CN115277383B - Log generation method, device, electronic equipment and computer readable storage medium - Google Patents
Log generation method, device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN115277383B CN115277383B CN202210899660.2A CN202210899660A CN115277383B CN 115277383 B CN115277383 B CN 115277383B CN 202210899660 A CN202210899660 A CN 202210899660A CN 115277383 B CN115277383 B CN 115277383B
- Authority
- CN
- China
- Prior art keywords
- service
- instruction
- log
- target return
- return value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000004590 computer program Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 description 10
- 238000001914 filtration Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012512 characterization method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000036632 reaction speed Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- HRANPRDGABOKNQ-ORGXEYTDSA-N (1r,3r,3as,3br,7ar,8as,8bs,8cs,10as)-1-acetyl-5-chloro-3-hydroxy-8b,10a-dimethyl-7-oxo-1,2,3,3a,3b,7,7a,8,8a,8b,8c,9,10,10a-tetradecahydrocyclopenta[a]cyclopropa[g]phenanthren-1-yl acetate Chemical compound C1=C(Cl)C2=CC(=O)[C@@H]3C[C@@H]3[C@]2(C)[C@@H]2[C@@H]1[C@@H]1[C@H](O)C[C@@](C(C)=O)(OC(=O)C)[C@@]1(C)CC2 HRANPRDGABOKNQ-ORGXEYTDSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A log generation method, a log generation device, electronic equipment and a computer readable storage medium belong to the field of computers. The log generation method comprises the following steps: obtaining target return values carried in service messages, wherein at least one of service scenes and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; and recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type. Because at least one of the service scenes and the instruction types corresponding to different return values is different, when the return values are received, the corresponding service scenes and instruction types can be determined according to the return values, so that log information comprising the service scenes and the instruction types is obtained, the log information is more detailed, and the use requirements of users are met.
Description
Technical Field
The present invention relates to the technical field of computers, and in particular, to a log generating method, a log generating device, an electronic device, and a computer readable storage medium.
Background
Currently, network attacks are more and more, a large number of network security devices are developed and applied to actual environments, and various service demands can be realized by configuring the network security devices. Many of these business requirements require the use of different instructions to assist in implementation.
At present, the log function in the network security equipment can only perform unified log record, and often only can record basic information of instructions. However, in practical applications, it is difficult to satisfy the use requirement of the user by only recording the log of the basic information of the instruction.
Disclosure of Invention
The application provides a log generation method, a log generation device, electronic equipment and a computer readable storage medium, which are used for solving the problem that the existing log only records basic information of instructions and is difficult to meet the use requirement of a user.
The application provides a log generation method, which comprises the following steps: obtaining target return values carried in service messages, wherein at least one of service scenes and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; and recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type.
In the embodiment of the application, since at least one of the service scenes and the instruction types corresponding to different return values is different, when the return values are received, the corresponding service scenes and instruction types can be determined according to the return values, and further log information comprising the service scenes and the instruction types is obtained, so that the log information is more detailed, and further the use requirements of users are met.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, the determining, based on the target return value, a service scenario and an instruction category corresponding to the target return value includes: and determining service scenes and instruction types corresponding to the target return values based on the target return values and a preset configuration file, wherein the preset configuration file comprises the service scenes and the instruction types corresponding to the return values including the target return values.
In the embodiment of the application, the configuration file comprises the service scenes and the instruction types corresponding to the return values including the target return values, so that the service scenes and the instruction types corresponding to the return values can be quickly inquired based on the configuration file, and the reaction speed is improved.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, after the recording the service scenario and the instruction category in the log, the method further includes: correcting a target return value in the service message to an original default value corresponding to the instruction type, wherein the original default values of the same instruction type in different scenes are consistent; and feeding back the service message with the returned value being the original default value to the appointed equipment.
In the embodiment of the application, the target return value in the service message is corrected to the original default value corresponding to the instruction type, and then the service message with the return value of the original default value is fed back to the appointed equipment, so that the appointed equipment can identify the received return value and cannot cause faults due to the fact that the return value in the configuration file cannot be identified, and the application range of the scheme can be improved.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, the log information further includes at least one of a source IP (Internet Protocol ) address, a destination IP address, a source port, a destination port, a protocol type, and a configuration instruction.
In the embodiment of the application, the log is also recorded with the source IP address, the destination IP address, the source port, the destination port, the protocol type and the configuration instruction, so that the information recorded in the log is more detailed, and further the log can meet the use requirement of a user.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, the instruction is any one of a redirection instruction, a filtering interception instruction, and an instruction for returning specified content to the client.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, the obtaining a target return value carried in a service packet includes: receiving a service request message sent by a designated device, wherein the service request message comprises the service scene; determining the instruction type based on the service request message; and generating a service message carrying the target return value according to the instruction type and the service scene.
In the embodiment of the application, the service message carrying the target return value can be generated according to the service request message including the service scene sent by the designated equipment, and the return value is not required to be configured in the designated equipment, so that the application range of the scheme can be expanded.
In a second aspect, the present application provides a log generating apparatus, including: the log module is used for acquiring target return values carried in the service message, wherein at least one of service scenes and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; and recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type.
With reference to the technical solution provided in the first aspect, in some possible implementation manners, the implementation log generating apparatus further includes: the service module is used for receiving a service request message sent by the appointed equipment, wherein the request message comprises the service scene; determining the instruction type based on the service request message; and generating a service message carrying the target return value according to the instruction type and the service scene.
In a third aspect, an embodiment of the present application further provides an electronic device, including: the device comprises a memory and a processor, wherein the memory is connected with the processor; the memory is used for storing programs; the processor is configured to invoke the program stored in the memory to perform the method as provided by the embodiments of the first aspect and/or any of the possible implementation manners in combination with the embodiments of the first aspect.
In a fourth aspect, the embodiments of the present application further provide a computer readable storage medium having stored thereon a computer program which, when executed by a computer, performs a method as provided by the embodiments of the first aspect and/or any of the possible implementations in combination with the embodiments of the first aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a log generation method according to an embodiment of the present application;
FIG. 2 is a flow chart of yet another log generation method according to an embodiment of the present disclosure;
fig. 3 is a block diagram of a log generating apparatus according to an embodiment of the present application;
fig. 4 is a block diagram of a day electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Also, relational terms such as "first," "second," and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Furthermore, the term "and/or" in this application is merely an association relation describing an association object, and indicates that three relations may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone.
The technical solutions of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a flowchart of a log generation method according to an embodiment of the present application, and the steps included in the log generation method will be described with reference to fig. 1.
S100: and obtaining a target return value carried in the service message.
At least one of service scenes and instruction types corresponding to different return values is different.
The service scenario may be any scenario, for example, a load balancing scenario, a forward proxy scenario, a reverse proxy scenario, etc., and the service scenario may be set according to actual requirements, which is not limited herein by the specific type.
The instruction type may be any type of instruction, and may be set according to actual requirements, and the specific type thereof is not limited herein.
For example, the instruction is any one of a redirect instruction, a filter intercept instruction, and an instruction to return specified content to the client.
The specific data of the return value may be set according to actual requirements, and the specific type thereof is not limited here.
For example, return value 1001 corresponds to business scenario 1, instruction 1; the return value 1002 corresponds to the service scenario 2 and the instruction 1; the return value 1003 corresponds to the service scene 1 and the instruction 2; the return value 1004 corresponds to the service scenario 2 and the instruction 2; the return value 1005 corresponds to business scenario 3, instruction 1, etc.
It may be understood that the service message may be generated and sent by a third party, or may be generated by a unit in a device that performs the log generating method, for example, a service unit in the log generating device may generate a service message carrying the target return value, and then the log unit in the log generating device obtains the service message.
S200: and determining the service scene and the instruction type corresponding to the target return value based on the target return value.
In one embodiment, in order to increase the reaction speed, a configuration file may be preset, and after the target return value is obtained, a service scene and an instruction type corresponding to the target return value are determined based on the target return value and the preset configuration file, where the preset configuration file includes service scenes and instruction types corresponding to the return values including the target return value.
