Log parsing method and log parsing node device

A technology of node equipment and analysis method, which is applied in the field of network information security and network management, can solve the problems of scalability and adaptability, and achieve the effects of reducing backtracking and repeated matching, strong adaptability, and high resolution efficiency

Active Publication Date: 2011-08-24
上海锐山网络有限公司
View PDF5 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the problem is: after receiving a log, how to determine which regular expression is appropriate, so how to quickly determine the format of the log and select the corresponding regular expression for parsing is the key point in the log parsing process. a difficulty
Therefore, devices that use the keyword method for log analysis often have to implement corresponding keyword extraction logic for the classification methods of mainstream manufacturers, and there are problems in scalability and adaptability.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log parsing method and log parsing node device
  • Log parsing method and log parsing node device
  • Log parsing method and log parsing node device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] This paper proposes an efficient and adaptable log parsing solution for many problems existing in the existing technical solutions. This scheme can reduce the problems of backtracking and repeated matching in the process of log parsing, so as to achieve high parsing efficiency, and this method does not require different logs to be parsed to have common header information, so it has strong adaptability .

[0052] The solution provided by the embodiment of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0053] First, the embodiment of the present invention provides a log parsing method, and the specific flowchart of the method is as follows figure 1 shown, including the following steps:

[0054] Step 11, the parsing node obtains the log and the offset to be matched for indicating the unparsed content in the log;

[0055] Wherein, the parsing node may be a virtual device whose function is realized by software, or ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a log parsing method and a log parsing node device, used for providing a high-efficiency strong-adaptability log parsing scheme. The method comprises the steps that a parsing node obtains a log and offset to be matched for indicating unparsed contents in the log; the parsing node parses the unparsed contents indicated by the offset to be matched by using a stored first regular expression so as to obtain field information matched with the first regular expression; the parsing node judges whether a subordinate parsing node exists; if judgment results shows no subordinate parsing node exists and event type information is pre-stored in the parsing node, the parsing node considers the event type information as the event type information of an event recorded in the log, wherein the event type information is determined according to the field information which can be parsed from the log by a regular expression stored in at least one parsing node included in a route along which the log is transmitted to the parsing node.

Description

technical field [0001] The invention relates to the fields of network information security and network management, in particular to a log parsing method and log parsing node equipment. Background technique [0002] A system log (Syslog) is a log widely used in a network environment, which can be officially supported by various operating systems, network devices, and security devices. For other types of logs, in practical applications, they are often converted into Syslog format through a log converter, which facilitates unified collection, management, and analysis. [0003] Syslog is a log with a very loose and free format. In fact, except for the mandatory requirement that the length of Syslog cannot exceed 1024 bytes, there are almost no other mandatory requirements for Syslog. Because the format of Syslog is very loose and free, there are huge differences in the format of Syslogs generated by different manufacturers or even different products of the same manufacturer. T...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24G06F17/30
Inventor 丁兆杰
Owner 上海锐山网络有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap