Audit log control system and method for a real-time operating system
The audit log control system, through layered decoupling and dynamic rule-based distribution, solves the problem of unified management and dynamic routing of log records in real-time operating systems, realizes a highly cohesive and loosely coupled log governance system, and improves the real-time performance and observability of the system.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAN THERMAL POWER RES INST CO LTD
- Filing Date
- 2026-03-13
- Publication Date
- 2026-06-19
AI Technical Summary
In existing technologies, the audit logs of real-time operating systems are not uniform in format and are scattered in location, making them difficult to manage in a unified manner. They also lack dynamic routing capabilities, resulting in high coupling and loose structure, which makes it difficult to meet the real-time, reliability and observability requirements of modern distributed systems.
The audit log control system adopts a layered and decoupled architecture, including an API layer module and a distribution layer subsystem. Through configurable artifacts, structured events, and rule-based distribution, it constructs a highly cohesive, loosely coupled, and easily scalable log governance system. The API layer module is configured once upon client startup. The distribution layer distributes audit event objects according to pre-configured rules and achieves dynamic decision-making through rule weight-based dynamic activation components and environmental entropy field-optimized adjudication sub-components.
It reduces the coupling between business code and logging functionality, enabling efficient and reliable distribution and unified management of audit logs, thus meeting the comprehensive requirements of modern distributed systems for real-time performance, reliability, and observability.
Smart Images

Figure CN122247843A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of audit log technology, and in particular to an audit log control system and method for a real-time operating system. Background Technology
[0002] Real-time operating systems, such as the domestically developed Reworks and Sylixos, as well as the open-source RT-Thread, lack a syslog system similar to Linux for recording audit logs of user program calls. Each application developer needs to develop its own logging system to record its own audit logs. This results in inconsistent log formats, scattered log locations, and poor unified management, while also increasing the workload for application developers.
[0003] Prior art 1, Chinese Patent Application No. 202410693058.2, provides an audit log management method, apparatus, device, and storage medium applied to the master management node in a distributed storage system cluster. The method includes: determining whether the audit log function is enabled based on an audit log instruction sent by the client; if so, determining the access protocol type based on a pre-deployed scenario in the audit log instruction; loading the scenario template file corresponding to the access protocol type by calling a preset dynamic library interface based on the access protocol type; collecting log information corresponding to each slave management node in the distributed storage system cluster based on the scenario template file, recording the log information in a local log file, and storing the log information in a preset database. Although this distributed storage multi-scenario log management scheme determines whether to enable the audit log function based on the customer's audit log requirements and manages the corresponding audit log template file according to the deployed storage scenario, it outputs to a fixed location according to preset static rules. This lack of intelligent distribution based on business context, environment, or real-time policies makes it difficult to support refined auditing and multi-tenant isolation requirements.
[0004] Prior art two, Chinese patent application number: 202310891196.7, provides an audit log management method, apparatus, and storage medium, relating to the field of cloud computing technology, which can solve the problem of decreased performance and efficiency of audit services caused by the excessive number of audit logs. The method includes: detecting whether there are pending audit logs in the audit queue according to a first time period; if there are pending audit logs in the audit queue, and the number of audit logs in the audit queue exceeds a preset number, or the number of audit logs in the audit queue does not exceed the preset number, and the duration for which the pending audit logs are written to the audit queue exceeds a first preset duration, then storing the pending audit logs in a first database. While this can improve the performance and processing efficiency of audit services, the output is in unstructured text format, lacking unified field specifications and semantic definitions, making it difficult to automatically parse, statistically analyze, and monitor the logs, resulting in low efficiency for subsequent retrieval and analysis.
[0005] Prior art three, Chinese patent application number 202410727872.1, discloses a dynamic adaptive application audit log collection and transmission method and apparatus. The method includes: deploying an audit agent to a target application server and registering it with the audit server for management by an audit center; responding to console commands, the audit server generates and publishes a log collection strategy; according to the log collection strategy, the audit agent collects application audit logs; matching the event status attributes recorded in the collected application audit logs to determine the log transmission method; for normal state logs, dynamically calculating log transmission parameters and the audit agent transmission queue based on the recent log packet size, application priority, and current network status of the audit agent; and sequentially transmitting the application audit logs to the audit server for centralized storage and statistical analysis. While this method achieves centralized management and scheduling of log collection and determines the transmission method based on the event status attributes recorded in the application audit logs, the log logic is tightly coupled with business logic, leading to code redundancy, difficulty in unified maintenance, and the need for extensive source code modifications when changing log formats or output targets.
[0006] Currently, existing technologies 1, 2, and 3 suffer from excessive coupling, loose log structures, and a lack of dynamic routing capabilities. To address these issues, this invention provides an audit log control system and method for a real-time operating system. Summary of the Invention
[0007] The main objective of this invention is to provide an audit log control system and method for a real-time operating system to solve the problems of excessive coupling, loose log structure, and lack of dynamic routing capability in the prior art.
[0008] To achieve the above objectives, the present invention provides the following technical solution: An audit log control system for a real-time operating system, comprising: The API layer module subsystem is used to introduce the client library provided by the audit log system into the project; perform one-time configuration when the client starts; transfer the one-time configuration file to the API layer to initialize the client; and call the unified API in the business code of the audit log. The distribution layer subsystem is used by the API layer to receive structured data passed in during a call, encapsulate the structured data into audit event objects, send the audit event objects to the distribution layer, and distribute the audit event objects according to pre-configured rules.
[0009] As a further improvement of the present invention, the API layer module subsystem includes: The configuration source generation component is used to collect the raw parameters required for audit logs from the deployment environment or user settings when the client starts up; the raw parameters constitute the configuration source, which is represented as an unstructured data set; The configuration encapsulation component is used to serialize and encrypt the data set. The serialization process reorganizes the key-value pairs of parameters in the configuration source and adds an integrity check code. The encryption process uses a lightweight symmetric encryption algorithm to generate an immutable configuration encapsulation. The configuration encapsulation is a binary data block containing version identifiers and timestamps for transmitting metadata. The configuration transmission component is used to transmit the configuration package to the API layer via the communication link. The communication link operates based on a lightweight reliable protocol and adopts a handshake confirmation mechanism to establish a temporary session channel before transmission. During transmission, the order and integrity of data packets are monitored. If any packets are lost, retransmission is triggered to ensure that the configuration package arrives at the API layer without loss. The configuration parsing and verification component is used by the API layer to decrypt and deserialize the configuration package after receiving it, extract the structured configuration parameters, verify the integrity check code and metadata to confirm that the data has not been tampered with and is version compatible, and organize the verified parameters into a configuration parameter set, which includes a list of log carrier types and specific settings for each carrier. The client context initialization component is used to configure the parameter set to be input into the API layer's initialization engine, create the client's audit log context, and manage the log recording lifecycle. According to the carrier type in the configuration parameter set, the log recording carriers are registered in sequence: each carrier type corresponds to a driver instance, and the instance parameters are dynamically loaded from the configuration parameter set. After registration, each carrier instance obtains a unique identifier and is bound to the audit log context. The audit log handle generation component is used to initialize the engine to aggregate the audit log context and carrier identifier, and generate an audit log handle. The audit log handle serves as a lightweight access token, encapsulating all initialization state information. The client stores the audit log handle locally and uses it to call the unified audit log API to trigger log events to be sent to the distribution layer.
[0010] As a further improvement of the present invention, the distribution layer subsystem includes: The event feature spectrum extraction component is used to deconstruct the features of audit event objects after they enter the distribution layer. It treats the structured data contained in the audit event object as a composite information flow, and separates and quantifies the various attributes of the audit event object into feature values of different dimensions through a set of preset feature diffraction grids. The feature values are aggregated according to preset weight coefficients to form a multidimensional event feature spectrum. The rule weight dynamic activation component is used to input the generated event feature spectrum into a dynamic rule weight matrix, where each element corresponds to the sensitivity weight of a rule to a certain feature dimension. The feature spectrum and the weight matrix are synthesized to calculate the comprehensive matching degree of each rule, generating a rule activation degree sequence. This sequence includes not only which rules are triggered but also their trigger intensity level. At the same time, feedback factors based on the current system load and recorder state are introduced to fine-tune the activation degree, achieving dynamic decision-making. The distribution path coordination component is used to trigger multiple rules to varying degrees after activation, pointing to one or more target recorders; it coordinates and adjudicates concurrent and weighted multipaths according to the defined strength priority strategy; and outputs a set of conflict-free distribution paths.
[0011] As a further improvement of the present invention, the rule weight dynamic activation component includes: The molecular docking energy spectrum generation sub-component is used to treat each dimensional feature value of the event characteristic spectrum as a conformational information ligand; at the same time, each row of the rule weight matrix corresponds to a rule, which is regarded as a rule acceptor with multidimensional binding sites. Each information ligand and each rule acceptor are virtually docked; the virtual docking process calculates the conformational complementarity and charge interaction between the two in each dimension, generating a set of scalar values called dimensional binding energies; the binding energies of all dimensions are summarized according to the acceptor to form the binding energy spectrum of each rule with the current event characteristic spectrum; The wave superposition and phase harmonic sub-component is used to treat the combined energy spectrum corresponding to each rule as a set of fundamental waves with different frequencies and amplitudes; with reference to the predefined inter-rule coupling coefficient, it synthesizes the fundamental waves of each dimension belonging to the same rule; and outputs an initial activation waveform after internal harmonicization. The environmental entropy field optimization adjudication subcomponent quantifies the current load and the state of each recorder into an environmental entropy value vector. This environmental entropy value vector is then used as an optimization field applied to the initial activation waveform. The Gibbs free energy minimization algorithm is used to calculate the system energy consumption required to activate each rule under the existing environmental constraints. The Gibbs free energy minimization algorithm adjusts the amplitude of the initial waveform to seek a stable solution that minimizes the overall change in the system state. After environmental entropy field optimization adjudication, the initial activation waveform is transformed into a rule activation sequence containing intensity levels.
[0012] As a further improvement of the present invention, the environmental entropy field optimization decision sub-component includes: The constrained manifold topology construction module maps each component of the environmental entropy vector to a set of coordinate axes in a high-dimensional space. Simultaneously, it treats the amplitude value corresponding to each rule in the initial activation waveform as a set of moving points in the high-dimensional space. Based on the actual constraint relationships between the components of the environmental entropy vector, it defines nonlinear correlation equations between the coordinate axes. These nonlinear correlation equations bend the high-dimensional space into a constrained manifold, whose geometry is directly determined by the environmental entropy vector. The moving points of the initial activation waveform are initially distributed on the surface of the constrained manifold, thus transforming environmental constraints into a specific spatial topology. The Energy Geomorphology Potential Well Exploration Module is used to define two scalar fields on a constrained manifold surface: the first is a matching potential field; the second is a dissipative potential field. The two scalar fields are weighted and superimposed to form the energy geomorphology of the constrained manifold surface. The viscous gradient dissipation equalization module is used to obtain the stiffness coefficient between all moving points, which determines the degree of mutual entanglement between the moving points; it introduces the viscous dissipation coefficient related to the inherent resistance when the system changes state; through iterative solution of the constrained multibody motion equations, the group of moving points moves on the curved constrained manifold surface under the combined action of gradient force, degree of entanglement and resistance; the motion stops when the resultant force of all moving points is lower than a set threshold; the final position coordinates of each moving point on the manifold are the activation intensity of each rule after optimization, and the set formed is the rule activation sequence.
[0013] As a further improvement of the present invention, the viscous gradient dissipation equalization module includes: A coupled constraint differential equation establishment submodule is used to establish motion differential equations for each moving point using the manifold surface coordinates as generalized coordinates; the gradient force is a conservative force term, and the degree of involvement is determined by the stiffness coefficient and the relative displacement of the moving point; the viscous drag is determined by the viscous dissipation coefficient and the velocity of the moving point; the constraint conditions are embedded into the motion equations through the Lagrange multiplier method to form a coupled constraint differential equation system containing position, velocity and constraint multipliers. The synchronous iterative submodule for differential-algebraic systems is used to transform a continuous coupled-constrained differential equation system into a discrete algebraic system using a time discretization method. Within each time step, a set of nonlinear algebraic equations for position, velocity, and constraint multipliers is established using an implicit integration scheme. The algebraic system is solved synchronously using the Newton-Raphson iterative method, updating the position and velocity states of all moving points to obtain the discrete-time state solution. The system momentum equilibrium convergence determination submodule calculates the system momentum change rate and constraint satisfaction error based on discrete-time state solutions. When the momentum change rate of all moving points is less than a set threshold and the constraint error is controllable, the system is determined to have reached a dynamic equilibrium state. The position coordinates of the moving points no longer change, and they are mapped to a regular activation degree sequence through linear transformation.
[0014] As a further improvement of the present invention, the coupled constraint differential equation establishment submodule includes: The covariant derivative transformation unit is used to merge the matching potential field and dissipative potential field in the energy geomorphology into a unified energy scalar field using the manifold surface coordinates as generalized coordinates, and to calculate the covariant derivative of the energy scalar field with respect to the manifold coordinates; it transforms the potential gradient into a covariant gradient vector field that is compatible with the manifold geometry; the tangential component of the covariant gradient vector field at each moving point is the conservative force term acting on the moving point; The Lagrange multiplier tensor generating unit is used to treat the nonlinear correlation equations defined in the topological construction of constrained manifolds as a set of complete constraints on generalized coordinates. Based on the principle of the Lagrange multiplier method for handling complete constraints in analytical mechanics, a Lagrange multiplier is introduced for each independent constraint equation, and all multipliers are organized into a Lagrange multiplier tensor. Each component of the Lagrange multiplier tensor corresponds to the contribution of a constraint equation to the virtual work of the system. The matrix formed by the partial derivatives of the constraint conditions with respect to the coordinates is multiplied by this multiplier tensor to generate the generalized constraint force distribution representing the constraint reaction forces. Tensor equation coupling units are used to abstract the connection physical properties described by the stiffness coefficient matrix and the viscous dissipation physical properties described by the viscous dissipation coefficient into two different constitutive relations. The relative displacement of the moving point is regarded as strain, and the relative velocity is regarded as strain rate. The corresponding stress response terms are constructed by the stiffness coefficient and the viscous dissipation coefficient, respectively. In the tangent space of the constrained manifold, the covariant gradient vector field, the generalized constraint force distribution, and the stress response terms generated by the two constitutive relations are tensor-condensed, and the covariant derivative terms of the velocity and acceleration of the moving point are also included. Finally, a covariant coupled differential equation system with manifold coordinates, velocity, acceleration and Lagrange multipliers as unknowns is formed.
[0015] As a further improvement of the present invention, the covariant derivative transformation unit includes: The local gradient projection sub-unit is used to treat the merged energy scalar field as a continuous function defined on the constrained manifold. In the local neighborhood of each moving point on the constrained manifold, a local tangent space coordinate system spanned by the surface coordinates of the constrained manifold is established. Through the local tangent space coordinate system, the ordinary partial derivatives of the energy scalar field with respect to each coordinate component are calculated to obtain a set of scalar values. The scalar values constitute a set of original gradient components represented in the local coordinate system. The absolute differential generator subunit is used to perform index-reduced absolute differential operations on the original gradient component set and the affine connection coefficients; the result adds a geometric correction term determined by the connection coefficient to each component of the original gradient component; the corrected original gradient component set constitutes a covariant derivative component set compatible with the parallel translation rule of the constrained manifold. The covariant gradient field reconstruction sub-unit is used to combine the covariant derivative components with the tangent space basis vectors at each point on the constrained manifold; to perform a linear combination of each component in the covariant derivative component set with the corresponding local tangent space basis vector in the form of a tensor product; and to define a tangent vector at each point on the constrained manifold, with the tangent vectors at all points together forming the covariant gradient vector field.
[0016] As a further improvement of the present invention, it also includes a logging layer subsystem for sending distribution results to the logging layer; registering various loggers in the logging layer, each logger corresponding to a carrier; when the distribution layer routes an event to a certain logger, that logger will start its own work.
[0017] To achieve the above objectives, the present invention also provides the following technical solution: A method for controlling audit logs in a real-time operating system, used to implement the audit log control system of the real-time operating system, comprising: In this project, a client library provided by the audit log system is introduced; a one-time configuration is performed when the client starts; the one-time configuration file is transferred to the API layer to initialize the client; and a unified API is called in the business code of the audit log. The API layer receives the structured data passed in during the call and encapsulates the structured data into an audit event object; it then sends the audit event object to the distribution layer; the distribution layer distributes the audit event object according to pre-configured rules. The distribution results are sent to the logging layer; various loggers are registered in the logging layer, each logger corresponding to a carrier; when the distribution layer routes an event to a logger, the logger starts the corresponding work.
[0018] This invention constructs a highly cohesive, loosely coupled, and easily scalable log governance system through layered decoupling, configurable artifacts, structured events, rule-based distribution, and pluggable recording. It not only reduces the coupling between business code and logging functionality but also meets the comprehensive requirements of modern distributed systems for the real-time performance, reliability, and observability of audit logs through flexible rule configuration and multi-carrier support. Attached Figure Description
[0019] Figure 1 This is a schematic diagram of functional modules of an embodiment of the audit log control system of the real-time operating system of the present invention. Figure 2 This is an audit log system architecture diagram of an embodiment of the audit log control system for the real-time operating system of the present invention; Figure 3 This is a schematic diagram illustrating the logging principle of an audit log system, which is an embodiment of the audit log control system for the real-time operating system of the present invention. Figure 4 This is a functional module diagram of the API layer module subsystem of an embodiment of the audit log control system of the real-time operating system of the present invention; Figure 5 This is a schematic diagram of the functional modules of the distribution layer subsystem of an embodiment of the audit log control system of the real-time operating system of the present invention. Figure 6 This is a schematic diagram of the functional modules of the log recording layer subsystem of an embodiment of the audit log control system of the real-time operating system of the present invention; Figure 7 This is a flowchart illustrating the steps of an embodiment of the audit log control method for a real-time operating system according to the present invention. Figure 8 This is a schematic diagram of the structure of an embodiment of the electronic device of the present invention; Figure 9 This is a schematic diagram of the structure of one embodiment of the storage medium of the present invention. Detailed Implementation
[0020] The technical solutions of the present invention will now be described with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments.
[0021] Hereinafter, the terms "first," "second," etc., are used for descriptive convenience only and should not be construed as indicating or implying relative importance or implicitly specifying the number of indicated technical features. Thus, a feature defined with "first," "second," etc., may explicitly or implicitly include one or more of that feature. In the description of this invention, unless otherwise stated, "a plurality of" means two or more.
[0022] In this invention, unless otherwise explicitly specified and limited, the term "connection" should be interpreted broadly. For example, "connection" can be a fixed mechanical connection, a detachable mechanical connection, or an integral part; or, "connection" can be a direct connection or an indirect connection through an intermediate medium. Furthermore, unless otherwise explicitly specified and limited, the term "coupling" should be interpreted broadly. For example, "coupling" can be a direct electrical connection, such as physical contact and electrical conduction between two components; it can also be understood as an electrical connection between different components in a circuit structure through physical lines capable of transmitting electrical signals, such as copper foil or wires on a printed circuit board (PCB), to transmit electrical signals; or, "coupling" can be an indirect electrical connection between two components through an intermediate medium; or, "coupling" can be an electrical connection between two components in a non-contact manner, such as an electrical connection between two components using capacitive coupling to transmit electrical signals.
[0023] In this embodiment of the invention, directional terms such as "up," "down," "left," and "right" may be defined relative to the orientation of the components shown in the accompanying drawings. It should be understood that these directional terms can be relative concepts, used for relative description and clarification, and can change accordingly depending on the orientation of the components in the accompanying drawings.
[0024] Example 1, such as Figure 1 As shown, this embodiment provides an example of an audit log control system for a real-time operating system. In this embodiment, the audit log control system for the real-time operating system includes: API layer module subsystem 1 is used to introduce the client library provided by the audit log system into the project; perform one-time configuration when the client starts; transfer the one-time configuration file to the API layer to initialize the client; and call the unified API in the business code of the audit log. The distribution layer subsystem 2 is used by the API layer to receive structured data passed in during a call, encapsulate the structured data into audit event objects, send the audit event objects to the distribution layer, and distribute the audit event objects according to pre-configured rules. The logging layer subsystem 3 is used to send the distribution results to the logging layer; various loggers are registered in the logging layer, and each logger corresponds to a carrier; when the distribution layer routes an event to a certain logger, that logger will start its own work.
[0025] Preferably, in this embodiment, the front-end application API layer mainly provides standard APIs for programs that need to record audit logs. Programs can complete the recording of audit logs by calling the APIs according to rules. The log distribution layer is mainly responsible for distributing the logs generated by the front-end to different recording media to complete the storage or forwarding of audit records. The log recording layer is mainly responsible for registering the carriers that need to record logs, such as recording to a local text file, or sending to a remote location via a local socket or udpsocket (see appendix for details). Figure 2 ); To use this audit logging system, you first need to initialize the logging system by calling the `trust_log_init()` interface to initialize the context. Then, according to actual needs, call the `trust_log_load_driver()` interface to register the logging carrier. Currently provided logging carriers are: txt (logs are recorded to a local log file); unix (logs are sent via a local socket); udp (logs are sent via UDP); and sqlite (logs are recorded in an SQLite database). If logs need to be recorded in different objects simultaneously, multiple carriers can be registered. For example, if logs need to be recorded in a log file and simultaneously sent to the logging server via UDP, then this call will register both txt and udp logging carriers. void *txt_log = trust_log_load_driver("text"); void *udp_log = trust_log_load_driver("udp"); If different parameters need to be configured for the logging medium, the `trust_log_tweak()` interface can be called for configuration. For example, when using a txt medium, if you need to log to another file, you can call `trust_log_tweak(txt_log, "path", " / var / log / test / test.log")`, which means the log will be logged to the file ` / var / log / test / test.log`. When using a UDP medium, you can use this interface to set the UDP port number and the receiving IP address, for example, `trust_log_tweak(udp_log, "port", 123)`, `trust_log_tweak(udp_log, "ipaddr","192.168.0.100")`. After this setting, the log will be sent to port 123 of 192.168.0.100 via UDP. As long as there is a process listening on port 123 on the 192.168.0.100 device, it can receive the log (see appendix for details). Figure 3 ).
[0026] After the logging system is initialized and its parameters are set, the business application can call the `trust_log_append` interface to send logs to the registered carrier. For example, to simultaneously record logs to a local log file and send them to a remote location via UDP, it can be called as follows: char *log = "test log"; audit_append(txt_log, log); audit_append(udp_log, log); If a process using logs exits or no longer needs to record logs, and the logging system needs to be shut down, you must first unregister the registered log carriers and then release the logging system context.
[0027] In summary, through the interface provided by the audit log system, application developers can easily record audit logs to any desired media, such as audit log files on disk, logs sent to a remote server for unified storage via socket, or logs in a database, by simply calling the interface.
[0028] Example 2, as Figure 4 As shown, API layer module subsystem 1 specifically includes: The configuration source generation component is used to collect the raw parameters required for audit logs from the deployment environment or user settings when the client starts up, including log carrier type, file path and network address and other related settings; the raw parameters constitute the configuration source, which is an unstructured data set; The configuration encapsulation component is used to serialize and encrypt the data set. The serialization process reorganizes the key-value pairs of parameters in the configuration source and adds an integrity check code. The encryption process uses a lightweight symmetric encryption algorithm to generate an immutable configuration encapsulation. The configuration encapsulation is a binary data block containing transmission metadata such as version identifier and timestamp. The lightweight symmetric encryption algorithm uses the formula expression of the structural entropy-change encryption model:
[0029] In the formula, This represents the final generated configuration package; The fluidization solidification function, derived from the material phase transition theory, represents the fixed state in the final stage of densification. The structure weaving function represents the process of weaving keys and data; The crystallization function, derived from crystal growth theory, represents the data structuring process. This represents serialized configuration parameter data; ⊕ indicates the transmission of metadata; ⊕ indicates the dynamic interleaving operator, representing parameterized interleaving rather than simple XOR; Represents a time-dependent key function, where the key changes over time; This represents the entropy-increasing sealing operator, indicating the disordering of information brought about by encryption; The structural entropy factor is determined by the timestamp τ and the version v; the formula's operating principle describes the complete transformation process from raw data to the encrypted package, its core principle being structural entropy change—achieving encryption protection by altering the information structure state of the data; internal structure reorganization is represented by... The process enables data and metadata to form a crystallized structure, similar to the phase transition from disorder to order in matter, enhancing the intrinsic stability of the data; dynamic key fusion representation The process integrates key and data weaving, key function The weaving pattern changes over time, exhibiting a time-dependent characteristic, similar to dynamic fabric texture variations; entropy increase sealing and solidification represent Φ(...). The S(τ, v) process completes the final encryption; The structure entropy factor adjusts the encryption strength based on the timestamp and version number. The operators ensure that the encryption process introduces controllable entropy increase, enabling the package to reach a thermodynamically stable state; time-dimensional encryption means that the key function K(t) introduces a time variable, making the encryption process dynamic, with the same data resulting in different encryption outcomes at different times; structural entropy control means that the encryption strength is precisely controlled through the S(τ, v) factor, and the entropy increase level can be adjusted with version upgrades; the multi-layer protection mechanism means that the three stages of crystallization, weaving, and solidification provide structural stability, dynamic obfuscation, and final sealing, respectively; the self-verification feature means that the internal structure of the package contains implicit integrity information, eliminating the need for external verification codes. The configuration transmission component is used to transmit the configuration package to the API layer via a dedicated communication link. The communication link operates based on a lightweight reliable protocol and adopts a handshake confirmation mechanism to establish a temporary session channel before transmission. During transmission, the order and integrity of data packets are monitored, and retransmission is triggered if any packets are lost to ensure that the configuration package arrives at the API layer without loss. The configuration parsing and verification component is used by the API layer to decrypt and deserialize the configuration package after receiving it, extract the structured configuration parameters, verify the integrity check code and metadata to confirm that the data has not been tampered with and is version compatible, and organize the verified parameters into a configuration parameter set, which includes a list of log carrier types and specific settings for each carrier. The client context initialization component is used to configure the parameter set to be input into the API layer's initialization engine, create the client's audit log context, and manage the log recording lifecycle. According to the carrier type in the configuration parameter set, the log recording carriers are registered in sequence: each carrier type corresponds to a driver instance, and the instance parameters are dynamically loaded from the configuration parameter set. After registration, each carrier instance obtains a unique identifier and is bound to the audit log context. The audit log handle generation component is used to initialize the engine to aggregate the audit log context and carrier identifier, and generate an audit log handle. The audit log handle serves as a lightweight access token, encapsulating all the initialization state information. The client stores this handle locally and uses it to call the unified audit log API to trigger log events to be sent to the distribution layer.
[0030] Preferably, in this embodiment, the API layer module subsystem, through the collaborative operation of its components, achieves secure collection, transmission, parsing, and initialization of configuration data from the client to the API layer, ultimately generating a unified audit log handle and providing a stable and reliable runtime environment for audit log recording. Specific technical effects are as follows: The configuration source generation component collects raw parameters from the deployment environment or user settings, forming an unstructured configuration source. This ensures that the basic parameters required for audit logs are fully acquired during the client startup phase, covering key settings such as log carrier type, file path, and network address, providing a data foundation for subsequent processing. The configuration encapsulation component performs serialization and encryption conversion on the configuration source. The serialization process reorganizes the parameters into key-value pairs and adds integrity check codes. The encryption process uses a lightweight symmetric encryption algorithm to generate an immutable configuration encapsulation, which includes transmission metadata such as version identifiers and timestamps. This process converts the raw parameters into structured binary data blocks, ensuring the integrity and confidentiality of the data before transmission. The configuration transmission component transmits the configuration package via a dedicated communication link based on a lightweight reliable protocol. It establishes a temporary session channel using a handshake confirmation mechanism, monitors data packet order and integrity, and triggers a retransmission mechanism in case of packet loss. This ensures the configuration package arrives at the API layer without loss during transmission, preventing data loss or corruption due to network instability. The configuration parsing and verification component receives the configuration package at the API layer and performs decryption and deserialization operations to extract structured configuration parameters. It verifies the integrity checksum and metadata, confirming that the data has not been tampered with and is version compatible. Verified parameters are organized into a configuration parameter set, containing a list of log carrier types and specific settings for each carrier, providing accurate and reliable input for client context initialization. The client context initialization component inputs the configuration parameter set into the API layer's initialization engine, creating an audit log context for the client to manage the log recording lifecycle. Based on the carrier types in the configuration parameter set, log recording carriers are registered sequentially, with each carrier type corresponding to a driver instance. Instance parameters are dynamically loaded from the configuration parameter set. After registration, each carrier instance obtains a unique identifier and is bound to the audit log context, enabling dynamic loading and configuration of the carrier driver. The audit log handle generation component aggregates the audit log context and carrier identifier to generate an audit log handle in the form of a lightweight access token, encapsulating all initialization state information. The client stores this handle locally and uses it to invoke the unified audit log API, triggering log events to be sent to the distribution layer, thus providing a consistent and efficient log access interface.
[0031] In summary, the various components in this embodiment work closely together to achieve secure end-to-end transmission, dynamic parsing, and runtime initialization of configuration data, ultimately generating a reusable audit log handle. This ensures that the audit log system has complete, configurable, and secure logging capabilities as soon as the client starts up.
[0032] Example 3, configuring the transmission component, specifically including: The environment detection and identity broadcasting subcomponent is used by the client to perform environment detection before transmitting the configuration encapsulation body; it generates a spatiotemporal marker signal based on the timestamp metadata in the configuration encapsulation body; the client fuses this signal with its own identity digest to form a detection frame; the detection frame is released to the predetermined network coordinates in the form of basic fluctuations; the detection frame spreads in the network medium and waits for the response from the API layer; The spectrum synchronization and channel resonator components are used by the API layer to initiate spectrum analysis after sensing fluctuations in the probe frame. The API layer extracts the spatiotemporal markers from the probe frame, compares them with its own clock phase, and obtains the time difference compensation value. At the same time, the API layer generates a spectrum synchronization factor. The API layer combines the time difference compensation value and the spectrum synchronization factor, encapsulates them into a resonance response frame, and returns it along the path of the probe frame. After receiving the resonance response frame, the client applies the time difference compensation value to calibrate its own transmission timing and loads the spectrum synchronization factor into the waveform generator for subsequent communication, forming a preliminary coordination state. The channel stabilization and redundancy weaving sub-component is used to enter the channel construction phase based on the coordinated state; the client uses the calibrated timing and loaded spectrum synchronization factors to generate a set of mutually orthogonal baseband logical streams; the API layer confirms the baseband logical streams after verifying that they conform to the orthogonality relationship agreed upon by the synchronization factors; both parties weave a virtual transmission plane composed of multiple logical sub-channels using the baseband logical streams as the warp and weft; the virtual transmission plane becomes a temporary session channel that carries the transmission of the configuration encapsulation.
[0033] Preferably, the environment detection and identity broadcasting subcomponent in this embodiment performs client environment detection, generates spatiotemporal marker signals, fuses identity digests to form detection frames, and releases them to predetermined network coordinates to achieve preliminary network reachability and identity notification, establishing basic link detection capabilities for interaction. The spectrum synchronization and channel resonance subcomponent performs spectrum analysis and spatiotemporal marker phase comparison on the detection frames through the API layer to generate time difference compensation values, and encapsulates them into resonance response frames with spectrum synchronization factors and returns them to the client. This enables the client to calibrate the transmission timing and load the synchronization factors into the waveform generator, achieving bidirectional timing synchronization and spectrum coordination, and establishing a time-frequency reference for reliable communication. Based on timing synchronization and spectrum coordination, the channel stabilization and redundancy weaving subcomponent generates an orthogonal baseband logic stream from the client. After verification and confirmation by the API layer, both parties jointly construct a virtual transmission plane woven from multiple logical sub-channels. This plane serves as a temporary session channel, and through the parallel transmission and redundancy design of the orthogonal sub-channels, it improves the fault tolerance, load balancing, and channel stability of the configuration encapsulation transmission.
[0034] In summary, each sub-component in this embodiment sequentially completes link detection, time-frequency synchronization, and channel construction, forming a reliable transmission path with timing alignment, spectrum coordination, and redundancy fault tolerance characteristics, ensuring that the configuration package is transmitted efficiently, stably, and securely in the network environment.
[0035] Example 4, as Figure 5 As shown, the distribution layer subsystem 2 specifically includes: The event feature spectrum extraction component is used to deconstruct the features of audit event objects after they enter the distribution layer. It treats the structured data contained in the audit event object as a composite information flow, and separates and quantifies the various attributes of the audit event object, such as event type, priority, source module, and time stamp, into feature values of different dimensions through a set of preset feature diffraction grids. The feature values are aggregated according to preset weight coefficients to form a multi-dimensional event feature spectrum. The rule weight dynamic activation component is used to input the generated event feature spectrum into a dynamic rule weight matrix, where each element corresponds to the sensitivity weight of a rule to a certain feature dimension. The feature spectrum and the weight matrix are synthesized to calculate the comprehensive matching degree of each rule, generating a rule activation degree sequence. This sequence includes not only which rules are triggered but also their trigger intensity level. At the same time, feedback factors based on the current system load and recorder state are introduced to fine-tune the activation degree, achieving dynamic decision-making. The distribution path coordination component is used to coordinate and adjudicate concurrent and weighted multipaths based on a defined strength priority strategy, which may trigger multiple rules to varying degrees after activation, pointing to one or more target loggers. It outputs a set of conflict-free distribution paths, clearly indicating which specific logger(s) the audit event object should be sent to.
[0036] Preferably, the event feature spectrum extraction component in this embodiment deconstructs the audit event object, separating and quantifying attributes such as event type, priority, source module, and time stamp into multi-dimensional feature values, and then aggregating them into an event feature spectrum according to preset weight coefficients. This achieves standardized and structured expression of audit event features, providing a unified input for rule matching. The rule weight dynamic activation component inputs the event feature spectrum into a dynamic rule weight matrix, calculates the comprehensive matching degree of each rule, and generates a rule activation degree sequence. Simultaneously, it incorporates feedback factors from the current system load and recorder status for fine-tuning, achieving precise quantification and dynamic adaptation of rule triggering, improving the flexibility and environmental adaptability of rule matching. The distribution path coordination component, based on the rule activation degree sequence, coordinates and adjudicates concurrent and weighted multiple paths according to a strength-first strategy, outputting a conflict-free distribution path set, clearly defining the target recorder for the audit event object, and ensuring consistency and efficiency in event distribution decisions.
[0037] In summary, each component in this embodiment sequentially completes event feature extraction, dynamic rule matching, and distribution path coordination, forming a complete event distribution mechanism from feature parsing to path decision-making. Through spectral feature expression, dynamic weight adjustment, and multi-path collaborative adjudication, it achieves high-precision classification, adaptive rule triggering, and efficient and reliable distribution of audit events, optimizing the automation level and resource allocation rationality of the event processing flow.
[0038] Example 5, rule weight dynamic activation component, specifically includes: The molecular docking energy spectrum generation sub-component is used to treat each dimensional feature value of the event characteristic spectrum as an information ligand with a specific conformation; at the same time, each row of the rule weight matrix corresponds to a rule, which is regarded as a rule acceptor with multidimensional binding sites. Each information ligand and each rule acceptor are virtually docked; the virtual docking process calculates the conformational complementarity and charge interaction between the two in each dimension, generating a set of scalar values called dimensional binding energies; the binding energies of all dimensions are summarized according to the acceptor to form the binding energy spectrum of each rule with the current event characteristic spectrum; The wave superposition and phase harmonization sub-component is used to treat the combined energy spectrum corresponding to each rule as a set of fundamental waves with different frequencies and amplitudes; with reference to the predefined inter-rule coupling coefficient, the fundamental waves of each dimension belonging to the same rule are synthesized; the synthesis operation simulates the interference phenomenon of waves. When certain dimensional features point to the same conclusion, their corresponding fundamental wave phases are the same, resulting in constructive interference and amplitude enhancement; when there are contradictions between features, destructive interference is generated, and amplitude is weakened; an initial activation waveform after internal harmonization is output. The environmental entropy field optimization adjudication subcomponent quantifies the current load and the state of each recorder into an environmental entropy value vector. This environmental entropy value vector is then used as an optimization field applied to the initial activation waveform. The Gibbs free energy minimization algorithm is used to calculate the system energy consumption required to activate each rule under the existing environmental constraints. The Gibbs free energy minimization algorithm adjusts the amplitude of the initial waveform to seek a stable solution that minimizes the overall change in the system state. After environmental entropy field optimization adjudication, the initial activation waveform is transformed into a rule activation sequence containing intensity levels.
[0039] Preferably, in this embodiment, each sub-component sequentially completes docking energy spectrum generation, internal fluctuation harmonization, and environmental entropy field optimization, forming a rule activation mechanism from feature rule interaction modeling to environmental adaptive decision-making; through energy-based docking, fluctuation interference synthesis, and entropy field constraint optimization, it achieves refined simulation of the rule matching process, adaptive resolution of feature contradictions, and dynamic intensity adjustment sensitive to system load, thereby improving the accuracy, robustness, and resource efficiency of audit event distribution decisions.
[0040] Example 6, Environmental Entropy Field Optimization Decision Sub-component, specifically includes: The constrained manifold topology construction module maps each component of the environmental entropy vector to a set of coordinate axes in a high-dimensional space. Each component includes the current system load value, the queue length of each recorder, and the Boolean value of the ready state. Simultaneously, the amplitude value corresponding to each rule in the initial activation waveform is considered as a set of moving points in the high-dimensional space. Based on the actual constraint relationships between the components of the environmental entropy vector, a nonlinear correlation equation is defined between the coordinate axes. This nonlinear correlation equation bends the high-dimensional space into a constrained manifold. The geometry of the constrained manifold is directly determined by the environmental entropy vector, and the moving points of the initial activation waveform are initially distributed on the surface of the constrained manifold. This transforms environmental constraints into a specific spatial topology. The Energy Geomorphology Potential Well Exploration Module is used to define two scalar fields on the surface of a constrained manifold: the first is a matching potential field, whose field strength is negatively correlated with the geodesic distance from the current position of the moving point to the specified position of the initial activation amplitude, i.e., the ideal matching point, with lower potential energy the closer the distance; the second is a dissipative potential field, whose field strength is positively correlated with the geodesic distance from the current position of the moving point to the low-load region on the manifold, with higher potential energy the farther the distance; the two scalar fields are weighted and superimposed to form the energy geomorphology of the constrained manifold surface; The viscous gradient dissipation equalization module is used to obtain the stiffness coefficient between all moving points, which determines the degree of mutual entanglement between the moving points; it introduces the viscous dissipation coefficient related to the inherent resistance when the system changes state; through iterative solution of the constrained multibody motion equations, the group of moving points moves on the curved constrained manifold surface under the combined action of gradient force, degree of entanglement and resistance; the motion stops when the resultant force of all moving points is lower than a set threshold; the final position coordinates of each moving point on the manifold are the activation intensity of each rule after optimization, and the set formed is the rule activation sequence.
[0041] Preferably, this embodiment transforms the dynamic adjustment problem of discrete rule activation intensity into a geometric optimization process in continuous space. The system state is structured and encoded using constrained manifolds, and multiple optimization objectives are fused using energy-geomorphology. Finally, a stable solution search is achieved using a constrained dynamic system. While ensuring the correlation constraints between rules, the rule matching accuracy and system load distribution are simultaneously optimized, providing a convergent mathematical framework for adaptive decision-making in dynamic environments.
[0042] Example 7, Viscous gradient dissipation equalization module, specifically includes: A coupled constraint differential equation establishment submodule is used to establish motion differential equations for each moving point using the manifold surface coordinates as generalized coordinates; the gradient force is a conservative force term, and the degree of involvement is determined by the stiffness coefficient and the relative displacement of the moving point; the viscous drag is determined by the viscous dissipation coefficient and the velocity of the moving point; the constraint conditions are embedded into the motion equations through the Lagrange multiplier method to form a coupled constraint differential equation system containing position, velocity and constraint multipliers. The synchronous iterative submodule for differential-algebraic systems is used to transform a continuous coupled-constrained differential equation system into a discrete algebraic system using a time discretization method. Within each time step, a set of nonlinear algebraic equations for position, velocity, and constraint multipliers is established using an implicit integration scheme. The algebraic system is solved synchronously using the Newton-Raphson iterative method, updating the position and velocity states of all moving points to obtain the discrete-time state solution. The system momentum equilibrium convergence determination submodule calculates the system momentum change rate and constraint satisfaction error based on discrete-time state solutions. When the momentum change rate of all moving points is less than a set threshold and the constraint error is controllable, the system is determined to have reached a dynamic equilibrium state. The position coordinates of the moving points no longer change, and they are mapped to a regular activation degree sequence through linear transformation.
[0043] In the implicit integral scheme for time discretization, the continuous differential equations are differentiated between adjacent time steps. Specifically, the position, velocity, and constraint multipliers to be determined in the next time step are used to represent the acceleration and force equilibrium conditions in the current time step, thus transforming the differential equations into a system of nonlinear algebraic equations with these unknowns as variables. The process of calculating the rate of change of system momentum and constraint satisfaction error based on the discrete-time state solution quantifies the rate of change of momentum by comparing the vector difference of the total momentum of the system between adjacent time steps, and measures the constraint satisfaction error by calculating the residual norm obtained after substituting the current state into the complete constraint geometric equations.
[0044] Preferably, this embodiment realizes the dynamic evolution of a moving point on a constrained manifold under the combined effects of gradient force, elastic entrainment and viscous dissipation through a closed-loop process of dynamic modeling, simultaneous constraint solution and momentum balance determination, and ensures that the system converges to a stable equilibrium state under both momentum and geometric constraints, thereby outputting a dynamically consistent and constraint-satisfied rule activation sequence.
[0045] Example 8, the submodule for establishing coupled constraint differential equations, specifically includes: The covariant derivative transformation unit is used to merge the matching potential field and dissipative potential field in the energy geomorphology into a unified energy scalar field using the manifold surface coordinates as generalized coordinates, and to calculate the covariant derivative of the energy scalar field with respect to the manifold coordinates; it transforms the potential gradient into a covariant gradient vector field that is compatible with the manifold geometry; the tangential component of the covariant gradient vector field at each moving point is the conservative force term acting on the moving point; The Lagrange multiplier tensor generating unit is used to treat the nonlinear correlation equations defined in the topological construction of constrained manifolds as a complete set of constraints on generalized coordinates. Based on the principle of the Lagrange multiplier method for handling complete constraints in analytical mechanics, but extended to the manifold context: a Lagrange multiplier is introduced for each independent constraint equation, and all multipliers are organized into a Lagrange multiplier tensor; each component of the Lagrange multiplier tensor corresponds to the contribution of a constraint equation to the virtual work of the system; the matrix formed by the partial derivatives of the constraints with respect to coordinates is multiplied by this multiplier tensor to generate the generalized constraint force distribution representing the constraint reactions. Tensor equation coupling units are used to abstract the connection physical properties described by the stiffness coefficient matrix and the viscous dissipation physical properties described by the viscous dissipation coefficient into two different constitutive relations. The relative displacement of the moving point is regarded as strain, and the relative velocity is regarded as strain rate. The corresponding stress response terms are constructed by the stiffness coefficient and the viscous dissipation coefficient, respectively. In the tangent space of the constrained manifold, the covariant gradient vector field, the generalized constraint force distribution, and the stress response terms generated by the two constitutive relations are tensor-condensed, and the covariant derivative terms of the velocity and acceleration of the moving point are also included. Finally, a covariant coupled differential equation system with manifold coordinates, velocity, acceleration and Lagrange multipliers as unknowns is formed.
[0046] Preferably, this embodiment constructs a coupled differential equation system that strictly satisfies geometric compatibility, physical constitutive relations and constraints on constrained manifolds by combining covariant geometry, tensor algebra and constitutive relations, providing a mathematical model foundation with clear geometric meaning and physical interpretation for numerical solution.
[0047] Example 9, Covariant Derivative Transformation Unit, specifically includes: The local gradient projection sub-unit is used to treat the merged energy scalar field as a continuous function defined on the constrained manifold. In the local neighborhood of each moving point on the constrained manifold, a local tangent space coordinate system spanned by the surface coordinates of the constrained manifold is established. Through the local tangent space coordinate system, the ordinary partial derivatives of the energy scalar field with respect to each coordinate component are calculated to obtain a set of scalar values. The scalar values constitute a set of original gradient components represented in the local coordinate system. The absolute differential generator subunit is used to perform index-reduced absolute differential operations on the original gradient component set and the affine connection coefficients; the result adds a geometric correction term determined by the connection coefficient to each component of the original gradient component; the corrected original gradient component set constitutes a covariant derivative component set compatible with the parallel translation rule of the constrained manifold. The covariant gradient field reconstruction sub-unit is used to combine the covariant derivative components with the tangent space basis vectors at each point on the constrained manifold; to perform a linear combination of each component in the covariant derivative component set with the corresponding local tangent space basis vector in the form of a tensor product; and to define a tangent vector at each point on the constrained manifold, with the tangent vectors at all points together forming the covariant gradient vector field.
[0048] Preferably, this embodiment transforms the gradient information of the energy scalar field from the form of ordinary partial derivatives into a geometrically covariant tangent vector field through the stepwise processing of local coordinate system projection, affine connection correction and tangent space reconstruction, ensuring the geometric correctness and physical consistency of the conservative force terms on the manifold in the subsequent dynamic equations.
[0049] Example 10, as Figure 6 As shown, the logging layer subsystem 3 specifically includes: The template metadata extraction component is used to input the carrier type identifier into the driver template library for matching. After successful retrieval, the basic definition metadata of the corresponding carrier is extracted. The basic definition metadata undergoes a structural transformation to generate a set of instantiable driver descriptors containing standard interface definitions. The logical resource binding component is used to interface between instantiable driver descriptors and system-pre-allocated underlying physical resources, mapping logical operations in the instantiable driver descriptors to specific resources; after the interface is completed, it verifies that a complete bidirectional path is formed between the logical operations and the physical resources, and generates a logger instance with basic functions. The parameter fusion and state activation component is used for the logger instance to receive user configuration parameters. The user configuration parameters are gradually fused into the internal state and resource paths of the instance, replacing the initial default values. When the internal components of the logger instance reach a coordinated and stable state, the logger instance is marked as ready, assigned a unique identifier, and registered in the routing directory.
[0050] Preferably, this embodiment realizes the standardized construction, resource deployment and dynamic readiness of log recorder instances through the process of template extraction, resource binding and parameter activation, providing upper-layer log service with a recording function unit that can be flexibly configured according to carrier type, resource ready and routable access.
[0051] Example 11, as Figure 7 As shown, this embodiment also provides an embodiment of an audit log control method for a real-time operating system. In this embodiment, the audit log control method for a real-time operating system is applied to an audit log control system for a real-time operating system. The audit log control method for a real-time operating system specifically includes the following steps: Step S1: In the project, introduce the client library provided by the audit log system; perform a one-time configuration when the client starts; transfer the one-time configuration file to the API layer to initialize the client; call the unified API in the business code of the audit log; Step S2: The API layer receives the structured data passed in during the call and encapsulates the structured data into an audit event object; it then sends the audit event object to the distribution layer; the distribution layer distributes the audit event object according to pre-configured rules. Step S3: Send the distribution results to the logging layer; register various loggers in the logging layer, each logger corresponding to a carrier; when the distribution layer routes an event to a certain logger, that logger will start its own work.
[0052] Preferably, this embodiment completes client initialization through a one-time configuration file and centrally transmits the configuration to the API layer. This design decouples configuration from code, allowing dynamic adjustment of logging behavior without restarting the application. Simultaneously, a unified initialization mechanism ensures consistency in auditing strategies, reducing the risk of errors from repeated configuration. The incoming structured data is encapsulated as audit event objects, enhancing data standardization and semantic clarity. Structured data facilitates automated processing and verification, while event object encapsulation unifies the data format, providing standardized interfaces for subsequent distribution, serialization, and storage, improving system processing efficiency and log readability. The distribution layer routes events through pre-configured rules, enabling flexible event classification and targeted output. For example, logs can be distributed to different loggers based on event level, business module, or user tags, supporting fine-grained log management strategies and adapting to complex scenarios involving multiple tenants and environments. Loggers are registered as plugins, with each logger corresponding to a specific log load. The design endows the system with strong adaptability and ecosystem compatibility, allowing users to combine or customize loggers according to actual needs, while ensuring the reliability and performance isolation of the log output process.
[0053] In summary, this embodiment constructs a highly cohesive, loosely coupled, and easily scalable log governance system through layered decoupling, configurable artifacts, structured events, rule-based distribution, and pluggable recording. It not only reduces the coupling between business code and logging functionality but also meets the comprehensive requirements of modern distributed systems for the real-time performance, reliability, and observability of audit logs through flexible rule configuration and multi-carrier support.
[0054] like Figure 8 As shown, this embodiment provides an embodiment of an electronic device 4, which includes a processor 41 and a memory 42 coupled to the processor 41.
[0055] The memory 42 stores program instructions for an audit log control system that implements the real-time operating system of any of the above embodiments.
[0056] The processor 41 is used to execute program instructions stored in the memory 42 for audit log control of the real-time operating system.
[0057] The processor 41 can also be referred to as a CPU (Central Processing Unit). The processor 41 may be an integrated circuit chip with signal processing capabilities. The processor 41 can also be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. A general-purpose processor can be a microprocessor or any conventional processor.
[0058] Furthermore, Figure 9 This is a schematic diagram of the structure of a storage medium according to an embodiment of this application. The storage medium 5 of this embodiment stores program instructions 51 capable of implementing all the methods described above. These program instructions 51 can be stored in the storage medium in the form of a software product, including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) or processor to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks, or terminal devices such as computers, servers, mobile phones, and tablets.
[0059] In the several embodiments provided by this invention, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection between apparatuses or units through some interfaces, and may be electrical, mechanical, or other forms.
[0060] Furthermore, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated units described above can be implemented in hardware or as software functional units. The above are merely embodiments of the present invention and do not limit the patent scope of the present invention. Any equivalent structural or procedural transformations made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of the present invention.
[0061] The specific embodiments of the invention have been described in detail above, but these are merely examples, and the invention is not limited to the specific embodiments described above. For those skilled in the art, any equivalent modifications or substitutions to the invention are also within the scope of this invention. Therefore, all equivalent transformations, modifications, and improvements made without departing from the spirit and principles of this invention should be included within the scope of this invention.
Claims
1. An audit log control system for a real-time operating system, characterized in that, Include: The API layer module subsystem is used to introduce the client library provided by the audit log system into the project; perform one-time configuration when the client starts; transfer the one-time configuration file to the API layer to initialize the client; and call the unified API in the business code of the audit log. The distribution layer subsystem is used by the API layer to receive structured data passed in during a call, encapsulate the structured data into an audit event object, and send the audit event object to the distribution layer. The distribution layer distributes audit event objects according to pre-configured rules.
2. The audit log control system for a real-time operating system as described in claim 1, characterized in that, The API layer module subsystem includes: The configuration source generation component is used to collect the raw parameters required for audit logs from the deployment environment or user settings when the client starts up; the raw parameters constitute the configuration source, which is represented as an unstructured data set; The configuration encapsulation component is used to serialize and encrypt the data set. The serialization process reorganizes the key-value pairs of parameters in the configuration source and adds an integrity check code. The encryption process uses a lightweight symmetric encryption algorithm to generate an immutable configuration encapsulation. The configuration encapsulation is a binary data block containing version identifiers and timestamps for transmitting metadata. The configuration transmission component is used to transmit the configuration package to the API layer via the communication link. The communication link operates based on a lightweight reliable protocol and adopts a handshake confirmation mechanism to establish a temporary session channel before transmission. During transmission, the order and integrity of data packets are monitored. If any packets are lost, retransmission is triggered to ensure that the configuration package arrives at the API layer without loss. The configuration parsing and verification component is used by the API layer to decrypt and deserialize the configuration package after receiving it, extract the structured configuration parameters, verify the integrity check code and metadata to confirm that the data has not been tampered with and is version compatible, and organize the verified parameters into a configuration parameter set, which includes a list of log carrier types and specific settings for each carrier. The client context initialization component is used to configure the parameter set to be input into the API layer's initialization engine, create the client's audit log context, and manage the log recording lifecycle. According to the carrier type in the configuration parameter set, the log recording carriers are registered in sequence: each carrier type corresponds to a driver instance, and the instance parameters are dynamically loaded from the configuration parameter set. After registration, each carrier instance obtains a unique identifier and is bound to the audit log context. The audit log handle generation component is used to initialize the engine to aggregate the audit log context and carrier identifier, and generate an audit log handle. The audit log handle serves as a lightweight access token, encapsulating all initialization state information. The client stores the audit log handle locally and uses it to call the unified audit log API to trigger log events to be sent to the distribution layer.
3. The audit log control system for a real-time operating system as described in claim 1, characterized in that, The distribution layer subsystem specifically includes: The event feature spectrum extraction component is used to deconstruct the features of audit event objects after they enter the distribution layer. It treats the structured data contained in the audit event object as a composite information flow, and separates and quantifies the various attributes of the audit event object into feature values of different dimensions through a set of preset feature diffraction grids. The feature values are aggregated according to preset weight coefficients to form a multidimensional event feature spectrum. The rule weight dynamic activation component is used to input the generated event feature spectrum into a dynamic rule weight matrix, where each element corresponds to the sensitivity weight of a rule to a certain feature dimension. The feature spectrum and the weight matrix are synthesized to calculate the comprehensive matching degree of each rule, generating a rule activation degree sequence. This sequence includes not only which rules are triggered but also their trigger intensity level. At the same time, feedback factors based on the current system load and recorder state are introduced to fine-tune the activation degree, achieving dynamic decision-making. The distribution path coordination component is used to trigger multiple rules to varying degrees after activation, pointing to one or more target recorders; it coordinates and adjudicates concurrent and weighted multipaths according to the defined strength priority strategy; and outputs a set of conflict-free distribution paths.
4. The audit log control system for a real-time operating system as described in claim 3, characterized in that, The rule-weighted dynamic activation component includes: The molecular docking energy spectrum generation sub-component is used to treat each dimensional feature value of the event characteristic spectrum as a conformational information ligand; at the same time, each row of the rule weight matrix corresponds to a rule, which is regarded as a rule acceptor with multidimensional binding sites. Each information ligand and each rule acceptor are virtually docked; the virtual docking process calculates the conformational complementarity and charge interaction between the two in each dimension, generating a set of scalar values called dimensional binding energies; the binding energies of all dimensions are summarized according to the acceptor to form the binding energy spectrum of each rule with the current event characteristic spectrum; The wave superposition and phase harmonic sub-component is used to treat the combined energy spectrum corresponding to each rule as a set of fundamental waves with different frequencies and amplitudes; with reference to the predefined inter-rule coupling coefficient, it synthesizes the fundamental waves of each dimension belonging to the same rule; and outputs an initial activation waveform after internal harmonicization. The environmental entropy field optimization adjudication subcomponent quantifies the current load and the state of each recorder into an environmental entropy value vector. This environmental entropy value vector is then used as an optimization field applied to the initial activation waveform. The Gibbs free energy minimization algorithm is used to calculate the system energy consumption required to activate each rule under the existing environmental constraints. The Gibbs free energy minimization algorithm adjusts the amplitude of the initial waveform to seek a stable solution that minimizes the overall change in the system state. After environmental entropy field optimization adjudication, the initial activation waveform is transformed into a rule activation sequence containing intensity levels.
5. The audit log control system for a real-time operating system as described in claim 4, characterized in that, The environmental entropy field optimization decision sub-component includes: The constrained manifold topology construction module maps each component of the environmental entropy vector to a set of coordinate axes in a high-dimensional space. Simultaneously, it treats the amplitude value corresponding to each rule in the initial activation waveform as a set of moving points in the high-dimensional space. Based on the actual constraint relationships between the components of the environmental entropy vector, it defines nonlinear correlation equations between the coordinate axes. These nonlinear correlation equations bend the high-dimensional space into a constrained manifold, whose geometry is directly determined by the environmental entropy vector. The moving points of the initial activation waveform are initially distributed on the surface of the constrained manifold, thus transforming environmental constraints into a specific spatial topology. The Energy Geomorphology Potential Well Exploration Module is used to define two scalar fields on a constrained manifold surface: the first is a matching potential field; the second is a dissipative potential field. The two scalar fields are weighted and superimposed to form the energy geomorphology of the constrained manifold surface. The viscous gradient dissipation equalization module is used to obtain the stiffness coefficient between all moving points, which determines the degree of mutual entanglement between the moving points; it introduces the viscous dissipation coefficient related to the inherent resistance when the system changes state; through iterative solution of the constrained multibody motion equations, the group of moving points moves on the curved constrained manifold surface under the combined action of gradient force, degree of entanglement and resistance; the motion stops when the resultant force of all moving points is lower than a set threshold; the final position coordinates of each moving point on the manifold are the activation intensity of each rule after optimization, and the set formed is the rule activation sequence.
6. The audit log control system for a real-time operating system as described in claim 5, characterized in that, The viscous gradient dissipation equalization module includes: A coupled constraint differential equation establishment submodule is used to establish motion differential equations for each moving point using the manifold surface coordinates as generalized coordinates; the gradient force is a conservative force term, and the degree of involvement is determined by the stiffness coefficient and the relative displacement of the moving point; the viscous drag is determined by the viscous dissipation coefficient and the velocity of the moving point; the constraint conditions are embedded into the motion equations through the Lagrange multiplier method to form a coupled constraint differential equation system containing position, velocity and constraint multipliers. The synchronous iterative submodule for differential-algebraic systems is used to transform a continuous coupled-constrained differential equation system into a discrete algebraic system using a time discretization method. Within each time step, a set of nonlinear algebraic equations for position, velocity, and constraint multipliers is established using an implicit integration scheme. The algebraic system is solved synchronously using the Newton-Raphson iterative method, updating the position and velocity states of all moving points to obtain the discrete-time state solution. The system momentum equilibrium convergence determination submodule calculates the system momentum change rate and constraint satisfaction error based on discrete-time state solutions. When the momentum change rate of all moving points is less than a set threshold and the constraint error is controllable, the system is determined to have reached a dynamic equilibrium state. The position coordinates of the moving points no longer change, and they are mapped to a regular activation degree sequence through linear transformation.
7. The audit log control system for a real-time operating system as described in claim 6, characterized in that, The coupled constraint differential equation establishment submodule includes: The covariant derivative transformation unit is used to merge the matching potential field and dissipative potential field in the energy geomorphology into a unified energy scalar field using the manifold surface coordinates as generalized coordinates, and to calculate the covariant derivative of the energy scalar field with respect to the manifold coordinates; it transforms the potential gradient into a covariant gradient vector field that is compatible with the manifold geometry; the tangential component of the covariant gradient vector field at each moving point is the conservative force term acting on the moving point; The Lagrange multiplier tensor generating unit is used to treat the nonlinear correlation equations defined in the topological construction of constrained manifolds as a set of complete constraints on generalized coordinates. Based on the principle of the Lagrange multiplier method for handling complete constraints in analytical mechanics, a Lagrange multiplier is introduced for each independent constraint equation, and all multipliers are organized into a Lagrange multiplier tensor. Each component of the Lagrange multiplier tensor corresponds to the contribution of a constraint equation to the virtual work of the system. The matrix formed by the partial derivatives of the constraint conditions with respect to the coordinates is multiplied by this multiplier tensor to generate the generalized constraint force distribution representing the constraint reaction forces. Tensor equation coupling units are used to abstract the connection physical properties described by the stiffness coefficient matrix and the viscous dissipation physical properties described by the viscous dissipation coefficient into two different constitutive relations. The relative displacement of the moving point is regarded as strain, and the relative velocity is regarded as strain rate. The corresponding stress response terms are constructed by the stiffness coefficient and the viscous dissipation coefficient, respectively. In the tangent space of the constrained manifold, the covariant gradient vector field, the generalized constraint force distribution, and the stress response terms generated by the two constitutive relations are tensor-condensed, and the covariant derivative terms of the velocity and acceleration of the moving point are also included. Finally, a covariant coupled differential equation system with manifold coordinates, velocity, acceleration and Lagrange multipliers as unknowns is formed.
8. The audit log control system for a real-time operating system as described in claim 7, characterized in that, The covariant derivative transformation unit includes: The local gradient projection sub-unit is used to treat the merged energy scalar field as a continuous function defined on the constrained manifold. In the local neighborhood of each moving point on the constrained manifold, a local tangent space coordinate system spanned by the surface coordinates of the constrained manifold is established. Through the local tangent space coordinate system, the ordinary partial derivatives of the energy scalar field with respect to each coordinate component are calculated to obtain a set of scalar values. The scalar values constitute a set of original gradient components represented in the local coordinate system. The absolute differential generator subunit is used to perform index-reduced absolute differential operations on the original gradient component set and the affine connection coefficients; the result adds a geometric correction term determined by the connection coefficient to each component of the original gradient component; the corrected original gradient component set constitutes a covariant derivative component set compatible with the parallel translation rule of the constrained manifold. The covariant gradient field reconstruction sub-unit is used to combine the covariant derivative components with the tangent space basis vectors at each point on the constrained manifold; to perform a linear combination of each component in the covariant derivative component set with the corresponding local tangent space basis vector in the form of a tensor product; and to define a tangent vector at each point on the constrained manifold, with the tangent vectors at all points together forming the covariant gradient vector field.
9. The audit log control system for a real-time operating system as described in claim 1, characterized in that, It also includes a logging layer subsystem, which sends the distribution results to the logging layer; registers various loggers in the logging layer, each logger corresponding to a carrier; when the distribution layer routes an event to a logger, that logger starts its own work.
10. A method for controlling audit logs in a real-time operating system, used to implement the audit log control system for a real-time operating system as described in any one of claims 1 to 9, characterized in that, include: In this project, we will introduce the client library provided by the audit log system. Configure once when the client starts; A one-time configuration file is transmitted to the API layer to initialize the client; the unified API is called in the business code of the audit log. The API layer receives the structured data passed in during the call, encapsulates the structured data into an audit event object, and sends the audit event object to the dispatch layer. The distribution layer distributes audit event objects according to pre-configured rules; The distribution results are sent to the logging layer; various loggers are registered in the logging layer, each logger corresponding to a carrier; when the distribution layer routes an event to a logger, the logger starts the corresponding work.