For example, the configuration file includes return values 1001, 1002, 1003, 1004, 1005, where the return value 1001 corresponds to the service scenario 1 and the instruction 1; the return value 1002 corresponds to the service scenario 2 and the instruction 1; the return value 1003 corresponds to the service scene 1 and the instruction 2; the return value 1004 corresponds to the service scenario 2 and the instruction 2; the return value 1005 corresponds to business scenario 3, instruction 1. At this time, when receiving the return value 1001, the service scene and the instruction type corresponding to 1001 can be obtained according to the configuration file, which are the service scene 1 and the instruction type 1 respectively; when the return value 1003 is received, the service scene and the instruction category corresponding to the return value 1003 can be obtained according to the configuration file, and the service scene 1 and the instruction category 2 are respectively obtained.
S300: and recording the service scene and the instruction type into the log to obtain log information containing the service scene and the instruction type.
After the service scene and the instruction type are obtained according to S200, the service scene and the instruction type may be recorded into the log, so as to obtain log information more detailed than the existing log.
In one embodiment, in order to enable other electronic devices to identify the return value returned by the electronic device executing the scheme, after step S300, the target return value in the service packet needs to be corrected to an original default value corresponding to the instruction type, where the original default values of the same instruction type in different scenes are consistent; and feeding back the service message with the returned value being the original default value to the designated equipment.
For example, the target return value is 1001, the return value 1001 corresponds to the service scenario 1 and the instruction 1, and the original default value corresponding to the instruction 1 is 301, after the service scenario 1 and the instruction 1 are recorded to the log information, the return value 1001 is corrected to 301, and then the service message with the return value 301 is fed back to the designated device, so that the designated device can identify the corresponding instruction according to the return value 301.
In order to facilitate understanding of the above-mentioned association relationship between the target return value, the original default value, the service scenario, and the instruction type, refer to table 1.
TABLE 1
The normal return value in table 1 is the original default value described above. As shown in table 1, the original default values of the same instruction are the same, so that information such as a service scene cannot be obtained based on the original default values, and further log information including the service scene cannot be obtained.
Where "return" appearing in the normal configuration instruction and the logged configuration instruction indicates a return instruction, for example, return 200'hello' means that the response was successful, and the "hello" character string is given to the specified device. return 301http:// www.baidu.com denotes redirect to hundred degrees; return 403 indicates that the server refuses the request. The specific implementation and implementation principles of the return instruction are well known to those skilled in the art, and are not described in detail herein for brevity.
The above examples are for ease of understanding only, and the normal return values are not limited to 301, 403, 200 described above, and may include:
and returning a value 200, corresponding to the success instruction, to indicate that the server has successfully processed the request. Typically, this means that the server provides the requested web page.
Returning to value 201, corresponding to the "created" instruction, the characterization request was successful and the server created the new resource.
Return value 202, corresponding to the "received" instruction, characterizes the server as having received the request, but not yet processed.
Return value 203, corresponding to the "unauthorized info" instruction, characterizes that the server has successfully processed the request, but the returned information may come from another source.
Return value 204, corresponding to the "no content" instruction, characterizes that the server successfully processed the request, but did not return any content.
Return value 205, corresponding to the "reset content" instruction, characterizes that the server successfully processed the request, but did not return any content.
Return value 206, corresponding to the "partial content" instruction, characterizes the server successfully processed the partial GET request (data delivered via URL (uniform resource locator, uniform resource location system)).
Returning a value 300, corresponding to the "multiple select" instruction, characterizes that the server may perform various operations for the request. The server may select an operation according to a requester (user agent) or provide a list of operations for the requester to select.
Returning to value 301, corresponding to the "permanent move" instruction, the requested web page is characterized as having been permanently moved to a new location. When the server returns this response (a response to a GET or HEAD request), the requestor is automatically moved to the new location.
Returning to value 302, corresponding to the "move temporarily" instruction, the token server now responds to the request from a web page at a different location, but the requestor should continue to use the original location for future requests.
Return value 303, corresponding to the "view other location" instruction, characterizes that the requestor should use a separate GET request for a different location to retrieve the response, the server returns this code.
Returning to value 304, corresponding to the "unmodified" instruction, characterizes that the requested web page has not been modified since the last request. When the server returns the response, the webpage content is not returned.
A value 305 is returned, corresponding to the "use agent" instruction, characterizing that the requestor can only access the requested web page using the agent. If the server returns this response, it also indicates that the requestor should use the proxy.
Returning to value 307, corresponding to the "temporary redirect" instruction, the token server now responds to the request from a web page at a different location, but the requestor should continue to use the original location for future requests.
Returning to value 400, corresponding to the "error request" instruction, the token server does not understand the syntax of the request.
A return value 401, corresponding to an "unauthorized" instruction, characterizes the request for authentication. For web pages that need to be logged in, the server may return this response.
And returning a value 403, and corresponding to the 'forbidden' instruction, wherein the token server refuses the request.
And returning a value 404, wherein the representation server cannot find the requested webpage corresponding to the 'not found' instruction.
And returning a value 405, corresponding to the "method disable" instruction, to characterize the method specified in the disable request.
Returning to value 406, corresponding to the "not accepted" instruction, characterizes the web page that cannot respond to the request with the requested content properties.
Returning a value 407, corresponding to the "agent authorization required" instruction, characterizes this status code as similar to 401 (unauthorized), but specifies that the requestor should authorize the use of the agent.
Returning to value 408, corresponding to the "request timeout" instruction, the token server waits for a request to timeout.
Return value 409, corresponding to the "conflict" instruction, characterizes the server as conflicting when the request is completed. The server must include information about the conflict in the response.
Returning a value 410, corresponding to the "deleted" instruction, characterizes that if the requested resource has been permanently deleted, the server returns this response.
Return value 411, corresponding to the "need for valid length" instruction, characterizes the server not to receive a request that does not contain a valid content length header field.
And a return value 412, corresponding to the "unsatisfied precondition" instruction, indicating that the server does not satisfy one of the preconditions set by the requestor in the request.
Returning a value 413, corresponding to the "request entity oversized" instruction, characterizes that the server cannot process the request because the request entity is oversized, beyond the processing capabilities of the server.
Returning a value 414, the server cannot handle the request's URI (typically web address) is characterized as too long, corresponding to the "request URI (Uniform Resource Identifier ) too long" instruction.
Returning to value 415, corresponding to the "unsupported media type" instruction, the format characterizing the request is not supported by the requested page.
Return value 416, corresponding to the "request scope disagreement" instruction, characterizes that if the page fails to provide the scope of the request, the server will return this status code.
Return value 417, corresponding to the "not satisfying expected value" instruction, characterizes the server as not satisfying the requirements of the "expected" request header field.
And returning a value 500, wherein the value indicates that the server encounters an error and cannot complete the request according to the 'server internal error' instruction.
The return value 501, corresponding to the "not yet implemented" instruction, characterizes the server as not possessing the function of completing the request. For example, the server may return this code when it fails to identify the request method.
And returning a value 502, corresponding to the error gateway command, wherein the characterization server acts as a gateway or proxy, and an invalid response is received from an upstream server.
Returning to value 503, corresponding to the "service unavailable" instruction, the server is characterized as currently unavailable (due to overload or downtime maintenance). Typically, this is only a temporary state.
Returning to value 504, corresponding to the "gateway timeout" instruction, the token server acts as a gateway or proxy, but does not receive a request from the upstream server in time.
Returning to value 505, corresponding to the "HTTP version unsupported" instruction, the token server does not support the version of the HTTP protocol used in the request.
The log information may include at least one of a source IP address, a destination IP address, a source port, a destination port, a protocol type, and a configuration instruction, in addition to the above-mentioned service scenario and instruction type. Therefore, the information recorded by the log information is more detailed so as to meet the use requirement of users.
The configuration instruction refers to instruction content corresponding to a target return value, and the configuration instruction corresponding to the configuration return value 1001 in table 1 is "return 1001http:// www.baidu.com; ". The specific content of the configuration instruction needs to be determined according to the target return value, so that the configuration instruction corresponding to each return value can be recorded in the configuration file, and the corresponding configuration instruction can be conveniently searched according to the target return value.
In order to expand the application range of the scheme, the specified device interacting with the device executing the scheme can normally perform data interaction without configuring a return value, and the specific steps of S100 can be as follows: firstly, receiving a service request message sent by appointed equipment, wherein the service request message comprises a service scene; determining the instruction type based on the service request message; and generating a service message carrying the target return value according to the instruction type and the service scene.
For example, the service scenario included in the service request packet is service scenario 1, the instruction type determined based on the service request packet is instruction 1, and if the return value 1001 corresponds to service scenario 1 and instruction 1, the target return value in the generated service packet is 1001.
