CN103365871B - A kind of method of rule generation - Google Patents
A kind of method of rule generation Download PDFInfo
- Publication number
- CN103365871B CN103365871B CN201210088324.6A CN201210088324A CN103365871B CN 103365871 B CN103365871 B CN 103365871B CN 201210088324 A CN201210088324 A CN 201210088324A CN 103365871 B CN103365871 B CN 103365871B
- Authority
- CN
- China
- Prior art keywords
- rule
- service data
- operating process
- rule generation
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000008569 process Effects 0.000 claims abstract description 22
- 230000001960 triggered effect Effects 0.000 claims description 11
- 230000008859 change Effects 0.000 abstract description 8
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000003044 adaptive effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 201000004569 Blindness Diseases 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 206010022000 influenza Diseases 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Abstract
The invention provides a kind of method of rule generation, the operating process that the present invention is analyzed actual operating data by tracking user constructs rule automatically, and user can decide whether to add new rule according to analysis result.The present invention can also propose that new rule is recommended and regulation rule priority according to the applicable cases of rule, user is built and maintenance regulation on the basis of actual operating data, improve the practicality and accuracy of rule.After the present invention, user can just set up oneself suitable customizing messages system environments easily, continue the rule base of adaptive system various change without understanding and learning the programming unrelated with management objectives, interface.After the present invention so that foundation is regular easily, more efficient.
Description
Technical field
Automatically generated and area of maintenance the present invention relates to regular in information system, more particularly to a kind of rule generation
Method.
Background technology
Safety management, monitoring management of current bulk information system etc. are required for setting various rules come to the reality detected
Border running situation is alarmed or handled, and they typically use the one or more of following methods.
1. rule base method:
Rule base set in advance is provided in the product, by user choose making it come into force or fail.Rule base is by producing
Product supplier is researched and developed and provided.
The technology is general to be used and formation rule storehouse by software product manufacturer in the research and development centre of oneself, and user can not repair
Change, can only select.Complexity and quick change due to actual application environment, this method has been difficult to be applicable.
2. programmed method:
DLL or regular programming language are provided a user, programming realization rule is passed through by user oneself.
The technology is usually to build a regulation engine and provide a set of programmed method, allows users to voluntarily program and carrys out structure
Rule is made, is explained by regulation engine and is performed.Although this method is needed there is provided very high flexibility and adaptability, user
To learn the interface method of unique a programming language and regulation engine for this, the requirement to user is high, can only be few
The unit that number satisfies the requirements is used.
3. graphical selection-method to set up:
The technology provides regulation engine and the graphical interfaces of rule setting, comes for user selection field and conditional expression etc.
Construction rule.The method avoids the complexity of the methods such as programming, while a certain degree of flexibility can be provided again, but require
User understands when the implication of data field, the implication and related logic of condition selection, therefore user use in detail needs depth
Degree training.In addition, select which field and condition to lack foundation when user is set, randomness and blindness when causing to set,
Practical effect is limited.
The content of the invention
To solve above-mentioned problems of the prior art and shortcoming, the invention provides a kind of side of rule generation
Method, the operating process that the present invention is analyzed actual operating data by tracking user constructs rule automatically, and user can be according to analysis
As a result decide whether to add new rule.The present invention can also propose that new rule is recommended and regulation rule is excellent according to the applicable cases of rule
First level, allows user to be built and maintenance regulation on the basis of actual operating data, improves the practicality and accuracy of rule.
The method for the rule generation that the present invention is provided comprises the following steps:
S1, tracks the operating process analyzed service data;
S2, generates the original record of the operating process;
S3, is parsed to the original record, forms rule to be selected;
S4, judges that the rule to be selected whether there is in standard rule storehouse, if it is judged that being no, then performs S5;
If it is judged that being yes, then the operating process that S1 tracking is analyzed new service data is performed;
S5, judges that the rule to be selected whether there is in ignoring in rule base, if it is judged that being no, then performs S6;
If it is judged that being yes, then the operating process that S1 tracking is analyzed new service data is performed;
S6, the rule to be selected is showed in list of rules to be selected, waits new rule generation instruction or rule to ignore finger
Order;
S7, when receiving the new rule generation instruction, instructs corresponding rule to be selected to add the new rule generation
It is added in the standard rule storehouse;When receiving rule and ignoring instruction, the rule is ignored into the corresponding rule to be selected of instruction
It is added to and ignores in rule base.
It is preferred that, S1 specifically, obtain management objectives corresponding to service data, the service data is showed in operation
In data list and triggering to be analyzed is waited, when the service data in the service data list is triggered, track the triggering
Operating process.
It is preferred that, the management objectives are included with the one or more in Types Below:
File, database, webpage, stream, packet, data flow.
It is preferred that, more than one described management objectives composition management objectives collection.
It is preferred that, S3 is specifically, parse the logical relation and value of the service data included in the original record
Scope, generates rule to be selected.
It is preferred that, it is further comprising the steps of after step S7:
S8, with the standard rule storehouse and/or ignores the rule in rule base the service data that receives is detected,
The rule is triggered when the service data meets the regular trigger condition.
It is preferred that, the rule in the standard rule storehouse is detected after strategically sorting to the service data.
It is preferred that, the strategy is priority policy, and the high person's sequence of priority is preceding.
It is preferred that, the number of times being triggered according to the same rule adjusts the regular priority, and the number of times that is triggered is got over
Many, priority is higher.
The beneficial effect that the present invention is realized is:
After the present invention, user can just set up easily without understanding and learning the programming unrelated with management objectives, interface
It is adapted to oneself customizing messages system environments, continues the rule base of adaptive system various change.
The composite can be widely applied to the monitoring alarm of information system, safety management, behavior auditing, conjunction regulate reason etc. each
Aspect, and possess following benefit:
1. user need not take a significant amount of time learns new programming language or data-interface, a definition etc. with energy.
2. just completing the construction of rule while customer analysis problem, make foundation regular easily, more efficient.
3. user can intuitively obtain the effect of rule application, it is easier to decide whether addition rule.
4. the various change of customer information system can be adapted to rapidly, include change, the change of running environment of management objectives
With the change of data source, the practicality of algorithm is greatly improved.
5. response speed can be accelerated with the priority of dynamic optimization rule application.
Brief description of the drawings
Fig. 1 is the step flow chart of the method for the rule generation of the present invention.
Embodiment
The method for implementing the rule generation that the present invention is provided comprises the following steps:
S1, tracks the operating process analyzed service data;Specifically, obtaining the operation number corresponding to management objectives
According to, the service data is showed in service data list and triggering to be analyzed is waited, the fortune in the service data list
When row data are triggered, the operating process of the triggering is tracked;The management objectives include file, database, webpage, stream, number
According to the one or more in the various forms of service datas such as bag and data flow;By more than one management objectives composition management
Object set;
S2, generates the original record of the operating process;
S3, is parsed to the original record, forms rule to be selected;Specifically, parsing institute in the original record
Comprising service data logical relation and span, generate rule to be selected;
S4, judges that the rule to be selected whether there is in standard rule storehouse, if it is judged that being no, then performs S5;
If it is judged that being yes, then the operating process that S1 tracking is analyzed new service data is performed;
S5, judges that the rule to be selected whether there is in ignoring in rule base, if it is judged that being no, then performs S6;
If it is judged that being yes, then the operating process that S1 tracking is analyzed new service data is performed;
S6, the rule to be selected is showed in list of rules to be selected, waits new rule generation instruction or rule to ignore finger
Order;
S7, when receiving the new rule generation instruction, instructs corresponding rule to be selected to add the new rule generation
It is added in the standard rule storehouse;When receiving rule and ignoring instruction, the rule is ignored into the corresponding rule to be selected of instruction
It is added to and ignores in rule base;
S8, with the standard rule storehouse and/or ignores the rule in rule base the service data that receives is detected,
The rule is triggered when the service data meets the regular trigger condition.
Rule in the standard rule storehouse is detected after strategically sorting to the service data.The strategy
For priority policy, the high person's sequence of priority is preceding.The number of times adjustment that is triggered according to the same rule is described regular excellent
First level, the number of times that is triggered is more, and priority is higher.
Concrete example illustrates the embodiment of the present invention below:
By taking fire wall working status monitoring system as an example, it is therefore an objective to monitor the CPU usage of fire wall, work as firewall box
CPU usage exception after then alarm.The CPU usage of firewall box is management objectives, and the management objectives are included in anti-
Wall with flues management objectives are concentrated;CPU usage on firewall box is by SNMP interfaces in real time by fire wall CPU usage data
Data resource interface is transferred to, data resource interface received and be illustrated in real time in service data list after CPU usage data.
Number list and actions menu that data list is distributed in time there is provided CPU usage, including " only see and be more than ", " only see small
In ", " only seeing interval ", " only see and be equal to ", " only see and be more than or equal to ", " only see and be less than or equal to ", " excluding this numerical value " etc..When
When CPU usage shown by certain data reaches 60%, user is selected " only see and be more than or equal to " to this data,
Simultaneously instruction system have issued alarm signal for triggering in result set, now analyze tracking engine then to this analysis operation, trigger action
Recorded with command operating, generate the original record of this operating process, this original record is entered while analyzing tracking engine
Row parsing, it is that fire wall CPU usage is more than or equal to 60% report to parse the logical relation wherein included and number range
It is alert, this rule is generated immediately, but this rule not yet obtains user and confirmed so this rule is rule to be selected;This is treated
Select the regular rule with default standard rule storehouse to be compared, see whether this rule to be selected is present in described standard gauge
Then in storehouse, if this rule to be selected is not present in the standard rule storehouse, judge that the rule to be selected whether there is in pre-
If ignore in rule base, if this it is to be selected rule in the standard rule storehouse exist if return to operating process carry out with
The step of track, continuation is tracked to analysis operation process, while being alarmed using this rule by regular application engine;Work as judgement
The rule to be selected whether there is when default ignore in rule base, if this rule to be selected is ignored in rule base not described
In the presence of then the rule to be selected is showed in list of rules to be selected, waits new rule generation instruction or rule to ignore instruction;Such as
Really this rule to be selected it is described ignore in rule base exist, then return to the step of being tracked to operating process, continue to point
Analysis operating process is tracked;
When the selected rule to be selected in the list of rules to be selected receives new rule generation instruction, then by the new rule
Then the corresponding rule to be selected of generation instruction is added in the standard rule storehouse;When selected to be selected in the list of rules to be selected
Rule receives rule when ignoring instruction, then the rule is ignored into the corresponding rule to be selected of instruction and be added to and ignore rule base
In;New rule generation is have issued in this example to " fire wall CPU usage is more than or equal to 60% alarm " this rule to instruct,
Then " fire wall CPU usage is more than or equal to 60% alarm " this rule has been added in the standard rule storehouse.
So so far it there is in standard rule storehouse one " fire wall CPU usage is more than or equal to 60% alarm "
Rule, the initial priority of this rule is zero;When the data resource interface receives new fire wall CPU usage data
The rule is applied in the CPU usage data that the data resource interface is received by Shi Ze by regular application engine, that is, is used
" fire wall CPU usage is more than or equal to 60% alarm ", this rule was detected to the CPU usage data, worked as institute
State when the CPU usage value in CPU usage data is more than or equal to 60% and then trigger alarm, while improving the preferential of the rule
Level.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
Depending on protection scope of the present invention.
Claims (9)
1. a kind of method of rule generation, it is characterised in that comprise the following steps:
S1, tracks the operating process analyzed service data;
S2, generates the original record of the operating process;
S3, is parsed to the original record, forms rule to be selected;
S4, judges that the rule to be selected whether there is in standard rule storehouse, if it is judged that being no, then performs S5;If
Judged result is yes, then performs the operating process that S1 tracking is analyzed new service data;
S5, judges that the rule to be selected whether there is in ignoring in rule base, if it is judged that being no, then performs S6;If
Judged result is yes, then performs the operating process that S1 tracking is analyzed new service data;
S6, the rule to be selected is showed in list of rules to be selected, waits new rule generation instruction or rule to ignore instruction;
S7, when receiving the new rule generation instruction, instructs corresponding rule to be selected to be added to the new rule generation
In the standard rule storehouse;When receiving rule and ignoring instruction, the rule is ignored into the corresponding rule to be selected of instruction and added
To ignoring in rule base.
2. the method for rule generation according to claim 1, it is characterised in that S1 is specifically, obtain management objectives
Corresponding service data, the service data is showed in service data list and triggering to be analyzed is waited, when the operation
When service data in data list is triggered, the operating process of the triggering is tracked.
3. the method for rule generation according to claim 2, it is characterised in that the management objectives are included with lower class
One or more in type:
File, database, webpage, stream, packet.
4. the method for rule generation according to claim 3, it is characterised in that more than one described management objectives group
Into management objectives collection.
5. the method for rule generation according to claim 1, it is characterised in that S3 is specifically, parse the original
The logical relation and span of the service data begun included in record, generate rule to be selected.
6. the method for rule generation according to claim 1, it is characterised in that also include step after step S7:
S8, with the standard rule storehouse and/or ignores the rule in rule base the service data that receives is detected, works as institute
State when service data meets the regular trigger condition and trigger the rule.
7. the method for rule generation according to claim 6, it is characterised in that the rule in the standard rule storehouse
The service data is detected after strategically sorting.
8. the method for rule generation according to claim 7, it is characterised in that the strategy is priority policy,
The high person's sequence of priority is preceding.
9. the method for rule generation according to claim 8, it is characterised in that be triggered according to the same rule
Number of times adjust the regular priority, the number of times that is triggered is more, and priority is higher.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210088324.6A CN103365871B (en) | 2012-03-29 | 2012-03-29 | A kind of method of rule generation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210088324.6A CN103365871B (en) | 2012-03-29 | 2012-03-29 | A kind of method of rule generation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103365871A CN103365871A (en) | 2013-10-23 |
| CN103365871B true CN103365871B (en) | 2017-07-14 |
Family
ID=49367241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210088324.6A Active CN103365871B (en) | 2012-03-29 | 2012-03-29 | A kind of method of rule generation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103365871B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109684306A (en) * | 2018-12-24 | 2019-04-26 | 成都四方伟业软件股份有限公司 | A kind of automated date base management method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6915297B2 (en) * | 2002-05-21 | 2005-07-05 | Bridgewell, Inc. | Automatic knowledge management system |
| US7382970B2 (en) * | 2001-03-01 | 2008-06-03 | Sony Corporation | Process control manager for audio/video file system |
| CN101739248A (en) * | 2008-11-13 | 2010-06-16 | 国际商业机器公司 | Method and system for executing rule set |
| CN102281260A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Generating method and server of monitoring rule |
-
2012
- 2012-03-29 CN CN201210088324.6A patent/CN103365871B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7382970B2 (en) * | 2001-03-01 | 2008-06-03 | Sony Corporation | Process control manager for audio/video file system |
| US6915297B2 (en) * | 2002-05-21 | 2005-07-05 | Bridgewell, Inc. | Automatic knowledge management system |
| CN101739248A (en) * | 2008-11-13 | 2010-06-16 | 国际商业机器公司 | Method and system for executing rule set |
| CN102281260A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Generating method and server of monitoring rule |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103365871A (en) | 2013-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3425849B1 (en) | State control method and device | |
| Halder et al. | Formal verification of ROS-based robotic applications using timed-automata | |
| Omoronyia et al. | Engineering adaptive privacy: on the role of privacy awareness requirements | |
| CN106683361A (en) | Sound monitoring method and device | |
| CN102238021A (en) | Message sequence searching method, protocol analysis engine and protocol analyzer | |
| Vasudevan et al. | Concurrent consideration of evacuation safety and productivity in manufacturing facility planning using multi-paradigm simulations | |
| Repta et al. | Towards the development of semantically enabled flexible process monitoring systems | |
| CN104935660A (en) | System, method and device for developing and operating cloud program | |
| CN105978745A (en) | Abnormal state monitoring method for industrial control system | |
| Harichandran et al. | A conceptual framework for construction safety training using dynamic virtual reality games and digital twins | |
| CN103365871B (en) | A kind of method of rule generation | |
| Bölöni et al. | Yaes: a modular simulator for mobile networks | |
| CN110532167A (en) | A kind of state machine model timing property verification method based on model conversion | |
| JP6236035B2 (en) | Information collection system | |
| Raupp et al. | Event generation and simulation of exception handling with the ITER PCSSP | |
| Pritchett et al. | Simulating first-principles models of situated human performance | |
| Zhao et al. | Security controller synthesis for ros-based robot | |
| Jadidi et al. | A survey of cyber-physical systems applications (2017–2022) | |
| Sørensen et al. | Support of smart work processes in context rich environments | |
| Tsiporkova et al. | Ontology-driven multimodal interface design for an emergency response application | |
| Tsolakis et al. | Semantically enriched industry data & information modelling: A feasibility study on shop-floor incident recognition | |
| Klonowski et al. | Econobiophysics-Choosing with Diversified Accessible Information | |
| CN105245391B (en) | A kind of operation system O&M monitoring tools and configuration method | |
| CN116366466B (en) | Method, apparatus and readable storage medium for restoring industrial field environment | |
| Chasset et al. | Package ‘pnn’ |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240103 Address after: Room 1203, 12th Floor, Building A2, No.10 Kegu 1st Street, Daxing District, Beijing, 100176 Patentee after: Beijing Bigger Big Data Operations Co.,Ltd. Address before: Room 610, Building A, No. 4 Xizhao Temple Middle Street, Chongwen District, Beijing, 100061 Patentee before: BEIJING HENGAN YONGTONG TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |