Multi-vendor device network inspection method and system based on ai and rag knowledge base

By combining AI with the RAG knowledge base, a multi-vendor device network inspection method has been developed to address the issues of low inspection efficiency, difficulty in adaptation, and delayed identification of potential problems in the network operation and maintenance of large enterprises. This method enables rapid and accurate device inspection and intelligent analysis, thereby reducing operation and maintenance costs.

CN122160233APending Publication Date: 2026-06-05XIANNING POWER SUPPLY COMPANY OF STATE GRID HUBEIELECTRIC POWER

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
XIANNING POWER SUPPLY COMPANY OF STATE GRID HUBEIELECTRIC POWER
Filing Date
2026-03-30
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing technologies in network operation and maintenance of large enterprises or data centers suffer from low inspection efficiency, frequent data collection errors, inability to quickly adapt to new equipment, lack of in-depth analysis capabilities, and inability to meet the heterogeneous hardware equipment issues, resulting in long inspection cycles and delayed identification of potential problems.

Method used

A multi-vendor device network inspection method based on AI and RAG knowledge base is adopted. By combining thread pool concurrency mechanism, brand and command mapping, regular expression parsing, lightweight large language model (LLM) and vector database, the automated device connection, data collection, analysis and report generation are realized.

Benefits of technology

It significantly shortened inspection time, improved data collection accuracy and hazard identification accuracy, reduced operation and maintenance costs, achieved full-process automation and intelligent analysis, and reduced the recurrence rate of faults.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160233A_ABST
    Figure CN122160233A_ABST
Patent Text Reader

Abstract

The application discloses a kind of multi-vendor equipment network inspection method and system based on AI and RAG knowledge base, belong to network operation technical field.The application is adapted to the command difference of multi-vendor equipment by configuration mode, utilizes multi-thread concurrent execution inspection task, realizes the efficient collection of data;Through regular analysis engine and data checking mechanism, the accuracy and reliability of index extraction are ensured;Vector knowledge base containing equipment manual, historical fault case is constructed, combined with lightweight large language model and rule engine for fusion reasoning, automatically identify current hidden danger and potential risk of equipment, and generate inspection report containing analysis conclusion.The application solves the problems of low efficiency of artificial inspection, multi-vendor adaptation difficulty, hidden danger identification lag, etc., significantly improves the automation level and intelligent analysis capability of inspection, reduces operation and maintenance cost and failure rate.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network operation and maintenance technology, and more specifically, to a method and system for network inspection of multi-vendor devices based on AI and RAG knowledge base. Background Technology

[0002] In the network operation and maintenance of large enterprises or data centers, regular health checks of core and aggregation switches are a key step in ensuring stable network operation. In existing technologies, the main problems with inspection work are as follows: 1) Maintenance personnel need to log in to each device one by one and manually execute multiple inspection commands to check information such as version, environment, and routing status. For large-scale networks, this process takes several hours, with a large repetitive workload and low efficiency of manual inspection; 2) The command set and output format of command interface CLI devices from different vendors such as Huawei, H3C, and Maipu are significantly different. Manual recording is prone to errors and lacks a unified standardized adaptation mechanism, making it difficult to achieve a standardized inspection process; 3) After collecting data, key information needs to be manually filtered and filled into documents or tables, which is not only inefficient but also prone to problems such as copying errors and inconsistent formats; 4) The manual inspection cycle is long, making it difficult to complete a comprehensive inspection of a large-scale network in a short time. At the same time, when device connection fails or data parsing is abnormal, existing technologies lack an effective fault tolerance mechanism, which can easily lead to inspection interruption or data loss; 5) When adding devices from new vendors, it is often necessary to modify the core code to adjust the command logic, resulting in high maintenance costs and making it difficult to quickly adapt to new maintenance needs.

[0003] Furthermore, existing technologies mostly remain at the level of data collection or basic statistics, lacking the ability to deeply analyze inspection data. Hazard identification relies on manual judgment, resulting in low accuracy and delayed early warnings. Simultaneously, they cannot connect with historical failure cases, manufacturer equipment manuals, or other professional knowledge, making it difficult to accurately pinpoint the root cause of hazards and provide effective solutions. Existing cloud platform inspection technologies only focus on the cloud platform software layer, adapting to standardized interface output data, without hardware device interaction requirements, and are limited to a single scenario without addressing vendor heterogeneity issues. These technologies lack dedicated hardware connection fault tolerance, unstructured data parsing, and standardized report adaptation mechanisms, and lack AI-driven hazard analysis and knowledge base linkage capabilities. They cannot meet the full-scenario inspection needs of large enterprise hybrid deployment networks, which face heterogeneous hardware commands, unstructured CLI output, unstable physical device connections, and the need for accurate hazard early warnings. Summary of the Invention

[0004] This invention provides a multi-vendor device network inspection method and system based on AI and RAG knowledge base, which solves the technical problems that existing path planning technology cannot meet users' personalized distance requirements, there is a contradiction between the specified waypoint and the target distance, and there is a lack of automated solutions.

[0005] The technical solution adopted in this invention is: A multi-vendor device network inspection method based on AI and RAG knowledge base includes the following steps: S1. When the system starts, it reads the configuration file to obtain database connection parameters, login credentials for multiple vendor devices, and AI and knowledge base related configurations; it dynamically obtains a list of devices to be inspected through the database, which includes at least the device IP address, device brand, device name, and network topology location; it performs reachability detection and port probing on the device IPs and filters out unreachable devices; S2. Initialize the thread pool, traverse the list of devices that have passed the reachability test, create an independent collection task for each device, and submit the collection task to the thread pool to achieve parallel inspection. The execution status of a single collection task is independent, and the failure of a single collection task does not affect the execution of other collection tasks. S3. In each data collection task, establish a connection with the target device and identify the device brand through a dual verification mechanism that combines pre-stored fields in the database with the information returned by the device. Based on the preset brand and command set mapping table, issue the inspection command set corresponding to the identified device brand to the target device, capture the CLI text stream returned by the device and clean up redundant information to obtain standardized raw data. S4. Use a preset indicator-specific regular expression engine to extract key indicators from the standardized raw data, perform validity verification on the extracted key indicators, filter invalid data and mark the logs. S5. The verified key indicator data is structured to form an AI analysis input dataset; reference information related to the AI ​​analysis input dataset is retrieved through a vector database; the AI ​​analysis input dataset and the retrieved reference information are input into a lightweight large language model, and reasoning analysis is performed in conjunction with a rule engine to output current hidden dangers, potential risks and optimization suggestions, and to determine the level of hidden dangers. S6. Generate early warning information based on the level of hidden danger; load the inspection template, write the key indicator data and AI reasoning analysis results into the corresponding position of the inspection template, and generate an inspection report.

[0006] Furthermore, the configuration file mentioned in step S1 contains exclusive login credentials for core devices, access devices, and specific brand devices; the reachability detection executes corresponding Ping commands for different operating systems; and the port probe is used to verify the availability of device service ports.

[0007] Furthermore, the thread pool described in step S2 is configured with a maximum number of 30 threads, an unbounded task queue, and a thread idle timeout of 60 seconds through ThreadPoolExecutor to achieve concurrent inspection of hundreds of devices.

[0008] Furthermore, the establishment of a connection with the target device in step S3 specifically involves: prioritizing the establishment of a connection via the SSH protocol, setting a timeout and the number of retries; automatically switching to the Netmiko protocol for supplementary data collection when the SSH connection fails; and determining the brand by parsing the banner information returned by the device when the SSH connection is established and using keyword matching.

[0009] Furthermore, the key indicators mentioned in step S4 include device model, software version, runtime, CPU utilization, memory utilization, chassis temperature, power status, fan status, and OSPF neighbor status; the validity verification includes verifying CPU utilization and memory utilization within the range of 0% to 100%, verifying power status and fan status using preset valid values, and verifying OSPF neighbor status using standard status values.

[0010] Furthermore, the knowledge base construction and update method described in step S5 includes: offline integration of multi-vendor equipment manuals, historical fault cases, industry standards and network topology rules, and storage in a vector database after document segmentation and embedding; online automatic crawling of updated content according to a preset period, and synchronization of new fault cases and analysis conclusions generated in each inspection.

[0011] Furthermore, the hazard levels mentioned in step S5 include Level 1 hazards, Level 2 hazards, and Level 3 hazards, which are automatically determined based on the scope of the fault's impact, the probability of occurrence, and the degree of loss; the early warning information for Level 1 and Level 2 hazards is pushed to the operation and maintenance manager through system pop-ups and emails.

[0012] Another technical solution adopted by the present invention is: A multi-vendor device network inspection system based on AI and RAG knowledge base, used to perform the above-described methods, including: The configuration and device management module is used to read configuration files, obtain database connection parameters, login credentials for multiple vendor devices, and AI and knowledge base related configurations, and dynamically obtain a list of devices to be inspected from the database, and perform reachability detection and port probing on device IPs. The concurrent task scheduling module is used to initialize the thread pool, create independent acquisition tasks for each device, and submit them to the thread pool for parallel inspection. The differentiated data acquisition module is used to establish a connection with the target device, identify the device brand, issue the corresponding inspection command set based on the preset brand and command set mapping table, and clean up the captured CLI text stream; The indicator parsing module is used to extract key indicators from standardized raw data using a regular expression engine and to validate the effectiveness of the extracted indicators. The intelligent analysis and knowledge base module is used to build and update the vector knowledge base. After the key indicator data is verified and structured, it is input into the lightweight large language model along with the reference information retrieved from the knowledge base for reasoning and analysis, and outputs the hazard analysis results and determines the level. The reporting and early warning module is used to generate early warning information based on the level of hidden dangers, load inspection templates, write key indicator data and hidden danger analysis results into the templates, and generate inspection reports.

[0013] Furthermore, the differentiated data acquisition module includes a connection unit, a brand identification unit, a command issuance unit, and a data cleaning unit; the connection unit is used to establish a connection with the Netmiko protocol via the SSH protocol; the brand identification unit is used to identify the brand using pre-stored fields in the database and device banner information; the command issuance unit is used to match the corresponding JSON format command set according to the brand; and the data cleaning unit is used to remove page breaks and control characters from the CLI text stream.

[0014] Furthermore, the intelligent analysis and knowledge base module includes a knowledge base construction unit, a vector retrieval engine, and an inference analysis unit. The knowledge base construction unit is used to offline integrate professional knowledge documents and store them in vector form, while supporting online incremental updates. The vector retrieval engine is used to calculate the similarity between the input data and the information in the knowledge base and return highly relevant reference information. The inference analysis unit is used to load a lightweight large language model and combine it with a rule engine to perform fusion inference on the input data and the retrieved reference information. Compared with the prior art, the present invention has the following advantages: 1) This invention adopts a multi-threaded concurrency mechanism, which configures an unbounded task queue and thread idle timeout parameters through a thread pool, significantly shortening the time window for large-scale network inspections, reducing the workload of several hours to minutes, and ensuring the stability of large-scale inspections by configuring an unbounded task queue and thread idle timeout parameters through a thread pool. 2) This invention uses an abstract difference layer that maps brands to commands, allowing a single system to manage devices from multiple vendors simultaneously, thus shielding the underlying command differences. When adding a new vendor, only the configuration file needs to be extended, without modifying the core code, which greatly reduces maintenance costs and adaptation time. 3) Based on dual-protocol automated data collection, combined with dedicated regular expression parsing and a strict data verification mechanism, the parsing accuracy is extremely high, eliminating manual reading and input errors, and ensuring the authenticity and consistency of the data; 4) Integrating the RAG knowledge base with lightweight LLM, it automatically links real-time equipment inspection data, historical fault cases and manufacturer equipment manuals, and intelligently analyzes abnormal equipment indicators and potential risk points, solving the problems of traditional inspections that only collect data without analysis, delayed discovery of hidden dangers, and reliance on experience for analysis. 5) It achieves full automation from configuration reading, task scheduling, data collection, parsing, AI risk analysis to report generation, without manual intervention; it also supports anomaly self-healing, improving operation and maintenance efficiency.

[0015] 6) By retrieving historical inspection data and similar fault handling solutions from the RAG knowledge base, AI can automatically generate hazard tracing reports and targeted optimization suggestions, reducing operation and maintenance decision-making time and significantly reducing the recurrence rate of faults. Attached Figure Description

[0016] The present invention will be further described below with reference to the accompanying drawings and specific embodiments: Figure 1 This is a schematic diagram of the core module structure of the system in an embodiment of the present invention; Figure 2 This is an overall technical roadmap for an automated inspection method for multi-vendor network devices based on AI and a knowledge base, as described in this invention. Detailed Implementation

[0017] To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention will be described in further detail below with reference to the accompanying drawings and specific embodiments.

[0018] This embodiment provides a method and system for inspecting multi-vendor network devices based on AI and RAG knowledge base, aiming to achieve automated inspection, intelligent analysis and report generation of multi-vendor network devices.

[0019] I. System Module Structure like Figure 1 As shown, the system mainly comprises six core modules: configuration and equipment management module, concurrent task scheduling module, differentiated data acquisition module, indicator analysis module, intelligent analysis and knowledge base module, and reporting and early warning module. Each module interacts with a database, which stores equipment information, inspection data, knowledge base vector data, and historical analysis results. The system uses configuration files for unified parameter management, ensuring smooth integration and consistent data across all stages.

[0020] This module is specifically designed for the inspection and intelligent hazard analysis of hardware devices from multiple vendors. Its core lies in the four-layer linkage of configuration files, command mapping tables, databases and vector knowledge bases to achieve code-free expansion and intelligent upgrades. Specific implementation steps

[0021] Combination Figure 2 The technical roadmap shown in this embodiment illustrates the following specific steps: Step S1: Initialization and Configuration Reading When the system starts, it first reads the configuration file, which in this embodiment is setting.ini. This file contains several core configuration sections: the database configuration section stores database connection parameters, including host address, port, username, password, and database name; the device login configuration section stores login parameters for devices from multiple vendors, including the default SSH port, dedicated port for core devices, access device port, and login usernames and passwords for devices with different roles and brands; the AI ​​and knowledge base related configuration section stores the vector database address, the path of the lightweight large language model LLM, the embedded model name, the knowledge base update cycle, and the threshold for determining the risk level. After the configuration is loaded, a connection to the MySQL database is established through the database management class, and SQL query statements are executed to dynamically obtain the list of devices to be inspected. This list includes at least the device IP address, device brand, device name, and network topology location. Through database linkage, the device information is updated in real time, eliminating the need for manual maintenance of the device list.

[0022] In this step, to improve inspection efficiency and reduce invalid tasks, the system performs reachability preprocessing on the acquired device IPs; the system executes the corresponding Ping command to perform network connectivity detection based on the type of operating system it is running; at the same time, it detects the availability of device service ports through port probing methods to preemptively eliminate devices with blocked ports.

[0023] Step S2: Concurrent Task Scheduling The system employs a thread pool for concurrent inspection. Specifically, the thread pool is initialized with a maximum number of threads to accommodate the concurrent needs of hundreds of devices, and an unbounded task queue and thread idle timeout are set. The system iterates through the list of devices that have passed reachability checks and creates an independent collection task for each device. This task encapsulates core information such as device IP, brand, login parameters, and network topology location. After a task is submitted to the thread pool, the pool automatically schedules idle threads for execution. Through the unbounded queue design, the system ensures that the failure of a single task will not affect the execution of other tasks, providing task-level fault tolerance.

[0024] Step S3: Differentiated Data Collection Each data acquisition task is executed independently. Its core lies in shielding vendor differences through an abstraction layer of device differences, specifically: The task attempts to establish a connection with the target device. It prioritizes establishing a connection via the SSH protocol, setting a timeout and number of retries. If the SSH connection fails, the system automatically switches to the Netmiko protocol for re-sampling, using a dual-protocol redundancy mechanism to ensure a high connection success rate. After the connection is established, the system accurately identifies the device brand through a dual-verification mechanism. It first reads the device brand field pre-stored in the database; if this field is empty or invalid, it parses the banner information returned by the device when the SSH connection is established and determines the brand through keyword matching. For example, if it contains specific keywords, it is identified as a Huawei device; if it contains another set of keywords, it is identified as a H3C device. After brand identification is completed, the system automatically matches the corresponding inspection command set based on a preset brand-command set mapping table. This mapping table is an extensible JSON format file; for example, for Huawei devices, commands are issued to query temperature, hardware status, version information, device name, and OSPF neighbor status; for H3C devices, commands are issued to query hardware, fan, power supply, version, and ARP information; and for Maipu devices, commands are issued to query version and configuration information. After the command is issued, the system captures the CLI text stream returned by the SSH or Netmiko session and automatically cleans up redundant information such as page breaks and control characters in the text to obtain standardized raw data text.

[0025] Step S4: Key Indicator Extraction Using the Python regular expression engine, we designed specialized regular expressions for different key metrics to extract them precisely. For example, we used a specific regular expression to extract runtime, another regular expression to extract CPU utilization, and other regular expressions to extract memory utilization, power status, fan status, OSPF neighbor status, and device model and version. At the same time, we used specialized regular expressions to parse command output to obtain device names. All extracted metrics undergo multi-dimensional validity verification; for example, CPU and memory utilization must be within the range of 0% to 100%, power supply and fan status are only allowed to have preset valid values, and OSPF neighbor status is only allowed to have standard status values; invalid data will be marked as anomalies and logged to ensure that the data ultimately used for analysis is accurate and reliable.

[0026] Step S5: Integration of AI Hazard Analysis with RAG Knowledge Base This step is the core of achieving intelligent analysis, and it is specifically as follows: First, the knowledge base is built and updated: In the offline phase, the system organizes professional knowledge such as equipment manuals from multiple manufacturers, historical fault cases, industry inspection standards, and network topology association rules. The documents are segmented using the LangChain framework and converted into vectors using an embedding model. Finally, the vectors are stored in a vector database to form a structured professional knowledge base. In the online phase, the system automatically crawls the updated content from the manufacturers' official websites at preset intervals and synchronizes new fault cases, processing results, and AI analysis conclusions generated from each inspection to the knowledge base to achieve continuous knowledge updates. In the data input preprocessing stage, the system will structure the valid indicator data verified in step S4, such as device IP, brand, model, network topology location, running time, CPU utilization, memory utilization, hardware status, routing status, etc., into JSON format; at the same time, it will associate the device with the historical inspection data and network topology location information in the database to form a complete input dataset for AI analysis. Next, RAG retrieval fusion is performed: the system converts the preprocessed input dataset into retrieval vectors and performs similarity retrieval through the vector database to match reference information related to the current device indicators, such as historical failure cases of similar devices, failure thresholds of manufacturer devices, industry standard requirements, network topology association risks, etc.; the system extracts highly relevant information as contextual supplements for LLM inference. The AI ​​reasoning and analysis process employs a lightweight LLM (Limited Least Mechanism) combined with a pre-defined rule engine. The LLM integrates and reasons with the input data and RAG (Rich Internet Registry) search results, outputting three core components: current hazards, identifying specific problems with the equipment; potential risks, predicting possible future failures based on historical cases; and optimization suggestions, providing targeted solutions based on the knowledge base. Simultaneously, the system automatically classifies hazards into Level 1, Level 2, or Level 3 based on the scope of the failure's impact, probability of occurrence, and degree of loss. Finally, for hazards classified as Level 1 or Level 2, the system automatically triggers an early warning mechanism, pushing the warning to the operations and maintenance manager via system pop-ups and emails. The warning information includes the IP address, name, level, scope of impact, and handling suggestions for the hazard-affected device.

[0027] Step S6: Report Generation and Format Conversion The system loads a pre-set Excel inspection template, which is now adapted to include an AI hazard analysis module. The template includes worksheets for basic equipment information, resource utilization, hardware status, routing status, and AI hazard analysis. The system locates the corresponding sheet in the template based on the equipment name. If the sheet does not exist, it is automatically created and the header is initialized according to the template format. Using the openpyxl library, the system writes the key indicators verified in step S4 and the AI ​​hazard analysis results generated in step S5 into the specified cells of the corresponding worksheet; if the writing fails, it is marked as not collected to avoid report interruption. After the data is written, the system saves the Excel file; then, it calls a cross-platform tool to execute a command to convert the Excel file to PDF format, generating a final inspection report in both Excel and PDF formats; if the PDF conversion fails, the system retains the original Excel file and records the exception log to avoid data loss.

[0028] In this embodiment, taking the inspection of a Huawei device as an example, the workflow is as follows: 1) Configuration Reading: After the system starts, it reads the database address, port, switch login username and password, core device port, and AI-related configurations, such as vector database address and LLM model path, from the configuration file. 2) Device list acquisition: The IP address, brand, name and network topology location of the devices to be inspected are retrieved from the database. After reachability testing and port probing, it is confirmed that the devices are reachable and the ports are open. 3) Concurrent task scheduling: The thread pool allocates idle threads to create data acquisition tasks for the device and submits them for execution. 4) Differentiated data collection: Connect to the device via SSH protocol. After successful connection, verify the brand as Huawei by double-checking the database fields and banner information. The system matches Huawei's exclusive command set, issues the corresponding command, captures the return stream, and cleans up redundant information. 5) Key Indicator Analysis: Indicators such as chassis temperature, CPU utilization, power status, and OSPF neighbor status are extracted using regular expressions and correlated with historical data from the past 3 months. After multi-dimensional verification, all indicators are confirmed to be valid values. 6) AI Risk Analysis: ① Generate a structured JSON input dataset; ② Retrieve threshold information and historical cases regarding CPU utilization for this device model from the vector database; ③ The LLM combined with the rule engine determined it to be a level 1 hidden danger, output the analysis results, pointed out that the CPU utilization exceeded the threshold, the potential risk was that port forwarding delay might occur, and proposed handling suggestions for optimizing the routing strategy; ④ The system sends a Level 1 hazard warning to the operations and maintenance manager via email; 7) Report generation: The system loads the Excel template, locates the corresponding device's Sheet page, writes the parsed indicators and AI hazard analysis results into the cells, saves the Excel file, calls the tool to convert it to PDF, and generates the final inspection report.

[0029] To verify the technical effectiveness of this invention, a 30-day continuous test was conducted in an experimental environment containing 200 core and aggregation switches. The experimental data is shown in the table below:

[0030] As shown in the table, this invention completes the inspection of hundreds of devices in approximately 8 minutes, far shorter than the 4.5 hours of manual inspection and the 1.2 hours of existing cloud platform inspection technology; the adaptation cycle for adding a new brand of equipment is shortened to 2 hours, while existing technologies require several days; the data parsing accuracy reaches 99.7%, significantly higher than the levels of manual inspection and existing technologies; the hazard identification accuracy reaches 98.2%, and it can provide early warning of potential faults 3 to 7 days in advance, which is impossible with existing technologies; in terms of report generation time (including analysis), it only takes 3 minutes from data collection to report generation, greatly improving efficiency; the recurrence rate of faults is reduced from 35% to 8%, and the fault response time is shortened to 30 minutes. In addition, the average knowledge base retrieval response time is within 300 milliseconds, the average time for LLM inference single-device hazard analysis is no more than 2 seconds, the identification accuracy of different anomaly types is above 97%, and the false alarm rate is controlled within 1.5%.

[0031] The above experimental data fully demonstrate the significant advantages of this invention in terms of inspection efficiency, accuracy, intelligence level, and closed-loop management of operation and maintenance.

[0032] This invention adapts to the command differences of devices from multiple vendors through a configurable approach, utilizes multi-threaded concurrent execution of inspection tasks to achieve efficient data collection, ensures the accuracy and reliability of indicator extraction through a regular expression parsing engine and data verification mechanism, and constructs a vector knowledge base containing equipment manuals and historical fault cases. It combines a lightweight large language model and rule engine for fusion reasoning to automatically identify current hidden dangers and potential risks in equipment and generate inspection reports containing analytical conclusions. This invention solves the problems of low efficiency in manual inspections, difficulty in adapting to multiple vendors, and delayed hazard identification, significantly improving the automation level and intelligent analysis capabilities of inspections, and reducing operation and maintenance costs and failure rates.

[0033] The embodiments described above are merely preferred embodiments of the present invention and are not intended to limit the scope of the present invention. Various modifications and improvements made by those skilled in the art to the technical solutions of the present invention without departing from the principles and essence of the present invention should fall within the protection scope defined by the claims of the present invention.

Claims

1. A method for inspecting multi-vendor device networks based on AI and RAG knowledge base, characterized in that, include: S1. When the system starts, it reads the configuration file to obtain database connection parameters, login credentials for multiple vendor devices, and AI and knowledge base related configurations; it dynamically obtains a list of devices to be inspected through the database, which includes at least the device IP address, device brand, device name, and network topology location; it performs reachability detection and port probing on the device IPs to filter out unreachable devices; S2. Initialize the thread pool, traverse the list of devices that have passed the reachability test, create an independent collection task for each device, and submit the collection task to the thread pool to achieve parallel inspection; the execution status of a single collection task is independent, and the failure of a single collection task does not affect the execution of other collection tasks. S3. In each data collection task, establish a connection with the target device and identify the device brand through a dual verification mechanism that combines pre-stored fields in the database with the information returned by the device. Based on the preset brand and command set mapping table, issue the inspection command set corresponding to the identified device brand to the target device, capture the CLI text stream returned by the device and clean up redundant information to obtain standardized raw data. S4. Use a preset indicator-specific regular expression engine to extract key indicators from the standardized raw data, perform validity verification on the extracted key indicators, filter invalid data and mark the logs. S5. The verified key indicator data is structured to form an AI analysis input dataset; reference information related to the AI ​​analysis input dataset is retrieved through a vector database; the AI ​​analysis input dataset and the retrieved reference information are input into a lightweight large language model, and reasoning analysis is performed in conjunction with a rule engine to output current hidden dangers, potential risks and optimization suggestions, and to determine the level of hidden dangers. S6. Generate early warning information based on the level of hidden danger; load the inspection template, write the key indicator data and AI reasoning analysis results into the corresponding position of the inspection template, and generate an inspection report.

2. The method for multi-vendor device network inspection based on AI and RAG knowledge base according to claim 1, characterized in that, The configuration file mentioned in step S1 contains exclusive login credentials for core devices, access devices, and specific brand devices. The reachability detection executes the corresponding Ping command for different operating systems, and the port probe is used to verify the availability of the device service port.

3. The method for multi-vendor device network inspection based on AI and RAG knowledge base according to claim 1, characterized in that, The thread pool described in step S2 is configured with a maximum number of 30 threads, an unbounded task queue, and a thread idle timeout of 60 seconds through the Thread Pool Executor, enabling concurrent inspection of hundreds of devices.

4. The multi-vendor device network inspection method based on AI and RAG knowledge base according to claim 1, characterized in that, The specific steps for establishing a connection with the target device in step S3 are as follows: Prioritize establishing connections via the SSH protocol, and set the timeout and number of retries; When the SSH protocol connection fails, it automatically switches to the Netmiko protocol for re-sampling; The device return information in the brand identification process is obtained by parsing the banner information returned by the device when the SSH connection is established, and by using keyword matching to determine the brand.

5. The method for multi-vendor device network inspection based on AI and RAG knowledge base according to claim 1, characterized in that, The key indicators mentioned in step S4 include device model, software version, runtime, CPU utilization, memory utilization, chassis temperature, power status, fan status, and OSPF neighbor status. The validity verification includes verifying CPU utilization and memory utilization within the range of 0% to 100%, verifying power status and fan status using preset valid values, and verifying OSPF neighbor status using standard status values.

6. The multi-vendor device network inspection method based on AI and RAG knowledge base according to claim 1, characterized in that, The methods for constructing and updating the knowledge base in step S5 include: Offline integration of multi-vendor equipment manuals, historical fault cases, industry standards and network topology rules, which are then stored in a vector database after document chunking and embedding. The system automatically crawls and updates content online at preset intervals, and synchronizes new fault cases and analysis conclusions generated during each inspection.

7. The method for multi-vendor device network inspection based on AI and RAG knowledge base according to claim 1, characterized in that, The hazard levels mentioned in step S5 include Level 1, Level 2, and Level 3 hazards, which are automatically determined based on the scope of the fault's impact, the probability of occurrence, and the degree of loss. The early warning information for Level 1 and Level 2 hazards is pushed to the operation and maintenance manager via system pop-ups and emails.

8. A multi-vendor device network inspection system based on AI and RAG knowledge base, used to perform the method described in any one of claims 1 to 7, characterized in that, include: The configuration and device management module is used to read configuration files, obtain database connection parameters, login credentials for multiple vendor devices, and AI and knowledge base related configurations, and dynamically obtain a list of devices to be inspected from the database, and perform reachability detection and port probing on device IPs. The concurrent task scheduling module is used to initialize the thread pool, create independent acquisition tasks for each device, and submit them to the thread pool for parallel inspection. The differentiated data acquisition module is used to establish a connection with the target device, identify the device brand, issue the corresponding inspection command set based on the preset brand and command set mapping table, and clean up the captured CLI text stream; The indicator parsing module is used to extract key indicators from standardized raw data using a regular expression engine and to validate the effectiveness of the extracted indicators. The intelligent analysis and knowledge base module is used to build and update the vector knowledge base. After the key indicator data is verified and structured, it is input into the lightweight large language model along with the reference information retrieved from the knowledge base for reasoning and analysis, and outputs the hazard analysis results and determines the level. The reporting and early warning module is used to generate early warning information based on the level of hidden dangers, load inspection templates, write key indicator data and hidden danger analysis results into the templates, and generate inspection reports.

9. A multi-vendor device network inspection system based on AI and RAG knowledge base according to claim 8, characterized in that, The differentiated data acquisition module includes: The connection unit is used to establish a connection with the Netmiko protocol via the SSH protocol; The brand identification unit is used to identify the brand by using pre-stored fields in the database and device banner information; The command delivery unit is used to match the corresponding JSON format command set based on the brand. The data cleaning unit is used to remove page breaks and control characters from the CLI text stream.

10. A multi-vendor device network inspection system based on AI and RAG knowledge base according to claim 8, characterized in that, The intelligent analysis and knowledge base module includes: The knowledge base building unit is used to integrate professional knowledge documents offline and store them in vector form, while also supporting online incremental updates; The vector retrieval engine is used to calculate the similarity between input data and information in the knowledge base, and returns highly relevant reference information; The reasoning and analysis unit is used to load a lightweight large language model and combine it with the rule engine to perform fusion reasoning on the input data and the retrieved reference information.