WO2011079690A1 - Journal monitoring method and device - Google Patents

Journal monitoring method and device Download PDF

Info

Publication number
WO2011079690A1
WO2011079690A1 PCT/CN2010/079518 CN2010079518W WO2011079690A1 WO 2011079690 A1 WO2011079690 A1 WO 2011079690A1 CN 2010079518 W CN2010079518 W CN 2010079518W WO 2011079690 A1 WO2011079690 A1 WO 2011079690A1
Authority
WO
WIPO (PCT)
Prior art keywords
log
parsed
time
record
monitoring
Prior art date
Application number
PCT/CN2010/079518
Other languages
French (fr)
Chinese (zh)
Inventor
梅生
申小次
贾学力
Original Assignee
北京世纪高通科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京世纪高通科技有限公司 filed Critical 北京世纪高通科技有限公司
Publication of WO2011079690A1 publication Critical patent/WO2011079690A1/en

Links

Classifications

    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G1/00Traffic control systems for road vehicles
    • G08G1/01Detecting movement of traffic to be counted or controlled
    • G08G1/0104Measuring and analyzing of parameters relative to traffic conditions

Definitions

  • the log of the record includes various program processing progress records, operation records, and the like. These logs are important for the operation and maintenance of each program in the system, program operation analysis, and program status monitoring.
  • the log monitoring process of the running program on the operating system is specifically: acquiring the entire content of the log file of the running program on the operating system; performing sequence analysis according to the entire content of the obtained log file, and providing the parsing result According to the analysis result, the corresponding processing is performed.
  • the log record obtaining unit is configured to obtain a log record to be parsed in the log file

Abstract

A journal monitoring method and a device are provided. They relate to the technical field of an intelligent traffic system. The method includes obtaining a journal record to be analyzed in the journal file ( 101 ) judging whether the time of the journal record to be analyzed exceeds the preset analysis time or not ( 102); analyzing the journal record to be analyzed if the time of the journal record to be analyzed does not exceed the preset analysis time ( 103 ); and stopping monitoring the journal record if the time of the journal record to be analyzed exceeds the preset analysis time ( 104).

Description

一种日志的监测方法及装置 本申请要求于 2009 年 12 月 29 日提交中国专利局、 申请号为 200910244105. 0、 发明名称为 "一种日志的监测方法及装置" 的中国专利申请 的优先权, 其全部内容通过引用结合在本申请中。  The present invention claims the priority of the Chinese patent application filed on December 29, 2009, the Chinese Patent Office, the application number is 200910244105. 0, the invention name is "a monitoring method and device for a log" The entire contents of which are incorporated herein by reference.
技术领域 Technical field
本发明涉及智能交通系统技术领域, 尤其涉及一种日志的监测方法及装置。 背景技术  The invention relates to the technical field of intelligent transportation systems, and in particular to a method and a device for monitoring logs. Background technique
目前, 智能交通系统(ITS )领域中运营系统上的运行程序都各自拥有自己 的曰志的记录。 其中, 所述记录的日志包括各种程序处理进度记录, 操作记录 等等。 这些日志对于系统中的各个程序的运维, 程序运行分析, 程序状态监控 具有重要意义。 其中, 所述运营系统上运行程序的日志监测过程具体为: 获取 所述运营系统上运行程序的日志文件的全部内容; 根据所述获取到的日志文件 的全部内容进行顺序解析, 给出解析结果; 根据所述解析结果, 进行相应的处 理。  Currently, the operating procedures on the operating systems in the Intelligent Transportation Systems (ITS) field each have their own records. The log of the record includes various program processing progress records, operation records, and the like. These logs are important for the operation and maintenance of each program in the system, program operation analysis, and program status monitoring. The log monitoring process of the running program on the operating system is specifically: acquiring the entire content of the log file of the running program on the operating system; performing sequence analysis according to the entire content of the obtained log file, and providing the parsing result According to the analysis result, the corresponding processing is performed.
在实现本发明的过程中,发明人发现现有技术中至少存在如下问题: 由于目 前曰志监测的过程需要对整个日志文件内容进行解析, 从而需要占用大量的系 统资源, 而且监测的效率也较低。 这样, 当程序运行异常或者数据量异常时, 无法及时报警。  In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art: Since the current monitoring process needs to parse the entire log file content, it requires a large amount of system resources, and the monitoring efficiency is also relatively high. low. In this way, when the program runs abnormally or the amount of data is abnormal, it cannot be alarmed in time.
发明内容 Summary of the invention
本发明的实施例提供一种日志的监测方法及装置。  Embodiments of the present invention provide a method and apparatus for monitoring logs.
为达到上述目的, 本发明的实施例采用如下技术方案:  In order to achieve the above object, the embodiment of the present invention adopts the following technical solutions:
一种日志的监测方法, 包括:  A method for monitoring logs, including:
获取日志文件中待解析的日志记录;  Obtain the log records to be parsed in the log file.
判断所述待解析的日志记录的时间是否超出预设解析时间;  Determining whether the time of the log record to be parsed exceeds a preset parsing time;
如果所述待解析的日志记录的时间未超出预设解析时间 ,则解析所述待解析 的曰志"^己录; Parsing the to-be-resolved if the time of the log record to be parsed does not exceed the preset parsing time 曰志"^已录;
如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。 一种日志的监测装置, 包括:  If the time of the log record to be parsed exceeds the preset parsing time, the log monitoring is stopped. A log monitoring device includes:
曰志记录获取单元, 用于获取日志文件中待解析的日志记录;  The log record obtaining unit is configured to obtain a log record to be parsed in the log file;
判断单元, 用于判断所述待解析的日志记录的时间是否超出预设解析时间; 解析单元, 用于如果所述待解析的日志记录的时间未超出预设解析时间, 则 解析所述待解析的日志记录;  a determining unit, configured to determine whether the time of the log record to be parsed exceeds a preset parsing time, and a parsing unit, configured to parse the to-be-parsed if the time of the log record to be parsed does not exceed a preset parsing time Log record
监测停止单元, 用于如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。  The monitoring stop unit is configured to stop the log monitoring if the time of the log record to be parsed exceeds a preset parsing time.
本发明实施例提供的日志的监测方法及装置,通过获取日志文件中待解析的 日志记录; 判断所述待解析的日志记录的时间是否超出预设解析时间; 如果所 述待解析的日志记录的时间未超出预设解析时间, 则解析所述待解析的日志记 录; 如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。 与现有技术相比, 本发明实施例仅仅对所述日志文件中的待解析的日志记录进 行解析监测, 而无需对整个日志文件进行解析监测, 从而大大降低了系统资源 的占用量, 提高了监测的效率, 并及时将运行异常或者数据量异常的情况进行 报警。  The method and device for monitoring the log provided by the embodiment of the present invention, by obtaining the log record to be parsed in the log file; determining whether the time of the log record to be parsed exceeds a preset parsing time; If the time is not exceeded, the log record to be parsed is parsed; if the time of the log record to be parsed exceeds the preset parsing time, the log monitoring is stopped. Compared with the prior art, the embodiment of the present invention only analyzes and monitors the log records to be parsed in the log file, and does not need to parse and monitor the entire log file, thereby greatly reducing the system resource usage and improving. The efficiency of monitoring, and timely alarms of abnormal operation or abnormal data volume.
附图说明 DRAWINGS
图 1为本发明实施例提供的一种日志的监测方法流程图;  FIG. 1 is a flowchart of a method for monitoring a log according to an embodiment of the present invention;
图 2 为本发明实施例提供的一种日志的监测方法中所述获取日志文件中待 解析的日志记录的具体实现流程图;  FIG. 2 is a flowchart of a specific implementation of obtaining a log record to be parsed in the log file according to the method for monitoring a log according to an embodiment of the present disclosure;
图 3为本发明实施例提供的一种日志的监测方法的具体实现流程图; 图 4为本发明实施例提供的一种日志的监测装置结构示意图。  FIG. 3 is a flowchart of a specific implementation of a method for monitoring a log according to an embodiment of the present invention; FIG. 4 is a schematic structural diagram of a device for monitoring a log according to an embodiment of the present invention.
具体实施方式 detailed description
下面结合附图对本发明实施例日志的监测方法及装置进行详细描述。  The method and device for monitoring the log of the embodiment of the present invention are described in detail below with reference to the accompanying drawings.
如图 1所示, 为本发明实施例提供的一种日志的监测方法, 该方法包括: 1 01: 获取日志文件中待解析的日志记录; As shown in FIG. 1 , a method for monitoring a log according to an embodiment of the present invention includes: 1 01: Obtain the log records to be parsed in the log file;
1 02: 判断所述待解析的日志记录的时间是否超出预设解析时间;  1 02: determining whether the time of the log record to be parsed exceeds a preset parsing time;
1 03: 如果所述待解析的日志记录的时间未超出预设解析时间, 则解析所述 待解析的日志记录;  1 03: If the time of the log record to be parsed does not exceed the preset parsing time, parse the log record to be parsed;
1 04: 如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监 测。  1 04: If the time of the log record to be parsed exceeds the preset resolution time, log monitoring is stopped.
需要注意的是,所述待解析的日志记录包括:开始字段信息、时间字段信息、 优先级字段信息、 程序名称及版本字段信息、 监测数据字段信息、 扩展字段信 息以及结束字段信息。 其具体格式如下:  It should be noted that the log records to be parsed include: start field information, time field information, priority field information, program name and version field information, monitoring data field information, extended field information, and end field information. Its specific format is as follows:
[# I Time I level | 程序名称及版本 I mes sage | 可选项 1 I可选项 2 I可选项 n I #]  [# I Time I level | Program Name and Version I mes sage | Option 1 I Option 2 I Option n I #]
其中, 上述待解析的日志记录的符号具体表示含义如下表 1所示。  The symbols of the log records to be parsed specifically indicate the meanings as shown in Table 1 below.
表 1  Table 1
Figure imgf000005_0001
不能包含 日志记录的结尾符, 即结束字段信息
Figure imgf000005_0001
Cannot contain the end of the log record, that is, the end field information
7 #] 非空 分 隔 符 7 #] non-empty separator
" ,,  " ,,
注 1 :当日志信息优先级定义 level为 " info"时,所述 message字段可以用以下的 "数据信息标识 "来 标注各个数值的含义: Note 1: When the log information priority level is "info", the message field can be marked with the following "data information identifier" to indicate the meaning of each value:
数据信息标识: Data information identification:
Dataln^ 输入数据的个数,  Dataln^ Enter the number of data,
Data0ut=输出数据的个数,  Data0ut=the number of output data,
LinkCnt 有路况的道路的个数,  LinkCnt The number of roads with road conditions,
ClslCnt=有路况的一级路的个数和长度,  ClslCnt=Number and length of the primary road with road conditions,
Cls2Cnt=有路况的二级路的个数和长度,  Cls2Cnt=Number and length of secondary roads with road conditions,
Cls3Cnt=有路况的三级路的个数和长度,  Cls3Cnt=Number and length of three-way roads with road conditions,
Cls4Cnt=有路况的四级路的个数和长度,  Cls4Cnt=Number and length of four-way roads with road conditions,
ClsOtherCnt 有路况的 5级及以上的道路的个数和长度,  ClsOtherCnt has the number and length of roads of level 5 and above.
expdCnt 畅通道路个数和长度, expdCnt The number and length of the channel
SlowCnt=缓慢道路的个数和长度, S lowCnt=the number and length of slow roads,
jamCnt 拥堵道路个数和长度, jamCnt The number and length of roads that are congested,
ErrCnt=输入的错误的数据的个数,  ErrCnt=The number of incorrect data entered,
ErrT i me=时间错误的个数,  ErrT i me=the number of time errors,
ErrFmt 数据格式错误的个数,  The number of ErrFmt data format errors,
ErrCoor=坐标超界的个数,  ErrCoor=the number of coordinates over bound,
ErrSpeed=速度错误的个数,  ErrSpeed=the number of speed errors,
ErrDirect=方向错误的个数,  ErrDirect=The number of wrong directions,
ErrNoGPS=GPS信号无效的个数,  ErrNoGPS=The number of invalid GPS signals,
TmFeedback=信息平均回传周期,  TmFeedback=Information average return period,
CarCnt=车辆数  CarCnt=Number of vehicles
0ther=  0ther=
以上信息可以挑选输出, 可以不写, 或写一个或多个 The above information can pick the output, you can not write, or write one or more
其他情况下, message 的格式不做约定, 如果是 WARN, 则给出警报信息; 如果是 ERROR, 给出错误信息; 如果是 FATAL, 则给出致命的原因。 如图 2所示,为本发明实施例提供的一种日志的监测方法中所述获取日志文 件中待解析的日志记录的具体实现流程; 该流程包括: In other cases, the format of the message is not agreed. If it is WARN, it will give an alarm message; if it is ERROR, it will give an error message; if it is FATAL, it will give a fatal reason. As shown in FIG. 2, a specific implementation process of obtaining a log record to be parsed in a log file is provided in the method for monitoring a log according to an embodiment of the present invention;
201: 获取所述待解析的日志记录的记载时间与当前系统时间的时间间隔。 例如: 系统可以先解析所述待解析的日志记录中的时间字段信息 Time, 如 该日志记录的产生时间和产生日期; 然后, 读取系统当前的日期与时间; 将所 述系统当前的日期与时间和所述 Time中的日志记录的产生时间和产生日期进行 比较计算, 获取时间间隔。  201: Obtain a time interval between the record time of the log record to be parsed and the current system time. For example: the system may first parse the time field information Time in the log record to be parsed, such as the time and date of generation of the log record; then, read the current date and time of the system; and compare the current date of the system with The time is compared with the generation time and the date of generation of the log record in the Time, and the time interval is obtained.
202: 按照所述时间间隔由短到长的顺序,依次提取所述待解析的日志记录。 也就是说从距当前系统时间间隔最短的日志记录开始进行提取。  202: Extract the log records to be parsed in sequence according to the time interval from short to long. This means extracting from the log records that are the shortest from the current system time interval.
需要注意的是, 该流程还可以包括: 记录所述第一次提取所述待解析的日志记录的位置。该步骤可以用于系统再 次打开所述日志文件时, 确定读取所述日志文件的起始位置。 It should be noted that the process can also include: Recording the location of the log record to be parsed for the first time. This step can be used to determine the starting position of reading the log file when the system opens the log file again.
如图 3所示, 为本发明实施例提供的一种日志的监测方法的具体实现流程; 设该流程中的日志记录格式如表 1所示, 该方法的具体流程如下:  As shown in FIG. 3, a specific implementation process of a log monitoring method according to an embodiment of the present invention is provided. The log record format in the process is as shown in Table 1. The specific process of the method is as follows:
301: 打开日志文件, 获取所述日志文件的长度。  301: Open a log file, and obtain the length of the log file.
302: 清除历史错误或警报信息, 并将所述清除的历史数据信息发送到曰志 文件进行记录。  302: Clear the historical error or alarm information, and send the cleared historical data information to the file for recording.
303: 判断所述日志文件是否是第一次被打开; 如果是第一次被打开, 则执 行步骤 304 ; 如果不是第一次被打开, 则执行步骤 305。  303: Determine whether the log file is opened for the first time; if it is opened for the first time, execute step 304; if it is not the first time, perform step 305.
304: 读取所述日志文件的全部内容。 具体的讲, 就是从存储所述日志文件 的存储器中该日志文件的起始位置一直读取到该日志文件的结束位置; 将所述 读取到的日志文件读入到内存中, 以便进一步进行数据处理。  304: Read the entire contents of the log file. Specifically, the end position of the log file in the memory storing the log file is read to the end position of the log file; the read log file is read into the memory for further processing. data processing.
305: 读取所述日志文件新增的日志记录。 具体的讲, 系统中可以记录所述 日志文件上次打开时, 所述日志文件的结束位置; 本次所读取的内容是从上次 打开时日志文件的结束位置到本次打开所述日志文件的结束位置。  305: Read the new log record of the log file. Specifically, in the system, the end position of the log file when the log file is last opened may be recorded; the content read this time is from the end position of the log file when the file was last opened to the current opening of the log file. The end position of the file.
306: 当读取到所述日志文件的内容后, 从所述日志文件的最后一条日志记 录的数据向前逐条读取所述日志记录, 即从所述日志文件的最后一条日志记录 "#] " 符号向前查找 " [#" 符号, 得到所述日志文件的最后一条日志记录; 依 次查找到倒数第二条、 倒数第三条记录等等。  306: After reading the content of the log file, read the log record one by one from the last log record data of the log file, that is, from the last log record of the log file "#] The "symbol forward lookup" [#" symbol gets the last log record of the log file; it finds the second last count, the third last count record, and so on.
307: 读取一条日志记录。  307: Read a log record.
例如:该步骤可以获取所述待解析的日志记录的记载时间与当前系统时间的 时间间隔; 按照所述时间间隔由短到长的顺序, 依次提取所述待解析的日志记 录。  For example, the step may: obtain a time interval between the record time of the log record to be parsed and the current system time; and sequentially extract the log records to be parsed according to the time interval from short to long.
308: 判断所述待解析的日志记录的时间是否超出预设解析时间。  308: Determine whether the time of the log record to be parsed exceeds a preset parsing time.
例如: 可以设置预设解析时间为距当前系统日期时间 5 分钟以内的日志记 录; 则判断当前所读取到的日志记录的日期时间与当前系统的日期时间差, 是 否在所述设置的预设解析时间的 5 分钟以内。 如果在所述预设解析时间内, 则 执行如下步骤; 如果超出所述预设解析时间, 则执行步骤 314。 For example: You can set the default resolution time to be within 5 minutes of the current system date and time; then determine the date and time of the current recorded log record and the current system date and time difference, whether the preset resolution in the settings Within 5 minutes of the time. If within the preset resolution time, then The following steps are performed; if the preset resolution time is exceeded, step 314 is performed.
309 : 根据所读取到的日志记录, 判断其优先级 LEVEL类型。 如果是类型一, 例如: WARN、 ERROR或 FATAL类型, 则执行步骤 31 0; 如果是类型二 INFO类型, 则执行步骤 31 1。  309 : According to the log record read, judge its priority LEVEL type. If it is type one, for example: WARN, ERROR or FATAL type, go to step 31 0; if it is type 2 INFO type, go to step 31 1 .
31 0: 获取 MESSAGE字段中的内容, 将所述内容以历史错误或警报信息的形 式发送; 执行步骤 31 3。  31 0: Get the content in the MESSAGE field and send the content as a history error or alarm message; go to step 31 3.
31 1: 判断所述日志记录的中 MESSAGE字段是否存在数据信息标识; 如果存 在, 则执行步骤 31 2 ; 不存在则执行步骤 31 3。  31 1: Determine whether there is a data information identifier in the MESSAGE field of the log record; if it exists, go to step 31 2; if it does not exist, go to step 31 3.
312: 解析数据信息标识, 给出日志监测结果并将其发送, 执行步骤 31 3。 312: Parse the data information identifier, give the log monitoring result and send it, and perform step 31 3.
31 3 : 判断所述读取的日志文件内容是否处理完毕; 如果处理完毕, 则执行 步骤 314 , 否则返回到步骤 307。 31 3: It is judged whether the content of the read log file is processed; if the processing is completed, step 314 is performed, otherwise, the process returns to step 307.
314: 结束监测流程。  314: End the monitoring process.
如图 4所示, 为本发明实施例提供的一种日志的监测装置; 该装置包括: 曰志记录获取单元 401 , 用于获取日志文件中待解析的日志记录;  As shown in FIG. 4, a log monitoring device is provided in the embodiment of the present invention; the device includes: a log record obtaining unit 401, configured to obtain a log record to be parsed in a log file;
判断单元 402 , 用于判断所述待解析的日志记录的时间是否超出预设解析时 间;  The determining unit 402 is configured to determine whether the time of the log record to be parsed exceeds a preset parsing time;
解析单元 403 ,用于如果所述待解析的日志记录的时间未超出预设解析时间, 则解析所述待解析的日志记录;  The parsing unit 403 is configured to parse the log record to be parsed if the time of the log record to be parsed does not exceed the preset parsing time;
监测停止单元 404 , 用于如果所述待解析的日志记录的时间超出预设解析时 间, 则停止日志监测。  The monitoring stop unit 404 is configured to stop the log monitoring if the time of the log record to be parsed exceeds a preset resolution time.
需要注意的是, 当所述待解析的日志记录包括: 开始字段信息、 时间字段信 息、 优先级字段信息、 程序名称及版本字段信息、 监测数据字段信息、 扩展字 段信息以及结束字段信息时, 所述日志记录获取单元 401 , 包括:  It should be noted that, when the log record to be parsed includes: start field information, time field information, priority field information, program name and version field information, monitoring data field information, extended field information, and end field information, The log record obtaining unit 401 includes:
时间间隔获取子单元,用于获取所述待解析的日志记录的记载时间与当前系 统时间的时间间隔;  The time interval acquisition sub-unit is configured to acquire a time interval between the record time of the log record to be parsed and the current system time;
日志记录提取子单元, 用于按照所述时间间隔由短到长的顺序,依次提取所 述待解析的日志记录。 还需要注意的是, 所述日志记录获取单元 401 , 还包括: The log record extraction subunit is configured to sequentially extract the log records to be parsed according to the time interval from short to long. It is also to be noted that the log record obtaining unit 401 further includes:
位置记录子单元, 用于记录所述第一次提取所述待解析的日志记录的位置。 还需要注意的是, 所述解析单元 403 , 包括:  a location record subunit, configured to record the location of the log record to be parsed for the first time. It is also noted that the parsing unit 403 includes:
信息获取子单元, 用于获取所述待解析的日志记录中的优先级字段信息; 类型信息判断子单元, 用于判断所述优先级字段信息的类型;  An information obtaining subunit, configured to obtain priority field information in the log record to be parsed; a type information determining subunit, configured to determine a type of the priority field information;
信息解析子单元, 用于根据所述优先级字段信息中的类型, 对所述待解析的 日志记录中的监测数据字段信息进行解析处理, 给出日志监测结果。  The information parsing sub-unit is configured to parse and process the monitoring data field information in the log record to be parsed according to the type in the priority field information, and provide a log monitoring result.
还需要注意的是, 该装置, 还包括:  It should also be noted that the device also includes:
信息发送单元, 用于发送所述日志监测结果;  An information sending unit, configured to send the log monitoring result;
曰志处理进程判断单元, 用于判读所述待解析的日志记录是否处理完毕; 所述监测停止单元, 用于如果所述待解析的日志记录处理完毕, 则结束监测 流程;  The processing unit determining unit is configured to determine whether the log record to be parsed is processed; and the monitoring stopping unit is configured to end the monitoring process if the log record to be parsed is processed;
所述日志记录获取单元, 用于如果所述待解析的日志记录未处理完毕, 则继 续获取日志文件中待解析的日志记录。  The log record obtaining unit is configured to continue to obtain the log record to be parsed in the log file if the log record to be parsed is not processed.
本发明实施例提供的日志的监测方法及装置,通过获取日志文件中待解析的 日志记录; 判断所述待解析的日志记录的时间是否超出预设解析时间; 如果所 述待解析的日志记录的时间未超出预设解析时间, 则解析所述待解析的日志记 录; 如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。 与现有技术相比, 本发明实施例仅仅对所述日志文件中的待解析的日志记录进 行解析监测, 而无需对整个日志文件进行解析监测, 从而大大降低了系统资源 的占用量, 提高了监测的效率, 并及时将运行异常或者数据量异常的情况进行 报警。  The method and device for monitoring the log provided by the embodiment of the present invention, by obtaining the log record to be parsed in the log file; determining whether the time of the log record to be parsed exceeds a preset parsing time; If the time is not exceeded, the log record to be parsed is parsed; if the time of the log record to be parsed exceeds the preset parsing time, the log monitoring is stopped. Compared with the prior art, the embodiment of the present invention only analyzes and monitors the log records to be parsed in the log file, and does not need to parse and monitor the entire log file, thereby greatly reducing the system resource usage and improving. The efficiency of monitoring, and timely alarms of abnormal operation or abnormal data volume.
通过以上的实施方式的描述, 本领域普通技术人员可以理解: 实现上述实施 例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成, 所述的 程序可以存储于一计算机可读取存储介质中, 该程序在执行时, 包括如上述方 法实施例的步骤, 所述的存储介质, 如: FLASH、 ROM/ RAM, 磁碟、 光盘等。  Through the description of the above embodiments, those skilled in the art can understand that all or part of the steps of the foregoing embodiment can be implemented by a program to instruct related hardware, and the program can be stored in a computer readable manner. In the storage medium, when the program is executed, the method includes the steps of the foregoing method embodiment, such as: FLASH, ROM/RAM, disk, optical disk, and the like.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到变化 或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应所述 以权利要求的保护范围为准。 The above description is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any changes or substitutions that are readily conceivable within the scope of the present invention are intended to be included within the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权利 要求 书 Claim
1、 一种日志的监测方法, 其特征在于, 包括:  A method for monitoring a log, comprising:
获取日志文件中待解析的日志记录;  Obtain the log records to be parsed in the log file.
判断所述待解析的日志记录的时间是否超出预设解析时间;  Determining whether the time of the log record to be parsed exceeds a preset parsing time;
如果所述待解析的日志记录的时间未超出预设解析时间,则解析所述待解析 的曰志"^己录;  If the time of the log record to be parsed does not exceed the preset parsing time, parsing the to-be-resolved slogan "^ has been recorded;
如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。 If the time of the log record to be parsed exceeds the preset parsing time, the log monitoring is stopped.
2、 根据权利要求 1所述的日志的监测方法, 其特征在于, 所述待解析的日 志记录包括: 开始字段信息、 时间字段信息、 优先级字段信息、 程序名称及版 本字段信息、 监测数据字段信息、 扩展字段信息以及结束字段信息。 The method for monitoring a log according to claim 1, wherein the log record to be parsed comprises: start field information, time field information, priority field information, program name and version field information, and monitoring data field. Information, extended field information, and end field information.
3、 根据权利要求 2所述的日志的监测方法, 其特征在于, 所述获取日志文 件中待解析的日志记录的步骤, 包括:  The method for monitoring a log according to claim 2, wherein the step of obtaining a log record to be parsed in the log file includes:
获取所述待解析的日志记录的记载时间与当前系统时间的时间间隔; 按照所述时间间隔由短到长的顺序, 依次提取所述待解析的日志记录。 Obtaining a time interval between the record time of the log record to be parsed and the current system time; and sequentially extracting the log record to be parsed according to the time interval from short to long.
4、 根据权利要求 3所述的日志的监测方法, 其特征在于, 所述获取日志文 件中待解析的日志记录的步骤, 还包括: The method for monitoring the log according to claim 3, wherein the step of obtaining the log record to be parsed in the log file further includes:
记录第一次提取所述待解析的日志记录的位置。  Record the location where the log record to be parsed is extracted for the first time.
5、 根据权利要求 2至 4中任意一项所述的日志的监测方法, 其特征在于, 所述解析所述待解析的日志记录的步骤, 包括:  The method for monitoring a log according to any one of claims 2 to 4, wherein the step of parsing the log record to be parsed comprises:
获取所述待解析的日志记录中的优先级字段信息;  Obtaining priority field information in the log record to be parsed;
判断所述优先级字段信息的类型;  Determining the type of the priority field information;
根据所述优先级字段信息中的类型,对所述待解析的日志记录中的监测数据 字段信息进行解析处理, 给出日志监测结果。  The monitoring data field information in the log record to be parsed is parsed according to the type in the priority field information, and the log monitoring result is given.
6、 根据权利要求 5所述的日志的监测方法, 其特征在于, 还包括: 发送所述日志监测结果;  The method for monitoring a log according to claim 5, further comprising: transmitting the log monitoring result;
判读所述待解析的日志记录是否处理完毕;  Determining whether the log record to be parsed is processed;
如果所述待解析的日志记录处理完毕, 则结束监测流程; 如果所述待解析的日志记录未处理完毕,则继续获取日志文件中待解析的曰 志记录。 If the log record to be parsed is processed, the monitoring process ends. If the log record to be parsed is not processed, continue to obtain the log record to be parsed in the log file.
7、 一种日志的监测装置, 其特征在于, 包括:  7. A log monitoring device, comprising:
曰志记录获取单元, 用于获取日志文件中待解析的日志记录;  The log record obtaining unit is configured to obtain a log record to be parsed in the log file;
判断单元, 用于判断所述待解析的日志记录的时间是否超出预设解析时间; 解析单元, 用于如果所述待解析的日志记录的时间未超出预设解析时间, 则 解析所述待解析的日志记录;  a determining unit, configured to determine whether the time of the log record to be parsed exceeds a preset parsing time, and a parsing unit, configured to parse the to-be-parsed if the time of the log record to be parsed does not exceed a preset parsing time Log record
监测停止单元, 用于如果所述待解析的日志记录的时间超出预设解析时间, 则停止日志监测。  The monitoring stop unit is configured to stop the log monitoring if the time of the log record to be parsed exceeds a preset parsing time.
8、 根据权利要求 7所述的日志的监测装置, 其特征在于, 当所述待解析的 日志记录包括: 开始字段信息、 时间字段信息、 优先级字段信息、 程序名称及 版本字段信息、 监测数据字段信息、 扩展字段信息以及结束字段信息时, 所述 日志记录获取单元, 包括:  The log monitoring device according to claim 7, wherein the log record to be parsed comprises: start field information, time field information, priority field information, program name and version field information, and monitoring data. The field record obtaining unit includes: field information, extended field information, and end field information, including:
时间间隔获取子单元,用于获取所述待解析的日志记录的记载时间与当前系 统时间的时间间隔;  The time interval acquisition sub-unit is configured to acquire a time interval between the record time of the log record to be parsed and the current system time;
日志记录提取子单元, 用于按照所述时间间隔由短到长的顺序,依次提取所 述待解析的日志记录。  The log record extraction subunit is configured to sequentially extract the log records to be parsed according to the time interval from short to long.
9、 根据权利要求 8所述的日志的监测装置, 其特征在于, 所述日志记录获 取单元, 还包括:  The log monitoring device according to claim 8, wherein the log record obtaining unit further comprises:
位置记录子单元, 用于记录所述第一次提取所述待解析的日志记录的位置。 a location record subunit, configured to record the location of the log record to be parsed for the first time.
10、 根据权利要求 8或 9所述的日志的监测装置, 其特征在于, 所述解析单 元, 包括: The apparatus for monitoring a log according to claim 8 or 9, wherein the parsing unit comprises:
信息获取子单元, 用于获取所述待解析的日志记录中的优先级字段信息; 类型信息判断子单元, 用于判断所述优先级字段信息的类型;  An information obtaining subunit, configured to obtain priority field information in the log record to be parsed; a type information determining subunit, configured to determine a type of the priority field information;
信息解析子单元, 用于根据所述优先级字段信息中的类型, 对所述待解析的 日志记录中的监测数据字段信息进行解析处理, 给出日志监测结果。  The information parsing sub-unit is configured to parse and process the monitoring data field information in the log record to be parsed according to the type in the priority field information, and provide a log monitoring result.
11、 根据权利要求 10所述的日志的监测装置, 其特征在于, 还包括: 信息发送单元, 用于发送所述日志监测结果; The apparatus for monitoring a log according to claim 10, further comprising: An information sending unit, configured to send the log monitoring result;
曰志处理进程判断单元, 用于判读所述待解析的日志记录是否处理完毕; 所述监测停止单元, 用于如果所述待解析的日志记录处理完毕, 则结束监测 流程;  The processing unit determining unit is configured to determine whether the log record to be parsed is processed; and the monitoring stopping unit is configured to end the monitoring process if the log record to be parsed is processed;
所述日志记录获取单元, 用于如果所述待解析的日志记录未处理完毕, 则继 续获取日志文件中待解析的日志记录。  The log record obtaining unit is configured to continue to obtain the log record to be parsed in the log file if the log record to be parsed is not processed.
PCT/CN2010/079518 2009-12-29 2010-12-07 Journal monitoring method and device WO2011079690A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910244105.0 2009-12-29
CN 200910244105 CN101789174B (en) 2009-12-29 2009-12-29 Journal monitoring method and device

Publications (1)

Publication Number Publication Date
WO2011079690A1 true WO2011079690A1 (en) 2011-07-07

Family

ID=42532375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079518 WO2011079690A1 (en) 2009-12-29 2010-12-07 Journal monitoring method and device

Country Status (2)

Country Link
CN (1) CN101789174B (en)
WO (1) WO2011079690A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789174B (en) * 2009-12-29 2013-07-24 北京世纪高通科技有限公司 Journal monitoring method and device
CN102164050B (en) * 2011-05-16 2014-01-22 北京星网锐捷网络技术有限公司 Log parsing method and log parsing node device
CN104283719A (en) * 2014-10-28 2015-01-14 北京国双科技有限公司 Log processing method and device and server
CN105787115A (en) * 2016-03-23 2016-07-20 广州市高科通信技术股份有限公司 Method and device for analyzing urban signal traffic control system
CN106202307B (en) * 2016-07-01 2019-10-11 百势软件(北京)有限公司 A kind of batch log preservation method and device
CN111435308A (en) * 2019-01-11 2020-07-21 北京确安科技股份有限公司 Method and device for acquiring program name of probe station
CN111949609A (en) * 2020-08-06 2020-11-17 云和恩墨(北京)信息技术有限公司 Method, device, terminal and medium for retrieving log file

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020198890A1 (en) * 2001-06-22 2002-12-26 International Business Machines Corporation Rules-based, automatic generation of journal entries
US20050222987A1 (en) * 2004-04-02 2005-10-06 Vadon Eric R Automated detection of associations between search criteria and item categories based on collective analysis of user activity data
CN1815451A (en) * 2005-01-31 2006-08-09 华为技术有限公司 Log information management method and system
CN1834681A (en) * 2005-03-16 2006-09-20 西门子(中国)有限公司 Recording method and system of monitoring journal
CN1851661A (en) * 2006-06-07 2006-10-25 中国科学院计算技术研究所 High-reliable journal system realizing method facing to large-scale computing system
CN101136798A (en) * 2007-10-16 2008-03-05 中兴通讯股份有限公司 Data configuration automatized test system and method
CN101789174A (en) * 2009-12-29 2010-07-28 北京世纪高通科技有限公司 Journal monitoring method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505245B (en) * 2009-03-06 2011-01-05 成都市华为赛门铁克科技有限公司 Method and apparatus for sending log information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020198890A1 (en) * 2001-06-22 2002-12-26 International Business Machines Corporation Rules-based, automatic generation of journal entries
US20050222987A1 (en) * 2004-04-02 2005-10-06 Vadon Eric R Automated detection of associations between search criteria and item categories based on collective analysis of user activity data
CN1815451A (en) * 2005-01-31 2006-08-09 华为技术有限公司 Log information management method and system
CN1834681A (en) * 2005-03-16 2006-09-20 西门子(中国)有限公司 Recording method and system of monitoring journal
CN1851661A (en) * 2006-06-07 2006-10-25 中国科学院计算技术研究所 High-reliable journal system realizing method facing to large-scale computing system
CN101136798A (en) * 2007-10-16 2008-03-05 中兴通讯股份有限公司 Data configuration automatized test system and method
CN101789174A (en) * 2009-12-29 2010-07-28 北京世纪高通科技有限公司 Journal monitoring method and device

Also Published As

Publication number Publication date
CN101789174A (en) 2010-07-28
CN101789174B (en) 2013-07-24

Similar Documents

Publication Publication Date Title
WO2011079690A1 (en) Journal monitoring method and device
US8494000B1 (en) Intelligent slicing of monitored network packets for storing
US10432645B2 (en) In-vehicle network system, fraud-detection electronic control unit, and fraud-detection method
US10932127B2 (en) Evaluating trustworthiness of data transmitted via unencrypted wireless mobile communications
US20180144621A1 (en) Measurement data processing method
CN111183624B (en) Export and removal of in-band metadata at intermediate nodes
EP2999276B1 (en) Method and terminal for reporting sensor data
CN100571271C (en) Be used to detect the TCP network and connect the system and method that Nagle is carried out in upward out-of-bounds
WO2018032936A1 (en) Method and device for checking domain name generated by domain generation algorithm
CN106921665B (en) Message processing method and network equipment
RU2018111478A (en) System and method for creating rules
WO2010099754A1 (en) Log information transmission method and apparatus
JP2010206698A (en) Device and method for issuing log information, and program
JP6839846B2 (en) Information processing equipment, information processing methods and programs
CN109510686A (en) A kind of general binary stream data conversion treatment method
US20200028709A1 (en) Method for removing data frame redundancy in network environment, and device and computer program for carrying out same
CN102271086B (en) Data transmission method and device
EP3026856A1 (en) Gre packet encapsulation method, decapsulation method, and corresponding apparatuses
CN109067711B (en) Rapid backtracking analysis method for network data packet
CN112732560B (en) Method and device for detecting leakage risk of file descriptor
CN107040435B (en) Power communication data detection system
US8064454B2 (en) Protocol incompatibility detection
CN115695576B (en) Data frame conversion method and device compatible with TSN frame preemption protocol
CN111198855A (en) Method and device for processing log data
CN111277569A (en) Network message decoding method and device and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10840479

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10840479

Country of ref document: EP

Kind code of ref document: A1