CN105139139B - Data processing method and device and system for O&M audit - Google Patents

Abstract

The invention discloses a kind of data processing method and device and system for O&M audit.Wherein, which includes: to receive external input account；Then default entry address is obtained, wherein default entry address is the sole inlet address that O&M auditing system carries out audit operation；O&M auditing system is logged in from default entry address according to external input account；After logging in O&M auditing system, the corresponding O&M behavior of the affiliated O&M permission of external input account is determined；O&M behavior is monitored again, obtains monitored results；It finally obtains and audits obtained auditing result after processing to monitored results.Through the invention, the safety and reliability of operation management is improved.

Description

Data processing method and device and system for O&M audit

Technical field

The present invention relates to the communications fields, in particular to a kind of data processing method and device for O&M audit And system.

Background technique

Audit is used as a kind of independent, objective activity, by the method for systematization and standardization, evaluates and monitor enterprise Risk management, control and governance process, its object is to by promoting enterprise to establish perfect internal control and comprehensive risk Management system is that enterprise increases value and improves the operational paradigm of enterprise, it is ensured that the operation security of enterprise.Information system is as enterprise Industry realizes the critical facility of its operations objective, it is contemplated that operation management prevents, finds mistake or separated with operation monitoring mechanism Rule event, to be taken precautions against, in thing Internet technology (Information Technology, referred to as IT) risk in advance The combination control of control, subsequent supervision and correction.It audits to IT system, is the important means controlled internal risk. If information system itself does not have security audit function, special security audit equipment is needed to configure, information system is carried out Security audit.

Currently, IT system password plays a significant role the safety of IT system.With increasing for IT system quantity, IT system The account password management workload of system is increasing, and complexity is also higher and higher.In order to meet IT system safety management requirement, IT The account password of system needs periodic modification, and this considerably increases the workloads of account password management.On the other hand, operation maintenance personnel pair The maintenance of audit work is also very inconvenient, and account password is often recorded on notepad by maintenance personnel, be easy to cause account mouth Enable leakage.In actual operation, account password is set to very regular, readily appreciates that the account mouth of other systems in this way It enables, since part system is to provide O&M service by outsourcing manufacturer, account password is also be easy to cause to reveal.Some units do not have account Number password management strategy, thus keep account password management system not stringent, security risk of hiding.

With the complexity that IT system is constituted, IT system can be safeguarded by a variety of entrances during O&M, This not being managed collectively IT system, unify setting security strategy etc., so as to cause various security risks.

During IT system O&M, there are a variety of management roles, similarly there are multiple management for the same role Personnel.These administrative staff may use the same account number of IT system, in this way once during O&M when safeguarding It goes wrong, is difficult to position the operation of specific someone.

It is facing to gather around privileged user, due to not can control its operation, it cannot be guaranteed that only believable user could visit It asks that it possesses the resource of permission, not can avoid and go beyond one's commission or the phenomenon that violation operation.

System log is not independent, can not prevent from being tampered, administrative staff may will be deleted log after having done violation operation, make At can not trace, violation operation can not be positioned.Also, system logging information is not comprehensive, and the information of record is relatively easy, no Convenient for retrieval.

Currently, all O&M processes are carried out duplicate be monitored online, offline by all O&M security audit equipment Playback, analysis, statistics cannot carry out targeted and distinctive audit operation according to the sensitivity of target O&M equipment. When O&M session number of concurrent is very high, O&M security audit equipment will affect the response speed of O&M operation, reduce operation management Reliability.

With IT system importance and on operation system influence it is increasing, relevant laws and regulations to its safety, Sustainability work, IT operational risk and enterprise's internal control etc. clearly require.These compliance inspections are faced at present, only It can be institutional inspection, illustrate how these systems are implemented without effective data and technology, not be able to satisfy conjunction rule The needs of property inspection, cause the security performance of operation management to reduce.

During operation management, to operation management process there are the problem of can not have and quantitatively or qualitatively analyze data, It can only be simply described in terms of security incident, cannot find potential risk, so that further auxiliary enterprises improve IT system Security Construction.

For in the related technology since not comprehensive operation audit method leads to the safety of operation management and reliable The low problem of property, currently no effective solution has been proposed.

Summary of the invention

The main purpose of the present invention is to provide it is a kind of for O&M audit data processing method and device and system, with At least solve the problems, such as that the safety and reliability of operation management is low.

To achieve the goals above, according to an aspect of the invention, there is provided at a kind of data for O&M audit Reason method.This method comprises: receiving external input account；Obtain default entry address, wherein default entry address is examined for O&M The sole inlet address of meter systems progress audit operation；O&M audit system is logged in from default entry address according to external input account System；After logging in O&M auditing system, the corresponding O&M behavior of the affiliated O&M permission of external input account is determined；Monitor O&M Behavior obtains monitored results；And it obtains and audits obtained auditing result after processing to monitored results.

Further, it is determined that the corresponding O&M behavior of the affiliated O&M permission of external input account comprises determining that external input The corresponding role of account；And external input account is awarded according to external input account and external input account corresponding role Power, obtains O&M permission.

Further, which includes: real-time monitoring mesh The central processing unit of O&M equipment, the bearing capacity of core buffer and network bandwidth are marked, judges the sensitive journey of target O&M equipment Degree；If the bearing capacity of the central processing unit of target O&M equipment, core buffer and network bandwidth is big and judges that target is transported When the sensitivity of dimension equipment is low, the audit form of switching target O&M equipment is inspection-free audit form；And if target is transported The bearing capacity for tieing up the central processing unit of equipment, core buffer and network bandwidth is small and judge the sensitive journey of target O&M equipment When spending high, the audit form of switching target O&M equipment is full inspection audit form.

Further, which includes: real-time monitoring mesh Mark the operating status of O&M equipment, wherein operating status include O&M agreement between auditing system and target O&M equipment and The process status and thread state of O&M session；O&M behavior is recorded according to operating status, obtains O&M record；O&M is recorded It is converted into graphic interface.

Further, monitored results include the operating process to O&M behavior, by O&M record and to the behaviour of O&M behavior Make process record in different types of log, obtain to monitored results audit the auditing result obtained after processing include: from O&M record and the operating process to O&M behavior are retrieved in different types of log, obtain search result；To search result into Row inquiry, or filing obtain query result, or filing result.

Further, after the auditing result obtained after processing is audited in acquisition to monitored results, this is used for O&M The data processing method of audit further include: back up different types of log, backup auditing result, wherein auditing result includes inspection Rope as a result, query result and filing as a result, the regular account password of automatic modification target O&M equipment.

To achieve the goals above, according to another aspect of the present invention, a kind of data for O&M audit are additionally provided Processing unit.The data processing equipment for being used for O&M audit includes: receiving unit, for receiving external input account；First Acquiring unit, for obtaining default entry address, wherein default entry address is that O&M auditing system carries out audit operation only One entry address；Unit is logged in, for logging in O&M auditing system from default entry address according to external input account；It determines single Member, for determining the corresponding O&M behavior of the affiliated O&M permission of external input account after logging in O&M auditing system；Monitoring Unit obtains monitored results for monitoring O&M behavior；And second acquisition unit, it is examined for obtaining to execute monitored results The auditing result obtained after meter processing.

Further, the data processing equipment for being used for O&M audit further include: determining module, for determining external input The corresponding role of account；And authorization module, for external according to external input account and the corresponding role of external input account Portion inputs account authorization, obtains O&M permission.

Further, the monitoring unit of the data processing equipment for being used for O&M audit includes: detection module, for real-time The bearing capacity of the central processing unit of monitoring objective O&M equipment, core buffer and network bandwidth；Judgment module, for judging mesh Mark the sensitivity of O&M equipment；First switching module, for when the central processing unit of target O&M equipment, core buffer and The bearing capacity of network bandwidth is big and when judging that the sensitivity of target O&M equipment is low, switches the audit mould of target O&M equipment Formula is inspection-free audit form；And second switching module, if for central processing unit, memory buffer when target O&M equipment The bearing capacity of device and network bandwidth is small and when judging that the sensitivity of target O&M equipment is high, and switching target O&M equipment is examined Meter mode is full inspection audit form.

To achieve the goals above, according to another aspect of the present invention, a kind of data for O&M audit are additionally provided Processing system.The data processing system for being used for O&M audit includes: firewall；Interchanger；Server；And O&M audit system System, for receiving external input account；Obtain default entry address, wherein default entry address is the progress of O&M auditing system The sole inlet address of audit operation；O&M auditing system is logged in from default entry address according to external input account；It is logging in After O&M auditing system, the corresponding O&M behavior of the affiliated O&M permission of external input account is determined；O&M behavior is monitored, is obtained Monitored results；And it obtains and audits obtained auditing result after processing to monitored results.

Through the invention, using reception external input account；Then default entry address is obtained, wherein default entrance Location is the sole inlet address that O&M auditing system carries out audit operation, realizes and is managed collectively to entry address, is reduced The security risk of operation management.O&M auditing system is logged in from default entry address further according to external input account；It is logging in After O&M auditing system, the corresponding O&M behavior of the affiliated O&M permission of external input account is determined, realize only reliable User could access data resource；O&M behavior is monitored again, obtains monitored results, improves the operation peace of target O&M equipment Entirely；It finally obtains and audits obtained auditing result after processing to monitored results, solve due to not comprehensive O&M The problem that auditing method causes the safety and reliability of operation management low, and then reached the safety for improving operation management And reliability.

Detailed description of the invention

The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.In the accompanying drawings:

Fig. 1 is the schematic diagram of the data processing system for O&M audit according to a first embodiment of the present invention；

Fig. 2 is the schematic diagram of the data processing system for O&M audit according to a second embodiment of the present invention；

Fig. 3 is the flow chart of the data processing method according to an embodiment of the present invention for O&M audit；And

Fig. 4 is the schematic diagram of the data processing equipment according to an embodiment of the present invention for O&M audit.

Specific embodiment

It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.

In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection It encloses.

It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein.In addition, term " includes " and " tool Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a series of steps or units Process, method, system, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include without clear Other step or units listing to Chu or intrinsic for these process, methods, product or equipment.

The present invention provides a kind of data processing systems for O&M audit.

Fig. 1 is the schematic diagram of the data processing system for O&M audit according to a first embodiment of the present invention.Such as Fig. 1 institute Show, which includes: firewall 10, interchanger 20, server 30 and O&M auditing system 40。

Firewall 10 is controlled for the O&M audit to target O&M equipment, specifically, can be according to specific O&M The security strategy of formulation is managed to allow, refuse or detect the information flow into network, client can be forbidden directly to log in Server logs on to target O&M equipment in turn, and client is avoided directly to be managed target O&M equipment.Optionally, pass through The mode of password authentication identifies the identity of user, to improve the safety in utilization of auditing system.

O&M audit, can provide statistical analysis abundant for user, and user is helped to find target O&M equipment in time Security risk, while optimizing using and managing to Internet resources.It can be to avoid client to target O&M by firewall 10 Equipment is directly managed.Wherein, to target O&M equipment be managed including to during O&M preparation stage in advance, Operation in thing in monitor stages and ex-post analysis stage is controlled.Optionally, the preparation stage in advance during O&M In operation include being managed to the login account of target O&M equipment, the role of operation maintenance personnel is managed, to O&M The permission of behavior control and control etc. the operation of the sensitive order of O&M；Operation packet in thing in monitor stages It includes and O&M order is monitored, on-line session is monitored and maintenance work state is monitored in real time etc.；In thing Operation in the post analysis stage includes that the information that the order of user's input is retrieved and inquired, is returned to system is retrieved Audit information is retrieved and is inquired and O&M operating process is played back etc. with inquiry, by many condition combination.

Interchanger 20 completes auditing system and server for regenerating to the O&M information during O&M Between O&M information exchange and O&M information forwarding, additional bandwidth can be provided for the biggish server of bandwidth usage.It is excellent Selection of land, interchanger 20 are three-tier switch, to accelerate the O&M information data exchange inside local area network.

Server 30, according to the difference of target O&M equipment, server 30 be can be based on (SuSE) Linux OS Linux server, the unix server based on UNIX operating system are also possible to the Window based on Windows operating system Server can also be database server.

O&M auditing system 40, for receiving external input account；Obtain default entry address, wherein default entrance Location is the sole inlet address that O&M auditing system carries out audit operation；It is logged according to external input account from default entry address O&M auditing system；After logging in O&M auditing system, the corresponding O&M row of the affiliated O&M permission of external input account is determined For；O&M behavior is monitored, monitored results are obtained；And it obtains and audits obtained auditing result after processing to monitored results.

This for O&M audit data processing system using single armed bypass mode dispose, that is, using physical bypass with The deployment way of logical gateway is disposed.Do not have to again configure network using single armed bypass mode, without changing network Topological structure, and do not have to software or hardware that any autonomic activities are installed on server 30 and client.It is examined in O&M The network protocol address (Internet Protocol, referred to as IP) of meter systems 40 and the IP address of target O&M equipment are reachable, And in the addressable situation of agreement of O&M auditing system 40 and target O&M equipment room, the account to target O&M equipment is realized It number is managed concentratedly, user logs in the single-sign-on that can once access all believable application systems, thus to O&M Process carries out real-time control, real-time auditing, and audit information cannot be modified arbitrarily, be fabricated, and then reach to operation management The purpose of the minimum control of operational risk.

Fig. 2 is the schematic diagram of the data processing system for O&M audit according to a second embodiment of the present invention.Such as Fig. 2 institute Show, which includes firewall 10, interchanger 20, interchanger 201, interchanger 202, interchanger 203, server 301, server 302 and server 303, O&M auditing system 40, client 501 and client 502.

The data processing system for O&M audit of the embodiment uses physical bypass, the deployment way of logical gateway. When client carries out O&M audit, O&M, which is audited, by interchanger 20, interchanger 201, interchanger 202 and interchanger 203 is O&M information of the system 40 during O&M is regenerated, and O&M auditing system 40 and server 301, server are completed 302 and server 303 O&M information exchange and O&M information forwarding, optionally, the connection of interchanger 201 and server 301, The connection of interchanger 202 and server 302, the connection of interchanger 203 and server 303, can by cable or optical fiber into Row connection.

Server 301, server 302 and server 303 can be the Linux server based on (SuSE) Linux OS, base In the unix server of UNIX operating system, Window server and database server based on Windows operating system In any one of server.The IP address of management objectives O&M equipment is set on each server, O&M auditing system The IP address of IP address and target O&M equipment is reachable.Default entry address is the sole inlet address for carrying out audit operation, is obtained Take default entry address, it is preferable that log in by this unique login entry address of O&M auditing system 40 and carry out with server Communication, realizes the purpose for O&M logentry address being managed collectively, being arranged uniform security policies.

Optionally, client 501 avoids directly logging on to server under the action of interchanger 20 by firewall 10 301, server 302 and server 303.Client 502 directly can also log on to server under the action of interchanger 20 301, server 302 and server 303.

In the thing preparation stage of O&M audit, external input account is received, according to external input account from default entrance Address logs in O&M auditing system, and user can be by entrance Portal unified login, and compatible client and server The connection equipment of (Client/Server, referred to as C/S).Wherein, external input account is optionally user account, user Logging in O&M auditing system 40 is logged in by user account.The user account is to represent user to log in the unique of identity Mark, user can be operation maintenance personnel or auditor.Default entry address is that O&M auditing system carries out audit operation Sole inlet address.After user logs in the success of O&M auditing system 40, optionally, by O&M auditing system 40 to target O&M equipment inputs the account password of target O&M equipment, then logs in the operation that target O&M equipment carries out O&M audit, from And user is made no longer to need to know the account password of target O&M equipment when operating, but pass through O&M auditing system 40 To input the account password of target O&M equipment.In addition, O&M auditing system 40 can be to the account password of target O&M equipment It is managed collectively, periodically automatic modification.The corresponding account password of each O&M agreement is different, to the account of each O&M agreement Password is used using once, and encryption is primary, the safety of protocol conversation certification is strengthened, to enhance to target O&M equipment Account password management and improve the account password intensity of target O&M equipment.External input account is logging in O&M audit Different O&M behaviors is corresponded to after system 40 according to affiliated O&M permission, operation maintenance personnel logs in O&M auditing system 40, O&M Auditing system 40 can authorize operation maintenance personnel according to authorization relation table, specifically, O&M auditing system 40 passes through offer Based on operation maintenance personnel account, operation maintenance personnel Role Management, O&M target device, O&M target device group, O&M period etc. into Row combination authorization, to realize control of the O&M auditing system 40 to O&M behavior.Optionally, operation maintenance personnel can pass through license Electronic document provides fortune by illustrating O&M situation to authoring system application O&M permission corresponding with O&M auditing system 40 Tie up the hardware characteristics code of auditing system 40, after the application time, authoring system provides license text by confirmation, to operation maintenance personnel Part, license file is uploaded to O&M auditing system 40 by operation maintenance personnel can be completed authority application.O&M is obtained in operation maintenance personnel After permission, it could normally log in target O&M equipment and carry out operation management.

The monitor stages in the thing of O&M audit, that is, logging in O&M auditing system 40 and acquisition pair in operation maintenance personnel After the O&M permission answered, O&M auditing system 40 can monitor O&M behavior, specifically, real-time monitoring target O&M equipment Central processing unit, core buffer and network bandwidth bearing capacity, judge the sensitivity of target O&M equipment.Preferably, Target O&M equipment has inspection-free audit form and full inspection audit form.If central processing unit, the memory of target O&M equipment The bearing capacity of buffer and network bandwidth is big, and when judging that the sensitivity of target O&M equipment is low, then target O&M is set Standby to be not suitable for auditing, the audit form of switching target O&M equipment is inspection-free audit form.If target O&M equipment The bearing capacity of central processing unit, core buffer and network bandwidth is small, and judges that the sensitivity of target O&M equipment is high When, then target O&M equipment can audit, and the audit form of switching target O&M equipment is full inspection audit form, thus logical It crosses according to the bearing capacity of the central processing unit of target O&M equipment, core buffer and network bandwidth and target O&M equipment Sensitivity realizes the intelligence switching of the multistage audit of O&M auditing system 40, realizes fine granularity multistage Audit control, improve The reliability of O&M audit process.

During monitoring in the thing of O&M audit, O&M auditing system 40 also follows blacklist mechanism, to the fortune forbidden Dimension order and O&M command set are controlled.During being monitored in real time to online O&M session, when O&M is audited When system 40 detects to order in violation of rules and regulations, soon alarms to administrative staff, enhance risk control dynamics.Meanwhile O&M is audited System 40 can also carry out real-time session blocking, blocked immediately when monitoring dangerous O&M operation O&M auditing system 40 with Operation connection between operation maintenance personnel, prevents unsafe accident.On the other hand, O&M auditing system 40 is able to record O&M Personnel operate in the O&M of entire O&M process, analyze character related with O&M behavior, including operate to order line Information when operating of order and echo message and non-character type analyzed, for example, analysis operation maintenance personnel to keyboard or The percussion information of mouse further records the percussion information of keyboard or mouse.

During monitoring in the thing of O&M audit, the operation shape of 40 real-time monitoring target O&M equipment of O&M auditing system State, wherein operating status include O&M agreement between O&M auditing system 40 and target O&M equipment and O&M session into Journey state and thread state；O&M behavior is recorded according to operating status, obtains O&M record；It converts O&M record to graphical Interface.Specifically, O&M auditing system 40 not only provides hardware resource, network state, the information of operating system process state Monitoring, and fine granularity monitor the process status and thread state of every kind of O&M agreement and O&M session.Wherein, process status It include: process identification number (Identification, referred to as ID), buffer size, listening port, operating mode, session number Deng；Thread state includes: O&M client ip, port, target O&M device IP, session buffer size, operating mode etc..It is logical Cross the record to operating status, obtain O&M record, can accurately master goal O&M equipment operation conditions, find in time It is abnormal, the reliability of O&M auditing system 40 is improved to the maximum extent.O&M auditing system 40 is also using analysis O&M agreement, base Reduction and virtualization technology in data packet convert graphic interface for O&M record, further grasp all O&Ms It is converted into graphic interface to be showed, realizes the simulation to O&M operation interface, to accurately grasp operation maintenance personnel All O&M operations, achieve the purpose that not lose the operation information about O&M behavior, convenient in the ex-post analysis of O&M Stage collects evidence.

O&M behavior is monitored, monitored results are obtained.The monitored results of O&M behavior include the operating process to O&M behavior, Specifically include the operating process of administrative staff, Security Officer, auditor to O&M behavior.O&M is recorded and to O&M behavior Operation process recording in different types of log, for example, being recorded in system log, system manager's log, safety officer Log, security audit person's log and operation maintenance personnel log etc..O&M auditing system 40 is recorded in detail by different types of log Operational process and all kinds of personnel to the operating process to target O&M equipment.Auditor can log in O&M auditing system pair Monitored results are audited, and by the method for systematization or standardization, evaluation and monitoring risk management and regulation effect etc. are obtained To auditing result.Then it obtains and audits obtained auditing result after processing to monitored results.It obtains and monitored results is executed The auditing result obtained after audit processing includes: that O&M record and the operation to O&M behavior are retrieved from different types of log Process obtains search result；Search result is inquired, or filing, obtains query result, or filing as a result, to Guarantee that O&M record and the operation information about O&M behavior are not lost.

After the auditing result obtained after processing is audited in acquisition to monitored results, auditing system 40 can be backed up not The log of same type, backup auditing result, wherein auditing result include from different types of log retrieve O&M record and it is right The search result that the operating process of O&M behavior obtains, and query result and filing result to search result.For example, Backup has record system log, the system manager's log, bursting tube of O&M record and the operating process to O&M behavior Reason person's log, security audit person's log and operation maintenance personnel log etc., and to the search result of different logs and to search result Query result and filing result.Back mechanism can be two-node cluster hot backup mode or strange land mutually for mode, meet business Continuity requirement；The data backup dump that can carry out auditing result, provides the data manually or automatically to auditing result Schedule backup is carried out, the call data storage of auditing result is met；Can be daily record data backup dump, provide manually or from Schedule backup dynamicly is carried out to audit log, meets the memory requirement of audit log；Can also be to the configuration data of system into Row backup dump, provides and manually or automatically carries out schedule backup to the configuration data of system.

Optionally, the software and hardware of the data processing system for being used for O&M audit uses the module of dynamic on-demand load Change design method, improve the stability of system, and is easy to later period extension.The system is not only able to through browser and service Device (Browser/Server, referred to as B/S) completes basic configuration requirement, can also with existing O&M workflow management, or Existing management platform or monitor supervision platform realize integration, realize more fine-grained operation management.The system supports single armed, concatenation Deployment mode does not influence business normal operation, and supports system administration and operative configuration based on B/S, whole operation configuration Process is simple, can realize in a short time the configuration of basic function, to reach online requirement.

The embodiment of the data processing system audited for O&M makes client 501 avoid directly existing by firewall 10 Server 301, server 302 and server 303 are logged on under the action of interchanger 20.Client 502 can also handed over directly It changes planes and logs on to server 301, server 302 and server 303 under the action of 20.By interchanger 20, interchanger 201 is handed over Change planes 202 and interchanger 203 O&M information of the O&M auditing system 40 during O&M is regenerated, complete O&M The O&M information exchange and O&M information of auditing system 40 and server 301, server 302 and server 303 forward.O&M is examined Meter equipment 40 is for obtaining default entry address, wherein default entry address is the sole inlet address for carrying out audit operation；It obtains Take default account；It is logged according to external input account from default entry address, wherein external input account is after the login Different O&M behaviors is corresponded to according to affiliated O&M permission；O&M behavior is monitored, monitored results are obtained；And to monitored results into Row audit, obtains auditing result, improves the safety and reliability of operation management.

The embodiment of the invention also provides a kind of data processing methods for O&M audit.

Fig. 3 is the flow chart of the data processing method according to an embodiment of the present invention for O&M audit, needs to illustrate It is that the data processing method for being used for O&M audit can be used for executing the data processing system for O&M audit.Such as Fig. 3 institute Show, method includes the following steps:

Step S302 receives external input account.

In the preparation stage in advance of O&M process, external income account is received.External input account is optionally user Account, user, which logs in O&M auditing system, to be logged in by user account, which is particular user in user Relatively unique coding, represents the unique identification that user logs in identity in system, can be identification card number, the Yong Hugong of user Number, computer network address or other and the one-to-one account of user, make operation behavior and user of the user during O&M Account binding is got up, and then is got up with user-association.Wherein, user can be operation maintenance personnel or auditor.It receives external Account is inputted, that is, receiving user account.

Step S304 obtains default entry address, wherein default entry address is that O&M auditing system carries out audit operation Sole inlet address.

The IP address of O&M auditing system and the IP address of target O&M equipment are reachable.Default entry address is to audit The sole inlet address of operation obtains default entry address, it is preferable that obtain this unique login entrance of O&M auditing system IP address.

Step S306 logs in O&M auditing system from default entry address according to external input account.

According to external input account from default entry address log in O&M auditing system, that is, according to user account with and The IP address of O&M auditing system logs in O&M auditing system, carries out unified pipe to O&M logentry address to realize The purpose of reason, setting uniform security policies.Optionally, operation maintenance personnel only need to log in when input external input account and with outside The corresponding password of input account can log in O&M auditing system, and O&M auditing system fills out target O&M equipment for operation maintenance personnel generation Account password, then log in target O&M equipment carry out O&M audit operation, thus make user when operating no longer Need to know the account password of target O&M equipment.Optionally, operation maintenance personnel can be examined by licensable electronic file to O&M The corresponding authoring system application O&M permission of meter systems provides the hardware characteristics of O&M auditing system by illustrating O&M situation Code, the application time, then authorized system confirmation, provides license file to operation maintenance personnel, operation maintenance personnel uploads license file Authority application can be completed to O&M auditing system.After the permission that operation maintenance personnel obtains O&M behavior, could normally it log in Target O&M equipment is operated.

Step S308 determines the corresponding fortune of the affiliated O&M permission of external input account after logging in O&M auditing system Dimension behavior.

After user logs in O&M auditing system, according to the work duty of the security strategy of O&M process and operation maintenance personnel Duty carries out authority distribution to operation maintenance personnel, which accessible target O&M equipment of operation maintenance personnel is determined, to target O&M equipment Which operation carried out.Determine the corresponding role of external input account, specifically, can by O&M auditing system to user into Row definition, by password, perhaps the modes such as authentication code or double factor authentication carry out role's certification to user, for example, certification is used The role at family is operation maintenance personnel perhaps auditor perhaps administrative staff or Security Officer etc., thus according to different angles Color is managed user.According to external input account and the corresponding role of external input account to external input account authorization, O&M permission is obtained, makes operation maintenance personnel that can only carry out authorized O&M behavior.For operation maintenance personnel go beyond one's commission or in violation of rules and regulations grasp Make, can give a warning, in order to which Security Officer can analyze this generic operation, further by administrative staff to going beyond one's commission or Violation operation is prevented, and avoids just finding in the case where having already appeared serious consequence.Optionally, according to operation maintenance personnel account, The role of operation maintenance personnel, O&M target device, O&M target device group, O&M period etc. are combined authorization, obtain O&M The corresponding O&M behavior of O&M permission described in personnel guarantees that operation maintenance personnel can only operate the target fortune belonged in terms of reference of employment It ties up equipment and carries out O&M behavior.And the specification and limitation for carrying out command-levels to the operation of operation maintenance personnel are prevented due to accidentally Operation or the possible unforeseen result of malicious operation.To super keepe, system manager, safety officer, Security audit person can also further ZOOM analysis permission, it is ensured that the safety and reliability of O&M auditing system, to improve The safety and reliability of operation management.

Step S310 monitors O&M behavior, obtains monitored results.

After determining the corresponding O&M behavior of the affiliated O&M permission of external input account, in the thing scala media of O&M process Section, the bearing capacity of the central processing unit of real-time monitoring target O&M equipment, core buffer and network bandwidth, judges target O&M The sensitivity of equipment.Preferably, target O&M equipment has inspection-free audit form and full inspection audit form.If target O&M The bearing capacity of the central processing unit of equipment, core buffer and network bandwidth is big, and judges the sensitivity of target O&M equipment When degree is low, then target O&M equipment is not suitable for auditing, and the audit form of switching target O&M equipment is inspection-free audit mould Formula.If the bearing capacity of the central processing unit of target O&M equipment, core buffer and network bandwidth is small, and judges target When the sensitivity of O&M equipment is high, then target O&M equipment can audit, and switch the audit form of target O&M equipment For full inspection audit form, to pass through holding according to the central processing unit of target O&M equipment, core buffer and network bandwidth The sensitivity of carrying capacity and target O&M equipment is realized intelligence switching and the fine granularity multistage Audit control of multistage audit, is mentioned The high reliability of O&M audit process.

During monitoring in the thing of O&M audit, it then follows blacklist mechanism, it can be to the O&M order forbidden and O&M Command set controlled and when control violation event.During monitoring in real time to online O&M session, work as inspection It when measuring order in violation of rules and regulations, alarms, is ordered in violation of rules and regulations so that administrative staff recognize to have in time, to prevent violation O&M immediately Operation enhances risk control dynamics, and then eliminates risk.Meanwhile fortune is blocked immediately when monitoring dangerous O&M operation The operation of dimension personnel realizes that real-time session blocks, prevents the generation of unsafe accident.On the other hand, record operation maintenance personnel is whole The O&M of a O&M process operates, and analyzes character related with O&M behavior, including order that order line is operated with And information when echo message and the operation of non-character type is analyzed, for example, analysis operation maintenance personnel strikes keyboard or mouse Information is hit, further the percussion information of keyboard or mouse is recorded.Optionally, operation maintenance personnel is in entire O&M process O&M operation note is in operation maintenance personnel log, so as to accurately grasp all O&Ms operation of operation maintenance personnel, with system day Will is independently opened, and prevents from distorting O&M operation note after having done violation operation, cause can not positioning operation it is detailed The information such as information, including operator, operating time, operation behavior, and then responsibility can not be traced.

During monitoring in the thing of O&M audit, the operating status of real-time monitoring target O&M equipment.Wherein, target is transported The operating status of dimension equipment includes the process of O&M agreement and O&M session between O&M auditing system and target O&M equipment State and thread state；O&M behavior is recorded according to operating status, obtains O&M record；Graphical boundary is converted by O&M record Face.Specifically, O&M auditing system not only provides the information monitoring of hardware resource, network state, operating system process state, And fine granularity monitor the process status and thread state of every kind of O&M agreement and O&M session.Optionally, process status packet It includes: process ID, buffer size, listening port, operating mode, session number etc.；Thread state includes: O&M client ip, mesh Mark O&M device IP, port, session buffer size, operating mode etc..It in this way can accurately master goal O&M equipment Operation conditions notes abnormalities in time, improves the reliability of O&M auditing system to the maximum extent.O&M auditing system is using analysis O&M agreement, optionally, O&M agreement include: remote terminal protocol Telnet, safety shell protocol in station command operation (Secure Shell, referred to as SSH), in Windows image Remote Desktop Protocol (Remote Desktop Protocol, Referred to as RDP).O&M auditing system also support Virtual network computer (Virtual Network Computer, referred to as VNC), remote control software pcAnywhere, the VNC in remote control software DameWare, Unix/Linux figure, on file File Transfer Protocol (File Transfer Protocol, referred to as FTP), Secure File Transfer Protocol in passing and downloading (Secure File Transfer Protocol, referred to as SFTP), based on the hypertext transfer protocol in B/S operation (Hyper Text Transfer Protocol, referred to as HTTP), security socket layer hypertext transfer protocol (Hyper Text Transfer Protocol over Secure Socket Layer, referred to as HTTPS).O&M auditing system is supported Tool include all tools such as the SOLPlus order in database management tools.In addition, Telnet, FTP, SFTP, SSH, RDP, VNC O&M agreement can provide complete record, analysis, audit, and can provide the operation playback based on figure. Telnet, FTP, SFTP, SSH, RDP, VNC, HTTP, HTTPS agreement and graphical user interface XWindows agreement can be into Capable completely transparent forwarding.Meanwhile reduction and virtualization technology of the O&M auditing system based on data packet, O&M record is turned Graphic interface is turned to, graphic interface is converted by all O&M operations and is showed, realized to O&M operation interface Simulation, and then accurately grasp operation maintenance personnel it is all O&M operation, reach and do not lost about the operation information of O&M behavior Purpose, collect evidence convenient for the ex-post analysis stage in O&M.

The monitored results of O&M behavior include the operating process to O&M behavior, that is, including administrative staff, safe people Member, operating process of the auditor to O&M behavior record O&M and to the operation process recording of O&M behavior in inhomogeneity The log of type, for example, being recorded in system log, system manager's log, safety officer's log, security audit person's log and fortune Personnel diary etc. is tieed up, the operational process that can independently record O&M auditing system itself in detail and all kinds of personnel are to target O&M The operating process of equipment, prevents log recording from being distorted by irrelevant personnel, cause can not positioning operation details, including operation The information such as personnel, operating time, operation behavior, and then responsibility can not be traced.

Step S312 is obtained and is audited obtained auditing result after processing to monitored results.

In monitoring O&M behavior, after obtaining monitored results, in the ex-post analysis stage of O&M process, auditor can be with O&M auditing system is logged in audit to monitored results, by the method for systematization or standardization, evaluation and monitoring risk Management and regulation effect etc., obtain auditing result.It obtains and includes: to monitored results obtained auditing result after processing of auditing O&M record and the operating process to O&M behavior are retrieved from different types of log, obtain search result；To search result It is inquired, or filing, obtains query result, or filing as a result, simultaneously, auditor can also record O&M and carry out Graphical playback, to guarantee that O&M record and the operation information about O&M behavior are not lost.

After the auditing result obtained after processing is audited in acquisition to monitored results, different types of log is backed up, Backup auditing result, wherein auditing result includes that O&M record and the behaviour to O&M behavior are retrieved from different types of log The search result obtained as process, and query result and filing result to search result.For example, it backs up recorded O&M record and the operating process to O&M behavior system log, system manager's log, safety officer's log, safety Auditor's log and operation maintenance personnel log etc., and the search result to different logs and the query result to search result and return Shelves result.Back mechanism can be two-node cluster hot backup mode or strange land mutually for mode, meet the continuity requirement of business；It can be with The data backup dump for carrying out auditing result provides and manually or automatically carries out schedule backup to the data of auditing result, full The call data storage of sufficient auditing result；It can be daily record data backup dump, provide manually or automatically to audit log Schedule backup is carried out, the memory requirement of audit log is met；It can also be and backup dump is carried out to the configuration data of system, provide Schedule backup manually or automatically is carried out to the configuration data of system.

Preferably, after the auditing result obtained after processing is audited in acquisition to monitored results, O&M auditing system The account password for periodically modifying target O&M equipment target O&M equipment automatically, optionally, according to each O&M agreement, target The account password of equipment can be using once, and encryption is primary, enhance the security intensity of the account password of target O&M equipment, and And the O&M account of all kinds of target O&M equipment is managed collectively, reduce the workload of account password management.Modified mesh The account password for marking O&M equipment can be also possible to operation maintenance personnel by O&M auditing system generation filling target O&M equipment It is manually filling in target O&M equipment after being obtained by O&M auditing system.

The embodiment of the data processing method audited for O&M obtains default entrance using external input account is received Address, wherein default entry address is the sole inlet address that O&M auditing system carries out audit operation, then according to external defeated Enter account and determines the affiliated O&M of external input account after logging in auditing system from default entry address login auditing system The corresponding O&M behavior of permission monitors O&M behavior, obtains monitored results, finally obtains and audits after processing to monitored results Obtained auditing result improves the safety and reliability of operation management.

It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not The sequence being same as herein executes shown or described step.

The present invention also provides a kind of data processing equipments for O&M audit, it should be noted that the device is available In data processing method of the execution for O&M audit.Fig. 4 is at the data according to an embodiment of the present invention for O&M audit The schematic diagram of device is managed, as shown in figure 4, the device includes: receiving unit 50, first acquisition unit 60 logs in unit 70, determines Unit 80, monitoring unit 90 and second acquisition unit 100.

Receiving unit 50, for receiving external input account.In the preparation stage in advance of O&M process, receiving unit 50 is connect Receive external income account.External input account is optionally user account, it is to pass through user that user, which logs in O&M auditing system, What account was logged in, which is particular user relatively unique coding in user's system, represents user and logs in body Part unique identification, can be for the identification card number of user, user's work number, computer network address or other are one-to-one with user Account binds operation behavior of user during O&M with user account, and then gets up with user-association.Wherein, User can be operation maintenance personnel or auditor.Receiving unit 50 receives external input account, that is, receiving unit 50 receives User account.

First acquisition unit 60, for obtaining default entry address, wherein default entry address be O&M auditing system into The sole inlet address of row audit operation.The IP address of O&M auditing system and the IP address of target O&M equipment are reachable.First Acquiring unit 60 obtains default entry address, it is preferable that first acquisition unit 60 obtains this unique login of O&M auditing system The IP address of entry address.

Unit 70 is logged in, for logging in auditing system from default entry address according to external input account.Log in unit 70 Log in O&M auditing system from default entry address according to external input account, that is, log in unit 70 according to user account and The IP address of O&M auditing system logs in O&M auditing system, carries out unified pipe to O&M logentry address to realize The purpose of reason, setting uniform security policies.Optionally, operation maintenance personnel only need to log in when input external input account and with outside O&M auditing system can be logged in by logging in unit 70 by inputting the corresponding password of account.Optionally, O&M auditing system is for fortune Dimension personnel fill out the account password of target O&M equipment generation, then log in unit 70 and log in the progress O&M audit of target O&M equipment Operation so that user be made no longer to need to know the account password of target O&M equipment when operating, but is examined by O&M Meter systems input the account password of target O&M equipment.

Determination unit 80, for determining that the affiliated O&M permission of external input account is corresponding after logging in auditing system O&M behavior.The determination unit 80 further includes determining module, for determining the corresponding role of external input account, and authorization mould Block, for, to external input account authorization, obtaining O&M power according to external input account and the corresponding role of external input account Limit.

After logging in the login O&M auditing system of unit 70, determining module determines the corresponding angle of external input account Color passes through password perhaps authentication code or double factor authentication specifically, O&M auditing system can be defined user Etc. modes to user carry out role's certification, for example, certification user role be operation maintenance personnel, auditor, administrative staff, safety Personnel etc., to be managed according to different roles to user.Determining module determines the role of user, including according to O&M mistake The security strategy of journey and the job responsibility of operation maintenance personnel carry out authority distribution to operation maintenance personnel, specifically, determining operation maintenance personnel Which accessible target O&M equipment and to target O&M equipment carry out which operation.Authorization module is according to external input account Number role corresponding with external input account obtains O&M permission, carry out operation maintenance personnel can only to external input account authorization Authorized O&M behavior.Optionally, account of the authorization module according to operation maintenance personnel, the role of operation maintenance personnel, O&M target are set Standby, O&M target device group, O&M period etc. is combined authorization, obtains the corresponding O&M of O&M permission described in operation maintenance personnel Behavior guarantees that operation maintenance personnel can only operate the target O&M equipment belonged in terms of reference of employment and O&M operation.Authorization module It can also further ZOOM analysis permission to super keepe, system manager, safety officer, security audit person, it is ensured that fortune The safety and reliability for tieing up auditing system, to improve the safety and reliability of operation management.

Monitoring unit 90 obtains monitored results for monitoring O&M behavior.The monitoring unit includes detection module, judgement Module, the first switching module and the second switching module.Wherein, detection module is used for the centre of real-time monitoring target O&M equipment Manage the bearing capacity of device, core buffer and network bandwidth；Judgment module, for judging the sensitive journey of the target O&M equipment Degree；First switching module, the carrying for central processing unit, core buffer and network bandwidth when the target O&M equipment When measuring greatly and judging that the sensitivity of the target O&M equipment is low, the audit form for switching the target O&M equipment is to exempt from Examine audit form；And second switching module, if for central processing unit, core buffer when the target O&M equipment It is small with the bearing capacity of network bandwidth and when judging that the sensitivity of the target O&M equipment is high, switch the target O&M and sets Standby audit form is full inspection audit form.

Monitoring unit 90 further includes monitoring modular, logging modle and conversion module.Wherein, monitoring modular is used for real-time monitoring The operating status of target O&M equipment, operating status include the O&M agreement and O&M between auditing system and target O&M equipment The process status and thread state of session；Logging modle obtains O&M record for recording O&M behavior according to operating status； Conversion module, for converting graphic interface for O&M record.

Second acquisition unit 100 audits obtained auditing result after processing to monitored results for obtaining.

Monitored results include the operating process to O&M behavior, by O&M record and to the operation process recording of O&M behavior In different types of log, second acquisition unit 100 includes retrieval module and enquiry module or profiling module.Wherein, it retrieves Module is used to retrieve O&M record and the operating process to O&M behavior from different types of log, obtains search result；It looks into It askes module to be used to inquire search result, query result；Profiling module is filed for filing to search result As a result.

After the auditing result obtained after second acquisition unit 100 obtains and audits processing to monitored results, the dress Setting further includes the first backup units, the second backup units and modification unit.Wherein, the first backup units, for backing up inhomogeneity The log of type；Second backup units, for backing up auditing result, wherein auditing result includes search result, query result and is returned Shelves result；Unit is modified, the account password for periodically automatic modification target O&M equipment.

After the auditing result obtained after processing is audited in acquisition to monitored results, the backup of the first backup units is different The log of type, the second backup units backup auditing result, wherein auditing result includes that fortune is retrieved from different types of log Dimension records and to the search result that the operating process of O&M behavior obtains, and ties to the query result of search result and filing Fruit.For example, the backup of the first backup units has record the system day of O&M record and the operating process to O&M behavior Will, system manager's log, safety officer's log, security audit person's log and operation maintenance personnel log etc., the second backup units Search result to different logs and the query result and filing result of search result are backed up.Back mechanism can be double Machine hot-standby mode or strange land meet the continuity requirement of business mutually for mode；It can carry out the data backup of auditing result Dump, provides and manually or automatically carries out schedule backup to the data of auditing result, and the data storage for meeting auditing result is wanted It asks；It can be daily record data backup dump, provide and schedule backup manually or automatically is carried out to audit log, meet audit day The memory requirement of will；It can also be and backup dump is carried out to the configuration data of system, provide manually or automatically to system Configuration data carries out schedule backup.

Preferably, after the auditing result obtained after second acquisition unit obtains and audits processing to monitored results, The account password that unit periodically modifies target O&M equipment automatically is modified, optionally, according to each O&M agreement, target device Account password can be using once, and encryption is primary, enhance the security intensity of the account password of target O&M equipment, and to each The O&M account of class target O&M equipment is managed collectively, and reduces the workload of account password management.Modified unit is regular The account password of modified target O&M equipment can be by O&M auditing system generation filling target O&M equipment, can also be with It is to be manually filling in target O&M equipment after operation maintenance personnel is obtained by O&M auditing system.

The embodiment of the data processing method audited for O&M receives external input account by receiving unit, passes through First acquisition unit obtains default entry address, wherein default entry address is that O&M auditing system carries out audit operation only Then one entry address logs in auditing system from default entry address according to external input account by logging in unit, by true Order member determines the corresponding O&M behavior of the affiliated O&M permission of external input account, passes through monitoring after logging in auditing system Unit monitors O&M behavior, obtains monitored results, obtains finally by second acquisition unit and audits processing to monitored results The auditing result obtained afterwards realizes comprehensive O&M audit, improves the safety and reliability of operation management.

Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored Be performed by computing device in the storage device, perhaps they are fabricated to each integrated circuit modules or by they In multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific Hardware and software combines.

The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (8)

1. a kind of data processing method for O&M audit characterized by comprising

Receive external input account；

Obtain default entry address, wherein the default entry address is that O&M auditing system carries out uniquely entering for audit operation Port address；

The O&M auditing system is logged in from the default entry address according to the external input account；

After logging in the O&M auditing system, the corresponding O&M row of the affiliated O&M permission of the external input account is determined For；

The O&M behavior is monitored, monitored results are obtained；And

It obtains and audits obtained auditing result after processing to the monitored results,

Wherein, monitoring the O&M behavior includes:

The bearing capacity of the central processing unit of real-time monitoring target O&M equipment, core buffer and network bandwidth,

Judge the sensitivity of the target O&M equipment；

If the bearing capacity of the central processing unit of the target O&M equipment, core buffer and network bandwidth is big and judges institute State target O&M equipment sensitivity it is low when, switch the target O&M equipment audit form be inspection-free audit form；With And

If the bearing capacity of the central processing unit of the target O&M equipment, core buffer and network bandwidth is small and judges institute State target O&M equipment sensitivity it is high when, switch the target O&M equipment audit form be full inspection audit form.

2. the method according to claim 1, wherein determining that the affiliated O&M permission of the external input account is corresponding O&M behavior include:

Determine the corresponding role of the external input account；And

According to the external input account and the corresponding role of the external input account to the external input account authorization, obtain To the O&M permission.

3. the method according to claim 1, wherein monitoring the O&M behavior and including:

The operating status of target O&M equipment described in real-time monitoring, wherein the operating status includes the O&M auditing system The process status and thread state of O&M agreement and O&M session between the target O&M equipment；

The O&M behavior is recorded according to the operation state, obtains O&M record；

Graphic interface is converted by O&M record.

4. according to the method described in claim 3, it is characterized in that, the monitored results include the operation to the O&M behavior The O&M is recorded and to the operation process recording of the O&M behavior in different types of log, is obtained to described by process Monitored results obtained auditing result after processing of auditing includes:

The O&M record and the operating process to the O&M behavior are retrieved from the different types of log, are retrieved As a result；

The search result is inquired, or filing, obtains query result, or filing result.

5. according to the method described in claim 4, it is characterized in that, being obtained after processing is audited in acquisition to the monitored results After the auditing result arrived, the method also includes:

The different types of log is backed up,

Back up the auditing result, wherein the auditing result includes the search result, the query result and the filing As a result,

The account password of the target O&M equipment is periodically modified automatically.

6. a kind of data processing equipment for O&M audit characterized by comprising

Receiving unit, for receiving external input account；

First acquisition unit, for obtaining default entry address, wherein the default entry address is the progress of O&M auditing system The sole inlet address of audit operation；

Unit is logged in, for logging in the O&M auditing system from the default entry address according to the external input account；

Determination unit, for determining the affiliated O&M permission of the external input account after logging in the O&M auditing system Corresponding O&M behavior；

Monitoring unit obtains monitored results for monitoring the O&M behavior；And

Second acquisition unit audits obtained auditing result after processing to the monitored results for obtaining,

Wherein, the monitoring unit includes:

Detection module, the carrying of central processing unit, core buffer and network bandwidth for real-time monitoring target O&M equipment Amount；

Judgment module, for judging the sensitivity of the target O&M equipment；

First switching module, for holding when the central processing unit of the target O&M equipment, core buffer and network bandwidth Carrying capacity is big and when judging that the sensitivity of the target O&M equipment is low, and the audit form for switching the target O&M equipment is Inspection-free audit form；And

Second switching module, if for central processing unit, core buffer and network bandwidth when the target O&M equipment Bearing capacity it is small and when judging that the sensitivity of the target O&M equipment is high, switch the audit mould of the target O&M equipment Formula is full inspection audit form.

7. device according to claim 6, which is characterized in that the determination unit includes:

Determining module, for determining the corresponding role of the external input account；And

Authorization module, for defeated to the outside according to the external input account and the corresponding role of the external input account Enter account authorization, obtains the O&M permission.

8. a kind of data processing system for O&M audit characterized by comprising

Firewall；

Interchanger；

Server；And

O&M auditing system, for receiving external input account；Obtain default entry address, wherein the default entry address The sole inlet address of audit operation is carried out for O&M auditing system；From the default entrance according to the external input account Location logs in the O&M auditing system；After logging in the O&M auditing system, fortune belonging to the external input account is determined Right-safeguarding limits corresponding O&M behavior；The O&M behavior is monitored, monitored results are obtained；And it obtains and the monitored results is executed The auditing result obtained after audit processing,

Wherein, monitoring the O&M behavior includes:

The bearing capacity of the central processing unit of real-time monitoring target O&M equipment, core buffer and network bandwidth,

Judge the sensitivity of the target O&M equipment；

If the bearing capacity of the central processing unit of the target O&M equipment, core buffer and network bandwidth is big and judges institute State target O&M equipment sensitivity it is low when, switch the target O&M equipment audit form be inspection-free audit form；With And

If the bearing capacity of the central processing unit of the target O&M equipment, core buffer and network bandwidth is small and judges institute State target O&M equipment sensitivity it is high when, switch the target O&M equipment audit form be full inspection audit form.