CN107241203A - Real-time Alarm processing method and system in a kind of infrastructure cloud - Google Patents
Real-time Alarm processing method and system in a kind of infrastructure cloud Download PDFInfo
- Publication number
- CN107241203A CN107241203A CN201610182667.7A CN201610182667A CN107241203A CN 107241203 A CN107241203 A CN 107241203A CN 201610182667 A CN201610182667 A CN 201610182667A CN 107241203 A CN107241203 A CN 107241203A
- Authority
- CN
- China
- Prior art keywords
- alarm
- monitoring data
- real
- time
- analysis result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses the Real-time Alarm processing method in a kind of infrastructure cloud and system, wherein, methods described includes:Alarm regulation is set;For at least three resource types, the corresponding monitoring data of at least three resource type is got;The alarm regulation based on setting, carries out real-time calculation and analysis for the monitoring data and obtains analysis result;Alarming processing is carried out based on the analysis result.
Description
Technical field
The present invention relates to the Real-time Alarm in the administrative skill of the communications field, more particularly to a kind of infrastructure cloud
Processing method and system.
Background technology
Infrastructure cloud (IAAS) has provided the user virtual computing resource, storage resource and Internet resources,
For more efficient, rational distribution and using these resources, keeper needs the state progress to these resources
Monitoring in real time, such as, by disposing, general monitoring software can be realized enters to the resource in infrastructure cloud
Row is monitored, and this usual mode of operation of scheme is:The data memory node and volume of data at You Yige centers
Collection agent node, Collection agent periodically collects performance data, then will be collected into data and pass through
TCP/IP networks are sent to Centroid, and Centroid is received after data, write data into file system or number
According to carrying out persistence in storehouse;Inquiry file system or database, are matched with alarm regulation repeatedly, if hair
Existing occurrence, then triggering alarm.
But, in above-mentioned monitoring scheme, it regard the monitoring of virtual machine and the monitoring of physical machine as same class resource
It is monitored, consequently, it is possible to which many particular attributes of virtual machine will necessarily be lost;In addition, passing through TCP/IP
Agreement sends monitoring data and is limited to the network architecture, also causes the security of network to decline;In addition, monitoring side
Case is typically based on historical data analysis and inquiry, and this alarm mode needs to inquire about file system or data repeatedly
, easily there is data base querying bottleneck in storehouse;In addition, data query and analysis are required for elapsed time, cause to accuse
Alert delay is larger.
The content of the invention
In view of this, it is an object of the invention to provide the Real-time Alarm processing method in a kind of infrastructure cloud
And system, it can at least solve the above-mentioned problems in the prior art.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
The embodiments of the invention provide the Real-time Alarm processing method in a kind of infrastructure cloud, including:
Alarm regulation is set;
For at least three resource types, the corresponding monitoring data of at least three resource type is gathered;
The alarm regulation based on setting, carries out real-time calculation and analysis for the monitoring data and is divided
Analyse result;
Alarming processing is carried out based on the analysis result.
The embodiments of the invention provide a kind of Real-time Alarm processing system, the system includes:
Alarm controller, for setting alarm regulation;
Central collection device, for at least three resource types, gathering at least three resource type
Corresponding monitoring data;
Real-time computing controller, for based on the alarm regulation, being carried out for the monitoring data real-time
Calculate analysis and obtain analysis result;Alarming processing is carried out based on the analysis result.
Real-time Alarm processing method and system in infrastructure cloud provided by the present invention, can be at least
Three resource types get the monitoring data of at least three types in cloud computation data center, so with area
Divide and cover various resource types in cloud computation data center, possess more preferable autgmentability and security;Enter
One step, real-time calculation and analysis is carried out for the monitoring data got, so as to first be protected by reducing
Deposit the monitoring data got, then the time required for being analyzed for the monitoring data got, protect
Demonstrate,prove and monitoring data is carried out in real time and efficiently handled, so reached reduction system load, improved
Alert the purpose of real-time and high efficiency.
Brief description of the drawings
Fig. 1 is the Real-time Alarm process flow schematic diagram in infrastructure cloud of the embodiment of the present invention;
Fig. 2 is the class figure between each resource type of the embodiment of the present invention;
Fig. 3 is the Real-time Alarm processing system composition structural representation in infrastructure cloud of the embodiment of the present invention
Figure;
Fig. 4 is system framework of embodiment of the present invention schematic diagram one;
Fig. 5 is system framework of embodiment of the present invention schematic diagram two.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further described in more detail.
Embodiment one,
The embodiments of the invention provide the Real-time Alarm processing method in a kind of infrastructure cloud, such as Fig. 1 institutes
Show, including:
Step 101:Alarm regulation is set;
Step 102:For at least three resource types, at least three resource type is gathered corresponding
Monitoring data;
Step 103:The alarm regulation based on setting, is calculated in real time for the monitoring data
Analysis obtains analysis result;
Step 104:Alarming processing is carried out based on the analysis result.
Here, the Real-time Alarm processing method in the infrastructure cloud that the present embodiment is proposed, can be to monitoring
Data are handled in real time.By alarm controller, alarm regulation is input in stream calculation engine, flowed
Computing engines are calculated constantly receiving monitoring data, and result is matched with alarm regulation, if
The monitoring data meets the alarm conditions in alarm regulation, then immediately based on user-defined alarm rule
Then send alarm action.By using this mode, it can not only avoid inquiring about the delay that database is produced
And bottleneck, it can also improve the real-time of alarm.
At least three resource types that the present embodiment is proposed, at least include:Virtual machine Collection agent, master
Dynamic agency and the active inquiry of pushing acts on behalf of these three resource types.Specially it is following these three:
The first, from virtual pusher side collect monitoring data in real time;
Secondth, the monitoring data that the programmable network equipment is sent in real time is received;
The third, never programmable network equipment side collect monitoring data in real time.
Class figure between each resource type may refer to Fig. 2.Resource_base represents a kind of monitored
Resource, such as physical machine, virtual machine, interchanger;There is a meter_list in resource_base
Attribute, for associating one group of monitored item, the cpu busy percentage, memory usage such as physical machine.
One resource_base object is associated with a collector_agent (Collection agent) again, this collection generation
Reason is just responsible for collecting the monitoring data of such resource.Specific description is as follows:
Virtual machine Collection agent:A class special resource suitable for collection infrastructure cloud --- it is virtual
Machine, the resource possesses the additional attributes such as virtual machine unique identification ID, secondary user, creation time.It is empty
Plan machine Collection agent gathers outside generation by the virtual machine where virtual machine serial ports and virtual machine in physical machine
Reason (VM-AgentD) is communicated, and external agent is received after monitoring data, then is sent the data to
Heart collector.By realizing virtual machine Collection agent interface, user can increase self-defined monitored item.
Active push is acted on behalf of:Suitable for programmable equipment, such as physical machine, virtual router.Should
Type proxy is directly deployed in equipment, the running status of monitoring device, and monitoring data is directly transmitted
Give central collection device.Proxy interface is actively promoted by realizing, user can realize that monitoring is any type of
Programmable device.
Active inquiry is acted on behalf of:Suitable for non-programmable equipment, such as interchanger, disk permutation, such
Type, which is set, generally both provides special monitoring information query interface.Active inquiry agency uses various special
Query interface, active inquiry monitoring data, and the monitoring data inquired is formatted, finally will
Data after formatting are sent to central collection device.By realizing active inquiry proxy interface, user can be with
Realization is monitored to the equipment with special monitoring protocol.
It is described to get alarm regulation, including:Get at least dynamic by monitored item, alarm conditions, alarm
Make the alarm regulation constituted.
Wherein, the monitored item in the alarm regulation can be multiple monitored item, such as can specifically include
Below:Be averaging (AVG), summation (SUM), maximum (MAX), minimum value (MIN),
Quantity (COUNT) and these regular combinations.
The alarm regulation needs to include the resource ID to be monitored (resource_id), monitored item
(meter_name), timing statisticses (Period), alarm action (action) and ID (user_id).
Such as, legal alarm regulation can for one hexa-atomic group (resource_id, meter_name, rules,
period,action,user_id)。
It is described that analysis knot is obtained to monitoring data progress real-time calculation and analysis based on the alarm regulation
Really, including:
Choose monitoring data corresponding with the alarm regulation;
The monitoring data calculate in real time using the monitored item in the alarm regulation of selection and divided
Analysis, judges whether the monitoring data meets alarm conditions;
If meeting the alarm conditions, obtain analysis result and meet alarm conditions for the monitoring data,
And alarm action is added in the analysis result.
It is its corresponding, it is described that alarming processing is carried out based on the analysis result, including:
When the analysis result, which characterizes the monitoring data, meets alarm conditions, based in analysis result
Alert action executing alarming processing.
It is described as follows:The monitoring data is specifically as follows for that can also be one hexa-atomic group:Money
Source mark, monitored item, type, value, timestamp, data, i.e., (resource_id, meter_name, type,
value,timestamp,metadata)。
Analysis result can be four-tuple (resource_id, meter_name, action, user_id).
The corresponding specific alarming processing example of alarm regulation, it is as follows:
The method for getting above-mentioned alarm regulation, can according to monitoring data resource identification
Resource_id is finding the corresponding alarm regulations for being presented as alarming processing chained list of this resource_id,
If chained list is sky, one empty chain table of initialization adds as empty alarm regulation, and by alarming processing example
Enter into chained list;If chained list is not sky, directly alarming processing example is added in chained list.
Real-time Alarm processor is received after the monitoring data that central collection device is sent, by its resource_id
Each alarming processing example is distributed to, and calls its alarm_analyze method.Alarm_analyze side
The monitoring data received is added in sample_queue queues by method first, and updates avg, sum, max
Etc. information;Then sample_queue heads of the queue are analyzed, if the sample of head of the queue is expired, sample are deleted,
And updating avg, sum, the information such as max continues to analyze head of the queue, until head of the queue sample is before the deadline.Root
According to each comparison operator and each threshold value, judge whether triggering alarm, if alarm, is called
Alarm_action methods.
It can be seen that, can be resources-type in cloud computation data center at least three by using such scheme
Type collects the monitoring data of at least three types, so to distinguish and cover various resource types, possesses
More preferable autgmentability and security;Further, counted in real time for the monitoring data got in real time
Point counting is analysed, so as to first preserve the monitoring data got, then the monitoring for getting by reducing
Data analyzed required for time, it is ensured that to monitoring data carry out in real time and efficiently handle,
Reduction system load is so reached, the purpose for alerting real-time and high efficiency is improved.
Embodiment two,
The embodiments of the invention provide the Real-time Alarm processing system in a kind of infrastructure cloud, as shown in figure 3,
The system includes:
Alarm controller 31, for setting alarm regulation;
Central collection device 32, for for three resource types at least cloud computation data center, collection
The corresponding monitoring data of at least three resource type;
Real-time computing controller 33, for based on the alarm regulation, being carried out for the monitoring data
Real-time calculation and analysis obtains analysis result;Alarming processing is carried out based on the analysis result.
It is understood that above-mentioned alarm controller, central collection device and real-time computing controller can be with
It is respectively arranged in the different network equipments, or be arranged in the identical network equipment.
Wherein, the alarm controller 31, specifically for get by user set at least by monitoring
Item, alarm conditions, the alarm action composition alarm regulation.
The real-time computing controller 33, for choosing monitoring data corresponding with the alarm regulation;
The monitoring data is analyzed using the monitored item in the alarm regulation of selection, the prison is judged
Whether control data meet alarm conditions;If meeting the alarm conditions, analysis result is obtained for the prison
Control data meet alarm conditions, and alarm action is added in the analysis result.
The real-time computing controller 33, for being met when the analysis result characterizes the monitoring data
During alarm conditions, based on the alarm action executing alarming processing in analysis result.
The central collection device 32, for collecting monitoring data from virtual pusher side;Receiving to compile
The monitoring data that the network equipment of journey is directly sent;Never programmable network equipment side collects monitoring
Data.
The cloud platform that this patent is proposed monitoring in real time and the Organization Chart of Real-time Alarm framework may refer to Fig. 4
User-defined alarm regulation is translated as in real time by alarm controller (Alarm-Controller) first
The computation rule that computing engines can be recognized, then by real-time computing controller (RTC-Controller),
Using alarm regulation.Real-time computation processor (RTC-Processor) constantly receives central collection device and pushed
The monitoring data come over, is handled in real time, if result meets alarm regulation, triggering is alerted,
And alarm signal is sent to alarm notification device (Alarm-Notifier).Schematic diagram as shown in figure 5, its
In, the alarm regulation that alarm controller is supported includes being averaging (AVG), summed (SUM), most
Big value (MAX), minimum value (MIN), quantity (COUNT) and these regular combinations.
Every alarm regulation must comprising the resource ID to be monitored (resource_id), monitored item (meter_name),
Timing statisticses (Period), alarm action (action) and ID (user_id).One legal announcement
Police regulations are then one hexa-atomic group (resource_id, meter_name, rules, period, action, user_id).
The monitoring data that real-time computation processor (RTC-Processor) is received for hexa-atomic group (resource_id,
Meter_name, type, value, timestamp, metadata), and the alarm of computation processor output in real time
For four-tuple (resource_id, meter_name, action, user_id).
Real-time Alarm processor is received after the monitoring data that central collection device is sent, by its resource_id
Each alarming processing example is distributed to, and calls its alarm_analyze method.Alarm_analyze side
The monitoring data received is added in sample_queue queues by method first, and updates avg, sum, max
Etc. information;Then sample_queue heads of the queue are analyzed, if the sample of head of the queue is expired, sample are deleted,
And updating avg, sum, the information such as max continues to analyze head of the queue, until head of the queue sample is before the deadline.Root
According to each comparison operator and each threshold value, judge whether triggering alarm, if alarm, is called
Alarm_action methods.
It can be seen that, can be resources-type in cloud computation data center at least three by using such scheme
Type collects the monitoring data of at least three types, so to distinguish and cover various resource types, possesses
More preferable autgmentability and security;Further, counted in real time for the monitoring data got in real time
Point counting is analysed, so as to first preserve the monitoring data got, then the monitoring for getting by reducing
Data analyzed required for time, it is ensured that to monitoring data carry out in real time and efficiently handle,
Reduction system load is so reached, the purpose for alerting real-time and high efficiency is improved.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the protection of the present invention
Scope.
Claims (10)
1. the Real-time Alarm processing method in a kind of infrastructure cloud, it is characterised in that methods described includes:
Alarm regulation is set;
For at least three resource types, the corresponding monitoring number of at least three resource type is got
According to;
The alarm regulation based on setting, carries out real-time calculation and analysis for the monitoring data and is divided
Analyse result;
Alarming processing is carried out based on the analysis result.
2. according to the method described in claim 1, it is characterised in that the setting alarm regulation, wrap
Include:
Get and the alarm regulation is at least constituted by monitored item, alarm conditions, alarm action.
3. method according to claim 2, it is characterised in that described to be directed to the monitoring data
Carry out real-time calculation and analysis and obtain analysis result, including:
Choose monitoring data corresponding with alarm regulation;
The monitoring data calculate in real time using the monitored item in the alarm regulation of selection and divided
Analysis, judges whether the monitoring data meets alarm conditions;
If meeting the alarm conditions, obtain analysis result and meet alarm conditions for the monitoring data,
And alarm action is added in the analysis result.
4. according to the method described in claim 1, it is characterised in that described to be based on the analysis result
Alarming processing is carried out, including:
When the analysis result, which characterizes the monitoring data, meets alarm conditions, based in analysis result
Alert action executing alarming processing.
5. the method according to claim any one of 1-4, it is characterised in that described to get institute
The corresponding monitoring data of at least three resource types is stated, including:
Monitoring data is collected in real time from virtual pusher side;
Receive the monitoring data that the programmable network equipment is sent in real time;
Never programmable network equipment side collects monitoring data in real time.
6. the Real-time Alarm processing system in a kind of infrastructure cloud, it is characterised in that the system includes:
Alarm controller, for setting alarm regulation;
Central collection device, for at least three resource types, gathering at least three resource type
Corresponding monitoring data;
Real-time computing controller, for based on the alarm regulation, being carried out for the monitoring data real-time
Calculate analysis and obtain analysis result;Alarming processing is carried out based on the analysis result.
7. system according to claim 6, it is characterised in that
The alarm controller, is at least made up of for getting monitored item, alarm conditions, alarm action
The alarm regulation.
8. system according to claim 7, it is characterised in that
The real-time computing controller, for choosing monitoring data corresponding with the alarm regulation;Utilize
Monitored item in the alarm regulation chosen carries out real-time calculation and analysis to the monitoring data, judges institute
State whether monitoring data meets alarm conditions;If meeting the alarm conditions, it is institute to obtain analysis result
State monitoring data and meet alarm conditions, and alarm action is added in the analysis result.
9. system according to claim 6, it is characterised in that the real-time computing controller,
For when the analysis result characterizes the monitoring data and meets alarm conditions, based in analysis result
Alert action executing alarming processing.
10. the system according to claim any one of 6-9, it is characterised in that the central collection
Device, for collecting monitoring data in real time from virtual pusher side;Receive the programmable network equipment real-time
The monitoring data sent;Never programmable network equipment side collects monitoring data in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610182667.7A CN107241203A (en) | 2016-03-28 | 2016-03-28 | Real-time Alarm processing method and system in a kind of infrastructure cloud |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610182667.7A CN107241203A (en) | 2016-03-28 | 2016-03-28 | Real-time Alarm processing method and system in a kind of infrastructure cloud |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107241203A true CN107241203A (en) | 2017-10-10 |
Family
ID=59982731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610182667.7A Pending CN107241203A (en) | 2016-03-28 | 2016-03-28 | Real-time Alarm processing method and system in a kind of infrastructure cloud |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107241203A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109245927A (en) * | 2018-09-06 | 2019-01-18 | 郑州云海信息技术有限公司 | Warning system and method in cloud data system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710443A (en) * | 2012-06-04 | 2012-10-03 | 国网电力科学研究院 | Method and system for impact analysis of power communication relay protection business |
| CN103618644A (en) * | 2013-11-26 | 2014-03-05 | 曙光信息产业股份有限公司 | Distributed monitoring system based on hadoop cluster and method thereof |
| CN104113596A (en) * | 2014-07-15 | 2014-10-22 | 华侨大学 | Cloud monitoring system and method for private cloud |
| US20150032884A1 (en) * | 2013-07-24 | 2015-01-29 | Compuware Corporation | Method and system for combining trace data describing multiple individual transaction executions with transaction processing infrastructure monitoring data |
| CN104410512A (en) * | 2014-10-28 | 2015-03-11 | 国云科技股份有限公司 | Resource monitoring alarm framework suitable for cloud computation and method thereof |
| CN105376322A (en) * | 2015-11-30 | 2016-03-02 | 上海方正信息安全技术有限公司 | Remote massive data monitoring system and method for children's network behaviours |
-
2016
- 2016-03-28 CN CN201610182667.7A patent/CN107241203A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710443A (en) * | 2012-06-04 | 2012-10-03 | 国网电力科学研究院 | Method and system for impact analysis of power communication relay protection business |
| US20150032884A1 (en) * | 2013-07-24 | 2015-01-29 | Compuware Corporation | Method and system for combining trace data describing multiple individual transaction executions with transaction processing infrastructure monitoring data |
| CN103618644A (en) * | 2013-11-26 | 2014-03-05 | 曙光信息产业股份有限公司 | Distributed monitoring system based on hadoop cluster and method thereof |
| CN104113596A (en) * | 2014-07-15 | 2014-10-22 | 华侨大学 | Cloud monitoring system and method for private cloud |
| CN104410512A (en) * | 2014-10-28 | 2015-03-11 | 国云科技股份有限公司 | Resource monitoring alarm framework suitable for cloud computation and method thereof |
| CN105376322A (en) * | 2015-11-30 | 2016-03-02 | 上海方正信息安全技术有限公司 | Remote massive data monitoring system and method for children's network behaviours |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109245927A (en) * | 2018-09-06 | 2019-01-18 | 郑州云海信息技术有限公司 | Warning system and method in cloud data system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180020015A1 (en) | System and method for automated network monitoring and detection of network anomalies | |
| US9560119B2 (en) | Elastic scale out policy service | |
| CN112463553B (en) | System and method for analyzing intelligent alarms based on common alarm association | |
| RU2014124009A (en) | METHOD AND SYSTEM OF STREAMING DATA TRANSFER FOR PROCESSING NETWORK METADATA | |
| CN106899443B (en) | Netflow flow data acquisition method and equipment | |
| JP4232828B2 (en) | Application classification method, network abnormality detection method, application classification program, network abnormality detection program, application classification apparatus, network abnormality detection apparatus | |
| CN111935063B (en) | Abnormal network access behavior monitoring system and method for terminal equipment | |
| US11706114B2 (en) | Network flow measurement method, network measurement device, and control plane device | |
| US20230042747A1 (en) | Message Processing Method and Device, Storage Medium, and Electronic Device | |
| CN111181799A (en) | Network traffic monitoring method and equipment | |
| CN108028828A (en) | A kind of distributed denial of service ddos attack detection method and relevant device | |
| CN111726410A (en) | Programmable real-time computing and network load sensing method for decentralized computing network | |
| EP2530873B1 (en) | Method and apparatus for streaming netflow data analysis | |
| US8826296B2 (en) | Method of supervising a plurality of units in a communications network | |
| CN113271303A (en) | Botnet detection method and system based on behavior similarity analysis | |
| CN107070888A (en) | Gateway security management method and equipment | |
| Iannaccone | Fast prototyping of network data mining applications | |
| CN113660209A (en) | DDoS attack detection system based on sketch and federal learning and application | |
| CN106951360A (en) | Data statistics integrity degree computational methods and system | |
| Thi et al. | Federated learning-based cyber threat hunting for apt attack detection in SDN-enabled networks | |
| CN107241203A (en) | Real-time Alarm processing method and system in a kind of infrastructure cloud | |
| JP2005216078A (en) | Generation system for transaction profile for computer system performance measurement analysis, generation method therefor and program | |
| CN106161339B (en) | Obtain the method and device of IP access relations | |
| US8838774B2 (en) | Method, system, and computer program product for identifying common factors associated with network activity with reduced resource utilization | |
| Saavedra et al. | Towards large scale packet capture and network flow analysis on hadoop |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171010 |