281 results about "Syslog" patented technology

Methods and devices are provided for determining the status of a networked device, e.g., a networked RFID device. In some embodiments of the invention, a customized packet is used to transmit a “heartbeat” from each of a plurality of networked devices to a server. Some such embodiments use a customized syslog packet for the heartbeats. The heartbeat includes identification information regarding the device, e.g., the unique electronic product code (“EPC”) of the device. The identification information may include other identification and/or authentication information, such as a shared secret and time data, which may be hashed with the identification information. The heartbeat may include information indicating the health, accuracy and/or reliability of the device and/or of the network that includes the device.

Provided is a computer system in which a plurality of virtual machines operate on a host computer. The host computer has a time subtraction table for storing the time subtraction with the respective virtual machines, and a log collection unit for collecting the logs of the respective virtual machines. The log contains a time stamp which shows at least the log output time. The log collection unit corrects the time stamp of the logs collected from the respective virtual machines based on the time subtraction stored in the time subtraction table. According to this computer system, the logs of the virtual machines operating in a time series that is different from the time series of the host computer can be collected upon integrating the time series of the virtual machines and the host computer.

The present invention belongs to the field of computer and information safety technology. The information safety auditing method including adopting Syslog standard protocol and mode matching method based on regular expression in collecting journal information; using the data storehouse to separate the comprehensive analysis processing environment and operation processing environment; adopting multi-dimensional information safety model to correlate the analysis dimensions of several auditing analysis themes and to form multi-dimensional stellar system; performing on-line in-situ multi-dimensional analysis by the multi-dimensional model and data excavation and correlation to find out safety hole and problem; and creating auditing analysis report based on the analysis result. The method of the present invention has expandability, opening and raised auditing efficiency.

A method for analyzing data of a networked computing environment, the method includes a computer processor analyzing a plurality of data of a networked computing environment aggregated during a first time interval, where the data includes messages that include message IDs. The method further includes identifying a frequency value of occurrences of a message ID within the plurality of data during the first time interval. The method further includes determining whether the frequency value of the occurrences of the message ID during the first time interval correlates to an anomaly that occurs within the networked computing environment. The method further includes responding to determining that the frequency value of the occurrences of message ID within the first time interval correlates to the anomaly by determining a first response to the anomaly. The method further includes initiating the first response to one or more elements of the networked computing environment.

A special syslog daemon on a send node, wherein the send node is connected to a receive node by a one-way data link, the special syslog daemon configured to receive a syslog message from a syslog sender, insert a portion of IP information of the syslog sender in the body of the received syslog message and route the resulting syslog message to the one-way data link so that the resulting syslog message can be sent through the one-way data link to a syslog receiver communicatively coupled to the receive node. The present invention resolves the potential conflict between syslog and one-way data transfer applications that are configured to remove IP information from data prior to its passage through a one-way data link, thereby leading to a further enhancement of network security through their combination.

The invention discloses a mirror image file making and starting method of a diskless system. The mirror image file making method comprises the following steps: configuring a kernel basic module to compile and generate a kernel and a kernel module; Generating a root file system directory of the target operating system, after the kernel is added into the root file system directory to be started, theNFS service is mounted; obtaining the execution scripts of the software and the driver from the NFS server, a kdump tool is added and configured to be started and store system downtime logs to an NFSserver, a system log service script is established to redirect the system logs to the NFS server, and a root file system directory is packaged to generate a target operation system mirror image; thestarting method comprises the step of realizing diskless starting based on the mirror image file and PXE + DHCP + TFTP + NFS. According to the method, the size of the mirror image file can be greatlyreduced, the starting efficiency is improved, and system fault analysis during system downtime is facilitated.

The invention discloses a fault cause determination method and system based on a space-time analysis log. The method comprises the following steps: step 1) collecting syslog logs generated by all network equipmentin a network system; 2) monitoring syslog logs generated by all equipment in the network and periodically performing feature analysis on the logs based on time space in real time; 3) performing time-based feature extraction and analysis on the running state of the network equipment, and checking hidden dangers and fault time points of the network equipment; (4) obtaining space topology information, (5) extracting related equipment logs in combination with the space topology information to construct a feature matrix of abnormal events, and (6) obtaining a fault propagation chain and root causes through an intelligent decision algorithm, and displaying detailed information of a fault influence surface and the root causes.

The invention discloses a server log information acquisition method and relates to the computer communication field. The server log information acquisition method includes that adding a regular and directed key log information sending mechanism to a BIOS, wherein the BIOS continuously sends the key log information from the system starting to the stable system running; building a log information acquisition control board, and connecting the control board with a south bridge of the main board to build a system log storage link channel; connecting the log information acquisition control board with an on-board BMC chip and network chip through an I2C bus to build a log and network log management storage channel; dividing a medium storage SD card on the log information acquisition control board into three zones, connecting the SD card port with an on-board BMC management control system, and transmitting the log information in each zone to a user through management network.

The invention discloses an extraction and analysis method for heterogeneous security log information under a complex network system. The method includes the steps of A, a learning stage; B, a caching stage; C, an analysis stage, wherein log data is newly acquired, a decision-making tree is extracted according to log data information for analysis, analysis is conducted layer by layer according to log submission addresses, log types and log position fields, and security log information data in a standard format is formed. The technical problems that in the prior art, an extraction and analysis mode for security log information is based on the analysis template technology, an analysis template needs to be manually compiled for each new log type, in this way, project implementation cost is high, the manual compiling error probability is high, and the adaptability to complex network environment SYSLOG information extraction is poor are solved.

A host of a multi-device file system may instruct an external data mover implementing a third party copy to move data from one storage device to another without the host reading or writing data as part of the move. The data being moved may remain accessible through the file system after being moved. A host may instruct an external data mover to write moved data to multiple mirrored devices. A host may instruct the data mover to move data between storage classes in a multi storage class file system. A journaling file system may utilize an external data mover implementing a third party copy to move data from a system log to another storage destination and may also instruct the data mover to move metadata as well as data.

A method for processing syslog messages. The syslog messages are received from a plurality of components. The method includes receiving a first syslog message. The method further includes determining whether the first syslog message is one of a plurality of critical syslog messages. The method also includes, if the first syslog message is the one of the plurality of critical syslog messages, performing critical message handling using the first syslog message. The method yet also includes, if the first syslog message is not any of the plurality of critical syslog messages, performing non-critical message handling using the first syslog message.

Approaches to automatic generation of event handling rules are presented. In one approach, a system for automatic event handling rule generation includes a system log file, containing a syslog entry. A rule module is used to interpret the syslog entry. An entry format depository is available to the rule module, and contains a description of the general format corresponding to the syslog entry. An entry causation depository is available to the rule module, and contains both a cause for the syslog entry's creation, and a solution template corresponding to the syslog entry. The rule module uses the general format to parse information from the syslog entry, and uses that information to locate the cause and a solution template. The rule module then uses the information from the syslog entry to complete the solution template, thereby generating a rule to alter the behavior which caused the syslog entry to be created.

The invention discloses a log organization structure clustered according to transaction aggregation and a recovery protocol based on the log organization structure clustered, which can be applied to a transactional data management system of a large-sized computer. A log file is sequentially organized to a plurality of log fragments and each log fragment is used for storing the log content of the same transaction and reserving a transaction number as well as a preceding log fragment pointer of the transaction; a data page number involved in a log entry of the same fragment is stored in the form of an array. When the system is operating, each transaction only writes its own log fragment and writes the log fragment in the log file when the transaction is submitted. In a recovering process, the system can be recovered to a lasting and consistent state by scanning all the log fragments for remake and returning the log fragments of all the active transactions for return. The problem of producing bottlenecks during writing logs in the traditional transactional data management system is resolved and log amount of the system can be effectively reduced.

The invention relates to a method and a device for tracing the whole link of a distributed system log. The method comprises the following steps: S1, creating a configuration file configuration system,and executing according to the following flow: configuring a cluster server; Configuring cluster dependencies; Configuring data logic relationships; 2, read and parsing that configuration file by anapplication program to obtain the key information; S3, acquiring the life course of the system data according to the key information. The apparatus includes a system configuration unit, an informationacquisition unit, and a cluster traversal unit. Abstracts full-link tracing of data logs into three configuration files, These configuration files can be read and parsed by the corresponding application program to obtain the server information corresponding to each cluster, System upstream and downstream sequence and the logical relationship between the system data these key information can be achieved in no code burial point one-click access to a system data life cycle and positioning online or testing process encountered problems.

A method for validating a syslog message having a plurality of message components. The method includes providing a meta regular expression. The meta regular expression is formed from a set of regular expressions with each of the regular expressions corresponding to one of the plurality of message components. The meta-regular expression represents a plurality of message component patterns, each of the message component patterns representing a different ordering of individual regular expressions of the set of regular expressions. The method further includes comparing the syslog message with the meta regular expression. The syslog message is deemed valid if the syslog message matches one of the plurality of message component patterns represented by the meta regular expression.

A system is described for sending alert messages collected for cloud computing system to external systems. The alert messages may be sent according to determined protocols, such as the syslog protocol and/or SNMP trap, among other appropriate protocols. Partitioning and/or fragmenting of the alert message may be provided based on the use of various types of message identifications and/or other information in which, by virtue of the partitioning and fragmenting, an alert message, regardless of its length, may be sent and reconstructed at the external system. The system advantageously provides for transmission of alert messages using mechanisms other than the syslog protocol and with additional included alert attribute information.

The invention discloses a reverse-based intrusion detection system and a reverse-based intrusion detection method and relates to the field of network encryption protocols. The system comprises a data extraction module, a reverse analysis module, an intrusion rule module, a response module and a data management module. The method comprises the following steps: (1) capturing all network data packages running through an Android phone by the data extraction module, sending to a reverse analysis engine, acquiring network processes and user behaviors by the data extraction module to generate a system log and a weblog, and sending the system log and the weblog to the data management module; (2) identifying intrusion behaviors by the reverse analysis engine through the TCP/IP (transmission control protocol /Internet protocol) analysis technology and the apk decompilation reverse technology by combining the system log and the weblog; (3) performing warning and recording on the intrusion behaviors identified by the reverse analysis engine through the response module; (4) storing all information of a user in the data management module so as to facilitate later evidence collection and lookup. The reverse-based intrusion detection system and the reverse-based intrusion detection method disclosed by the invention have safety, timeliness, expandability and advancement.

The invention discloses an operation authority control method based on an APT attack intention. The method comprises the steps: 1, obtaining a network and system log, and recognizing an APT attack behavior; 2, carrying out attack check on APT attack behaviors, obtaining APT attack contents and sending alarm information; 3, establishing an attack intention logic relationship for the attacked targetfile, the target operation and the target operation authority according to the acquired APT attack content, and predicting the attack intention of the next step according to the attack intention logic relationship and the alarm information; and 4, generating an operation guidance knowledge graph for the attack intention based on a knowledge graph technology, displaying the operation guidance knowledge graph on an operation interface, and enabling an administrator to perform operation according to the operation guidance knowledge graph to avoid APT attack threats. Compared with the prior art,the method has higher controllability, the attack intention is more accurately recognized, too high manual workload cannot be caused, the working difficulty is reduced, and the safety and convenienceof operation are realized.

Techniques for monitoring one or more transaction instances in a real-time network are provided. The techniques include obtaining one or more system log files, wherein one or more footprints left by one or more transaction instances are recorded in the one or more system log files, obtaining a transaction model, wherein the transaction model comprises one or more transaction steps and a footprint pattern corresponding with each transaction step, and using the one or more system log files and the transaction model to monitor the one or more transaction instances in a real-time network at least one of an individual level and one or more aggregate levels.

In a method for maximizing information content of logs, a log message from an executing software program is received. The log message includes a timestamp, a source code location ID, a session ID, and a log message text. The timestamp, the source code location ID, and the session ID of the log message are stored in a lossless buffer. A hash function value of the session ID is determined. It is determined that the hash function value of the session ID is less than a hash value threshold. The log message text is stored in a session buffer in response to determining that the hash function value of the session ID is less than the hash value threshold, wherein the session buffer contains log message texts of log messages with corresponding hash function values less than the hash value threshold.

Computer systems, logging daemons, methods, and computer program products are provided for logging information from a plurality of logging applications regarding the computer system. A registry is configured to identify the logging applications, and the plurality of logging applications are configured to identify the logged information in accordance with a common protocol and in accordance with the registry. A logging control is configured to parse the logged information, and configured to save the logged information in accordance with the parsing.