the present invention provides a system log management method, including:
将收集的日志信息按照预定规则进行筛选;Filter the collected log information according to predetermined rules;
将筛选后的日志信息根据信息类别进行划分;Divide the filtered log information according to the information category;
对类别划分后的日志信息按照预定的日志格式进行组合;其中,所述预定的日志格式中包括时间,机器名,错误大类,线程名,日志等级,日志输出位置;The log information after classification is combined according to a predetermined log format; wherein, the predetermined log format includes time, machine name, error category, thread name, log level, and log output location;
将组合后的日志信息作为最终日志信息定时推送至日志服务器,以便所述日志服务器对接收到的所述最终日志信息进行存储并进行可视化处理。The combined log information is regularly pushed to the log server as the final log information, so that the log server can store and visualize the received final log information.
其中,所述按照预定规则对日志信息进行筛选包括:Wherein, the filtering of log information according to predetermined rules includes:
在所述日志信息中筛选出功能模块的启动和结束信息、用户的登录和退出信息、系统的关键性操作信息、系统运行期间的异常信息以及关键性方法的进入和退出信息。The start and end information of functional modules, user login and exit information, critical system operation information, abnormal information during system operation, and entry and exit information of key methods are screened out from the log information.
其中,将筛选后的日志信息根据信息类别进行划分包括:Among them, dividing the filtered log information according to information categories includes:
根据所述日志信息中信息类别将所述日志信息分为系统调试日志、系统运行的关键性日志、告警日志以及系统错误日志。According to the information category in the log information, the log information is divided into system debugging log, critical log of system operation, alarm log and system error log.
其中,所述将收集的日志信息按照预定规则进行筛选包括:Wherein, the filtering of the log information to be collected according to predetermined rules includes:
收集增量式日志信息;其中,所述增量式日志信息包括自上次推送之后生成的日志信息;Collect incremental log information; wherein, the incremental log information includes log information generated after the last push;
对所述增量式日志信息按照预定规则进行筛选。The incremental log information is filtered according to predetermined rules.
本发明提供一种系统日志的管理装置,包括:The present invention provides a system log management device, including:
信息筛选模块,用于将收集的日志信息按照预定规则进行筛选;An information screening module, configured to filter the collected log information according to predetermined rules;
类别划分模块,用于将筛选后的日志信息根据信息类别进行划分;A category classification module, configured to classify the filtered log information according to information categories;
组合模块,用于对类别划分后的日志信息按照预定的日志格式进行组合;其中,所述预定的日志格式中包括时间,机器名,错误大类,线程名,日志等级,日志输出位置;Combination module, used to combine the log information after classification according to a predetermined log format; wherein, the predetermined log format includes time, machine name, error category, thread name, log level, and log output location;
定时推送模块,用于将组合后的日志信息作为最终日志信息定时推送至日志服务器,以便所述日志服务器对接收到的所述最终日志信息进行存储并进行可视化处理。A timing push module, configured to regularly push the combined log information as final log information to a log server, so that the log server can store and visualize the received final log information.
本发明提供一种系统日志的管理系统,包括:The present invention provides a system log management system, including:
客户端,用于将收集的日志信息按照预定规则进行筛选;筛选后将所述日志信息根据信息类别进行划分;对类别划分后的日志信息按照预定的日志格式进行组合;将组合后的日志信息作为最终日志信息定时推送至日志服务器;其中,所述预定的日志格式中包括时间、机器名、错误大类、线程名、日志等级以及日志输出位置;The client is used to filter the collected log information according to predetermined rules; after filtering, divide the log information according to information categories; combine the classified log information according to a predetermined log format; combine the combined log information As the final log information, it is regularly pushed to the log server; wherein, the predetermined log format includes time, machine name, error category, thread name, log level and log output location;
日志服务器,用于接收并存储客户端定时发送的所述最终日志信息,并对接收到的所述最终日志信息进行可视化处理。The log server is configured to receive and store the final log information regularly sent by the client, and perform visual processing on the received final log information.
其中,所述日志服务器还用于对接收到的不同客户端的日志信息进行交叉分析。Wherein, the log server is further configured to perform cross-analysis on the received log information of different clients.
其中,所述日志服务器还用于接收更新名单的命令,对存储的需要接收日志信息的客户端名单进行更新。Wherein, the log server is further configured to receive a command to update the list, and update the stored list of clients that need to receive log information.
其中,所述客户端还用于将收集的日志信息筛选出功能模块的启动和结束信息、用户的登录和退出信息、系统的关键性操作信息、系统运行期间的异常信息以及关键性方法的进入和退出信息。Wherein, the client is also used to filter the collected log information to start and end information of functional modules, user login and logout information, key operating information of the system, abnormal information during system operation, and entry of key methods and exit messages.
其中,所述客户端还用于收集增量式日志信息;并对所述增量式日志信息按照预定规则进行筛选;其中,所述增量式日志信息包括自上次推送之后生成的日志信息。Wherein, the client is also used to collect incremental log information; and filter the incremental log information according to predetermined rules; wherein, the incremental log information includes log information generated after the last push .
本发明所提供的系统日志的管理方法,对日志信息按照预定规则进行筛选,筛选后根据信息类别进行划分,然后按照预定的日志格式进行组合,最后将组合后的日志信息作为最终日志信息定时推送至日志服务器,通过将产生的日志信息统一规范处理后进行定时发送,统一规范处理后的日志信息只对有用信息进行了保留,减少了大量无用信息,让日志信息足够简练,而且对日志中有用信息统一格式规范,使得日志服务器端接收到的不同的日志信息格式相同,且重要信息突出,让日志信息足够简练鲜明,可以大大简化在运行中对日志信息的查找工作,节约了人力和时间,对日志信息定时发送,方便对最新的日志信息的及时保存,及时判断,及时处理,因此,该方法能够让日志信息足够简练鲜明,在很大程度上方便对日志信息的管理。The management method of the system log provided by the present invention screens the log information according to predetermined rules, divides the log information according to the information category after screening, then combines according to the predetermined log format, and finally pushes the combined log information as the final log information at regular intervals To the log server, the generated log information is uniformly and standardizedly processed and then sent regularly. The log information after uniform and standardized processing only retains useful information, reducing a lot of useless information, making the log information concise enough and useful to the log The uniform format of the information makes the format of different log information received by the log server end the same, and the important information is prominent, so that the log information is concise and clear enough, which can greatly simplify the search for log information during operation, saving manpower and time. The log information is sent regularly to facilitate the timely storage, judgment and processing of the latest log information. Therefore, this method can make the log information concise and clear enough, and facilitate the management of the log information to a large extent.
本发明还公开了一种系统日志的管理装置以及系统,具有上述有益效果,在此不再赘述。The present invention also discloses a system log management device and system, which have the above-mentioned beneficial effects, and will not be repeated here.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.
图1为本发明实施例提供的系统日志的管理方法的流程图;Fig. 1 is the flowchart of the management method of system log provided by the embodiment of the present invention;
图2为本发明实施例提供的系统日志的管理装置的结构框图;FIG. 2 is a structural block diagram of a system log management device provided by an embodiment of the present invention;
图3为本发明实施例提供的系统日志的管理系统的结构框图。FIG. 3 is a structural block diagram of a system log management system provided by an embodiment of the present invention.
具体实施方式detailed description
本发明的核心是提供一种系统日志的管理方法,该方法能够让日志信息足够简练鲜明,方便对日志信息的管理;本发明的另一核心是提供一种系统日志的管理装置以及系统,具有上述有益效果。The core of the present invention is to provide a system log management method, which can make the log information concise and clear enough to facilitate the management of log information; another core of the present invention is to provide a system log management device and system, with The beneficial effects mentioned above.
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
请参考图1,图1为本发明实施例所提供的系统日志的管理方法的流程图;该方法可以包括:Please refer to FIG. 1, which is a flow chart of a method for managing system logs provided by an embodiment of the present invention; the method may include:
步骤s100、将收集的日志信息按照预定规则进行筛选。Step s100, filtering the collected log information according to predetermined rules.
优选的,收集的日志信息可以是增量式的日志信息,当然,收集增量式日志信息仅是优选实施例,收集现有日志也能实现本发明的技术方案,在此不做限定。增量式日志信息指自上次推送之后生成的日志信息,仅收集增量式日志信息可以大大减少需要进行处理的日志信息的总量,提高工作效率,也能节省查看日志的人力以及时间资源。Preferably, the collected log information may be incremental log information. Of course, collecting incremental log information is only a preferred embodiment, and collecting existing logs can also implement the technical solution of the present invention, which is not limited here. Incremental log information refers to the log information generated since the last push. Only collecting incremental log information can greatly reduce the total amount of log information that needs to be processed, improve work efficiency, and save manpower and time resources for viewing logs .
可以对收集到的日志信息按照预定规则进行筛选,筛选出日志信息中的有用信息,减少大量无用信息,使得日志信息更加简练。本实施例对筛选出来的日志信息不做限定,用户可以根据自身需求以及系统需要进行选择。The collected log information can be filtered according to predetermined rules to filter out useful information in the log information, reduce a large amount of useless information, and make the log information more concise. In this embodiment, the filtered log information is not limited, and users can select according to their own needs and system needs.
优选的,可以在所述日志信息中筛选出功能模块的启动和结束信息、用户的登录和退出信息、系统的关键性操作信息、系统运行期间的异常信息以及关键性方法的进入和退出信息。Preferably, start and end information of functional modules, user login and exit information, critical system operation information, abnormal information during system operation, and entry and exit information of key methods can be filtered out from the log information.
一般来说一个完整的系统是由多个功能模块组成的,每个模块负责不同的功能,可以从日志信息中筛选出功能模块的启动和结束信息,对功能模块的启动和结束信息进行监控可以获知上述这些功能模块是否正常加载,又在正常完成操作时是否正常退出;还可以筛选出用户的登录和退出信息,可以获知哪位用户在什么时间通过什么IP登陆和退出了系统;还可以筛选出系统的关键性操作信息,比如数据库链接信息以及网络通信的是否成功的信息等,用以对这些关键性操作进行监控;还可以筛选出系统运行期间的异常信息,在系统运行出现错误时可以通过这些异常信息查看问题所在,其中,异常信息可以包括NPE、OOM以及其他的超时以及转换异常的信息;还可以筛选出一些关键性方法的进入和退出,用以监控这些方法是否正常运行,其中,关键性方法可以包括一些重要业务在处理时的进入和结束信息等。当然,还可以根据一定的规则筛选出其它有用信息。其中,所述预定规则可以是针对所需要筛选出来的日志信息所制定的规则,本实施例对规则不做限定。Generally speaking, a complete system is composed of multiple functional modules, and each module is responsible for different functions. The start and end information of the functional modules can be filtered out from the log information, and the start and end information of the functional modules can be monitored. Know whether the above-mentioned functional modules are loaded normally, and whether they log out normally when the operation is completed normally; you can also filter out the user's login and logout information, and you can know which user logged in and logged out of the system through what IP at what time; you can also filter Key operating information of the system, such as database link information and network communication success information, etc., are used to monitor these key operations; it can also filter out abnormal information during system operation, and can be used when the system runs wrong View the problem through these exception information, where the exception information can include NPE, OOM and other timeout and conversion exception information; you can also filter out the entry and exit of some key methods to monitor whether these methods are running normally, among them , the key method can include the entry and end information of some important business during processing. Of course, other useful information can also be screened out according to certain rules. Wherein, the predetermined rule may be a rule formulated for the log information to be screened out, and this embodiment does not limit the rule.
步骤s110、将筛选后的日志信息根据信息类别进行划分。Step s110, classify the filtered log information according to information categories.
将所需要的有用日志信息从收集到的日志信息中筛选出来后可以根据日志信息的信息类别对日志信息进行划分,以便对不同种类的日志信息统一管理,使得日志信息条理清晰。用户可以根据自身需要对筛选后的日志信息进行类别划分,可以分成四类,六类或者八类,都能实现本发明的技术方案,用户可以自行选择。After filtering out the useful log information needed from the collected log information, the log information can be divided according to the information category of the log information, so as to manage different types of log information in a unified way, and make the log information clear. Users can classify the filtered log information according to their own needs, which can be divided into four categories, six categories or eight categories, all of which can realize the technical solution of the present invention, and users can choose by themselves.
一般来说,日志信息可以分为四类:DEBUG、INFO、WARN、ERROR。Generally speaking, log information can be divided into four categories: DEBUG, INFO, WARN, ERROR.
DEBUG(系统调试信息):可以用于开发过程中对系统运行情况的监控,在实际运行环境中可以不进行输出。DEBUG (system debugging information): It can be used to monitor the system operation during the development process, and it is not necessary to output in the actual operating environment.
INFO(系统运行的关键性信息):可以用于对系统运行情况的监控。INFO (key information of system operation): It can be used to monitor the system operation.
WARN(告警信息):可以用于记录针对系统存在潜在的问题以及有可能引起运行异常,但此时并未产生异常的日志信息。WARN (warning information): It can be used to record potential problems in the system and may cause abnormal operation, but no abnormal log information has been generated at this time.
ERROR(系统错误信息):可以用于记录系统中的错误信息,以及需要进行及时处理的信息。ERROR (system error information): It can be used to record error information in the system and information that needs to be processed in a timely manner.
当然,还可以对日志信息按照不同的需要进行不同的划分,在此仅以划分为上述四种为例进行介绍,其它划分方式均可参照本实施例的介绍,在此不再赘述。Of course, the log information can also be divided according to different needs, and here only the above four types of division are used as an example for introduction, other division methods can refer to the introduction of this embodiment, and will not be repeated here.
步骤s120、对类别划分后的日志信息按照预定的日志格式进行组合。Step s120, combining the classified log information according to a predetermined log format.
将日志信息进行划分后可以对日志信息按照预定的日志格式进行组合,这样对不同的日志信息采用同样的预定的日志模板进行组合可以大大简化从日志信息中查找需要的信息的工作。其中,预定的日志格式中可以包括时间,机器名,错误大类,线程名,日志等级,日志输出位置以及信息,当然也可以包括其它内容,比如错误码等,用户可以自行选择其内容,在此不做限定。将选好的内容进行组合,比如,可以以“时间-[机器名][错误大类][线程名][日志等级]-日志输出位置(全类名,可以精确到方法名):日志信息”这样的形式进行组合,也可以以“时间-[机器名][线程名][日志等级][错误大类]-日志输出位置(全类名,可以精确到方法名):日志信息”这样的形式进行组合,可以根据不同的需要选择不同的日志信息进行不同顺序的排列组合,在此对顺序不做限定。具体的日志信息可以为以下形式:After the log information is divided, the log information can be combined according to the predetermined log format, so that combining different log information with the same predetermined log template can greatly simplify the work of finding the required information from the log information. Among them, the predetermined log format can include time, machine name, error category, thread name, log level, log output location, and information. Of course, it can also include other content, such as error codes, etc. Users can choose the content by themselves. This is not limited. Combine the selected content, for example, you can use "time-[machine name][error category][thread name][log level]-log output location (full class name, which can be accurate to the method name): log information "This form of combination can also be "time-[machine name][thread name][log level][error category]-log output location (full class name, which can be accurate to the method name): log information" like this According to different needs, different log information can be selected to arrange and combine in different orders, and the order is not limited here. The specific log information can be in the following form:
“2013-09-0410:49:20.296-[server1][systemLog][Thread-initRedis21504][INFO]-com.shanghai.LoginController.initLogInfo:LingMing[User]is logining”"2013-09-04 10:49:20.296-[server1][systemLog][Thread-initRedis21504][INFO]-com.shanghai.LoginController.initLogInfo: LingMing[User] is login"
步骤s130、将组合后的日志信息作为最终日志信息定时推送至日志服务器。Step s130, regularly push the combined log information to the log server as the final log information.
组合后的日志信息就可以当成最终日志信息向日志服务器进行定时推送,以便于日志服务器对接收到的最终日志信息进行存储并进行可视化处理。The combined log information can be regarded as the final log information and regularly pushed to the log server, so that the log server can store and visualize the received final log information.
本发明中可以采用心跳机制对日志信息进行定时发送,各个客户端可以通过安装定时日志推送脚本或程序监控心跳频率来进行定时发送日志信息,也可以通过其它方式来进行日志信息的定时推送,在此仅以心跳机制为例进行说明,定时推送日志可以向日志服务器端推送最新的日志,日志服务器端可以对最新的日志信息及时保存,及时处理,方便对日志信息的管理。In the present invention, the heartbeat mechanism can be used to regularly send the log information. Each client can send the log information regularly by installing a timing log push script or program to monitor the heartbeat frequency, or it can also push the log information regularly by other means. This is just an example of the heartbeat mechanism. Regularly pushing logs can push the latest logs to the log server. The log server can save and process the latest log information in time to facilitate the management of log information.
当向日志服务器端推送日志信息时可以与日志服务器端建立连接,其中,优选的,登录连接可以长期保存,以减少频繁建立连接使用资源。如果同时很多客户端都需要向日志服务器端推送日志信息,在每个客户端建立连接发送日志完成后可以立即释放连接,这样可以避免登录到日志服务器的连接过多造成错误。When pushing the log information to the log server, a connection can be established with the log server, wherein, preferably, the login connection can be stored for a long time, so as to reduce the resources used by frequently establishing connections. If many clients need to push log information to the log server at the same time, the connection can be released immediately after each client establishes a connection and sends the log, which can avoid errors caused by too many connections to the log server.
基于上述技术方案,本发明实施例所提供的系统日志的管理方法,该方法通过对日志信息采取统一规范处理,处理后的后的日志信息对其内容进行了很大程度上的简化,突出重点信息,让日志信息足够简练,而且对日志中有用信息统一格式规范,使得日志服务器端接收到的不同的日志信息格式相同,且重要信息突出,可以大大简化在运行中对日志信息的查找工作,节约了人力和时间,对日志信息定时发送,方便对最新的日志信息的及时保存,及时判断,及时处理,因此,该方法能够让日志信息足够简练鲜明,在很大程度上方便对日志信息的管理。Based on the above technical solution, the system log management method provided by the embodiment of the present invention, the method adopts unified and standardized processing of log information, and the processed log information has simplified its content to a large extent, highlighting the key points Information, so that the log information is concise enough, and the useful information in the log is uniformly standardized, so that the different log information received by the log server has the same format, and the important information is prominent, which can greatly simplify the search for log information during operation. It saves manpower and time, and regularly sends the log information to facilitate timely storage, timely judgment and timely processing of the latest log information. Therefore, this method can make the log information concise and clear enough, and facilitates the log information to a large extent. manage.
请参考图2,图2为本发明实施例提供的系统日志的管理装置的结构框图;该装置可以包括:Please refer to FIG. 2, which is a structural block diagram of a system log management device provided by an embodiment of the present invention; the device may include:
信息筛选模块100,用于将收集的日志信息按照预定规则进行筛选;An information screening module 100, configured to filter the collected log information according to predetermined rules;
其中,优选的,所述收集的日志信息可以是增量式的日志信息,增量式日志信息指包括自上次推送之后生成的日志信息。所述按照预定规则进行筛选可以包括筛选出功能模块的启动和结束信息、用户的登录和退出信息、系统的关键性操作信息、系统运行期间的异常信息以及关键性方法的进入和退出信息。Wherein, preferably, the collected log information may be incremental log information, and incremental log information includes log information generated after the last push. The screening according to predetermined rules may include screening out the start and end information of functional modules, user login and logout information, critical system operation information, abnormal information during system operation, and entry and exit information of key methods.
类别划分模块200,用于将筛选后的日志信息根据信息类别进行划分;A category division module 200, configured to divide the filtered log information according to the information categories;
其中,优选的,可以将所述日志分为系统调试日志、系统运行的关键性日志、告警日志以及系统错误日志。Wherein, preferably, the logs can be divided into system debugging logs, critical logs of system operation, alarm logs and system error logs.
组合模块300,用于对类别划分后的日志信息按照预定的日志格式进行组合;其中,所述预定的日志格式中可以包括时间,机器名,错误大类,线程名,日志等级,日志输出位置;Combining module 300, configured to combine the classified log information according to a predetermined log format; wherein, the predetermined log format may include time, machine name, error category, thread name, log level, and log output location ;
定时推送模块400,用于将组合后的日志信息作为最终日志信息定时推送至日志服务器,以便所述日志服务器对接收到的所述最终日志信息进行存储并进行可视化处理。The timing push module 400 is configured to periodically push the combined log information as final log information to a log server, so that the log server can store and visualize the received final log information.
请参考图3,图3为本发明实施例提供的系统日志的管理系统的结构框图;该系统可以包括:Please refer to Fig. 3, Fig. 3 is a structural block diagram of the management system of the system log that the embodiment of the present invention provides; The system may include:
客户端500,用于将收集的日志信息按照预定规则进行筛选;筛选后将所述日志信息根据信息类别进行划分;对类别划分后的日志信息按照预定的日志格式进行组合;将组合后的日志信息作为最终日志信息定时推送至日志服务器;其中,所述预定的日志格式中可以包括时间、机器名、错误大类、线程名、日志等级以及日志输出位置;The client 500 is configured to filter the collected log information according to predetermined rules; after filtering, divide the log information according to information categories; combine the classified log information according to a predetermined log format; combine the combined log information The information is regularly pushed to the log server as the final log information; wherein, the predetermined log format may include time, machine name, error category, thread name, log level, and log output location;
日志服务器600,用于接收并存储客户端定时发送的所述最终日志信息,并对接收到的所述最终日志信息进行可视化处理。The log server 600 is configured to receive and store the final log information regularly sent by the client, and perform visual processing on the received final log information.
日志服务器对收集的日志信息进行存储可以实现对日志信息的二次远程备份,其中存储可以通过数据库存储,也可以通过直接文件系统存储,对存储方式不做限定。如果日志信息是结构化的,优选存储在数据库中,以便于对不同应用系统的日志进行交叉分析,输出更有价值的日志分析结果。The log server can store the collected log information to achieve secondary remote backup of the log information. The storage can be stored in the database or directly in the file system, and the storage method is not limited. If the log information is structured, it is preferably stored in the database, so as to facilitate cross-analysis of logs of different application systems and output more valuable log analysis results.
日志服务器可以提供可视化操作页面,对日志信息进行集中化管理,可以将不同等级的日志信息分页面呈现,以实现更直接和及时地将故障日志呈现给用户,并且可以提供快速查找、搜索、快速过滤以及定位功能,用户可以进行日常的管理搜索,进行业务分析。可见,用户通过可视化处理的页面查看业务系统的运行状态,以便及时发现系统运行故障,高效地定位问题原因,节约人力以及时间成本。其中,可视化操作页面可以通过web形式或者管理软件的方式实现。The log server can provide a visual operation page for centralized management of log information, and can present log information of different levels in different pages to present fault logs to users more directly and in a timely manner, and can provide quick search, search, and fast With filtering and positioning functions, users can conduct daily management searches and business analysis. It can be seen that the user can view the operation status of the business system through the visualized page, so as to detect system operation failures in time, efficiently locate the cause of the problem, and save manpower and time costs. Wherein, the visualized operation page can be implemented in the form of web or management software.
其中,优选的,所述日志服务器还用于对接收到的不同客户端的日志信息进行交叉分析。Wherein, preferably, the log server is further configured to perform cross-analysis on the received log information of different clients.
日志服务器接收日志信息的客户端可以为一个,也可以为多个,日志服务器对接收的多个客户端的日志信息可以进行交叉分析,以实现更复杂,更有价值的日志分析。例如日志服务器接收来自360杀毒软件以及毒霸杀毒软件的日志信息,在两个软件分别对计算机进行杀毒操作时,360杀毒软件推送的日志信息显示计算机网络连接失败,具体是因为进行网络维护自动断开连接造成的,而在毒霸杀毒软件推送的日志信息中显示网络连接用户登陆超时,于是,从对360杀毒软件以及毒霸杀毒软件的日志信息的交叉分析后可以对这两种错误原因分别进行验证,最后发现是由于用户登录超时造成的网络连接失败,进行故障排除后网络连接正常。可见,通过对不同客户端日志信息的交叉分析可以进行更有效的日志分析。The log server can receive log information from one or more clients, and the log server can perform cross-analysis on the received log information from multiple clients to achieve more complex and valuable log analysis. For example, the log server receives log information from 360 anti-virus software and Duba anti-virus software. When the two softwares perform anti-virus operations on the computer respectively, the log information pushed by the 360 anti-virus software shows that the computer network connection failed, specifically because the network maintenance is automatically disconnected. connection, and the log information pushed by Duba antivirus software shows that the network connection user login timed out. Therefore, after cross-analysis of the log information of 360 antivirus software and Duba antivirus software, the two causes of errors can be verified separately. Finally, it was found that the network connection failed due to the user login timeout. After troubleshooting, the network connection was normal. It can be seen that more effective log analysis can be performed by cross-analyzing log information of different clients.
其中,优选的,所述日志服务器还用于接收更新名单的命令,对存储的需要接收日志信息的客户端名单进行更新。Wherein, preferably, the log server is further configured to receive a command to update the list, and update the stored list of clients that need to receive log information.
日志服务器可以事先存储一张名单,其中可以对需要收集日志信息的客户端的一些相关信息进行记录,比如客户端的名称,客户端每次推送日志的时间等。对于新增加、需要删除或者需要更改信息的客户端,日志服务器可以只在该名单中增加、删除或进行修改客户端的相关信息,以实现更快速有效的水平扩展。The log server can store a list in advance, which can record some relevant information of the client that needs to collect log information, such as the name of the client, the time when the client pushes the log each time, and so on. For a client that is newly added, needs to be deleted, or needs to change information, the log server can only add, delete, or modify the relevant information of the client in the list, so as to achieve faster and more effective horizontal expansion.
其中,优选的,所述客户端还用于将收集的日志信息筛选出功能模块的启动和结束信息、用户的登录和退出信息、系统的关键性操作信息、系统运行期间的异常信息以及关键性方法的进入和退出信息。Wherein, preferably, the client is also used to filter the collected log information to start and end information of functional modules, user login and logout information, critical operating information of the system, abnormal information during system operation, and critical Method entry and exit information.
其中,优选的,所述客户端还用于收集增量式日志信息;并对所述增量式日志信息按照预定规则进行筛选;其中,所述增量式日志信息包括自上次推送之后生成的日志信息。Wherein, preferably, the client is also used to collect incremental log information; and filter the incremental log information according to predetermined rules; wherein, the incremental log information includes log information.
说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in the description is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.
专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.
结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.
以上对本发明所提供的系统日志的管理方法、装置及系统进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The system log management method, device and system provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710867793.0A CN107635003A (en) | 2017-09-22 | 2017-09-22 | System log management method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710867793.0A CN107635003A (en) | 2017-09-22 | 2017-09-22 | System log management method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107635003A true CN107635003A (en) | 2018-01-26 |
Family
ID=61102465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710867793.0A Pending CN107635003A (en) | 2017-09-22 | 2017-09-22 | System log management method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107635003A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737170A (en) * | 2018-05-09 | 2018-11-02 | 中国银行股份有限公司 | A kind of batch daily record abnormal data alarm method and device |
| CN109002480A (en) * | 2018-06-20 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of data processing method and server |
| CN109309579A (en) * | 2018-01-30 | 2019-02-05 | 深圳壹账通智能科技有限公司 | Log recording processing method, apparatus, computer equipment and storage medium |
| CN109344130A (en) * | 2018-09-27 | 2019-02-15 | 郑州云海信息技术有限公司 | A log management method and device |
| CN113485886A (en) * | 2021-06-25 | 2021-10-08 | 青岛海尔科技有限公司 | Alarm log processing method and device, storage medium and electronic device |
| CN115129682A (en) * | 2022-08-30 | 2022-09-30 | 北京智芯微电子科技有限公司 | Log management method and log management system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105589791A (en) * | 2015-12-28 | 2016-05-18 | 江苏省电力公司信息通信分公司 | Method for application system log monitoring management in cloud computing environment |
| CN106294041A (en) * | 2016-07-22 | 2017-01-04 | 厦门美图移动科技有限公司 | Method, device and the mobile terminal of a kind of BUG information reporting |
-
2017
- 2017-09-22 CN CN201710867793.0A patent/CN107635003A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105589791A (en) * | 2015-12-28 | 2016-05-18 | 江苏省电力公司信息通信分公司 | Method for application system log monitoring management in cloud computing environment |
| CN106294041A (en) * | 2016-07-22 | 2017-01-04 | 厦门美图移动科技有限公司 | Method, device and the mobile terminal of a kind of BUG information reporting |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109309579A (en) * | 2018-01-30 | 2019-02-05 | 深圳壹账通智能科技有限公司 | Log recording processing method, apparatus, computer equipment and storage medium |
| CN109309579B (en) * | 2018-01-30 | 2021-09-14 | 深圳壹账通智能科技有限公司 | Log record processing method and device, computer equipment and storage medium |
| CN108737170A (en) * | 2018-05-09 | 2018-11-02 | 中国银行股份有限公司 | A kind of batch daily record abnormal data alarm method and device |
| CN109002480A (en) * | 2018-06-20 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of data processing method and server |
| CN109344130A (en) * | 2018-09-27 | 2019-02-15 | 郑州云海信息技术有限公司 | A log management method and device |
| CN113485886A (en) * | 2021-06-25 | 2021-10-08 | 青岛海尔科技有限公司 | Alarm log processing method and device, storage medium and electronic device |
| CN113485886B (en) * | 2021-06-25 | 2023-07-21 | 青岛海尔科技有限公司 | Alarm log processing method and device, storage medium and electronic device |
| CN115129682A (en) * | 2022-08-30 | 2022-09-30 | 北京智芯微电子科技有限公司 | Log management method and log management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107635003A (en) | System log management method, device and system | |
| CN108234170B (en) | Monitoring method and device for server cluster | |
| CN108521339B (en) | Feedback type node fault processing method and system based on cluster log | |
| CN107508722B (en) | Service monitoring method and device | |
| CN110716842B (en) | Cluster fault detection method and device | |
| US20110191394A1 (en) | Method of processing log files in an information system, and log file processing system | |
| CN111782345B (en) | Container cloud platform log collection and analysis alarm method | |
| CN104022903A (en) | One-stop automatic operation and maintaining system | |
| CN105159964A (en) | Log monitoring method and system | |
| CN100549975C (en) | Computer maintenance support system and analysis server | |
| CN110209518A (en) | A kind of multi-data source daily record data, which is concentrated, collects storage method and device | |
| CN117422434A (en) | Wisdom fortune dimension dispatch platform | |
| CN114356499A (en) | Kubernetes cluster alarm root cause analysis method and device | |
| CN108390782A (en) | A kind of centralization application system performance question synthesis analysis method | |
| CN112350854A (en) | Flow fault positioning method, device, equipment and storage medium | |
| CN112600719A (en) | Alarm clustering method, device and storage medium | |
| CN113824601A (en) | Electric power marketing monitored control system based on service log | |
| CN106911519A (en) | A kind of data acquisition monitoring method and device | |
| WO2015187001A2 (en) | System and method for managing resources failure using fast cause and effect analysis in a cloud computing system | |
| Holub et al. | Run-time correlation engine for system monitoring and testing | |
| CN115934464A (en) | Information platform monitoring and collecting system | |
| CN111176950A (en) | Method and equipment for monitoring network card of server cluster | |
| CN112671586B (en) | Automatic migration and guarantee method and device for service configuration | |
| CN117828515A (en) | An intelligent log anomaly diagnosis system and method based on a low-code platform | |
| CN113676356A (en) | Alarm information processing method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180126 |