CN109614814B - Method, device and computer equipment for scanning sensitive log based on log monitoring - Google Patents
Method, device and computer equipment for scanning sensitive log based on log monitoring Download PDFInfo
- Publication number
- CN109614814B CN109614814B CN201811289631.4A CN201811289631A CN109614814B CN 109614814 B CN109614814 B CN 109614814B CN 201811289631 A CN201811289631 A CN 201811289631A CN 109614814 B CN109614814 B CN 109614814B
- Authority
- CN
- China
- Prior art keywords
- log
- scanning
- sensitive
- command
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method, a device, computer equipment and a storage medium for scanning sensitive logs based on log monitoring, wherein the method comprises the following steps: detecting svn according to a designated frequency, triggering ant to send out a first ant command, wherein scan sensitive log engineering and corresponding scan information are prestored in the svn, and the scan information comprises a storage path of a log in a server; according to the first ant command, the scanning sensitive log engineering is made into a first grabbing packet, and a first scanning command is generated corresponding to the first grabbing packet; according to the method, the first log is searched according to a storage way of the log according to a first scanning command, and the first log is scanned to find out the first sensitive log.
Description
Technical Field
The present invention relates to the field of cloud monitoring technologies, and in particular, to a method, an apparatus, a computer device, and a storage medium for scanning a sensitive log based on log monitoring.
Background
Along with the leap development of information science and internet technology, data security is more and more paid attention to, and the precondition of data leakage prevention is to find out a sensitive file affecting security, generally scan a system file to find out the sensitive file, and the current tool for scanning the sensitive file is relatively crude, so that manual operation is needed, automatic timing scanning cannot be performed, time and labor are consumed, and when errors occur, interruption of a scanning program cannot be caused, scanning cannot be continued, and subsequent processing is complicated.
Disclosure of Invention
The invention mainly aims to provide a method, a device, computer equipment and a storage medium for scanning sensitive logs based on log monitoring, which save labor and time.
The invention provides a method for scanning sensitive logs based on log monitoring, which comprises the following steps:
detecting svn according to a designated frequency, triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scanning sensitive log engineering and corresponding scanning information are prestored in the svn, and the scanning information comprises a storage path of a log in a server;
forming the scanning sensitive log engineering into a first grabbing packet according to the first ant command, and generating a first scanning command corresponding to the first grabbing packet;
Searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
Further, after the step of scanning the first log, the method includes:
if the first log is scanned to be an invalid log, the invalid log is stored to a first preset position of the server, and the next log of the first log is continuously scanned.
Further, the scanning information includes login information of the scan sensitive log engineering for logging in the server, and before the step of searching the first log according to the first scanning command and the storage path of the log, the method includes:
detecting whether the scanning sensitive log project can log in the server according to the login information, wherein the login information comprises an account number and a password;
if not, storing the login information corresponding to the server to a second preset position of the server, and continuing to log in the next server in the current turn.
Further, after the step of searching the first log according to the first scanning command and the path of the log, and scanning the first log to find the first sensitive log, the method includes:
Monitoring whether the scanning information is changed or not;
if yes, triggering and detecting an svn task, and detecting the svn according to the detected svn task to trigger the ant to send out a second ant command;
forming the scanning sensitive log engineering into a second grabbing packet according to the second ant command, and generating a second scanning command corresponding to the second grabbing packet;
and scanning according to the changed scanning information according to the second scanning command to find out a second sensitive log.
Further, after the step of searching the first log according to the first scanning command and the path of the log, and scanning the first log to find the first sensitive log, the method includes:
when the scanning sensitive log engineering finishes scanning according to the scanning information; triggering mail sending task;
and sending the searched first sensitive log to a designated mailbox according to the mail sending task.
Further, the step of sending the found first sensitive log to the designated mailbox according to the mail sending task includes:
judging whether the data volume of the first sensitive log is larger than a preset value or not;
if yes, the first sensitive log is stored in a designated position of the server;
Generating a download link of the first sensitive log according to the designated position;
and sending the download link to the appointed mailbox according to the mail sending task.
Further, the step of sending the found first sensitive log to the designated mailbox according to the mail sending task includes:
configuring a designated HTML tag and a designated style for the first sensitive log to form a mail text;
and sending the mail text to a designated mailbox according to the mail sending task.
The invention also provides a device for scanning sensitive logs based on log monitoring, which comprises:
the first detection unit is used for detecting svn according to a designated frequency and triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scan sensitive log engineering and corresponding scan information are prestored in the svn, and the scan information comprises a storage path of a log in a server;
the first packing unit is used for packing the scanning sensitive log engineering into a first grabbing packet according to the first ant command and generating a first scanning command corresponding to the first grabbing packet;
the first scanning unit is used for searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
The invention also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the above method when executing the computer program.
The invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the above method.
The beneficial effects of the invention are as follows: the scan sensitive log engineering is put into the svn, and then the svn is detected according to the designated frequency, so that the scan sensitive log is automatically scanned and searched at fixed time according to the scan information, manual operation scanning is not needed, the scan information can be configured in a self-defined mode, the application is flexible, and in addition, the scan termination caused by invalid log positions, server login abnormality and other conditions can be intelligently avoided.
Drawings
FIG. 1 is a schematic diagram illustrating steps for scanning sensitive logs based on log monitoring according to an embodiment of the present invention;
FIG. 2 is a schematic block diagram illustrating an apparatus for scanning sensitive logs based on log monitoring in accordance with an embodiment of the present invention;
fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, a method for scanning sensitive logs based on log monitoring in this embodiment includes:
step S1: detecting svn according to a designated frequency, triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scanning sensitive log engineering and corresponding scanning information are prestored in the svn, and the scanning information comprises a storage path of a log in a server;
step S2: forming the scanning sensitive log engineering into a first grabbing packet according to the first ant command, and generating a first scanning command corresponding to the first grabbing packet;
step S3: searching a first log according to the first scanning command and the path of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
As described in the above step S1, the svn (Subversion) is an open source version control system, and can be used to place and trigger the scan sensitive log project, where the scan sensitive log project is a tool (project code) for scanning and finding out the sensitive log, and the scan information includes information (such as location, code, model, etc.) of the server to be scanned, and storage path, location, etc. of the log of the server. It is known that, when developing a project, for all interface services developed by each service system, each time a call is made, a log is triggered and recorded in a log file of a corresponding server, where the log records information of the call interface, and the information may include sensitive information, such as account number, password, identification card number, etc., and then the sensitive information needs to be searched out and processed later to prevent leakage. In order to find out the sensitive information, the fields of the normal log are generally fields set according to a preset rule, namely preset fixed fields, when the found fields are non-fixed fields, namely the log which can be judged as the sensitive information, or the fields of the log which records the sensitive information are set to be fixed-format fields, when the fields with fixed format, such as the format of an account number and the format of a password (combination of 6-bit or 12-bit case letters and numbers, and the like) are scanned, the log with the sensitive information can be found.
As described in the above steps S1 and S2, the above specified frequency may be set in a self-defined manner, for example, svn is detected every 8 hours, specifically, a Job is created in Jenkins (Jenkins is an open source software project, and is a continuous integration tool developed based on Java), the above specified frequency is configured in Job, i.e. a timing task is configured, execution of Job is triggered at a specified time, engineering codes on svn are detected when Job is executed, in this embodiment, svn is detected, i.e. scan sensitive log engineering in svn is exported, at this time, an automatic deployment command, i.e. a first ant command, is triggered ant, then executed, the scan sensitive log engineering is packaged into a first packet, and a first scan command is generated, the first ant command is used to deploy and run the scan sensitive log engineering, and the first scan command is used to enable scan sensitive log engineering to start scanning.
As described in the step S3, the scan object of the scan sensitive log project is the log of the server in the scan information, and the sensitive log is found in the logs, so when the scan sensitive log project starts to scan according to the first scan command, the scan information is called and read, and the first log is found according to the storage way of the log in the scan information, and the scan is performed to find the first sensitive log.
Preferably, the above scan information may be stored in Excel, so that the user can edit the scan information by user, such as adding a server to be scanned and its log information, deleting an existing server and its log information, or changing an existing server and its log information (such as changing an account password, or changing a log file location).
In the embodiment, the scanning sensitive log engineering is placed in the svn for working, so that the scanning can be performed at fixed time, the whole process is automatic, manual operation is not needed, and time and labor are saved.
In one embodiment, after the step of scanning the first log, the step of scanning the first log includes:
step S30: if the first log is scanned to be an invalid log, the invalid log is stored to a first preset position of the server, and the next log of the first log is continuously scanned.
As described in the above step S30, the invalid log is an unreadable, corrupted or nonexistent log. In the prior art, when the java calls the class method for reading the file, if the read file is unreadable or damaged or does not exist, the invalid log file is scanned to cause abnormal running of the program, and the read error is thrown, so that the program is interrupted. In this embodiment, when the current log is scanned as the invalid log, the invalid log is saved in a processing module, such as a tree module, where the processing module is the first preset position, and then corresponding processing is performed, such as printing out the invalid log for subsequent processing by a developer. However, the running program is not interrupted at this time, but continues to scan the next log of the current first log, so that interruption of scanning when an invalid log is scanned is avoided, and the invalid log does not influence the whole scanning process.
In one embodiment, the scanning information includes login information of the scan sensitive log engineering for logging on the server, and before the step of searching the first log according to the scan command and the storage path of the log, the method includes:
step S01: detecting whether the scanning sensitive log engineering can log in the server according to login information; the login information comprises an account number and a password;
step S02: if not, the login information corresponding to the server is stored in a second preset of the server, and the login of the next server in the current turn is continued.
As described in the above step S10 and step S02, before scanning, the scan sensitive log project needs to log in the server to be scanned, and then scan, and if the server is scanned, the next server is logged in and scanned. Therefore, whether the log engineering of the scan sensitive information is successful or not needs to be detected, the log is usually performed by adopting an account number and a password, when the account number and/or the password are wrong, the log is unsuccessful, and when a scan log command is executed, the error is thrown, in the prior art, the scan is interrupted, and in this embodiment, when the log of the current server to be logged fails or a login abnormality occurs, the program throws the error, the error is captured, for example, the login information corresponding to the server is stored in a processing module, such as a try catch block, where the processing module is the second preset position, and after the second preset position is stored, the wrong log can be printed out for subsequent processing, and at this time, the scan is not interrupted, but the next server of the current round of log is continuously logged.
In one embodiment, after the step S3, the method includes:
step S4: monitoring whether the scanning information is changed or not;
step S5: if yes, triggering and detecting an svn task, and detecting the svn according to the detected svn task so as to trigger a second ant command;
step S6: forming the scanning sensitive log engineering into a second grabbing packet according to the second ant command, and generating a second scanning command corresponding to the second grabbing packet;
step S7: and scanning according to the changed scanning information according to the second scanning command to find out a second sensitive log.
As described in step S4, the scan information is changed, for example, the location of the log is changed or the account number and password of the login server are changed, and the svn is updated accordingly, and the job already configured on jenkins monitors that the svn is changed.
As described in the above steps S5-S7, when the Job detects that the svn is changed, the Job triggers the operation of the Job, and the Job triggers the detection of the svn task to execute the task, after the scan information is changed, if the location of the log is changed, a second sensitive log is found according to the changed location according to a second scan command; if the registered account number password is changed, the scanning is performed after the new account number password is registered.
In one embodiment, after the step S3, the method further includes:
step S4': when the scanning sensitive log engineering finishes scanning according to the scanning information; triggering mail sending task;
step S5': and sending the searched first sensitive log to a designated mailbox according to the mail sending task.
In this embodiment, since the searched first sensitive logs need to be processed later by related personnel, for convenience, the first sensitive logs may be sent to mailboxes of related personnel, the scan information may include one or more server information, when all server logs in the scan information are scanned, a mail sending task is triggered, a mail sending interface is called, during the scan process, when the searched first sensitive logs are recorded, and then when the mail sending task is executed, all the first sensitive logs are integrated and then sent to a designated mailbox, the designated mailbox is set by user definition, specifically, a set identity Identification (ID) is acquired first, the scan information includes the ID, the ID is set by user definition and associated with one or more mailboxes (i.e. the designated mailbox), and then the corresponding mailbox is called according to the ID, and the first sensitive log is sent to the mailboxes through the mail sending interface.
In one embodiment, the step S5' includes:
step S50': judging whether the data volume of the first sensitive log is larger than a preset value or not;
step S51': if yes, the first sensitive log is stored in a designated position of the server;
step S52': generating a download link of the first sensitive log according to the designated position;
step S53': and sending the download link to the appointed mailbox according to the mail sending task.
As described in the above step S50', if the first sensitive log obtained by the scanning is more, that is, the file to be sent is too large, the mail sending speed may be affected, or even if the file cannot be sent due to too large load, a threshold value, that is, the preset value may be set at this time, and if the data size of the first sensitive log, that is, the size of the whole file, does not exceed the preset value, the sensitive information log may be formed into the body of the mail and then sent. However, as described in steps S51'-S53', if the data amount of the first sensitive log exceeds the preset value, the download link of the first sensitive log is generated and then retransmitted.
For example, when the preset value is set to 10K and the sensitive log content does not exceed 10K, directly taking the sensitive log content as a mail text, and transmitting the mail text to a called mail sending interface for sending; when the sensitive log content exceeds 10K, writing the sensitive log content into a log file, then placing the file under a specified path of a server, calling a service interface downloaded by the file, inputting a file name as a reference, forming the download link, then transmitting the download link as a mail text to a mail sending interface, and a recipient can download the log file by accessing the download link.
Further, the step S5' includes:
step S54': configuring a designated HTML tag and a designated style for the first sensitive log to form a mail text;
step S55': and sending the mail text to a designated mailbox according to the mail sending task.
In this embodiment, in order to enrich the content of the mail, an HTML tag and a specified style may be configured and specified for the first sensitive log, where the HTML refers to a hypertext markup language, that is, may configure contents of non-text elements such as pictures, links, even music, programs, etc., in a mail page, the style refers to a set of character formats and paragraph formats saved by meaningful names, different styles may display different character formats and paragraph formats, and the style of the mail may be set by user customization, and a specific configuration mode is not described in detail herein.
In summary, the method for monitoring the scanning sensitive log based on the log provided by the invention is characterized in that the scanning sensitive log engineering is put into the svn, and then the svn is detected according to the designated frequency, so that the scanning sensitive log is automatically scanned and searched at regular time according to the scanning information, the scanning is not required to be manually operated, the scanning information is self-defined and configured, the application is flexible, and in addition, the scanning termination caused by invalid log positions, server login abnormity and other conditions can be intelligently avoided.
Referring to fig. 2, an apparatus for scanning sensitive logs based on log monitoring in this embodiment includes:
a first detecting unit 100, configured to detect svn according to a specified frequency, and trigger an ant to issue a first ant command, where the ant is used for engineering deployment and operation, where scan sensitive log engineering and corresponding scan information are pre-stored in the svn, and the scan information includes a storage path of a log in a server;
a first packet playing unit 200, configured to play the scan sensitive log engineering into a first packet according to the first ant command, and generate a first scan command corresponding to the first packet;
the first scanning unit 300 is configured to search a first log according to the first scanning command and the log path, and scan the first log to find a first sensitive log, where the first sensitive log is a log that does not conform to a field set according to a preset rule.
As described in the first detection unit 100, the svn (Subversion) is an open source version control system, and can be used to place and trigger the scan sensitive log project, where the scan sensitive log project is a tool (project code) for scanning and searching out sensitive logs, and the scan information includes information (such as location, code, model, etc.) of the server to be scanned, and storage path, location, etc. of the logs of the server. It is known that, when developing a project, for all interface services developed by each service system, each time a call is made, a log is triggered and recorded in a log file of a corresponding server, where the log records information of the call interface, and the information may include sensitive information, such as account number, password, identification card number, etc., and then the sensitive information needs to be searched out and processed later to prevent leakage. In order to find out the sensitive information, the fields of the normal log are generally fields set according to a preset rule, namely preset fixed fields, when the found fields are non-fixed fields, namely the log which can be judged as the sensitive information, or the fields of the log which records the sensitive information are set to be fixed-format fields, when the fields with fixed format, such as the format of an account number and the format of a password (combination of 6-bit or 12-bit case letters and numbers, and the like) are scanned, the log with the sensitive information can be found.
As described in the first detection unit 100 and the first packing unit 200, the specific frequency may be set in a user-defined manner, for example, svn is detected every 8 hours, which is specifically implemented by creating a Job in Jenkins (Jenkins is an open source software project, and is a continuous integration tool developed based on Java), configuring the specific frequency in Job, that is, configuring a timing task, triggering execution of Job at the specific time, detecting an engineering code on svn when Job is executed, in this embodiment, detecting svn is to export a scan-sensitive log engineering in svn, triggering ant to issue an automatic deployment command, that is, a first ant command, then executing the first ant command, packing the scan-sensitive log engineering into a first grabbing packet, and generating a first scan command, where the first ant command is used to enable the scan-sensitive log engineering to be deployed and run, and the first scan command is used to enable the scan-sensitive log engineering to start scanning.
As described in the first scanning unit 300, the scan object of the scan sensitive log project is the log of the server in the scan information, and the sensitive log is found in the logs, so when the scan sensitive log project starts scanning according to the first scan command, the scan information is called and read, and the first log is found according to the storage path of the log in the scan information, and the scan is performed to find the first sensitive log.
Preferably, the above scan information may be stored in Excel, so that the user can edit the scan information by user, such as adding a server to be scanned and its log information, deleting an existing server and its log information, or changing an existing server and its log information (such as changing an account password, or changing a log file location).
In the embodiment, the scanning sensitive log engineering is placed in the svn for working, so that the scanning can be performed at fixed time, the whole process is automatic, manual operation is not needed, and time and labor are saved.
In one embodiment, the apparatus for scanning sensitive logs based on log monitoring further comprises:
and the log storage unit is used for storing the invalid log to a first preset position of the server when the first log is scanned to be the invalid log, and continuing to scan the next log of the first log.
As described in the above-described saved log unit, the invalid log is an unreadable, corrupted or nonexistent log. In the prior art, when the java calls the class method for reading the file, if the read file is unreadable or damaged or does not exist, the invalid log file is scanned to cause abnormal running of the program, and the read error is thrown, so that the program is interrupted. In this embodiment, when the current log is scanned as the invalid log, the invalid log is saved in a processing module, such as a tree module, where the processing module is the first preset position, and then corresponding processing is performed, such as printing out the invalid log for subsequent processing by a developer. However, the running program is not interrupted at this time, but continues to scan the next log of the current first log, so that interruption of scanning when an invalid log is scanned is avoided, and the invalid log does not influence the whole scanning process.
In one embodiment, the apparatus for scanning sensitive logs based on log monitoring further comprises:
the detection information unit is used for detecting whether the scanning sensitive log engineering can log in the server according to login information; the login information comprises an account number and a password;
and the storage information unit is used for storing the login information corresponding to the server to a second preset of the server when the scanning sensitive log engineering fails to log in the server according to the login information, and continuing to log in the next server in the current turn.
Before scanning, the scan sensitive log project needs to log in the server to be scanned, and then scan, if the server is scanned, the next server is logged in and scanned. Therefore, whether the log engineering of the scan sensitive information is successful or not needs to be detected, the log is usually performed by adopting an account number and a password, when the account number and/or the password are wrong, the log is unsuccessful, and when a scan log command is executed, the error is thrown, in the prior art, the scan is interrupted, and in this embodiment, when the log of the current server to be logged fails or a log abnormality occurs, the program throws the error, the error is captured, for example, the log information corresponding to the server is stored in a processing module, such as a try catch block, where the processing module is the second preset position, and after the second preset position is stored, the wrong log can be printed out, so that the subsequent processing can not cause the scan interruption, but the next server of the current round of log can be continuously performed.
In one embodiment, the apparatus for scanning sensitive logs based on log monitoring includes:
the monitoring and changing unit is used for monitoring whether the scanning information is changed or not;
the second detection unit is used for triggering and detecting an svn task when the scanning information is monitored and changed, and detecting the svn according to the detected svn task so as to trigger a second ant command;
the second packing unit is used for packing the scanning sensitive log engineering into a second grabbing packet according to the second ant command and generating a second scanning command corresponding to the second grabbing packet;
the first scanning unit is used for scanning according to the second scanning command and the changed scanning information so as to find out a second sensitive log.
As described in the above-mentioned monitoring changing unit, when the scan information is changed, for example, the location of the log is changed or the account number and password of the login server are changed, the svn is updated correspondingly, and the job already configured on jenkins monitors that the svn is changed.
In this embodiment, when the Job detects that the svn is changed, the Job is triggered to run, and when the Job runs, the Job is triggered to detect the svn task, and then the Job is executed, after the scan information is changed, if the position of the log is changed, a second sensitive log is found according to the changed position according to a second scan command; if the registered account number password is changed, the scanning is performed after the new account number password is registered.
In one embodiment, the apparatus for scanning sensitive logs based on log monitoring further includes:
the triggering and sending unit is used for completing scanning according to the scanning information when the scanning sensitive log engineering is completed; triggering mail sending task;
and the searching and sending unit is used for sending the searched first sensitive log to a designated mailbox according to the mail sending task.
In this embodiment, since the searched first sensitive logs need to be processed later by related personnel, for convenience, the first sensitive logs may be sent to mailboxes of related personnel, the scan information may include one or more server information, when all server logs in the scan information are scanned, a mail sending task is triggered, a mail sending interface is called, during the scan process, when the searched first sensitive logs are recorded, and then when the mail sending task is executed, all the first sensitive logs are integrated and then sent to a designated mailbox, the designated mailbox is set by user definition, specifically, a set identity Identification (ID) is acquired first, the scan information includes the ID, the ID is set by user definition and associated with one or more mailboxes (i.e. the designated mailbox), and then the corresponding mailbox is called according to the ID, and the first sensitive log is sent to the mailboxes through the mail sending interface.
In one embodiment, the search transmitting unit includes:
the judging data subunit is used for judging whether the data volume of the first sensitive log is larger than a preset value or not;
the log storage subunit is used for storing the first sensitive log in a designated position of the server when judging that the data volume of the first sensitive log is larger than a preset value;
a link generation subunit, configured to generate a download link of the first sensitive log according to the specified location;
and the sending link subunit is used for sending the downloading link to the appointed mailbox according to the mail sending task.
If the first sensitive log obtained by the scanning is larger, that is, the file needs to be sent too much, the mail sending speed may be affected, or even if the first sensitive log cannot be sent out due to the overlarge load, a threshold value, that is, the preset value may be set at this time, and if the file size of the first sensitive log does not exceed the preset value, the sensitive information log may be formed into the text of the mail and then sent. However, in this embodiment, if the file size of the first sensitive log exceeds the preset value, the download link of the first sensitive log is generated and then sent again.
For example, when the preset value is set to 10K and the sensitive log content does not exceed 10K, directly taking the sensitive log content as a mail text, and transmitting the mail text to a called mail sending interface for sending; when the sensitive log content exceeds 10K, writing the sensitive log content into a log file, then placing the file under a specified path of a server, calling a service interface downloaded by the file, inputting a file name as a reference, forming the download link, then transmitting the download link as a mail text to a mail sending interface, and a recipient can download the log file by accessing the download link.
Further, the search transmitting unit further includes:
a configuration subunit, configured to configure a specified HTML tag and a specified style for the first sensitive log to form a mail body;
and the sending subunit is used for sending the mail text to a designated mailbox according to the mail sending task.
In this embodiment, in order to enrich the content of the mail, an HTML tag and a specified style may be configured and specified for the first sensitive log, where the HTML refers to a hypertext markup language, that is, may configure contents of non-text elements such as pictures, links, even music, programs, etc., in a mail page, the style refers to a set of character formats and paragraph formats saved by meaningful names, different styles may display different character formats and paragraph formats, and the style of the mail may be set by user customization, and a specific configuration mode is not described in detail herein.
In summary, the method for monitoring the scanning sensitive log based on the log provided by the invention is characterized in that the scanning sensitive log engineering is put into the svn, and then the svn is detected according to the designated frequency, so that the scanning sensitive log is automatically scanned and searched at regular time according to the scanning information, the scanning is not required to be manually operated, the scanning information is self-defined and configured, the application is flexible, and in addition, the scanning termination caused by invalid log positions, server login abnormity and other conditions can be intelligently avoided.
Referring to fig. 3, in an embodiment of the present invention, there is further provided a computer device, which may be a server, and an internal structure thereof may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing data such as a method for scanning sensitive logs based on log monitoring. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method of scanning sensitive logs based on log monitoring.
The processor executes the steps of the method for scanning sensitive logs based on log monitoring: detecting svn according to a designated frequency, triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scanning sensitive log engineering and corresponding scanning information are prestored in the svn, and the scanning information comprises a storage path of a log in a server; forming the scanning sensitive log engineering into a first grabbing packet according to the first ant command, and generating a first scanning command corresponding to the first grabbing packet; searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
The computer device, after the step of scanning the first log, includes: if the first log is scanned to be an invalid log, the invalid log is stored to a first preset position of the server, and the next log of the first log is continuously scanned.
In one embodiment, the above scan information includes login information of the scan sensitive log engineering for logging on the server, and before the step of searching for the first log according to the first scan command and the storage way of the log, the method includes: detecting whether the scanning sensitive log project can log in the server according to the login information, wherein the login information comprises an account number and a password; if not, storing the login information corresponding to the server to a second preset position of the server, and continuing to log in the next server in the current turn.
In one embodiment, after the step of searching the first log according to the first scan command and scanning the first log to find the first sensitive log, the method includes: monitoring whether the scanning information is changed or not; if yes, triggering and detecting an svn task, and detecting the svn according to the detected svn task to trigger the ant to send out a second ant command; forming the scanning sensitive log engineering into a second grabbing packet according to the second ant command, and generating a second scanning command corresponding to the second grabbing packet; and scanning according to the changed scanning information according to the second scanning command to find out a second sensitive log.
In one embodiment, after the step of searching the first log according to the first scan command and scanning the first log to find the first sensitive log, the method includes: when the scanning sensitive log engineering finishes scanning according to the scanning information; triggering mail sending task; and sending the searched first sensitive log to a designated mailbox according to the mail sending task.
In one embodiment, the step of sending the first found sensitive log to the specified mailbox according to the mail sending task includes: judging whether the data volume of the first sensitive log is larger than a preset value or not; if yes, the first sensitive log is stored in a designated position of the server; generating a download link of the first sensitive log according to the designated position; and sending the download link to the appointed mailbox according to the mail sending task.
In one embodiment, the step of sending the first found sensitive log to the specified mailbox according to the mail sending task includes: configuring a designated HTML tag and a designated style for the first sensitive log to form a mail text; and sending the mail text to a designated mailbox according to the mail sending task.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is merely a block diagram of a portion of the architecture in connection with the present application and is not intended to limit the computer device to which the present application is applied.
An embodiment of the present invention further provides a computer readable storage medium having a computer program stored thereon, where the computer program when executed by a processor implements a method for scanning a sensitive log based on log monitoring, specifically: detecting svn according to a designated frequency, triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scanning sensitive log engineering and corresponding scanning information are prestored in the svn, and the scanning information comprises a storage path of a log in a server; forming the scanning sensitive log engineering into a first grabbing packet according to the first ant command, and generating a first scanning command corresponding to the first grabbing packet; searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
The computer-readable storage medium may further include, after the step of scanning the first log, a step of: if the first log is scanned to be an invalid log, the invalid log is stored to a first preset position of the server, and the next log of the first log is continuously scanned.
In one embodiment, the above scan information includes login information of the scan sensitive log engineering for logging on the server, and before the step of searching for the first log according to the first scan command and the storage way of the log, the method includes: detecting whether the scanning sensitive log project can log in the server according to the login information, wherein the login information comprises an account number and a password; if not, storing the login information corresponding to the server to a second preset position of the server, and continuing to log in the next server in the current turn.
In one embodiment, after the step of searching the first log according to the first scan command and scanning the first log to find the first sensitive log, the method includes: monitoring whether the scanning information is changed or not; if yes, triggering and detecting an svn task, and detecting the svn according to the detected svn task to trigger the ant to send out a second ant command; forming the scanning sensitive log engineering into a second grabbing packet according to the second ant command, and generating a second scanning command corresponding to the second grabbing packet; and scanning according to the changed scanning information according to the second scanning command to find out a second sensitive log.
In one embodiment, after the step of searching the first log according to the first scan command and scanning the first log to find the first sensitive log, the method includes: when the scanning sensitive log engineering finishes scanning according to the scanning information; triggering mail sending task; and sending the searched first sensitive log to a designated mailbox according to the mail sending task.
In one embodiment, the step of sending the first found sensitive log to the specified mailbox according to the mail sending task includes: judging whether the data volume of the first sensitive log is larger than a preset value or not; if yes, the first sensitive log is stored in a designated position of the server; generating a download link of the first sensitive log according to the designated position; and sending the download link to the appointed mailbox according to the mail sending task.
In one embodiment, the step of sending the first found sensitive log to the specified mailbox according to the mail sending task includes: configuring a designated HTML tag and a designated style for the first sensitive log to form a mail text; and sending the mail text to a designated mailbox according to the mail sending task.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by hardware associated with a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided herein and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the invention, and all equivalent structures or equivalent processes using the descriptions and drawings of the present invention or directly or indirectly applied to other related technical fields are included in the scope of the invention.
Claims (8)
1. A method for scanning sensitive logs based on log monitoring, comprising:
detecting svn according to a designated frequency, triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scanning sensitive log engineering and corresponding scanning information are prestored in the svn, and the scanning information comprises a storage path of a log in a server;
Forming the scanning sensitive log engineering into a first grabbing packet according to the first ant command, and generating a first scanning command corresponding to the first grabbing packet;
searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule;
after the step of scanning the first log, the method includes:
if the first log is scanned to be an invalid log, the invalid log is stored to a first preset position of the server, and the next log of the first log is continuously scanned;
the step of searching the first log according to the first scanning command and the path of the log, and scanning the first log to find the first sensitive log comprises the following steps:
monitoring whether the scanning information is changed or not;
if yes, triggering and detecting an svn task, and detecting the svn according to the detected svn task to trigger the ant to send out a second ant command;
forming the scanning sensitive log engineering into a second grabbing packet according to the second ant command, and generating a second scanning command corresponding to the second grabbing packet;
And scanning according to the changed scanning information according to the second scanning command to find out a second sensitive log.
2. The method for scanning sensitive logs based on log monitoring according to claim 1, wherein the scanning information includes login information of the scanning sensitive log engineering for logging on the server, and before the step of searching for a first log according to the first scanning command according to the storage path of the log, the method comprises:
detecting whether the scanning sensitive log project can log in the server according to the login information, wherein the login information comprises an account number and a password;
if not, storing the login information corresponding to the server to a second preset position of the server, and continuing to log in the next server in the current turn.
3. The method for scanning sensitive logs based on log monitoring as set forth in claim 1, wherein the steps of searching for a first log according to the first scanning command and scanning the first log to find a first sensitive log, after the step of searching for a first sensitive log, include:
when the scanning sensitive log engineering finishes scanning according to the scanning information; triggering mail sending task;
And sending the searched first sensitive log to a designated mailbox according to the mail sending task.
4. A method of scanning sensitive logs based on log monitoring as defined in claim 3, wherein the step of sending the first found sensitive log to a designated mailbox in accordance with the mail sending task comprises:
judging whether the data volume of the first sensitive log is larger than a preset value or not;
if yes, the first sensitive log is stored in a designated position of the server;
generating a download link of the first sensitive log according to the designated position;
and sending the download link to the appointed mailbox according to the mail sending task.
5. A method of scanning sensitive logs based on log monitoring as defined in claim 3, wherein the step of sending the first found sensitive log to a designated mailbox in accordance with the mail sending task comprises:
configuring a designated HTML tag and a designated style for the first sensitive log to form a mail text;
and sending the mail text to a designated mailbox according to the mail sending task.
6. A log monitoring based apparatus for scanning a sensory log, comprising:
The first detection unit is used for detecting svn according to a designated frequency and triggering an ant to send out a first ant command, wherein the ant is used for engineering deployment and operation, a scan sensitive log engineering and corresponding scan information are prestored in the svn, and the scan information comprises a storage path of a log in a server;
the first packing unit is used for packing the scanning sensitive log engineering into a first grabbing packet according to the first ant command and generating a first scanning command corresponding to the first grabbing packet;
the first scanning unit is used for searching a first log according to the first scanning command and the storage way of the log, and scanning the first log to find a first sensitive log, wherein the first sensitive log is a log which does not accord with a field set according to a preset rule.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811289631.4A CN109614814B (en) | 2018-10-31 | 2018-10-31 | Method, device and computer equipment for scanning sensitive log based on log monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811289631.4A CN109614814B (en) | 2018-10-31 | 2018-10-31 | Method, device and computer equipment for scanning sensitive log based on log monitoring |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109614814A CN109614814A (en) | 2019-04-12 |
| CN109614814B true CN109614814B (en) | 2023-12-22 |
Family
ID=66002947
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811289631.4A Active CN109614814B (en) | 2018-10-31 | 2018-10-31 | Method, device and computer equipment for scanning sensitive log based on log monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109614814B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377479B (en) * | 2019-05-24 | 2022-12-09 | 平安普惠企业管理有限公司 | Sensitive field monitoring method and device of log file and computer equipment |
| CN111611590B (en) * | 2020-05-22 | 2023-10-27 | 支付宝(杭州)信息技术有限公司 | Method and device for data security related to application program |
| CN112073219B (en) * | 2020-08-13 | 2022-09-09 | 北京金山云网络技术有限公司 | Log collection system, method, device and storage medium |
| CN112528330B (en) * | 2020-12-14 | 2022-12-23 | 建信金融科技有限责任公司 | Log scanning method, device and equipment |
| CN112784298A (en) * | 2021-01-21 | 2021-05-11 | 平安普惠企业管理有限公司 | Log desensitization method and device, computer equipment and storage medium |
| CN115186298B (en) * | 2022-07-27 | 2025-09-09 | 唯品会(广州)软件有限公司 | Desensitization test method and device for application log, storage medium and computer equipment |
| CN117910030A (en) * | 2023-12-13 | 2024-04-19 | 中国第一汽车股份有限公司 | A method, system, electronic device and storage medium for detecting sensitive information in logs |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657660A (en) * | 2013-11-22 | 2015-05-27 | 上海宝康电子控制工程有限公司 | Method for implementing IPZ virus killing in computer software system |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| US9529977B1 (en) * | 2009-07-31 | 2016-12-27 | Symantec Corporation | Systems and methods for performing data-loss-prevention scans |
| CN107769958A (en) * | 2017-09-01 | 2018-03-06 | 杭州安恒信息技术有限公司 | Server network security event automated analysis method and system based on daily record |
| CN107895122A (en) * | 2017-11-08 | 2018-04-10 | 山东大学 | A kind of special sensitive information active defense method, apparatus and system |
| CN108563961A (en) * | 2018-04-13 | 2018-09-21 | 中国民航信息网络股份有限公司 | The recognition methods of data desensitization platform sensitive data, device, equipment and medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8635691B2 (en) * | 2007-03-02 | 2014-01-21 | 403 Labs, Llc | Sensitive data scanner |
| US9202065B2 (en) * | 2013-05-28 | 2015-12-01 | Globalfoundries Inc. | Detecting sensitive data access by reporting presence of benign pseudo virus signatures |
-
2018
- 2018-10-31 CN CN201811289631.4A patent/CN109614814B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9529977B1 (en) * | 2009-07-31 | 2016-12-27 | Symantec Corporation | Systems and methods for performing data-loss-prevention scans |
| CN104657660A (en) * | 2013-11-22 | 2015-05-27 | 上海宝康电子控制工程有限公司 | Method for implementing IPZ virus killing in computer software system |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN107769958A (en) * | 2017-09-01 | 2018-03-06 | 杭州安恒信息技术有限公司 | Server network security event automated analysis method and system based on daily record |
| CN107895122A (en) * | 2017-11-08 | 2018-04-10 | 山东大学 | A kind of special sensitive information active defense method, apparatus and system |
| CN108563961A (en) * | 2018-04-13 | 2018-09-21 | 中国民航信息网络股份有限公司 | The recognition methods of data desensitization platform sensitive data, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109614814A (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109614814B (en) | Method, device and computer equipment for scanning sensitive log based on log monitoring | |
| CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
| CN113703730A (en) | Continuous integration method and device, computer equipment and storage medium | |
| CN109491698B (en) | System updating method and device based on hot patch | |
| WO2019169761A1 (en) | Automated testing method and apparatus, and storage medium | |
| US20080148399A1 (en) | Protection against stack buffer overrun exploitation | |
| CN107733847A (en) | Platform Website login method, apparatus, computer equipment and readable storage medium storing program for executing | |
| CN107748668A (en) | A kind of method and device of application program updating | |
| CN109710262A (en) | Software distribution method and device, computer readable storage medium | |
| CN114091031B (en) | Class loading protection method and device based on white rule | |
| CN109412896B (en) | Method and device for testing uploading function, computer equipment and storage medium | |
| CN110213211B (en) | Method, device, terminal and storage medium for identifying secure download link | |
| CN111628927A (en) | Mail management method and device, storage medium and electronic terminal | |
| CN110597520A (en) | Server, deployment method thereof and computer-readable storage medium | |
| CN111026638A (en) | Webpage automatic testing method and device, electronic equipment and storage medium | |
| CN115514677B (en) | Method and system for server dial testing | |
| CN109639759B (en) | Mail sending method and device based on cloud transmission and computer equipment | |
| CN102262573B (en) | Operating system startup protection method and device | |
| CN111382079B (en) | Method, device and equipment for restoring application program on site and storage medium | |
| US7644316B2 (en) | System, method and program for managing browser scripts sent from server to client | |
| CN112286821A (en) | HTML5 page compatibility testing method, device, equipment and storage medium | |
| CN109697362A (en) | Network hole detection method and device | |
| CN117518916A (en) | Process monitoring methods, devices, electronic equipment and storage media | |
| CN114911507B (en) | Updating method and equipment of algorithm package | |
| CN113608999B (en) | Method, equipment and storage medium for processing snmptrap based on Linux system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231127 Address after: 100071, Building 9, No. 10, Automotive Museum West Road, Fengtai District, Beijing, 1st to 13th floors, Room 101, 2nd floor, 201-1 Applicant after: Beijing Fangying Intelligent Digital Technology Co.,Ltd. Address before: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province Applicant before: Shenzhen LIAN intellectual property service center Effective date of registration: 20231127 Address after: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: Shenzhen LIAN intellectual property service center Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |