[go: up one dir, main page]

CN115695548A - A website real-time monitoring system - Google Patents

A website real-time monitoring system Download PDF

Info

Publication number
CN115695548A
CN115695548A CN202211262899.5A CN202211262899A CN115695548A CN 115695548 A CN115695548 A CN 115695548A CN 202211262899 A CN202211262899 A CN 202211262899A CN 115695548 A CN115695548 A CN 115695548A
Authority
CN
China
Prior art keywords
center
website
server
agent
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211262899.5A
Other languages
Chinese (zh)
Inventor
黄慷
练宇婷
韦宏堃
杨帅
杨昌学
王凤
覃霜霜
黄聪
罗莉
黄凤平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Laibin Power Supply Bureau of Guangxi Power Grid Co Ltd
Original Assignee
Laibin Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Laibin Power Supply Bureau of Guangxi Power Grid Co Ltd filed Critical Laibin Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority to CN202211262899.5A priority Critical patent/CN115695548A/en
Publication of CN115695548A publication Critical patent/CN115695548A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

本发明公开了一种网站实时监测系统,包括Server端和Agent端,所述Server端包含日志存储、配置中心、分析中心、告警中心、Server‑GUI六大模块,所述Server‑GUI模块为主要的界面显示模块,可显示告警信息、配置信息功能,并可直观的向工作人员展示告警信息和配置信息等,所述Agent端在连接服务端进行消息传输时,会同步获取到配置项,并在本地进行实时扫描,扫描内容硬件资源是否超越配置阈值,网页文件是否存在暗链或者恶意关键字等,可实时对网站进行监测。该一种网站实时监测系统通过Server端和Agent端等,实现了采用直接分析原始文件可以直接避免存在一定的误报或漏报的目的,通过设置Server端和Agent端等,实现了对所有服务器硬件资源的实时分析并提供性能过载保护的目的。

Figure 202211262899

The invention discloses a real-time monitoring system for a website, which includes a Server end and an Agent end. The Server end includes log storage, configuration center, analysis center, alarm center, and Server-GUI six modules. The Server-GUI module is the main The interface display module can display alarm information and configuration information functions, and can intuitively display alarm information and configuration information to the staff. When the Agent is connected to the server for message transmission, it will obtain the configuration items synchronously, and Perform local real-time scanning, scan whether the content hardware resources exceed the configured threshold, whether there are dark links or malicious keywords in webpage files, etc., and monitor the website in real time. This kind of website real-time monitoring system achieves the purpose of avoiding certain false positives or false positives by directly analyzing the original files through the Server side and the Agent side, etc. Real-time analysis of hardware resources and the purpose of providing performance overload protection.

Figure 202211262899

Description

一种网站实时监测系统A website real-time monitoring system

技术领域technical field

本发明涉及网站监测技术领域,具体为一种网站实时监测系统。The invention relates to the technical field of website monitoring, in particular to a website real-time monitoring system.

背景技术Background technique

随着信息化技术的发展,企业的网站等信息化基础设施变得尤为重要,其中对于企业内部网站安全的监测也是重中之重,网站若遭到恶意篡改或攻击,将会对企业形象造成严重的损失。With the development of information technology, the information infrastructure such as the enterprise's website has become particularly important. Among them, the monitoring of the security of the enterprise's internal website is also the top priority. If the website is maliciously tampered with or attacked, it will damage the corporate image. serious loss.

目前常用的网站安全监测方法有使用商业化的网站安全监测平台,通过旁路部署的方式,对网站暗链、运行状态等进行监测,但是传统的监测方式需要部署硬件设备在管理网络中,架构复杂,不易用,因工作原理是直接访问目标web服务进行业务分析,因此无法对服务器的CPU、内存、磁盘等占用进行实时监测,而且现有的检测方式存在一定的误报或漏报,硬件设备部署复杂,需要侵入网络环境,无法对服务器硬件资源进行实时分析。At present, the commonly used website security monitoring method is to use a commercial website security monitoring platform to monitor the dark link and running status of the website through bypass deployment. However, the traditional monitoring method requires the deployment of hardware devices in the management network. It is complicated and difficult to use. Because the working principle is to directly access the target web service for business analysis, it is impossible to monitor the CPU, memory, and disk usage of the server in real time, and the existing detection methods have certain false positives or false positives. The device deployment is complex and requires intrusion into the network environment, making real-time analysis of server hardware resources impossible.

发明内容Contents of the invention

本发明的目的在于针对现有技术的不足之处,提供一种网站实时监测系统,以解决背景技术中所提出的问题。The purpose of the present invention is to provide a website real-time monitoring system to solve the problems raised in the background technology against the shortcomings of the prior art.

为实现上述目的,本发明提供如下技术方案:一种网站实时监测系统,包括Server端和Agent端,所述Server端包含日志存储、配置中心、分析中心、告警中心、Server-GU I六大模块,所述Server-GU I模块为主要的界面显示模块,可显示告警信息、配置信息功能,并可直观的向工作人员展示告警信息和配置信息等,所述Agent端在连接服务端进行消息传输时,会同步获取到配置项,并在本地进行实时扫描,扫描内容硬件资源是否超越配置阈值,网页文件是否存在暗链或者恶意关键字等,可实时对网站进行监测,所述Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可以直接避免一定的误报或漏报,监测效率更高,同时在扫描时若CPU、内存,在CPU、内存占用过高则会启动启动性能过载保护,并在扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,同时也实现了对CPU和内存等所有服务器硬件进行资源的实时分析。To achieve the above object, the present invention provides following technical scheme: a kind of website real-time monitoring system, comprises Server end and Agent end, and described Server end comprises log storage, configuration center, analysis center, alarm center, Server-GU I six big modules , the Server-GU I module is the main interface display module, which can display alarm information, configuration information functions, and can intuitively show alarm information and configuration information etc. to the staff, and the Agent end carries out message transmission at the connection service end , the configuration items will be obtained synchronously, and real-time scanning will be performed locally to check whether the hardware resources of the scanning content exceed the configuration threshold, whether there are hidden links or malicious keywords in the webpage files, etc., and the website can be monitored in real time. Identifying hidden links or keywords on webpages is currently identified by directly analyzing the original file, which can directly avoid certain false positives or false negatives, and the monitoring efficiency is higher. At the same time, if the CPU and memory are too high during scanning, the Start the performance overload protection, and after the scan, the Agent will actively contact the message distribution center in the Agent, and send the scan results to the analysis center, and also realize the real-time analysis of all server hardware resources such as CPU and memory .

作为本发明的优选技术方案,所述日志存储包括日志分析管理系统,可对离散日志进行统一采集、处理、存储与查询分析,并可通过Agent端进行日志上传,可实时掌握并梳理日志,并可对日志进行实时管理。As a preferred technical solution of the present invention, the log storage includes a log analysis management system, which can uniformly collect, process, store, and query and analyze discrete logs, and can upload logs through the Agent side, and can grasp and sort out logs in real time, and Logs can be managed in real time.

作为本发明的优选技术方案,所述配置中心可将其网站的相关配置通过配置中心进行配置,并且其配置中心所配置的信息和数据可通过Server-GU I模块中的界面显示模块,显示其配置信息,可通过配置信息对网站进行监测的同时,也可对网站进行保护。As a preferred technical solution of the present invention, the configuration center can configure the relevant configuration of its website through the configuration center, and the information and data configured by its configuration center can be displayed by the interface display module in the Server-GUI module. Configuration information, while monitoring the website through the configuration information, it can also protect the website.

作为本发明的优选技术方案,所述分析中心可接受Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并事实存储在日志存储中心可通过告警中心展示在Server-GU I模块中的界面显示上,可对网站上的暗链和恶意关键词或者硬件资源超越阈值的服务器进行过滤分析,实时对网站进行监测。As a preferred technical solution of the present invention, the analysis center can accept the log files uploaded by the Agent, and analyze the logs, filter and analyze the servers with hidden links or malicious keywords or hardware resources exceeding the threshold, and store the facts in the The log storage center can be displayed on the interface display of the Server-GUI module through the alarm center, which can filter and analyze dark links and malicious keywords on the website or servers whose hardware resources exceed the threshold, and monitor the website in real time.

作为本发明的优选技术方案,所述告警中心可将分析中心对Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并通过分析中心的分析,将相应的分析情况通过告警中心在Server-GU I模块中的界面显示模块上展示出来,告警中心可将分析中心对网站上的暗链和恶意关键词或者硬件资源超越阈值的服务器进行过滤分析,并通过告警中心在Server-GU I模块中的界面显示模块上展示出来,可供相关人员对其进行处理。As a preferred technical solution of the present invention, the alarm center can analyze the log files uploaded by the analysis center to the Agent side, and analyze the logs, filter and analyze the servers with dark links or malicious keywords or hardware resources exceeding the threshold, and Through the analysis of the analysis center, the corresponding analysis situation will be displayed on the interface display module in the Server-GU I module through the alarm center, and the alarm center can report the hidden links and malicious keywords or hardware resources on the website that the analysis center exceeds the threshold The server is filtered and analyzed, and displayed on the interface display module in the Server-GUI module through the alarm center, which can be processed by relevant personnel.

作为本发明的优选技术方案,所述Server-GU I模块即为主界面显示模块,可显示告警信息和配置信息的功能,可为相关人员提供一个直观的显示功能,为相关人员对分析中心对网站上存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,进行处理。As a preferred technical solution of the present invention, the Server-GU I module is the main interface display module, which can display the function of alarm information and configuration information, and can provide an intuitive display function for relevant personnel, so that relevant personnel can understand the analysis center There are dark links or malicious keywords on the website, or the server whose hardware resources exceed the threshold will be filtered and analyzed for processing.

作为本发明的优选技术方案,所述Agent端可对网站运行状态进行监测,并将所监测的网站运行状态上传至日志存储,可供分析中心对其所上传的网站运行状态的日志进行分析,可保障网站的正常运行。As a preferred technical solution of the present invention, the Agent can monitor the running state of the website, and upload the monitored running state of the website to the log storage, which can be used by the analysis center to analyze the log of the running state of the website uploaded, It can guarantee the normal operation of the website.

作为本发明的优选技术方案,所述Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,但是主动探测或爬虫去识别的方案若若存在网络波动、网站有反爬虫机制、react环境时,存在一定的误报或漏报,采用直接分析原始文件可以直接避免这种情况,通过直接分析原始文件的方式可以避免发生误报或漏报。As a preferred technical solution of the present invention, the identification of hidden webpage links or keywords in the Agent side is currently identified by directly analyzing the original file, which can be replaced by active detection or crawler de-identification, but the scheme of active detection or crawler de-identification If there are certain false positives or false negatives in the presence of network fluctuations, anti-crawler mechanisms on the website, and react environments, this situation can be avoided directly by directly analyzing the original files, and false positives or false positives can be avoided by directly analyzing the original files. Underreporting.

作为本发明的优选技术方案,所述Agent端在扫描时若CPU、内存占用过高,则会启动性能过载保护,待CPU、内存占用下降后再继续进行扫描识别,扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,可起到对所有服务器硬件资源的实时分析并提供性能过载保护。As a preferred technical solution of the present invention, if the CPU and memory occupation of the Agent end is too high during scanning, the performance overload protection will be started, and the scanning and identification will continue after the CPU and memory occupation are reduced. After the scan ends, the Agent end will actively Contact the message distribution center on the Agent side and send the scanning results to the analysis center, which can perform real-time analysis of all server hardware resources and provide performance overload protection.

与现有技术相比,本发明提供了一种网站实时监测系统,具备以下有益效果:Compared with the prior art, the present invention provides a real-time website monitoring system, which has the following beneficial effects:

1、该一种网站实时监测系统,通过设置Server端和Agent端等,Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,实现了采用直接分析原始文件可以直接避免存在一定的误报或漏报的目的;1. This kind of website real-time monitoring system, by setting up the server side and the agent side, etc., the identification of dark links or keywords in the webpage in the agent side is currently identified by directly analyzing the original file, which can be replaced by active detection or crawler identification. Realized the purpose of directly avoiding certain false positives or false negatives by directly analyzing the original files;

2、该一种网站实时监测系统,通过设置Server端和Agent端等,Agent端在扫描时若CPU、内存占用过高,则会启动性能过载保护,待CPU、内存占用下降后再继续进行扫描识别,扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,实现了对所有服务器硬件资源的实时分析并提供性能过载保护的目的。2. This kind of website real-time monitoring system, by setting the server side and the agent side, etc., if the CPU and memory usage of the agent side is too high during scanning, it will start the performance overload protection, and continue scanning after the CPU and memory usage decrease After the scan is completed, the Agent will actively contact the message distribution center in the Agent and send the scan results to the analysis center, realizing the real-time analysis of all server hardware resources and providing performance overload protection.

附图说明Description of drawings

图1为一种网站实时监测系统的系统架构图示意图;Fig. 1 is a schematic diagram of a system architecture diagram of a website real-time monitoring system;

图2为一种网站实时监测系统的Server端展示图结构示意图。FIG. 2 is a schematic structural diagram of a server-side display diagram of a website real-time monitoring system.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

实施例一:Embodiment one:

请参阅图1和图2,一种网站实时监测系统,包括Server端和Agent端,Server端包含日志存储、配置中心、分析中心、告警中心、Server-GU I六大模块,Server-GU I模块为主要的界面显示模块,可显示告警信息、配置信息功能,并可直观的向工作人员展示告警信息和配置信息等,Agent端在连接服务端进行消息传输时,会同步获取到配置项,并在本地进行实时扫描,扫描内容硬件资源是否超越配置阈值,网页文件是否存在暗链或者恶意关键字等,可实时对网站进行监测,Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可以直接避免一定的误报或漏报,监测效率更高,同时在扫描时若CPU、内存,在CPU、内存占用过高则会启动启动性能过载保护,并在扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,同时也实现了对CPU和内存等所有服务器硬件进行资源的实时分析,管理人员可以通过Server-GU I配置相关的配置项目,包含网站的CPU占用、内存占用、磁盘占用进行阈值配置,Agent端会对配置项进行实时的扫描与监测,若发现服务器存在超越配置阈值的情况,则会实时告警,另外会针对web服务目录下的文件进行单独分析,若发现暗链或恶意关键字,则会实时进行告警展示。Please refer to Fig. 1 and Fig. 2, a kind of website real-time monitoring system, comprises Server end and Agent end, and Server end comprises log storage, configuration center, analysis center, alarm center, Server-GU I six modules, Server-GU I module As the main interface display module, it can display alarm information and configuration information functions, and can intuitively display alarm information and configuration information to the staff. When the Agent side connects to the server for message transmission, it will obtain the configuration items synchronously, and Perform local real-time scanning to check whether the hardware resources of the scanning content exceed the configured threshold, whether there are dark links or malicious keywords in the webpage files, etc., and the website can be monitored in real time. The identification of dark links or keywords in the webpage on the Agent side currently uses direct analysis of the original File identification can directly avoid certain false positives or missed negatives, and the monitoring efficiency is higher. At the same time, if the CPU and memory are too high during scanning, the performance overload protection will be activated, and the Agent will The terminal will actively contact the message distribution center in the Agent terminal, and send the scanning results to the analysis center. At the same time, it also realizes real-time analysis of resources for all server hardware such as CPU and memory. Managers can configure related information through Server-GUI Configuration items, including the threshold configuration of the website's CPU usage, memory usage, and disk usage, the Agent will scan and monitor the configuration items in real time. If it is found that the server exceeds the configuration threshold, it will give a real-time alarm. The files in the service directory are analyzed separately, and if hidden links or malicious keywords are found, an alarm will be displayed in real time.

实施例二:Embodiment two:

请参阅图1和图2,日志存储包括日志分析管理系统,可对离散日志进行统一采集、处理、存储与查询分析,并可通过Agent端进行日志上传,可实时掌握并梳理日志,并可对日志进行实时管理,配置中心可将其网站的相关配置通过配置中心进行配置,并且其配置中心所配置的信息和数据可通过Server-GU I模块中的界面显示模块,显示其配置信息,可通过配置信息对网站进行监测的同时,也可对网站进行保护,分析中心可接受Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并事实存储在日志存储中心可通过告警中心展示在Server-GU I模块中的界面显示上,可对网站上的暗链和恶意关键词或者硬件资源超越阈值的服务器进行过滤分析,实时对网站进行监测,告警中心可将分析中心对Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并通过分析中心的分析,将相应的分析情况通过告警中心在Server-GU I模块中的界面显示模块上展示出来,可供相关人员对其进行处理,Server-GU I模块即为主界面显示模块,可显示告警信息和配置信息的功能,可为相关人员提供一个直观的显示功能,为相关人员对分析中心对网站上存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,进行处理,通过设置Server端和Agent端等,Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,实现了采用直接分析原始文件可以直接避免存在一定的误报或漏报的目的。Please refer to Figure 1 and Figure 2. Log storage includes a log analysis management system, which can collect, process, store, query and analyze discrete logs in a unified manner, and can upload logs through the Agent side. It can grasp and sort out logs in real time, and can analyze The log is managed in real time, and the configuration center can configure the relevant configuration of its website through the configuration center, and the information and data configured by the configuration center can be displayed through the interface display module in the Server-GU I module, and its configuration information can be displayed through While configuring the information to monitor the website, it can also protect the website. The analysis center can accept the log files uploaded by the Agent, and analyze the logs, and filter the servers with dark links or malicious keywords or hardware resources exceeding the threshold. Analysis, and the facts are stored in the log storage center, which can be displayed on the interface display in the Server-GU I module through the alarm center, and can filter and analyze dark links and malicious keywords on the website or servers whose hardware resources exceed the threshold, and real-time The website is monitored, and the alarm center can analyze the log files uploaded by the analysis center to the Agent side, and filter and analyze the servers with hidden links or malicious keywords or hardware resources exceeding the threshold, and through the analysis of the analysis center, The corresponding analysis situation is displayed on the interface display module in the Server-GU I module through the alarm center, which can be processed by relevant personnel. The Server-GU I module is the main interface display module, which can display alarm information and configuration The function of information can provide relevant personnel with an intuitive display function, so that relevant personnel can filter, analyze and process the servers with dark links or malicious keywords on the website or hardware resources exceeding the threshold for relevant personnel. On the Agent side, etc., the identification of dark links or keywords in the webpage on the Agent side is currently identified by directly analyzing the original file, which can be replaced by active detection or crawler identification, which realizes that the use of direct analysis of the original file can directly avoid certain false positives or omission of purpose.

实施例三:Embodiment three:

请参阅图1和图2,Agent端可对网站运行状态进行监测,并将所监测的网站运行状态上传至日志存储,可供分析中心对其所上传的网站运行状态的日志进行分析,可保障网站的正常运行,Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,但是主动探测或爬虫去识别的方案若若存在网络波动、网站有反爬虫机制、react环境时,存在一定的误报或漏报,采用直接分析原始文件可以直接避免这种情况,通过直接分析原始文件的方式可以避免发生误报或漏报,Agent端在扫描时若CPU、内存占用过高,则会启动性能过载保护,待CPU、内存占用下降后再继续进行扫描识别,扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,可起到对所有服务器硬件资源的实时分析并提供性能过载保护,通过设置Server端和Agent端等,实现了对所有服务器硬件资源的实时分析并提供性能过载保护的目的。Please refer to Figure 1 and Figure 2, the Agent side can monitor the running status of the website, and upload the monitored running status of the website to the log storage, which can be used by the analysis center to analyze the logs of the running status of the website uploaded, which can ensure For the normal operation of the website, the identification of dark links or keywords on the Agent side is currently performed by directly analyzing the original file for identification, which can be replaced by active detection or crawler identification, but if there are network fluctuations in the active detection or crawler identification scheme , When the website has an anti-crawler mechanism and a react environment, there are certain false positives or false positives. This situation can be directly avoided by directly analyzing the original files. By directly analyzing the original files, false positives or false positives can be avoided. If the CPU and memory usage are too high during scanning, the performance overload protection will be activated, and the scanning and identification will continue after the CPU and memory usage decrease. After the scanning is completed, the Agent will actively contact the message distribution center in the Agent and The results are sent to the analysis center, which can perform real-time analysis of all server hardware resources and provide performance overload protection. By setting the Server side and Agent side, etc., the real-time analysis of all server hardware resources and performance overload protection are realized.

本发明的工作原理及使用流程:首先可通过Agent端将日志上传至日志存储中,之后可通过配置中心对网站进行相应的配置,其配置的数据能够通过Server-GU I模块中的界面显示模块,显示其配置信息,Agent端上传的日志文件可通过分析中心对日志进行分析,可将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并事实存储在日志存储中心可通过告警中心展示在Server-GU I模块中的界面显示上,Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,但是主动探测或爬虫去识别的方案若若存在网络波动、网站有反爬虫机制、react环境时,存在一定的误报或漏报,采用直接分析原始文件可以直接避免这种情况,进而能够实现Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,采用直接分析原始文件可以直接避免存在一定的误报或漏报的目的,Agent端在扫描时若CPU、内存占用过高,则会启动性能过载保护,待CPU、内存占用下降后再继续进行扫描识别,扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心,从而能够实现对所有服务器硬件资源的实时分析并提供性能过载保护的目的。Working principle of the present invention and use flow: at first log can be uploaded to log storage through Agent end, can carry out corresponding configuration to website through configuration center afterwards, the data of its configuration can pass through the interface display module in the Server-GU I module , to display its configuration information, the log files uploaded by the Agent side can be analyzed through the analysis center, and the servers with dark links or malicious keywords or hardware resources exceeding the threshold can be filtered and analyzed, and the facts are stored in the log storage center. The alarm center is displayed on the interface display in the Server-GU I module. Currently, the dark links or keywords in the identified web pages are identified by directly analyzing the original files, which can be replaced by active detection or crawler identification. However, active detection or If the crawler de-identification scheme has network fluctuations, anti-crawler mechanism on the website, and react environment, there will be certain false positives or false positives. This situation can be directly avoided by directly analyzing the original file, and then the identification in the Agent can be realized. Dark links or keywords on webpages are currently identified by directly analyzing the original files, which can be replaced by active detection or crawler identification. Using direct analysis of original files can directly avoid certain false positives or missed negatives. The Agent side scans If the CPU and memory usage are too high, the performance overload protection will be activated, and the scanning and identification will continue after the CPU and memory usage decrease. After the scanning is completed, the Agent will actively contact the message distribution center in the Agent and send the scanning results to The analysis center can realize real-time analysis of all server hardware resources and provide performance overload protection.

最后应说明的是:以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Finally, it should be noted that: the above is only a preferred embodiment of the present invention, and is not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it still The technical solutions recorded in the foregoing embodiments may be modified, or some technical features thereof may be equivalently replaced. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (9)

1.一种网站实时监测系统,包括Server端和Agent端,其特征在于:所述Server端包含日志存储、配置中心、分析中心、告警中心、Server-GUI六大模块,所述Server-GUI模块为主要的界面显示模块,显示告警信息、配置信息功能,所述Agent端在连接服务端进行消息传输时,会同步获取到配置项,并在本地进行实时扫描,扫描内容硬件资源是否超越配置阈值,网页文件是否存在暗链或者恶意关键字等,所述Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可以直接避免一定的误报或漏报,同时在扫描时若CPU、内存,在CPU、内存占用过高则会启动启动性能过载保护,并在扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心。1. A website real-time monitoring system, comprising Server end and Agent end, is characterized in that: described Server end comprises log storage, configuration center, analysis center, alarm center, Server-GUI six big modules, and described Server-GUI module It is the main interface display module, displaying alarm information and configuration information functions. When the Agent is connected to the server for message transmission, it will obtain the configuration items synchronously, and perform real-time scanning locally to check whether the hardware resources of the scanning content exceed the configuration threshold , whether there are hidden links or malicious keywords in the webpage file, etc., the identification of hidden links or keywords in the webpage in the Agent is currently identified by directly analyzing the original file, which can directly avoid certain false positives or false negatives, and at the same time, when scanning If the CPU and memory are too high, the performance overload protection will be activated, and after the scan is completed, the Agent will actively contact the message distribution center in the Agent and send the scan results to the analysis center. 2.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述日志存储包括日志分析管理系统,可对离散日志进行统一采集、处理、存储与查询分析,并可通过Agent端进行日志上传。2. A kind of website real-time monitoring system according to claim 1, it is characterized in that: described log storage comprises log analysis management system, can carry out unified collection, processing, storage and query analysis to discrete log, and can pass Agent end Perform log upload. 3.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述配置中心可将其网站的相关配置通过配置中心进行配置,并且其配置中心所配置的信息和数据可通过Server-GUI模块中的界面显示模块,显示其配置信息。3. A website real-time monitoring system according to claim 1, characterized in that: said configuration center can configure the relevant configuration of its website through the configuration center, and the information and data configured by its configuration center can be configured through the Server - The interface display module in the GUI module displays its configuration information. 4.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述分析中心可接受Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并事实存储在日志存储中心可通过告警中心展示在Server-GUI模块中的界面显示上。4. A kind of website real-time monitoring system according to claim 1, it is characterized in that: described analysis center can accept the log file that Agent end uploads, and log is analyzed, there will be dark link or malicious keyword or hardware resource Servers that exceed the threshold are filtered and analyzed, and the facts are stored in the log storage center, which can be displayed on the interface display in the Server-GUI module through the alarm center. 5.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述告警中心可将分析中心对Agent端上传的日志文件,并对日志进行分析,将存在暗链或恶意关键字或硬件资源超越阈值的服务器进行过滤分析,并通过分析中心的分析,将相应的分析情况通过告警中心在Server-GUI模块中的界面显示模块上展示出来。5. A kind of website real-time monitoring system according to claim 1, it is characterized in that: described alarm center can analyze the log file that analysis center uploads to Agent end, and log is analyzed, there will be dark link or malicious keyword Or the server whose hardware resource exceeds the threshold is filtered and analyzed, and through the analysis of the analysis center, the corresponding analysis situation is displayed on the interface display module in the Server-GUI module through the alarm center. 6.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述Server-GUI模块即为主界面显示模块,可显示告警信息和配置信息的功能。6. A website real-time monitoring system according to claim 1, characterized in that: said Server-GUI module is a main interface display module capable of displaying alarm information and configuration information. 7.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述Agent端可对网站运行状态进行监测,并将所监测的网站运行状态上传至日志存储,可供分析中心对其所上传的网站运行状态的日志进行分析。7. A kind of website real-time monitoring system according to claim 1, it is characterized in that: described Agent end can monitor website operation state, and the website operation state that is monitored is uploaded to log storage, can be used for analysis center to analyze Analyze the logs of the running status of the website uploaded by it. 8.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述Agent端中的识别网页暗链或关键字目前采用直接分析原始文件进行识别,可通过主动探测或爬虫去识别进行代替,但是主动探测或爬虫去识别的方案若若存在网络波动、网站有反爬虫机制、react环境时,存在一定的误报或漏报,采用直接分析原始文件可以直接避免这种情况。8. A kind of website real-time monitoring system according to claim 1, it is characterized in that: the identification web page dark link or keyword in the said Agent end adopts the direct analysis original file to identify at present, can go to identify by active detection or crawler Replacement, but if there are network fluctuations in the active detection or crawler de-identification scheme, the website has an anti-crawler mechanism, and a react environment, there will be certain false positives or negative negatives. This situation can be directly avoided by directly analyzing the original file. 9.根据权利要求1所述的一种网站实时监测系统,其特征在于:所述Agent端在扫描时若CPU、内存占用过高,则会启动性能过载保护,待CPU、内存占用下降后再继续进行扫描识别,扫描结束后Agent端会主动联系Agent端中的消息分发中心,并将扫描结果发送至分析中心。9. A kind of website real-time monitoring system according to claim 1, it is characterized in that: if the CPU and memory occupation of the Agent end are too high when scanning, it will start the performance overload protection, and then wait for the CPU and memory occupation to decrease. Continue to scan and identify. After the scan is over, the Agent will actively contact the message distribution center in the Agent and send the scan results to the analysis center.
CN202211262899.5A 2022-10-12 2022-10-12 A website real-time monitoring system Pending CN115695548A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211262899.5A CN115695548A (en) 2022-10-12 2022-10-12 A website real-time monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211262899.5A CN115695548A (en) 2022-10-12 2022-10-12 A website real-time monitoring system

Publications (1)

Publication Number Publication Date
CN115695548A true CN115695548A (en) 2023-02-03

Family

ID=85066820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211262899.5A Pending CN115695548A (en) 2022-10-12 2022-10-12 A website real-time monitoring system

Country Status (1)

Country Link
CN (1) CN115695548A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107729386A (en) * 2017-09-19 2018-02-23 杭州安恒信息技术有限公司 A kind of dark chain detection technique based on degree of polymerization analysis
US20190121676A1 (en) * 2017-10-24 2019-04-25 Genesys Telecommunications Laboratories, Inc. Systems and methods for overload protection for real-time computing engines
CN110502345A (en) * 2019-08-26 2019-11-26 北京博睿宏远数据科技股份有限公司 A kind of overload protection method, device, computer equipment and storage medium
CN113111274A (en) * 2020-01-10 2021-07-13 网宿科技股份有限公司 Method and device for detecting hidden link in webpage
CN114024729A (en) * 2021-10-29 2022-02-08 恒安嘉新(北京)科技股份公司 Website background detection method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107729386A (en) * 2017-09-19 2018-02-23 杭州安恒信息技术有限公司 A kind of dark chain detection technique based on degree of polymerization analysis
US20190121676A1 (en) * 2017-10-24 2019-04-25 Genesys Telecommunications Laboratories, Inc. Systems and methods for overload protection for real-time computing engines
CN110502345A (en) * 2019-08-26 2019-11-26 北京博睿宏远数据科技股份有限公司 A kind of overload protection method, device, computer equipment and storage medium
CN113111274A (en) * 2020-01-10 2021-07-13 网宿科技股份有限公司 Method and device for detecting hidden link in webpage
CN114024729A (en) * 2021-10-29 2022-02-08 恒安嘉新(北京)科技股份公司 Website background detection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106411578B (en) A kind of web publishing system and method being adapted to power industry
WO2023216641A1 (en) Security protection method and system for power terminal
CN106778253A (en) Threat context aware information security Initiative Defense model based on big data
CN108763957A (en) A kind of safety auditing system of database, method and server
CN111382023B (en) Code fault positioning method, device, equipment and storage medium
CN111881011A (en) Log management method, platform, server and storage medium
CN112287067A (en) Sensitive event visualization application implementation method, system and terminal based on semantic analysis
CN116074075A (en) Method, system and device for analyzing security event correlation behavior based on correlation rules
CN101330406A (en) System and method for monitoring WAP imperfect picture
CN107908505A (en) A kind of date storage method, device, equipment and system
CN114328433A (en) Real-time analysis method, device and electronic device for business log
CN110650126A (en) Method and device for preventing website traffic attack, intelligent terminal and storage medium
CN116126621A (en) Task monitoring method of big data cluster and related equipment
CN115456394A (en) A business health monitoring method and system based on eBPF
CN115861929A (en) Monitoring system, method, equipment and storage medium for service specification of electric power business hall
CN114629786A (en) Log real-time analysis method, device, storage medium and system
CN115695548A (en) A website real-time monitoring system
CN116580362B (en) Transmission operation and maintenance cross-system fusion data collection method and digital asset processing system
CN118735267A (en) An information security emergency management system and method based on big data grid
CN205510080U (en) A safety control platform for catenet
CN116561825B (en) Data security control method and device and computer equipment
CN112311760B (en) Terminal credibility analysis method and device for one-end multi-network environment
CN116094816A (en) A method and device for responding to network security incidents
JP2002108659A (en) Data access history collection method and history collection device
CN115442069A (en) Traceability Technology of Terminal Business Access Behavior Based on Desktop Screen Capture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination