CN117827610A - Method and system for reporting abnormal log in wearable device - Google Patents

Abstract

The invention discloses a method and a system for reporting an abnormal log in wearable equipment, wherein the method comprises the following steps: monitoring and collecting log data of the wearable equipment; preprocessing log data, and grouping and clustering based on the preprocessed log data to extract a log template; acquiring a log sequence set according to a log template, and extracting log key features based on the log sequence set; and carrying out anomaly detection on the log data according to the key characteristics of the log, carrying out anomaly response on the wearable equipment according to the anomaly detection result, and reporting an anomaly event to a background server. According to the method, the log data of the wearable equipment are clustered in groups and the log templates are extracted, the log sequence set is obtained, the log key features are extracted, the log data is subjected to abnormal detection according to the log key features, abnormal response and abnormal event reporting are timely carried out, a large amount of log data can be processed, each key feature of the log data is effectively utilized, and the accuracy of detecting the log abnormality of the wearable equipment is improved.

Description

Method and system for reporting abnormal log in wearable device

Technical Field

The invention relates to the technical field of log reporting, in particular to a method and a system for reporting an abnormal log in wearable equipment.

Background

With rapid development of technology, wearable devices such as smart bracelets and telephone watches have become indispensable electronic devices in daily life. In the using process of the wearable equipment, the problems of system errors, application program running errors and the like often occur, and then an abnormal log is generated.

In the prior art, when an application program of a wearable device fails, an exception log of the wearable device is usually detected in a rule-based manner, and then a problem reflected by the exception log is processed through manual review. However, as the wearable device is more and more intelligent, the device log generally contains massive data, the fault types are more and the change speed is high, and a large number of nonsensical suspected abnormal logs exist, so that great challenges are brought to log abnormality detection, the false alarm rate is too high, in addition, many key information can be lost in the original log information extraction process by the existing abnormality detection method, and the utilization degree of log information is not high.

Disclosure of Invention

Aiming at the defects in the prior art, the invention provides a method and a system for reporting an abnormal log in wearable equipment.

In a first aspect, a method for reporting an exception log in a wearable device includes:

monitoring and collecting log data of the wearable equipment;

preprocessing the log data, and grouping and clustering based on the preprocessed log data to extract a log template;

acquiring a log sequence set according to the log template, and extracting log key features based on the log sequence set;

and carrying out anomaly detection on the log data according to the key characteristics of the log, carrying out anomaly response on the wearable equipment according to the anomaly detection result, and reporting an anomaly event to a background server.

Further, the preprocessing of the log data specifically includes:

traversing all log contents of the log data, and performing regular expression matching to locate variable characters in the log data;

separating and removing the variable characters from the log content to obtain a non-variable log;

carrying out standardization processing on the non-variable log so as to reduce character string spaces in log content and separate to obtain a plurality of non-variable words;

and constructing a corresponding log statement according to the non-variable word so as to acquire the preprocessed log data.

Further, the grouping and clustering are performed based on the preprocessed log data to extract a log template, which specifically comprises:

constructing a log analysis tree, and generating a plurality of log groups based on the log analysis tree according to the preprocessed log data;

calculating the similarity among log sentences in the plurality of log groups, acquiring a similar sentence group with the similarity larger than a threshold value, and generating an initial sentence template according to the log sentences in the similar sentence group;

the occurrence times of the same non-variable words in each log sentence of the initial sentence template are respectively obtained, and the weight of each non-variable word is calculated;

converting the non-variable words into semantic vectors according to a preset rule, and carrying out weighting operation on the non-variable words in the log sentences corresponding to the initial sentence templates according to the weights so as to obtain corresponding semantic vector sets;

clustering the initial sentence templates based on the semantic vector set to generate a log template with semantic information.

Further, the method comprises the steps of obtaining a log sequence set according to the log template, and extracting log key features based on the log sequence set, wherein the log key features are specifically as follows:

dividing log data of the wearable equipment into a plurality of log sequences according to the log template, and generating a log sequence set;

extracting log key features in a log sequence based on the log sequence set;

the log key features include timing features, invariant features, and statistical features.

Further, the method includes performing anomaly detection on log data according to the log key features, performing anomaly response on the wearable equipment according to an anomaly detection result, and reporting an anomaly event to a background server, specifically:

pre-constructing a neural network model, wherein the neural network model consists of an AT-CNN-BiGRU model and a GBDT model;

inputting the time sequence characteristics into an AT-CNN-BiGRU model, and inputting the invariant characteristics and the statistical characteristics into a GBDT model so as to perform anomaly detection on log data;

and identifying an abnormal log according to the abnormal detection result, carrying out abnormal response to the wearable equipment according to the abnormal log, and reporting an abnormal event to a background server.

In a second aspect, a system for reporting an exception log in a wearable device includes:

and a data monitoring module: the system comprises a wearable device, a monitoring device and a monitoring device, wherein the wearable device is used for monitoring and collecting log data of the wearable device;

and a template extraction module: the method comprises the steps of preprocessing log data, and grouping and clustering based on the preprocessed log data to extract a log template;

and the feature extraction module is used for: the method comprises the steps of obtaining a log sequence set according to a log template, and extracting log key features based on the log sequence set;

the abnormality reporting module: and the method is used for carrying out abnormality detection on the log data according to the key characteristics of the log, carrying out abnormality response on the wearable equipment according to an abnormality detection result, and reporting an abnormal event to a background server.

Further, the template extraction module is specifically configured to:

traversing all log contents of the log data, and performing regular expression matching to locate variable characters in the log data;

separating and removing the variable characters from the log content to obtain a non-variable log;

carrying out standardization processing on the non-variable log so as to reduce character string spaces in log content and separate to obtain a plurality of non-variable words;

and constructing a corresponding log statement according to the non-variable word so as to acquire the preprocessed log data.

Further, the template extraction module is further configured to:

constructing a log analysis tree, and generating a plurality of log groups based on the log analysis tree according to the preprocessed log data;

calculating the similarity among log sentences in the plurality of log groups, acquiring a similar sentence group with the similarity larger than a threshold value, and generating an initial sentence template according to the log sentences in the similar sentence group;

the occurrence times of the same non-variable words in each log sentence of the initial sentence template are respectively obtained, and the weight of each non-variable word is calculated;

converting the non-variable words into semantic vectors according to a preset rule, and carrying out weighting operation on the non-variable words in the log sentences corresponding to the initial sentence templates according to the weights so as to obtain corresponding semantic vector sets;

clustering the initial sentence templates based on the semantic vector set to generate a log template with semantic information.

Further, the feature extraction module is specifically configured to:

dividing log data of the wearable equipment into a plurality of log sequences according to the log template, and generating a log sequence set;

extracting log key features in a log sequence based on the log sequence set;

the log key features include timing features, invariant features, and statistical features.

Further, the exception reporting module is specifically configured to:

pre-constructing a neural network model, wherein the neural network model consists of an AT-CNN-BiGRU model and a GBDT model;

inputting the time sequence characteristics into an AT-CNN-BiGRU model, and inputting the invariant characteristics and the statistical characteristics into a GBDT model so as to perform anomaly detection on log data;

and identifying an abnormal log according to the abnormal detection result, carrying out abnormal response to the wearable equipment according to the abnormal log, and reporting an abnormal event to a background server.

The beneficial effects of the invention are as follows: the monitored log data of the wearable equipment are clustered in groups and the log templates are extracted, the log sequence set is obtained based on the log templates, the log key features are extracted, further, the log data are subjected to abnormal detection based on the neural network model according to the log key features, abnormal response and abnormal event reporting are timely carried out, a large amount of log data can be processed, each key feature of the log data is effectively utilized, and the accuracy of detecting the log abnormality of the wearable equipment is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.

Fig. 1 is a flowchart of a method for reporting an exception log in a wearable device according to a first embodiment of the present invention;

fig. 2 is a block diagram of a system for reporting an exception log in a wearable device according to a second embodiment of the present invention.

Detailed Description

Embodiments of the technical scheme of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and thus are merely examples, and are not intended to limit the scope of the present invention.

It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention pertains.

Example 1

As shown in fig. 1, a method for reporting an exception log in a wearable device includes:

s1: monitoring and collecting log data of the wearable equipment;

specifically, log data of the wearable device is monitored and collected in real time.

S2: preprocessing the log data, and grouping and clustering based on the preprocessed log data to extract a log template;

specifically, traversing all log contents in the log data, and performing regular expression matching to locate variable characters in the log data, separating and removing the variable characters from the log contents, and further obtaining a non-variable log. And carrying out standardized processing on the non-variable log so as to reduce the character string of the processed log data, wherein the method comprises the steps of reducing a plurality of continuous spaces into one space, further removing redundant spaces in the character string, separating the redundant spaces into a plurality of non-variable words, and finally constructing corresponding log sentences according to the non-variable words to obtain the preprocessed log data.

Preferably, the normalization process includes, but is not limited to, removing variables containing numbers using the char's isaalpha () function, removing repeated characters using tuples, and so forth.

Further, a log analysis tree is constructed, after the log sentences in the log data are preprocessed, the log sentences with the same structure generally have the same log length, so that the root node of the log analysis tree classifies the log sentences according to the length by utilizing the characteristic that the lengths corresponding to the log data with the same type are the same, and efficiently processes each classified subtree in a multithread concurrent execution mode. Since the log sentence takes the constant as the beginning of the sentence, the constant at the beginning of the sentence is often the sign word of the log sentence, and has a representative effect, each sub-tree is reclassified in a constant prefix matching mode. After the length and the constant prefix are matched for many times, most log classification work can be completed, and log groups are generated.

Obtaining similarity functions among log sentences in a plurality of log groups, calculating a similarity value, obtaining the log groups with the similarity value exceeding a preset similarity threshold, extracting all the log sentences contained in the log groups as a similar sentence group, and clustering the log sentences in the similar sentence group to generate a plurality of initial sentence templates.

Obtaining a log sentence in an initial sentence template, extracting a plurality of independent non-variable words in the log sentence, counting the occurrence times of each non-variable word in the log sentence, and calculating the weight of each non-variable word based on the occurrence times, wherein the weight reflects the importance degree of each non-variable word on the log sentence. Converting the non-variable words into semantic vectors according to preset rules, and carrying out weighting operation on the non-variable words of the sentences corresponding to the initial sentence templates based on the semantic vectors according to the weights obtained by calculation to obtain corresponding semantic vector sets.

Further, after the semantic vector set is obtained, clustering compression is carried out on the obtained initial sentence templates so as to generate log templates with semantic information. Preferably, the cluster compression method includes, but is not limited to, using a DBSCAN method.

S3: acquiring a log sequence set according to the log template, and extracting log key features based on the log sequence set;

specifically, after the log template is obtained, log data of the wearable device is divided into a plurality of log sequences based on the log template, and a log sequence set is generated, wherein the log division method comprises, but is not limited to, independent sequence division and sliding window division based on a main body.

And after the log sequence set is obtained, extracting key features such as time sequence features, invariant features, statistical features and the like in the log sequence by taking the log sequence as a basic unit. The log is recorded according to the occurrence sequence of log events when being recorded, the processed log is traversed according to the occurrence sequence of the time stamps generated by the log in the process of log sequence segmentation, and the sequence represents the time sequence relation, so that the time sequence characteristic is the occurrence time sequence of the log events in the sequence, and the sequence content can be directly abstract and can be used as the time sequence characteristic for representation.

S4: performing abnormality detection on the log data according to the key characteristics of the log, performing abnormality response on the wearable equipment according to an abnormality detection result, and reporting an abnormal event to a background server;

specifically, a neural network model is constructed in advance, and the neural network model is composed of an AT-CNN-BiGRU model and a GBDT model.

The AT-CNN-BiGRU model comprises a BiGRU bidirectional gating circulating unit layer, an attention mechanism AT layer and a convolutional neural network CNN layer. The BiGRU bidirectional gating circulating unit layer is further optimized and improved on the basis of the gating circulating units, and the gating circulating neural network can better capture the dependency relationship on the sequence with long time step distance. The reset gate is beneficial to capturing short-term dependency in the sequence, the update gate is beneficial to capturing long-term dependency in the sequence, and when the reset gate is opened, the gating cycle unit comprises a basic cycle neural network; the gate-controlled loop unit may skip the sub-sequence when the update gate is open. The BiGRU technology can better mine data to obtain the relevance in the data, a training test can be completed by using a small amount of parameters, historical data can be captured by using the bidirectional gating circulation unit, future data can be predicted to monitor the charging state of the electric automobile, the memory is stronger than that of other technologies, and the result output is more accurate and rapid.

The attention mechanism AT layer compares the importance of the acquired information through the attention mechanism, so that selective learning of the information is realized, namely the most core important data information is screened from a large amount of data information, the important information is focused, most unimportant information is ignored, the greater the weight is, the more focused on the Value corresponding to the important information is, namely the weight represents the importance of the information, and the Value is the corresponding information.

The convolutional neural network CNN layer is a feedforward neural network which comprises convolutional calculation and has a deep structure, and is one of representative algorithms of deep learning. The convolutional neural network has characteristic learning capability and very strong characteristic extraction capability, and can carry out translation invariant classification on input information according to a hierarchical structure of the convolutional neural network, so the convolutional neural network is also called as a 'translation invariant artificial neural network'. The CNN can solve three loopholes of the fully-connected neural network, and data information cannot be lost when the CNN expands the image into a vector, so that the original data characteristics are maintained; under the condition of excessive processing parameters, the number of parameters can be effectively reduced, the efficiency is improved, and the difficulty and complexity in the network calculation process are reduced; CNN is faced with the condition of processing a large number of parameters, and the phenomenon of over fitting of the network can be avoided.

In order to enable different features to be effectively utilized, accuracy of abnormal detection of log data is improved, time sequence features are input into an AT-CNN-BiGRU model, invariant features and statistical features are input into a GBDT model, and abnormal detection of the log data is carried out.

Further, an abnormal log is identified according to an abnormal detection result, an abnormal response is carried out to the wearable device according to the abnormal log so as to remind a wearer of checking abnormal information, and meanwhile, an abnormal event is reported to a background server according to the abnormal log, and the background server is timely informed of checking and processing the problems reflected by the abnormal log.

Example two

As shown in fig. 2, a system for reporting an exception log in a wearable device includes:

and a data monitoring module: the system comprises a wearable device, a monitoring device and a monitoring device, wherein the wearable device is used for monitoring and collecting log data of the wearable device;

and a template extraction module: the method comprises the steps of preprocessing log data, and grouping and clustering based on the preprocessed log data to extract a log template;

and the feature extraction module is used for: the method comprises the steps of obtaining a log sequence set according to a log template, and extracting log key features based on the log sequence set;

the abnormality reporting module: and the method is used for carrying out abnormality detection on the log data according to the key characteristics of the log, carrying out abnormality response on the wearable equipment according to an abnormality detection result, and reporting an abnormal event to a background server.

Further, the template extraction module is specifically configured to:

traversing all log contents of the log data, and performing regular expression matching to locate variable characters in the log data;

separating and removing the variable characters from the log content to obtain a non-variable log;

carrying out standardization processing on the non-variable log so as to reduce character string spaces in log content and separate to obtain a plurality of non-variable words;

and constructing a corresponding log statement according to the non-variable word so as to acquire the preprocessed log data.

Further, the template extraction module is further configured to:

constructing a log analysis tree, and generating a plurality of log groups based on the log analysis tree according to the preprocessed log data;

calculating the similarity among log sentences in the plurality of log groups, acquiring a similar sentence group with the similarity larger than a threshold value, and generating an initial sentence template according to the log sentences in the similar sentence group;

the occurrence times of the same non-variable words in each log sentence of the initial sentence template are respectively obtained, and the weight of each non-variable word is calculated;

converting the non-variable words into semantic vectors according to a preset rule, and carrying out weighting operation on the non-variable words in the log sentences corresponding to the initial sentence templates according to the weights so as to obtain corresponding semantic vector sets;

clustering the initial sentence templates based on the semantic vector set to generate a log template with semantic information.

Further, the feature extraction module is specifically configured to:

dividing log data of the wearable equipment into a plurality of log sequences according to the log template, and generating a log sequence set;

extracting log key features in a log sequence based on the log sequence set;

the log key features include timing features, invariant features, and statistical features.

Further, the exception reporting module is specifically configured to:

pre-constructing a neural network model, wherein the neural network model consists of an AT-CNN-BiGRU model and a GBDT model;

inputting the time sequence characteristics into an AT-CNN-BiGRU model, and inputting the invariant characteristics and the statistical characteristics into a GBDT model so as to perform anomaly detection on log data;

and identifying an abnormal log according to the abnormal detection result, carrying out abnormal response to the wearable equipment according to the abnormal log, and reporting an abnormal event to a background server.

It should be noted that, regarding a more specific workflow of the report system of the abnormal log in the wearable device, please refer to the foregoing method embodiment section, and details are not repeated herein.

According to the method, the monitored log data of the wearable equipment are clustered in groups and the log templates are extracted, the log sequence set is obtained based on the log templates, the log key features are extracted, further, the log data are subjected to abnormal detection based on the neural network model according to the log key features, abnormal response and abnormal event reporting are timely carried out, a large amount of log data can be processed, each key feature of the log data is effectively utilized, and the accuracy of detecting the log abnormality of the wearable equipment is improved.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.

Claims (10)

1. The method for reporting the exception log in the wearable equipment is characterized by comprising the following steps of:

monitoring and collecting log data of the wearable equipment;

preprocessing the log data, and grouping and clustering based on the preprocessed log data to extract a log template;

acquiring a log sequence set according to the log template, and extracting log key features based on the log sequence set;

and carrying out anomaly detection on the log data according to the key characteristics of the log, carrying out anomaly response on the wearable equipment according to the anomaly detection result, and reporting an anomaly event to a background server.

2. The method for reporting an abnormal log in a wearable device according to claim 1, wherein the preprocessing the log data specifically includes:

traversing all log contents of the log data, and performing regular expression matching to locate variable characters in the log data;

separating and removing the variable characters from the log content to obtain a non-variable log;

carrying out standardization processing on the non-variable log so as to reduce character string spaces in log content and separate to obtain a plurality of non-variable words;

and constructing a corresponding log statement according to the non-variable word so as to acquire the preprocessed log data.

3. The method for reporting an abnormal log in a wearable device according to claim 2, wherein the clustering is performed on the basis of the preprocessed log data to extract a log template, specifically:

constructing a log analysis tree, and generating a plurality of log groups based on the log analysis tree according to the preprocessed log data;

calculating the similarity among log sentences in the plurality of log groups, acquiring a similar sentence group with the similarity larger than a threshold value, and generating an initial sentence template according to the log sentences in the similar sentence group;

the occurrence times of the same non-variable words in each log sentence of the initial sentence template are respectively obtained, and the weight of each non-variable word is calculated;

converting the non-variable words into semantic vectors according to a preset rule, and carrying out weighting operation on the non-variable words in the log sentences corresponding to the initial sentence templates according to the weights so as to obtain corresponding semantic vector sets;

clustering the initial sentence templates based on the semantic vector set to generate a log template with semantic information.

4. The method for reporting an abnormal log in a wearable device according to claim 1, wherein the method is characterized in that a log sequence set is obtained according to the log template, and log key features are extracted based on the log sequence set, specifically:

dividing log data of the wearable equipment into a plurality of log sequences according to the log template, and generating a log sequence set;

extracting log key features in a log sequence based on the log sequence set;

the log key features include timing features, invariant features, and statistical features.

5. The method for reporting an abnormal log in a wearable device according to claim 4, wherein the performing abnormal detection on log data according to the log key feature, performing abnormal response on the wearable device according to an abnormal detection result, and reporting an abnormal event to a background server side specifically comprises:

pre-constructing a neural network model, wherein the neural network model consists of an AT-CNN-BiGRU model and a GBDT model;

inputting the time sequence characteristics into an AT-CNN-BiGRU model, and inputting the invariant characteristics and the statistical characteristics into a GBDT model so as to perform anomaly detection on log data;

and identifying an abnormal log according to the abnormal detection result, carrying out abnormal response to the wearable equipment according to the abnormal log, and reporting an abnormal event to a background server.

6. The utility model provides a report system of abnormal log in wearable equipment which characterized in that includes:

and a data monitoring module: the system comprises a wearable device, a monitoring device and a monitoring device, wherein the wearable device is used for monitoring and collecting log data of the wearable device;

and a template extraction module: the method comprises the steps of preprocessing log data, and grouping and clustering based on the preprocessed log data to extract a log template;

and the feature extraction module is used for: the method comprises the steps of obtaining a log sequence set according to a log template, and extracting log key features based on the log sequence set;

the abnormality reporting module: and the method is used for carrying out abnormality detection on the log data according to the key characteristics of the log, carrying out abnormality response on the wearable equipment according to an abnormality detection result, and reporting an abnormal event to a background server.

7. The system for reporting an exception log in a wearable device according to claim 6, wherein the template extraction module is specifically configured to:

traversing all log contents of the log data, and performing regular expression matching to locate variable characters in the log data;

separating and removing the variable characters from the log content to obtain a non-variable log;

carrying out standardization processing on the non-variable log so as to reduce character string spaces in log content and separate to obtain a plurality of non-variable words;

and constructing a corresponding log statement according to the non-variable word so as to acquire the preprocessed log data.

8. The system for reporting an exception log in a wearable device according to claim 7, wherein the template extraction module is further configured to:

constructing a log analysis tree, and generating a plurality of log groups based on the log analysis tree according to the preprocessed log data;

calculating the similarity among log sentences in the plurality of log groups, acquiring a similar sentence group with the similarity larger than a threshold value, and generating an initial sentence template according to the log sentences in the similar sentence group;

the occurrence times of the same non-variable words in each log sentence of the initial sentence template are respectively obtained, and the weight of each non-variable word is calculated;

converting the non-variable words into semantic vectors according to a preset rule, and carrying out weighting operation on the non-variable words in the log sentences corresponding to the initial sentence templates according to the weights so as to obtain corresponding semantic vector sets;

clustering the initial sentence templates based on the semantic vector set to generate a log template with semantic information.

9. The system for reporting an exception log in a wearable device according to claim 6, wherein the feature extraction module is specifically configured to:

dividing log data of the wearable equipment into a plurality of log sequences according to the log template, and generating a log sequence set;

extracting log key features in a log sequence based on the log sequence set;

the log key features include timing features, invariant features, and statistical features.

10. The system for reporting an exception log in a wearable device according to claim 9, wherein the exception reporting module is specifically configured to:

pre-constructing a neural network model, wherein the neural network model consists of an AT-CNN-BiGRU model and a GBDT model;

inputting the time sequence characteristics into an AT-CNN-BiGRU model, and inputting the invariant characteristics and the statistical characteristics into a GBDT model so as to perform anomaly detection on log data;

and identifying an abnormal log according to the abnormal detection result, carrying out abnormal response to the wearable equipment according to the abnormal log, and reporting an abnormal event to a background server.