CN115484188A - TAP device monitoring method and system, electronic device and readable storage medium - Google Patents
TAP device monitoring method and system, electronic device and readable storage medium Download PDFInfo
- Publication number
- CN115484188A CN115484188A CN202110666402.5A CN202110666402A CN115484188A CN 115484188 A CN115484188 A CN 115484188A CN 202110666402 A CN202110666402 A CN 202110666402A CN 115484188 A CN115484188 A CN 115484188A
- Authority
- CN
- China
- Prior art keywords
- data
- state information
- tap
- link
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 140
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000002159 abnormal effect Effects 0.000 claims abstract description 64
- 238000007619 statistical method Methods 0.000 claims abstract description 31
- 238000004458 analytical method Methods 0.000 claims abstract description 8
- 238000007726 management method Methods 0.000 claims description 44
- 238000012549 training Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 6
- 238000012886 linear function Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 5
- 239000013585 weight reducing agent Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004040 coloring Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 102000018059 CS domains Human genes 0.000 description 1
- 108050007176 CS domains Proteins 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000013481 data capture Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2474—Sequence data queries, e.g. querying versioned data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Probability & Statistics with Applications (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Fuzzy Systems (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a TAP device monitoring method and system, an electronic device and a readable storage medium, wherein the method comprises the following steps: acquiring state information data and link state data of TAP equipment in real time; storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database; and performing statistical analysis on the state information data and the link state data of the TAP equipment to determine abnormal state information of the equipment and/or abnormal state information of the link. The invention can determine the abnormal state information of the equipment and/or the abnormal state information of the link by collecting and storing the state information data of the TAP equipment and the link state data and analyzing the state information of the TAP equipment and the link state data by adopting an automatic intelligent analysis method, thereby realizing the automatic monitoring of the TAP equipment and the unified monitoring management of the TAP equipment and the link state.
Description
Technical Field
The invention relates to the technical field of network management monitoring platforms, in particular to a TAP (test access port) equipment monitoring method and system, electronic equipment and a readable storage medium.
Background
In the prior art, the TAP device is widely used, the TAP device can present all network data, and in any duplex state, full-line-speed 100% data capture (including error packets) is realized, so that troubleshooting is facilitated.
The existing TAP device scheme is usually connected in series in a CS domain or PS domain network in an operator signaling network to implement signaling code stream data replication and aggregation. For the monitoring of the TAP equipment, operation and maintenance personnel are required to go to the equipment for on-site inspection and analysis, the labor consumption is high, the efficiency is low, meanwhile, under the condition that the number of the TAP equipment is large, the problem that the TAP equipment is monitored manually still has periodicity, and monitoring history records of the TAP equipment such as the running state, the link interruption, the error of link receiving data, the overhigh link utilization rate, the link overflow and the like cannot be controlled.
Disclosure of Invention
The invention provides a TAP (test access point) equipment monitoring method and system, electronic equipment and a readable storage medium, which are used for solving the technical defects in the prior art.
The invention provides a TAP device monitoring method, which comprises the following steps:
acquiring state information data and link state data of TAP equipment in real time;
storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and performing statistical analysis on the state information data and the link state data of the TAP equipment to determine abnormal state information of the equipment and/or abnormal state information of the link.
According to the TAP device monitoring method, the real-time acquisition of the state information data and the link state data of the TAP device comprises the following steps:
configuring a monitoring item for the TAP device, wherein the monitoring item comprises the state of the TAP device and the link state;
the monitoring system is communicated with TAP equipment to realize the data acquisition of monitoring items of the TAP equipment and the monitoring of a network state; the monitoring item data includes status information data and link status data.
According to the TAP device monitoring method, the storing of the state information data and the link state data of the TAP device into a network management monitoring platform database comprises the following steps:
and storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database in a round-robin manner, wherein the network management monitoring platform database is provided with a storage data space with a preset time length.
According to the monitoring method of the TAP device, the statistical analysis of the state information data and the link state data of the TAP device comprises the following steps:
verifying the data compliance of the state information data and the link state data of the TAP equipment;
performing missing value interpolation on the checked missing values in the data in a prediction mode by adopting a mean value, a linear function or a prediction algorithm to obtain data with continuity in time sequence;
and analyzing and predicting the data with continuity in time sequence.
According to the monitoring method of the TAP equipment, the statistical analysis is carried out on the state information data and the link state data of the TAP equipment to determine the abnormal state information of the equipment and/or the abnormal state information of the link, and the method comprises the following steps:
constructing a continuous data set of time, service flow size numerical values and/or flow packet numbers based on service flow data in the data with continuity in time sequence;
performing model fitting on the continuous data set by using a Prophet algorithm and a Prophet & fit method, expanding the future date by using an auxiliary method, namely a Prophet & make future dataframe, predicting by using a Prophet & predict method, and obtaining a forecast object, wherein the forecast object comprises a list of predicted values, and analysis and confidence intervals of components;
and calculating the data point of the deviation of the flow size and/or the flow packet number from the confidence interval, analyzing the deviation degree and severity to determine the abnormal state information of the link.
According to the monitoring method of the TAP equipment, after the statistical analysis is carried out on the state information data and the link state data of the TAP equipment and the abnormal state information of the equipment and/or the abnormal state information of the link are determined, the method comprises the following steps:
based on the link abnormal state information, alarming and displaying;
and when the link is recovered to be normal, the alarm is released.
According to the monitoring method of the TAP equipment, the statistical analysis is carried out on the state information data and the link state data of the TAP equipment to determine the abnormal state information of the equipment and/or the abnormal state information of the link, and the method comprises the following steps:
configuring an alarm triggering condition, a monitoring item associated to the TAP device, for a state of the TAP device;
an exponential weighting mobile algorithm is adopted to configure a dynamic threshold value for triggering alarm, and the model formula of the exponential weighting mobile algorithm is as follows:
v t =βv t-1 +(1-β)θ t
wherein, the value of beta is between 0 and 1, and the value of beta is selected according to the variation characteristic of the time sequence; historyTaking the data as a training set of an exponential weighted moving algorithm, carrying out multiple training to obtain beta with the minimum prediction error, and storing an exponential weighted moving algorithm model; v. of t-1 Denotes the exponential moving average, theta, at time t-1 t Representing the actual temperature at time t, v t Represents an exponential moving average at time t as the alarm dynamic threshold.
The present invention also provides a TAP device monitoring system, comprising:
the real-time acquisition module is used for acquiring the state information data and the link state data of the TAP equipment in real time;
the data storage module is used for storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and the statistical analysis module is used for performing statistical analysis on the state information data and the link state data of the TAP equipment to determine the abnormal state information of the equipment and/or the abnormal state information of the link.
The present invention also provides an electronic device, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of any of the TAP device monitoring methods described above.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the TAP device monitoring method as described in any one of the above.
According to the invention, the state information data and the link state data of the TAP equipment are collected and stored, and the state information and the link state data of the TAP equipment are analyzed by adopting an automatic intelligent analysis method, so that the abnormal state information of the equipment and/or the abnormal state information of the link can be determined, the automatic monitoring of the TAP equipment can be realized, and the unified monitoring management of the TAP equipment and the link state can be realized.
Drawings
In order to more clearly illustrate the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic flow chart of a TAP device monitoring method provided by the present invention;
FIG. 2 is a schematic diagram of a TAP device monitoring system provided in the present invention;
fig. 3 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following describes a TAP device monitoring method of the present invention with reference to fig. 1, where the execution subjects of the method are network management monitoring platforms, and the method includes:
s1, acquiring state information data and link state data of TAP equipment in real time;
the network management monitoring platform is accessed to the switch network and used for realizing the access of the TAP equipment, and the state information of the network management monitoring platform is used for judging whether the following abnormity occurs: receiving data errors, overhigh port utilization rate, power supply, memory use, CPU utilization rate and the like, wherein link state data is used for judging whether the following exceptions occur or not: link outages, link overflows, etc. are monitored.
S2, storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
the data are stored in a round-robin mode, a data storage space with a certain size is fixed, and after the data are stored fully, the oldest data are covered by the new data and are circulated all the time, so that only the collected data with a fixed time length can be stored.
And S3, performing statistical analysis on the state information data and the link state data of the TAP equipment to determine equipment abnormal state information and/or link abnormal state information.
Configuring alarm triggering conditions of TAP equipment of a network management monitoring platform, associating with TAP equipment monitoring items, configuring a triggering alarm threshold value, if state information data reaches the triggering alarm threshold value, indicating that the equipment state is abnormal, and carrying out statistical analysis on data such as flow size, flow packet number and the like in a link abnormal state to determine link abnormal state information.
According to the invention, the state information data and the link state data of the TAP equipment are collected and stored, and the state information and the link state data of the TAP equipment are analyzed by adopting an automatic intelligent analysis method, so that the abnormal state information of the equipment and/or the abnormal state information of the link can be determined, the automatic monitoring of the TAP equipment can be realized, and the unified monitoring management of the TAP equipment and the link state can be realized.
According to the monitoring method of the TAP equipment, the real-time acquisition of the state information data and the link state data of the TAP equipment comprises the following steps:
configuring a monitoring item for the TAP device, wherein the monitoring item comprises the state of the TAP device and the link state; the monitoring items mainly monitor link interruption, data receiving errors, overhigh port utilization rate, link overflow, power supply, memory utilization, CPU utilization rate and the like.
The monitoring system is communicated with TAP equipment to realize the data acquisition of monitoring items of the TAP equipment and the monitoring of a network state; the monitoring item data includes status information data and link status data.
The network management monitoring platform communicates with the TAP equipment through SNMP, proxy, ping port and other methods, so as to realize the data acquisition of the monitoring item of the TAP equipment and the monitoring of the network state.
According to the TAP device monitoring method, the storing of the state information data and the link state data of the TAP device into a network management monitoring platform database comprises the following steps:
and storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database in a round-robin manner, wherein the network management monitoring platform database is provided with a storage data space with a preset time length. The network management monitoring platform stores key index data of the TAP equipment in a round-robin mode, a storage data space with a certain size is fixed, and after the storage is full, the oldest data are covered by the new data and are circulated all the time, so that only the collected data with a fixed time length can be stored.
According to the TAP device monitoring method of the present invention, the statistical analysis of the state information data and the link state data of the TAP device includes:
verifying the data compliance of the state information data and the link state data of the TAP equipment;
performing missing value interpolation on the checked missing values in the data in a prediction mode by adopting a mean value, a linear function or a prediction algorithm to obtain data with continuity in time sequence;
and analyzing and predicting the data with continuity in time sequence.
Firstly, data compliance is verified, data integrity is ensured, and missing values in the data are interpolated in a mode of a predicted value performed by a mean value, a linear function or a prediction algorithm and the like. And the continuity of the data in time sequence after preprocessing is ensured.
According to the monitoring method of the TAP equipment, the statistical analysis is carried out on the state information data and the link state data of the TAP equipment to determine the abnormal state information of the equipment and/or the abnormal state information of the link, and the method comprises the following steps:
constructing a continuous data set of time, service flow size numerical values and/or flow packet numbers based on service flow data in the data with continuity in time sequence;
the network management monitoring platform collects the service flow data and carries out statistical analysis on the data such as the flow size, the flow packet number and the like.
Analyzing and predicting the flow, counting the flow every five minutes, and constructing a continuous data set of time and flow numerical values. Performing model fitting on the continuous data set by using a Prophet algorithm and a Prophet & fit method, expanding the future date by using an auxiliary method, namely a Prophet & make future dataframe, predicting by using a Prophet & predict method, and obtaining a forecast object, wherein the forecast object comprises a list of predicted values, and analysis and confidence intervals of components;
and calculating the data point of the deviation of the flow size and/or the flow packet number from the confidence interval, analyzing the deviation degree and severity to determine the abnormal state information of the link. And calculating data points of which the flow size deviates from the confidence interval, analyzing the severity of the deviation, and giving an alarm for the data points with very severe and severe deviation so as to monitor the abnormal flow. And analyzing and predicting the number of the flow packets by adopting the same method, thereby monitoring the abnormal flow packets. And alarms are given for abnormal traffic.
According to the monitoring method of the TAP equipment, after the statistical analysis is carried out on the state information data and the link state data of the TAP equipment and the abnormal state information of the equipment and/or the abnormal state information of the link are determined, the method comprises the following steps:
based on the link abnormal state information, alarming and displaying;
by a network management monitoring platform TAP equipment model, the network topology of the TAP equipment is increased, the specified TAP equipment, the connection relation among the TAP equipment and the switches thereof can be searched in the current view and other views, the connection relation comprises the number of connections, the monitoring indication of the TAP equipment and other information, the related faults and performance information of the TAP equipment and the related alarm details and alarm history information can also be checked, and the design, inquiry and statistical entry of the TAP equipment model is provided for providing historical record inquiry;
automatic discovery (which can be according to configuration files) is added, including automatic discovery of TAP equipment according to network segments, discovery of single-point TAP equipment and multiple automatic discovery means;
the network management monitoring platform configures TAP equipment display, which is mainly presented in the form of points, lines and surfaces and is used for highlighting the TAP equipment with problems or a connection relation, a topological connecting line is faded under normal conditions (such as light green), when an equipment alarm occurs or a performance early warning value is reached, related network elements are colored and rendered, when the alarm is cleared or is lower than the performance early warning value, the coloring is recovered to be normal, and the automatic page refreshing time is less than 60 seconds.
And when the link is recovered to be normal, the alarm is released.
The alarm type is as follows: all the alarm types are included, and filtering can be performed according to the alarm types, the alarm levels and the alarm states; the network management monitoring platform monitors the TAP equipment alarm display page. When the link of the alarm is triggered to be disconnected, an alarm is generated, and after the link is recovered, the alarm can be automatically released.
Configuring alarm triggering conditions of TAP equipment of a network management monitoring platform, associating the alarm triggering conditions with TAP equipment monitoring items, configuring triggering alarm thresholds, and generating different alarm levels according to different thresholds; the setting of the threshold value is not to set a constant threshold value depending on experience, but to dynamically calculate the setting by using a machine learning algorithm. Therefore, according to the TAP device monitoring method of the present invention, the statistical analysis of the state information data and the link state data of the TAP device to determine the device abnormal state information and/or the link abnormal state information includes:
configuring an alarm triggering condition, a monitoring item associated to the TAP device, for a state of the TAP device;
an exponential weighting mobile algorithm is adopted to configure a dynamic threshold value for triggering alarm, and the model formula of the exponential weighting mobile algorithm is as follows:
v t =βv t-1 +(1β)θ t
wherein, the value of beta is between 0 and 1, and the value of beta is selected according to the variation characteristic of the time sequence; taking historical data as a training set of the exponential weighted moving algorithm, carrying out multiple times of training to obtain beta with the minimum prediction error, and storing an exponential weighted moving algorithm model; v. of t-1 Denotes the exponential moving average, theta, at time t-1 t Representing the actual temperature at time t, v t Exponential moving average representing time t as alarm dynamic thresholdThe mean value, i.e. the value of EWMA, i.e. the alarm dynamic threshold, also called EXPMA index, is also a trend-like index, and the exponential moving average is a moving average weighted exponentially decreasing. The value of beta is selected according to the variation characteristic of the time series. The coefficient beta represents the speed of weight reduction, and the smaller the value is, the faster the weight reduction is; if the fluctuation of the time sequence is small and stable, the beta is smaller, such as 0.1-0.3; if the time series has a tendency to fluctuate rapidly and significantly, then β should be larger, e.g., 0.7 to 0.9.β is determined by trial comparison of a plurality of values, and which β value causes a small prediction error is used.
The complex dynamic threshold is determined by learning of an algorithm with a weighted moving average method (EWMA), and the EWMA algorithm is characterized in that a recent observation value has a large influence on the threshold and can reflect the recent change trend of data. And taking the historical data as a training set of an EWMA algorithm, training for multiple times to obtain beta with the minimum prediction error, storing an EWMA model, predicting future data, and taking the predicted value as an alarm threshold value.
Referring to fig. 2, a description will be given below of the TAP device monitoring system provided in the present invention, and the TAP device monitoring system described below and the TAP device monitoring method described above may be referred to correspondingly.
The real-time acquisition module 10 is used for acquiring the state information data and the link state data of the TAP equipment in real time;
the network management monitoring platform is accessed to the switch network and used for realizing the access of the TAP equipment, and the state information of the network management monitoring platform is used for judging whether the following abnormity occurs: receiving data errors, overhigh port utilization rate, power supply, memory utilization, CPU utilization rate and the like, wherein the link state data is used for judging whether the following exceptions occur or not: link outages, link overflows, etc. are monitored.
The data storage module 20 is configured to store the state information data of the TAP device and the link state data into a network management monitoring platform database;
the data are stored in a round-robin mode, a data storage space with a certain size is fixed, and after the data are stored fully, the oldest data are covered by the new data and are circulated all the time, so that only the collected data with a fixed time length can be stored.
The statistical analysis module 30 is configured to perform statistical analysis on the status information data of the TAP device and the link status data to determine device abnormal status information and/or link abnormal status information.
Configuring alarm triggering conditions of TAP equipment of a network management monitoring platform, associating with TAP equipment monitoring items, configuring a triggering alarm threshold value, if state information data reaches the triggering alarm threshold value, indicating that the equipment state is abnormal, and carrying out statistical analysis on data such as flow size, flow packet number and the like in a link abnormal state to determine link abnormal state information.
According to the TAP device monitoring system of the present invention, the real-time acquisition module 10 is configured to:
configuring a monitoring item for the TAP device, wherein the monitoring item comprises the state of the TAP device and the link state; the monitoring item is mainly used for monitoring link interruption, data receiving errors, overhigh port utilization rate, link overflow, power supply, memory utilization, CPU utilization rate and the like.
The monitoring system is communicated with TAP equipment to realize data acquisition of monitoring items of the TAP equipment and monitoring of network states; the monitoring item data includes status information data and link status data.
The network management monitoring platform communicates with the TAP equipment through SNMP, proxy, ping port and other methods, so as to realize the data acquisition of the monitoring item of the TAP equipment and the monitoring of the network state.
According to the TAP device monitoring system of the present invention, the data storage module 20 is configured to:
and storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database in a round-robin manner, wherein the network management monitoring platform database is provided with a storage data space with a preset time length. The network management monitoring platform stores key index data of the TAP equipment in a round-robin mode, a storage data space with a certain size is fixed, and after the storage is full, the oldest data are covered by the new data and are circulated all the time, so that only the collected data with a fixed time length can be stored.
In the TAP device monitoring system according to the present invention, the statistical analysis module 30 is configured to:
verifying the data compliance of the state information data and the link state data of the TAP equipment;
performing missing value interpolation on the checked missing values in the data in a prediction mode by adopting a mean value, a linear function or a prediction algorithm to obtain data with continuity in time sequence;
and analyzing and predicting the data with continuity in time sequence.
Firstly, data compliance is checked, data integrity is guaranteed, and missing values in data are interpolated in a mode of a mean value, a linear function or a prediction value performed by a prediction algorithm. And the continuity of the preprocessed data in time sequence is ensured.
In the TAP device monitoring system according to the present invention, the statistical analysis module 30 is configured to:
constructing a continuous data set of time, service flow size numerical values and/or flow packet numbers based on service flow data in the data with continuity in time sequence;
the network management monitoring platform collects the service flow data and carries out statistical analysis on the data such as the flow size, the flow packet number and the like.
Analyzing and predicting the flow, counting the flow every five minutes, and constructing a continuous data set of time and flow numerical values. Performing model fitting on the continuous data set by a Prophet algorithm and a Prophet.fit method, expanding the future date by a specified data number by using an auxiliary method, namely a Prophet.make future dataframe, and predicting by a Prophet.predict method to obtain a forecast object, wherein the forecast object comprises a column of predicted values, and analysis and confidence intervals of components;
and calculating the data point of the deviation of the flow size and/or the flow packet number from the confidence interval, analyzing the deviation degree and severity to determine the abnormal state information of the link. And calculating data points of which the flow size deviates from the confidence interval, analyzing the severity of the deviation, and giving an alarm for the data points with very severe and severe deviation so as to monitor the abnormal flow. And analyzing and predicting the number of the flow packets by adopting the same method, thereby monitoring the abnormal flow packets. And an alarm is given for abnormal traffic.
The TAP device monitoring system according to the present invention further includes an alarm module, the alarm module is configured to:
based on the link abnormal state information, alarming and displaying;
by a network management monitoring platform TAP equipment model, the network topology of the TAP equipment is increased, the specified TAP equipment, the connection relation among the TAP equipment and the switches thereof can be searched in the current view and other views, the connection relation comprises the number of connections, the monitoring indication of the TAP equipment and other information, the related faults and performance information of the TAP equipment and the related alarm details and alarm history information can also be checked, and the design, inquiry and statistical entry of the TAP equipment model is provided for providing historical record inquiry;
automatic discovery (which can be according to configuration files) is added, including automatic discovery of TAP equipment according to network segments, discovery of single-point TAP equipment and various automatic discovery means;
the network management monitoring platform configures TAP equipment display which is mainly presented in the form of points, lines and planes and is used for highlighting the TAP equipment or connection relation with problems, a topological connecting line fades under normal conditions (such as light green), when equipment alarm occurs or a performance early warning value is reached, related network elements are colored and rendered, when the alarm is cleared or is lower than the performance early warning value, coloring is recovered to be normal, and the automatic refreshing time of a page is less than 60 seconds.
And when the link is recovered to be normal, the alarm is released.
Alarm type: all the alarm types are included, and filtering can be performed according to the alarm types, the alarm levels and the alarm states; the network management monitoring platform monitors the TAP equipment alarm display page. When the link of the alarm is triggered to be disconnected, an alarm is generated, and after the link is recovered, the alarm can be automatically released.
Configuring alarm triggering conditions of TAP equipment of a network management monitoring platform, associating the alarm triggering conditions with TAP equipment monitoring items, and configuring triggering alarm thresholds, wherein the alarm levels generated by different thresholds are different; the setting of the threshold value is no longer a constant threshold value set by depending on experience, but the setting is dynamically calculated by adopting a machine learning algorithm. Therefore, according to the TAP device monitoring system of the present invention, the statistical analysis module 30 is configured to:
configuring an alarm triggering condition, a monitoring item associated to the TAP device, to a state of the TAP device;
an exponential weighting mobile algorithm is adopted to configure a dynamic threshold value for triggering alarm, and the model formula of the exponential weighting mobile algorithm is as follows:
v t =βv t-1 +(1-β)θ t
wherein, the value of beta is between 0 and 1, and the value of beta is selected according to the variation characteristic of the time sequence; taking historical data as a training set of the exponential weighted moving algorithm, carrying out multiple times of training to obtain beta with the minimum prediction error, and storing an exponential weighted moving algorithm model; v. of t-1 Denotes the exponential moving average at time t-1, theta t Representing the actual temperature at time t, v t The exponential moving average value representing the time t as the dynamic threshold value of the alarm, i.e. the value of EWMA, i.e. the dynamic threshold value of the alarm, also called EXPMA index, is also a trend-like index, and is a moving average weighted exponentially downward. The value of beta is selected according to the variation characteristic of the time series. The coefficient beta represents the speed of weight reduction, and the smaller the value is, the faster the weight reduction is; if the fluctuation of the time sequence is small and stable, the beta is smaller, such as 0.1-0.3; if the time series has a tendency to fluctuate rapidly and significantly, then β should be larger, e.g., 0.7 to 0.9.β is determined by trial comparison of a plurality of values, and which β value causes a small prediction error is used.
The complex dynamic threshold is determined by learning of an algorithm with a weighted moving average method (EWMA), and the EWMA algorithm is characterized in that a recent observation value has a large influence on the threshold and can reflect the recent change trend of data. And taking the historical data as a training set of an EWMA algorithm, carrying out multiple times of training to obtain beta with the minimum prediction error, storing an EWMA model, then predicting future data, and taking the predicted value as an alarm threshold value.
Fig. 3 illustrates a physical structure diagram of an electronic device, which may include: a processor (processor) 310, a communication Interface (Communications Interface) 320, a memory (memory) 330 and a communication bus 340, wherein the processor 310, the communication Interface 320 and the memory 330 communicate with each other via the communication bus 340. The processor 310 may invoke logic instructions in the memory 330 to perform a TAP device monitoring method comprising:
s1, acquiring state information data and link state data of TAP equipment in real time;
s2, storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and S3, performing statistical analysis on the state information data and the link state data of the TAP equipment to determine abnormal state information of the equipment and/or abnormal state information of the link.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the TAP device monitoring method provided by the above methods, the method comprising:
s1, acquiring state information data and link state data of TAP equipment in real time;
s2, storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and S3, performing statistical analysis on the state information data and the link state data of the TAP equipment to determine abnormal state information of the equipment and/or abnormal state information of the link.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program that, when executed by a processor, is implemented to perform the TAP device monitoring methods provided above, the method comprising:
s1, acquiring state information data and link state data of TAP equipment in real time;
s2, storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and S3, performing statistical analysis on the state information data and the link state data of the TAP equipment to determine abnormal state information of the equipment and/or abnormal state information of the link.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A TAP device monitoring method, comprising:
acquiring state information data and link state data of TAP equipment in real time;
storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and performing statistical analysis on the state information data of the TAP equipment and the link state data to determine equipment abnormal state information and/or link abnormal state information.
2. The TAP device monitoring method of claim 1, wherein the collecting of the state information data and the link state data of the TAP device in real time comprises:
configuring a monitoring item for the TAP device, wherein the monitoring item comprises the state of the TAP device and the link state;
the monitoring system is communicated with TAP equipment to realize data acquisition of monitoring items of the TAP equipment and monitoring of network states; the monitoring item data includes status information data and link status data.
3. The TAP device monitoring method of claim 1, wherein the storing the state information data and the link state data of the TAP device into a network management monitoring platform database comprises:
and storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database in a round-robin manner, wherein the network management monitoring platform database is provided with a storage data space with a preset time length.
4. The TAP device monitoring method of any one of claims 1 through 3, wherein said statistically analyzing the state information data and the link state data of the TAP device comprises:
verifying the data compliance of the state information data and the link state data of the TAP equipment;
performing missing value interpolation on the checked missing values in the data in a prediction mode by adopting a mean value, a linear function or a prediction algorithm to obtain data with continuity in time sequence;
and analyzing and predicting the data with continuity in time sequence.
5. The TAP device monitoring method according to claim 4, wherein the determining of device abnormal state information and/or link abnormal state information by performing statistical analysis on the state information data and the link state data of the TAP device comprises:
constructing a continuous data set of time, a service flow size value and/or a flow packet number based on service flow data in the data with continuity in time sequence;
performing model fitting on the continuous data set by a Prophet algorithm and a Prophet.fit method, expanding the future date by a specified data number by using an auxiliary method, namely a Prophet.make future dataframe, and predicting by a Prophet.predict method to obtain a forecast object, wherein the forecast object comprises a column of predicted values, and analysis and confidence intervals of components;
and calculating the data point of the deviation of the flow size and/or the flow packet number from the confidence interval, analyzing the deviation degree and severity to determine the abnormal state information of the link.
6. The TAP device monitoring method according to claim 2, wherein after performing statistical analysis on the state information data and the link state data of the TAP device to determine device abnormal state information and/or link abnormal state information, the method comprises:
based on the link abnormal state information, alarming and displaying;
and when the link is recovered to be normal, the alarm is released.
7. The TAP device monitoring method according to claim 4, wherein the determining of device abnormal state information and/or link abnormal state information by performing statistical analysis on the state information data and the link state data of the TAP device comprises:
configuring an alarm triggering condition, a monitoring item associated to the TAP device, for a state of the TAP device;
an exponential weighting mobile algorithm is adopted to configure a dynamic threshold value for triggering alarm, and the model formula of the exponential weighting mobile algorithm is as follows:
ν t =βν t-1 +(1-β)θ t
wherein, the value of beta is between 0 and 1, and the value of beta is selected according to the variation characteristic of the time sequence; taking historical data as a training set of the exponential weighted moving algorithm, carrying out multiple times of training to obtain beta with the minimum prediction error, and storing an exponential weighted moving algorithm model; v is t-1 Denotes the exponential moving average, theta, at time t-1 t Representing the actual temperature at time t, v t Represents an exponential moving average at time t as the dynamic threshold for the alarm.
8. A TAP device monitoring system, comprising:
the real-time acquisition module is used for acquiring the state information data and the link state data of the TAP equipment in real time;
the data storage module is used for storing the state information data and the link state data of the TAP equipment into a network management monitoring platform database;
and the statistical analysis module is used for performing statistical analysis on the state information data and the link state data of the TAP equipment to determine the abnormal state information of the equipment and/or the abnormal state information of the link.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the TAP device monitoring method of any one of claims 1 to 7 are implemented when the program is executed by the processor.
10. A non-transitory computer-readable storage medium, having stored thereon a computer program, which, when being executed by a processor, carries out the steps of the TAP device monitoring method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110666402.5A CN115484188A (en) | 2021-06-16 | 2021-06-16 | TAP device monitoring method and system, electronic device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110666402.5A CN115484188A (en) | 2021-06-16 | 2021-06-16 | TAP device monitoring method and system, electronic device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115484188A true CN115484188A (en) | 2022-12-16 |
Family
ID=84420434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110666402.5A Pending CN115484188A (en) | 2021-06-16 | 2021-06-16 | TAP device monitoring method and system, electronic device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115484188A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118428532A (en) * | 2024-04-26 | 2024-08-02 | 深圳市金地物业管理有限公司 | Prophet model cleaning defect occurrence rate time sequence prediction method based on Python |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070271014A1 (en) * | 1995-06-07 | 2007-11-22 | Automotive Technologies International, Inc. | Vehicle Diagnostic and Prognostic Methods and Systems |
| WO2019056499A1 (en) * | 2017-09-20 | 2019-03-28 | 平安科技(深圳)有限公司 | Prediction model training method, data monitoring method, apparatuses, device and medium |
| CN109672583A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Method for monitoring network, equipment, storage medium and device |
| CN110278102A (en) * | 2018-03-15 | 2019-09-24 | 勤智数码科技股份有限公司 | A kind of IT automation operational system and method |
| CN111563776A (en) * | 2020-05-08 | 2020-08-21 | 国网江苏省电力有限公司扬州供电分公司 | Electric quantity decomposition and prediction method based on K neighbor anomaly detection and Prophet model |
| CN112187514A (en) * | 2020-09-02 | 2021-01-05 | 上海御威通信科技有限公司 | Intelligent operation and maintenance system, method and terminal for data center network equipment |
-
2021
- 2021-06-16 CN CN202110666402.5A patent/CN115484188A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070271014A1 (en) * | 1995-06-07 | 2007-11-22 | Automotive Technologies International, Inc. | Vehicle Diagnostic and Prognostic Methods and Systems |
| WO2019056499A1 (en) * | 2017-09-20 | 2019-03-28 | 平安科技(深圳)有限公司 | Prediction model training method, data monitoring method, apparatuses, device and medium |
| CN110278102A (en) * | 2018-03-15 | 2019-09-24 | 勤智数码科技股份有限公司 | A kind of IT automation operational system and method |
| CN109672583A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Method for monitoring network, equipment, storage medium and device |
| CN111563776A (en) * | 2020-05-08 | 2020-08-21 | 国网江苏省电力有限公司扬州供电分公司 | Electric quantity decomposition and prediction method based on K neighbor anomaly detection and Prophet model |
| CN112187514A (en) * | 2020-09-02 | 2021-01-05 | 上海御威通信科技有限公司 | Intelligent operation and maintenance system, method and terminal for data center network equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118428532A (en) * | 2024-04-26 | 2024-08-02 | 深圳市金地物业管理有限公司 | Prophet model cleaning defect occurrence rate time sequence prediction method based on Python |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108073497B (en) | Multi-index transaction analysis method based on data center data acquisition platform | |
| CA2731916C (en) | Systems and methods for asset condition monitoring in electric power substation equipment | |
| CN111290913A (en) | Fault location visualization system and method based on operation and maintenance data prediction | |
| CN111309565B (en) | Alarm processing method and device, electronic equipment and computer readable storage medium | |
| JP6085550B2 (en) | Log analysis apparatus and method | |
| CN106209432A (en) | Network equipment subhealth state method for early warning based on dynamic threshold and device | |
| KR20180108446A (en) | System and method for management of ict infra | |
| CN104796273A (en) | Method and device for diagnosing root of network faults | |
| CN115454778B (en) | Timing sequence index abnormity intelligent monitoring system in large-scale cloud network environment | |
| EP3270250A1 (en) | Method and system for remote monitoring of power generation units | |
| CN112699007B (en) | Method, system, network device and storage medium for monitoring machine performance | |
| CN106100884A (en) | The alarm method of supervisory control of substation equipment operation exception | |
| CN106940678B (en) | System real-time health degree evaluation and analysis method and device | |
| CN114095965A (en) | Index detection model obtaining and fault positioning method, device, equipment and storage medium | |
| CN117391675B (en) | Data center infrastructure operation and maintenance management method | |
| CN110969375A (en) | Intelligent substation alarm processing method and device, terminal and storage medium | |
| CN105187239A (en) | Communication alarm analysis system based on data mining and processing method thereof | |
| CN117930718A (en) | Equipment running state monitoring and early warning method and system based on big data | |
| CN115484188A (en) | TAP device monitoring method and system, electronic device and readable storage medium | |
| CN101345656B (en) | global fault rate measuring method | |
| CN114095519A (en) | Oil depot Internet of things equipment state monitoring and automatic switching method | |
| CN113468022B (en) | Automatic operation and maintenance method for centralized monitoring of products | |
| CN116204386B (en) | Method, system, medium and equipment for automatically identifying and monitoring application service relationship | |
| CN118018449A (en) | Network reliability assessment method, device and system | |
| CN116611953A (en) | Electric energy meter production and manufacturing real-time data management method and system based on Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221216 |
|
| RJ01 | Rejection of invention patent application after publication |