For a further understanding of the above log generation method, please refer to fig. 2. It should be noted that the principle shown in fig. 2 is one of many embodiments of the log generation method of the present application, and thus, the manner shown in fig. 2 should not be construed as limiting the present application.
As shown in fig. 2, a service request message carrying a service scene sent by a designated device is received first, then an instruction type is determined based on the service request message, and then a service message carrying a target return value is generated according to the instruction type and the service scene. Then, receiving a service message, acquiring a target return value carried in the service message, determining a service scene and an instruction type corresponding to the target return value based on the target return value, recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type, correcting the target return value in the service message to an original default value corresponding to the instruction type, and finally feeding back the service message with the return value of the original default value to a designated device.
Alternatively, steps S110-S130 may be performed by a business module and steps S140-S180 may be performed by a log module; alternatively, the log module may perform only steps S140-S160, and steps S170-S180 are performed by the log module, and the specific execution module of each step in the method is not limited herein. The log module and the service module are two different modules in the same device.
It will be appreciated that steps S110-S130 may be performed by the service requesting device, i.e. by the designated device, while steps S140-S180 are performed by the device receiving the service request, e.g. a server or the like.
The specific implementation of each step of the log generating method shown in fig. 2 is already described above, and will not be described here again for brevity.
In order to facilitate understanding of the above-described log generation method, an example will be described below in which the log generation method is applied to NGINX (alias engine x, a high-performance HTTP and reverse proxy web server).
First, since the original default value for return values in NGINX is less than 999, return values in NGINX can be extended to be able to distinguish the meaning of different return values. For example, a return value corresponding to the filter intercept instruction in the a scene may be set to 1001. Thus, the method is applicable to a variety of applications. After the NGINX receives the service request message in the a scene sent by the designated device, if the filtering and intercepting service module in the NGINX determines that the service request message needs to be intercepted, generating a service message including a target return value 1001, sending the service message to a REWRITE module, and determining the service scene and the instruction type, namely, the a scene and the filtering and intercepting instruction by the REWRITE module according to the target return value 1001, and recording the a scene and the filtering and intercepting instruction into log information. And then correcting the return value 1001 to be the original default value 403 of the filtering interception instruction, and feeding back the service message with the return value 403 to the designated equipment to complete data interaction.
Referring to fig. 3, fig. 3 is a block diagram of a log generating device 100 according to the present application, including a log module 110 and a service module 120.
The log module 110 is configured to obtain a target return value carried in the service packet, where at least one of service scenarios and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; and recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type.
The log module 110 is specifically configured to determine a service scenario and an instruction category corresponding to the target return value based on the target return value and a preset configuration file, where the preset configuration file includes the service scenario and the instruction category corresponding to each return value including the target return value.
The log module 110 is specifically configured to modify the target return value in the service packet to an original default value corresponding to the instruction type, where the original default values of the same instruction type in different scenarios are consistent; and feeding back the service message with the returned value being the original default value to the appointed equipment.
In one embodiment, the log information further includes at least one of a source IP address, a destination IP address, a source port, a destination port, a protocol type, and a configuration instruction.
In one embodiment, the instruction is any one of a redirect instruction, a filter intercept instruction, and an instruction to return specified content to the client.
The log generating apparatus 100 further includes a service module 120, configured to receive a service request packet sent by a specified device, where the request packet includes the service scenario; determining the instruction type based on the service request message; and generating a service message carrying the target return value according to the instruction type and the service scene.
The log generating apparatus 100 provided in the embodiments of the present application has the same implementation principle and technical effects as those of the embodiments of the log generating method, and for the sake of brevity, reference may be made to the corresponding content in the embodiments of the log generating method where the embodiment of the apparatus is not mentioned.
Please refer to fig. 4, which illustrates an electronic device 200 according to an embodiment of the present application. The electronic device 200 includes: transceiver 210, memory 220, communication bus 230, processor 240.
The transceiver 210, the memory 220, and the processor 240 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically coupled to each other via one or more communication buses 230 or signal lines. Wherein the transceiver 210 is configured to transmit and receive data. The memory 220 is used for storing a computer program, such as the software functional modules shown in fig. 3, i.e., the log generating apparatus 100. The log generating device 100 includes at least one software function module that may be stored in the memory 220 in the form of software or firmware (firmware) or cured in an Operating System (OS) of the electronic device 200. The processor 240 is configured to execute executable modules stored in the memory 220, such as software functional modules or computer programs included in the log generation device 100. At this time, the processor 240 is configured to obtain a target return value carried in the service packet, where at least one of service scenarios and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; and recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type.
The Memory 220 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 240 may be an integrated circuit chip with signal processing capabilities. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 240 may be any conventional processor or the like.
The electronic device 200 includes, but is not limited to, a personal computer, a server, and the like.
The embodiments of the present application also provide a non-volatile computer readable storage medium (hereinafter referred to as a storage medium) on which a computer program is stored, which when executed by a computer such as the above-described electronic device 200, performs the above-described log generation method. The computer-readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (9)
1. A log generation method, comprising:
obtaining target return values carried in service messages, wherein at least one of service scenes and instruction types corresponding to different return values is different;
determining a service scene and an instruction type corresponding to the target return value based on the target return value;
recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type;
wherein, after the service scene and the instruction category are recorded in the log, the method further comprises:
correcting a target return value in the service message to an original default value corresponding to the instruction type, wherein the original default values of the same instruction type in different scenes are consistent;
and feeding back the service message with the returned value being the original default value to the appointed equipment.
2. The method of claim 1, wherein the determining, based on the target return value, a service scenario and a class of instructions corresponding to the target return value includes:
and determining service scenes and instruction types corresponding to the target return values based on the target return values and a preset configuration file, wherein the preset configuration file comprises the service scenes and the instruction types corresponding to the return values including the target return values.
3. The method of claim 1, wherein the log information further comprises at least one of a source IP address, a destination IP address, a source port, a destination port, a protocol type, and a configuration instruction.
4. The method of claim 1, wherein the instruction is any one of a redirect instruction, a filter intercept instruction, and an instruction to return specified content to the client.
5. The method of claim 1, wherein prior to obtaining the target return value carried in the service message, the method further comprises:
receiving a service request message sent by a designated device, wherein the service request message comprises the service scene;
determining the instruction type based on the service request message;
and generating a service message carrying the target return value according to the instruction type and the service scene.
6. A log generating apparatus, comprising:
the log module is used for acquiring target return values carried in the service message, wherein at least one of service scenes and instruction types corresponding to different return values is different; determining a service scene and an instruction type corresponding to the target return value based on the target return value; recording the service scene and the instruction type into a log to obtain log information containing the service scene and the instruction type;
the log module is further configured to modify a target return value in the service packet to an original default value corresponding to the instruction type, where the original default values of the same instruction type in different scenes are consistent; and feeding back the service message with the returned value being the original default value to the appointed equipment.
7. The log generating apparatus according to claim 6, wherein the log generating apparatus further comprises:
the service module is used for receiving a service request message sent by the appointed equipment, wherein the request message comprises the service scene; determining the instruction type based on the service request message; and generating a service message carrying the target return value according to the instruction type and the service scene.
8. An electronic device, comprising: the device comprises a memory and a processor, wherein the memory is connected with the processor;
the memory is used for storing programs;
the processor is configured to invoke a program stored in the memory to perform the method of any of claims 1-5.
9. A computer-readable storage medium, on which a computer program is stored, which computer program, when being run by a computer, performs the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210899660.2A CN115277383B (en) | 2022-07-28 | 2022-07-28 | Log generation method, device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210899660.2A CN115277383B (en) | 2022-07-28 | 2022-07-28 | Log generation method, device, electronic equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277383A CN115277383A (en) | 2022-11-01 |
| CN115277383B true CN115277383B (en) | 2024-03-12 |
Family
ID=83772475
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210899660.2A Active CN115277383B (en) | 2022-07-28 | 2022-07-28 | Log generation method, device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277383B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108170585A (en) * | 2017-12-26 | 2018-06-15 | 广东欧珀移动通信有限公司 | Log processing method and device, terminal equipment and storage medium |
| CN108322350A (en) * | 2018-02-27 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Business monitoring method and device and electronic equipment |
| CN110602135A (en) * | 2019-09-25 | 2019-12-20 | 北京金山安全软件有限公司 | Network attack processing method and device and electronic equipment |
| CN114168369A (en) * | 2020-09-10 | 2022-03-11 | 腾讯科技(深圳)有限公司 | Log display method, device, equipment and storage medium |
| CN114579394A (en) * | 2022-01-27 | 2022-06-03 | 深圳绿米联创科技有限公司 | Log viewing method, log generating method and device and electronic equipment |
| CN114647548A (en) * | 2020-12-18 | 2022-06-21 | 网联清算有限公司 | A log generation method and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7496896B2 (en) * | 2003-07-17 | 2009-02-24 | Computer Associates Think, Inc. | Accessing return values and exceptions |
| US20150143180A1 (en) * | 2013-11-21 | 2015-05-21 | Microsoft Corporation | Validating software characteristics |
| US9354963B2 (en) * | 2014-02-26 | 2016-05-31 | Microsoft Technology Licensing, Llc | Service metric analysis from structured logging schema of usage data |
| US9892260B2 (en) * | 2015-04-20 | 2018-02-13 | SafeBreach Ltd. | System and method for creating and executing breach scenarios utilizing virtualized elements |
| US11928605B2 (en) * | 2019-08-06 | 2024-03-12 | International Business Machines Corporation | Techniques for cyber-attack event log fabrication |
-
2022
- 2022-07-28 CN CN202210899660.2A patent/CN115277383B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108170585A (en) * | 2017-12-26 | 2018-06-15 | 广东欧珀移动通信有限公司 | Log processing method and device, terminal equipment and storage medium |
| CN108322350A (en) * | 2018-02-27 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Business monitoring method and device and electronic equipment |
| CN110602135A (en) * | 2019-09-25 | 2019-12-20 | 北京金山安全软件有限公司 | Network attack processing method and device and electronic equipment |
| CN114168369A (en) * | 2020-09-10 | 2022-03-11 | 腾讯科技(深圳)有限公司 | Log display method, device, equipment and storage medium |
| CN114647548A (en) * | 2020-12-18 | 2022-06-21 | 网联清算有限公司 | A log generation method and device |
| CN114579394A (en) * | 2022-01-27 | 2022-06-03 | 深圳绿米联创科技有限公司 | Log viewing method, log generating method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277383A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067914B (en) | web service proxy method, device, equipment and storage medium | |
| CA2732540C (en) | Methods for optimizing a web content proxy server and devices thereof | |
| US7877463B2 (en) | Method and systems for providing access to dynamic content via static pages | |
| US8738711B2 (en) | System and method for redirecting client-side storage operations | |
| CN104094554B (en) | Implicit SSL certificate management without server name indication (SNI) | |
| US8122513B2 (en) | Data storage device, data storage method, and program thereof | |
| US7987266B2 (en) | Failover in proxy server networks | |
| CN106169963B (en) | The access method and system of service page, proxy server | |
| JP2002518726A (en) | A highly scalable proxy server using plug-in filters | |
| CN102299954A (en) | context-specific network resource addressing model for distributed services | |
| WO2013143403A1 (en) | Method and system for accessing website | |
| US20060173815A1 (en) | Facilitating Identification of Entire Web Pages When Each Web Page is Rendered From Multiple Portions and Interest is Expressed Based on Content of the Portions | |
| US7219125B1 (en) | Method and apparatus for masking version differences in applications using a data object exchange protocol | |
| CN105871976A (en) | Data cross-domain request method and system, and devices | |
| CN115277383B (en) | Log generation method, device, electronic equipment and computer readable storage medium | |
| US20240171578A1 (en) | Website access management device through cataloged web address | |
| WO2018081963A1 (en) | Method and device for dns resolution and network system | |
| WO2020224108A1 (en) | Url interception and conversion method, device, and computer apparatus | |
| TWI546688B (en) | Method for processing url and associated server and non-transitory computer readable storage medium | |
| CN115987683B (en) | Node access control method, device, device and medium in blockchain network | |
| US12034726B1 (en) | Logging access types based on inserting tenant control headers into requests | |
| EP2041660A2 (en) | Conditional url for computer devices | |
| CN116828047A (en) | Method and device for processing repeated requests, storage medium and electronic equipment | |
| CN116132115A (en) | Hotlink protection method, device, electronic device, and computer-readable storage medium | |
| CN117171466A (en) | Request processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |