WO2016062062A1 - Internet of things alarm suppression method and system - Google Patents

Internet of things alarm suppression method and system Download PDF

Info

Publication number
WO2016062062A1
WO2016062062A1 PCT/CN2015/078497 CN2015078497W WO2016062062A1 WO 2016062062 A1 WO2016062062 A1 WO 2016062062A1 CN 2015078497 W CN2015078497 W CN 2015078497W WO 2016062062 A1 WO2016062062 A1 WO 2016062062A1
Authority
WO
WIPO (PCT)
Prior art keywords
broadcast
alarm
alarm information
group
internet
Prior art date
Application number
PCT/CN2015/078497
Other languages
French (fr)
Chinese (zh)
Inventor
韩殿罡
陈志国
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016062062A1 publication Critical patent/WO2016062062A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks

Definitions

  • the present invention relates to the field of Internet of Things communication technologies, and in particular, to an Internet of Things alarm suppression method and system.
  • IoT sensor devices are generally geographically dispersed and numerous in number and difficult to manage. Consider how to manage the IoT sensor equipment efficiently, especially when a large number of sensors send massive alarms to the network management system due to network jitter, etc., and the impact on the network management system, and most of these alarms are repeated and meaningless, how to suppress these The alarm, how to effectively broadcast the useful alarms and timely notify the relevant responsible person to deal with, is the main content of the present invention.
  • the mass sensor continuously reaches the network management server through one interaction or routing node.
  • a critical path problem that is, like a big tree, once the trunk of one of the trees fails, It will affect all the nodes under the trunk, causing large-area reporting failures, but in fact it is only the main fault of the backbone.
  • the other affected sensors are reported as passive results, so a means is needed to suppress these passive reports. Alarms to reduce the generation of alarm garbage.
  • the embodiment of the invention provides an Internet of Things alarm suppression method and system, so as to solve at least technical problems of garbage alarm information.
  • the embodiment of the invention provides an Internet of Things alarm suppression method, which comprises the following steps:
  • step B when receiving the alarm information reported by the device in the Internet of Things, determining whether the reporting device of the alarm information is a device in a preset critical path; if yes, executing step B;
  • step C determining whether the same historical alarm information of the protocol corresponding to the alarm information has been reported in the reporting device; if not, executing step C;
  • the step of broadcasting the alarm information to the device in the broadcast group further includes:
  • step C Determining whether the key segment in the alarm information meets a preset condition; if yes, executing step C.
  • the step of broadcasting the alarm information to the device in the broadcast group includes:
  • the alarm information is broadcast to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm is received.
  • Information confirmation message and stop broadcasting
  • the broadcast is stopped.
  • the method further includes:
  • the embodiment of the present invention further provides an Internet of Things alarm suppression system, where the system includes:
  • the first judging module is configured to determine, when receiving the alarm information reported by the device in the Internet of Things, whether the reporting device of the alarm information is a device in a preset critical path;
  • the second judging module is configured to: when it is determined that the reporting device of the alarm information is not the device in the preset critical path, determine whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device ;
  • the broadcast module is configured to broadcast the alarm information to devices in the broadcast group when it is determined that the same alarm information as the alarm information protocol is not reported in the reporting device.
  • the Internet of Things alarm suppression system further includes:
  • the third determining module is configured to determine whether the key segment in the alarm information meets a preset condition; if yes, broadcast the alarm information to a device in the broadcast group.
  • the broadcast module includes:
  • An analyzing unit configured to analyze the key field, obtain a range of a broadcast group of the alarm information, and a priority of the broadcast group;
  • the broadcast unit is configured to broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • the Internet of Things alarm suppression system further includes:
  • the step-by-step broadcast module is configured to broadcast the alarm information confirmation message that is lower than the feedback of the device in the broadcast group to the broadcast broadcast group Alarm information until receiving an alarm message confirmation message and stopping the broadcast;
  • the automatic stop module is configured to stop broadcasting when the alarm information is not received after the alarm information is broadcast to the devices in the broadcast group and all the management broadcast groups.
  • the Internet of Things alarm suppression system further includes:
  • a record generation module is configured to record all broadcast paths and generate a broadcast analysis report according to the broadcast path.
  • the embodiment of the present invention determines whether the device for reporting the alarm information is a device in a preset critical path, and if so, further determines that the protocol corresponding to the alarm information is the same Whether the historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich in nodes.
  • Hierarchical relationship when the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating alarm storms, collects efficiently, and processes them in time. The purpose of the alarm.
  • FIG. 1 is a schematic flowchart of a first embodiment of an Internet of Things alarm suppression method according to the present invention
  • FIG. 2 is a schematic flowchart of a second embodiment of an Internet of Things alarm suppression method according to the present invention.
  • FIG. 3 is a schematic flowchart of a step of broadcasting alarm information to devices in a broadcast group in FIG. 2;
  • FIG. 4 is a schematic flowchart of a third embodiment of an Internet of Things alarm suppression method according to the present invention.
  • FIG. 5 is a schematic flowchart of a fourth embodiment of an Internet of Things alarm suppression method according to the present invention.
  • FIG. 6 is a schematic flowchart of a fifth embodiment of an Internet of Things alarm suppression method according to the present invention.
  • FIG. 7 is a schematic diagram of functional modules of a first embodiment of an Internet of Things alarm suppression system according to the present invention.
  • FIG. 8 is a schematic diagram of functional modules of a second embodiment of an Internet of Things alarm suppression system according to the present invention.
  • FIG. 9 is a schematic diagram of a refinement function module of the broadcast module in FIG. 8;
  • FIG. 10 is a schematic diagram of functional modules of a third embodiment of an Internet of Things alarm suppression system according to the present invention.
  • FIG. 11 is a schematic diagram of functional modules of a fourth embodiment of an Internet of Things alarm suppression system according to the present invention.
  • FIG. 12 is a schematic flowchart diagram of a preferred embodiment of an Internet of Things alarm suppression method according to the present invention.
  • Embodiments of the present invention provide an Internet of Things alarm suppression method.
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of an Internet of Things alarm suppression method according to the present invention.
  • the method for suppressing the Internet of things alarm includes:
  • Step S10 When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
  • the related configuration parameters include: critical path configuration, various suppression protocol configurations, and processing groups.
  • Each node needs to be configured with a suppression protocol.
  • the suppression protocol includes the Internet Control Message Protocol (ICMP) and the Simple Network Management Protocol (SNMP).
  • the network management system After receiving the alarm information reported by the device, the network management system first determines whether the device is a device in the critical path. If yes, proceed to the next step; if not, discard the alarm information directly, thus directly shielding the non-critical path.
  • the alarm information reported by the device is used to suppress the alarm information reported by the device on the critical path. This greatly reduces the pressure on the alarm server and reduces the risk of alarm storms.
  • step S20 if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
  • the device in the critical path is repeatedly reported to report the same alarm information, which further reduces the number of useless alarms in the network and further optimizes the network to avoid alarm storms.
  • Step S30 If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, the device broadcasts the alarm information to the device in the broadcast group.
  • step S40 is performed, that is, the alarm information is discarded.
  • the device for reporting the alarm information is a device in a preset critical path, and if yes, the protocol corresponding to the alarm information is further determined. Whether the same historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich.
  • the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating an alarm storm, and collects efficiently. Handle the purpose of the alarm in time.
  • FIG. 2 is a schematic flowchart of a second embodiment of an Internet of Things alarm processing method according to the present invention.
  • the method for suppressing the Internet of things alarm includes:
  • Step S10 When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
  • step S20 if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
  • Step S50 If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
  • the key field in the alarm information includes the alarm code, the type of the alarm, the type of the alarm device, and the additional information.
  • the alarm information is analyzed to determine whether the key segment in the alarm information meets the preset condition. For example, the preset condition specifies that the alarm code is If the singular alarm information needs to be broadcast, if the alarm code of the reported alarm information is singular, it is determined that the alarm information needs to be broadcast to the devices in the broadcast group.
  • Step S30 If the key segment in the alarm information meets the preset condition, the device broadcasts the alarm information to the device in the broadcast group.
  • step S40 is performed, that is, the alarm information is discarded.
  • FIG. 3 is a schematic flowchart of a step of broadcasting the alarm information to the devices in the broadcast group in FIG.
  • step S30 includes:
  • Step S301 analyzing the key field, obtaining the range of the broadcast group of the alarm information and the priority of the broadcast group;
  • the scope of the broadcast group and the priority of the broadcast group can be configured.
  • the scope of the broadcast group can be divided into the maintenance group, the management group, and the implementation group.
  • the priority of the different groups is configured.
  • the priority of the maintenance group is greater than that of the management group.
  • the group priority is greater than the implementation group.
  • the broadcast alarm level can also be configured, for example, the broadcast range of the first level alarm is the largest.
  • Step S302 Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • the network management system After receiving the alarm information of the device, the network management system first analyzes the alarm information to obtain the broadcast range and priority of the information, and then starts broadcasting from the highest user group with the highest relevance.
  • the user group also has the priority according to the configuration.
  • the highest person starts broadcasting and pushes the alarm message by email and SMS.
  • the broadcast process is terminated. If the alarm is not confirmed and processed by the preset time (for example, 15 minutes), according to the group.
  • the priority configuration inside, in turn, broadcasts an alarm message to other people in the group.
  • FIG. 4 is a schematic flowchart diagram of a third embodiment of an Internet of Things alarm processing method according to the present invention.
  • the method for processing an Internet of Things alarm includes:
  • Step S10 When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
  • step S20 if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
  • Step S50 If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
  • step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
  • Step S302 Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • step S40 is performed, that is, the alarm information is discarded.
  • FIG. 5 is a schematic flowchart of a fourth embodiment of an Internet of Things alarm processing method according to the present invention.
  • the method for processing an Internet of Things alarm includes:
  • Step S10 When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
  • step S20 if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
  • Step S50 If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
  • step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
  • Step S302 Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • Step S60 If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm information is up to Receiving the alarm information confirmation message and stopping the broadcast; if the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
  • the system After the broadcast with the highest association is over, if the alarm information has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group.
  • This group should be the group with management and evaluation relationship with the previous group.
  • the broadcast mode in the group is also performed according to the configured priority, and is broadcasted at intervals of a preset time (for example, 15 minutes) until the alarm information is processed. If the alarm information has not been processed after the broadcast of the group is complete, the alarm information is processed in the upward direction until the alarm information is processed. If the broadcast group is broadcasted, the alarm information is not processed and the broadcast process is automatically terminated.
  • step S40 is performed, that is, the alarm information is discarded.
  • FIG. 6 is a schematic flowchart diagram of a fifth embodiment of an Internet of Things alarm processing method according to the present invention.
  • the method for processing an Internet of Things alarm includes:
  • Step S10 When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
  • step S20 if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
  • Step S50 If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
  • step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
  • Step S302 Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • Step S60 If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm information is up to Receiving The alarm information confirmation message is stopped and the broadcast is stopped. If the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
  • Step S70 recording all broadcast paths, and generating a broadcast analysis report according to the broadcast path.
  • the broadcast process of each alarm information including which groups and people are sent the broadcast, and the final alarms are recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm information broadcast paths in these reports.
  • the alarm information confirmation process to optimize the broadcast policy configuration, further improve the efficiency of the broadcast, and form a closed loop.
  • the broadcast is automatically stopped and the broadcast path is recorded to the database.
  • a broadcast analysis report is generated.
  • the operation and maintenance personnel analyze the report to optimize the broadcast policy, and clarify whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
  • step S40 is performed, that is, the alarm information is discarded.
  • the present invention further provides an Internet of Things alarm suppression system.
  • the system includes:
  • the first judging module 100 is configured to determine, when receiving the alarm information reported by the device in the Internet of Things, whether the reporting device of the alarm information is a device in a preset critical path;
  • the related configuration parameters include: critical path configuration, various suppression protocol configurations, and processing groups.
  • Each node needs to be configured with a suppression protocol.
  • the suppression protocol includes the Internet Control Message Protocol (ICMP) and the Simple Network Management Protocol (SNMP).
  • the network management system After receiving the alarm information reported by the device, the network management system first determines whether the device is a device in the critical path. If yes, proceed to the next step; if not, discard the alarm information directly, thus directly shielding the non-critical path.
  • the alarm information reported by the device is used to suppress the alarm information reported by the device on the critical path. This greatly reduces the pressure on the alarm server and reduces the risk of alarm storms.
  • the second judging module 110 is configured to: when it is determined that the reporting device of the alarm information is not the device in the preset critical path, determine whether the historical alarm information with the same protocol as the alarm information is already in the reporting device Report
  • This module further reduces the number of useless alarms in the network, and further optimizes the network to avoid alarm storms.
  • the broadcast module 120 is configured to broadcast the alarm information to devices in the broadcast group when it is determined that the same alarm information as the alarm information protocol is not reported in the reporting device.
  • step S40 is performed, that is, the alarm information is discarded.
  • the device for reporting the alarm information is a device in a preset critical path, and if yes, the protocol corresponding to the alarm information is further determined. Whether the same historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich.
  • the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating an alarm storm, and collects efficiently. Handle the purpose of the alarm in time.
  • FIG. 8 is a schematic diagram of functional modules of a second embodiment of the Internet of Things alarm processing system of the present invention.
  • the Internet of Things alarm suppression system further includes:
  • the third determining module 130 is configured to determine whether the key segment in the alarm information meets a preset condition; if yes, broadcast the alarm information to a device in the broadcast group.
  • the key field in the alarm information includes the alarm code, the type of the alarm, the type of the alarm device, and the additional information.
  • the alarm information is analyzed to determine whether the key segment in the alarm information meets the preset condition. For example, the preset condition specifies that the alarm code is If the singular alarm information needs to be broadcast, if the alarm code of the reported alarm information is singular, it is determined that the alarm information needs to be broadcast to the devices in the broadcast group.
  • FIG. 9 is a schematic diagram of a refinement function module of the broadcast module in FIG.
  • the broadcast module 120 includes:
  • the analyzing unit 1201 is configured to analyze the key segment, obtain a range of the broadcast group of the alarm information, and a priority of the broadcast group;
  • the scope of the broadcast group and the priority of the broadcast group can be configured.
  • the scope of the broadcast group can be divided into the maintenance group, the management group, and the implementation group.
  • the priority of the different groups is configured.
  • the priority of the maintenance group is greater than that of the management group.
  • the group priority is greater than the implementation group.
  • the broadcast alarm level can also be configured, for example, the broadcast range of the first level alarm is the largest.
  • the broadcasting unit 1202 is configured to broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  • the network management system After receiving the alarm information of the device, the network management system first analyzes the alarm information to obtain the broadcast range and priority of the information, and then starts broadcasting from the highest user group with the highest relevance.
  • the user group also has the priority according to the configuration.
  • the highest person starts broadcasting and pushes the alarm message by email and SMS.
  • the broadcast process is terminated. If the alarm is not confirmed and processed by the preset time (for example, 15 minutes), according to the group.
  • the priority configuration inside, in turn, broadcasts an alarm message to other people in the group.
  • FIG. 10 is a schematic diagram of functional modules of a third embodiment of the Internet of Things alarm processing system of the present invention.
  • the Internet of Things alarm suppression system further includes:
  • the step-by-step broadcast module 140 is configured to: when the alarm information confirmation message fed back by the device in the broadcast group is not received within a preset time, the device broadcasts to the device in the management broadcast group whose priority is lower than that of the broadcast group. Describe the alarm information until receiving the alarm information confirmation message and stopping the broadcast;
  • the automatic stop module 150 is configured to stop broadcasting when the alarm information confirmation message has not been received after the alarm information is broadcast to the devices in the broadcast group and all the management broadcast groups.
  • the system After the broadcast with the highest association is over, if the alarm information has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group.
  • This group should be the group with management and evaluation relationship with the previous group.
  • the broadcast mode in the group is also performed according to the configured priority, and is broadcasted at intervals of a preset time (for example, 15 minutes) until the alarm information is processed. If the alarm information has not been processed after the broadcast of the group is complete, the alarm information is processed in the upward direction until the alarm information is processed. If the broadcast group is broadcasted, the alarm information is not processed and the broadcast process is automatically terminated.
  • FIG. 11 is a schematic diagram of functional modules of a fourth embodiment of the Internet of things alarm processing system of the present invention.
  • the Internet of Things alarm suppression system further includes:
  • the record generation module 160 is configured to record all broadcast paths and generate a broadcast analysis report according to the broadcast path.
  • the broadcast process of each alarm information including which groups and people are sent the broadcast, and the final alarms are recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm information broadcast paths in these reports.
  • the alarm information confirmation process to optimize the broadcast policy configuration, further improve the efficiency of the broadcast, and form a closed loop.
  • the broadcast is automatically stopped and the broadcast path is recorded to the database.
  • a broadcast analysis report is generated.
  • the operation and maintenance personnel analyze the report to optimize the broadcast policy, and clarify whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
  • the present invention also provides a preferred embodiment of an Internet of Things alerting method and system.
  • a preferred embodiment of the Internet of Things alarm system includes:
  • the path is usually a key structure.
  • the IP address or IP segment is used as a key to form a tree structure.
  • Each node needs to be configured with a suppression protocol.
  • the suppression protocol includes protocols supported by ICMP, SNMP, and the like.
  • the network management server After the network management server receives the alarm reported by the device, it first determines whether the device is in the critical path. If yes, it determines whether the alarm of the same protocol has been reported in the critical path node associated with the device. The alarm, if not, forwards the alarm to the alarm module to continue processing.
  • the alarm analysis module input is various alarms generated in the network management system.
  • the analysis module analyzes the alarm by analyzing key codes such as alarm codes, alarm types, alarm device types, and additional information, and outputs whether to determine whether the alarm needs to be broadcast or not. What are the scopes (different organizations) and the priorities of these groups.
  • the analysis logic in the analysis module is configurable. These configurations include user group configuration. You can configure different user groups, such as operation and maintenance groups, management groups, and implementation groups. Configure the priority of different groups, configure the alarm severity for broadcasts, and configure the analysis policy for each alarm code.
  • the network management system After receiving the alarm of the device, the network management system first obtains the broadcast range and priority of the alarm through the alarm analysis module, and then starts broadcasting from the highest user group with the highest degree of association.
  • the user group also has the priority according to the configuration. The highest person starts broadcasting and pushes the alarm message by email and SMS. After the user confirms the alarm through the network management alarm system, the broadcast process is terminated. If the alarm is not confirmed and processed within 15 minutes, according to the group. Priority configuration, which in turn broadcasts alarm messages to others in the group.
  • the system After the broadcast with the highest association is over, if the alarm has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group.
  • This group should be a group with management and assessment relationship with the previous group.
  • the broadcast mode in the group is also performed according to the configured priority, and broadcasts in sequence (15 minutes) until the alarm is processed. If the alarm is not processed after the broadcast is complete, the alarm will be upgraded in turn until the alarm is processed. If the broadcast is configured, the alarm is not processed and the broadcast process is automatically terminated.
  • the broadcast process of each alarm including which groups and which people have sent the broadcast, and the alarms that are finally processed need to be recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm broadcast paths in these reports, and alarms.
  • the validation process optimizes the broadcast policy configuration to further improve the efficiency of the broadcast and form a closed loop.
  • the intelligent broadcast system effectively improves the processing efficiency of the network management system alarms, reduces the impact of garbage alarm reporting and broadcasting, and improves the overall operation and maintenance capability of the system;
  • FIG. 12 is a schematic flowchart diagram of a preferred embodiment of an Internet of Things alarm suppression method according to the present invention.
  • Relevant configuration parameters of the intelligent suppression and broadcast system in the network management system of the smart mine including critical path configuration, various suppression protocol configurations, personnel of the processing group, priority of each group of personnel, priority weight of the group, Strategy for alarm analysis, etc.
  • Each sensor of the smart mine starts to report the alarm.
  • the network management first analyzes whether it is an alarm on the critical road. If it is checking whether the alarm is generated on the key node, the alarm type is matched. If it matches, the alarm is discarded. If not, forward to the alarm module;
  • the alarm module determines whether the reported alarm needs to be broadcasted, and if necessary, forwards the alarm message to the intelligent broadcast system, and the alarm message analysis module in the intelligent broadcast system analyzes and outputs the broadcast range and priority of the alarm and submits it to the broadcast module;
  • the broadcast module After the broadcast module broadcasts the range and other information according to the received alarm message, the broadcast module starts broadcasting the alarm message to the people in the group.
  • the broadcast module After the broadcast of a group is completed, if the acknowledgement message of the alarm has not been sent from the alarm management module, the broadcast module starts to upgrade the broadcast policy of the alarm and broadcasts to the more advanced management group. Upon receiving the alarm confirmation message of the alarm management module, the broadcast is stopped and all broadcast paths are recorded to the database;
  • the broadcast module broadcasts all groups and people, if the processing message of the alarm module has not been received, the broadcast is automatically stopped and the broadcast path is recorded to the database.
  • the broadcast analysis module generates a broadcast analysis report by analyzing the broadcast path in the database, and the operation and maintenance personnel optimizes the broadcast policy by analyzing the report, and clarifies whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
  • the present invention greatly improves the efficiency of alarm reporting and broadcasting through the intelligent alarm suppression and broadcast system broadcast strategy, and has wide applicability and practicality for improving the efficiency of the Internet of Things device network management system and improving the overall operation and maintenance capability. value.
  • the method and system for suppressing the Internet of things alarms provided by the embodiments of the present invention have the following beneficial effects: the reported alarm information is no longer isolated from each other, but is rich in node hierarchy, when one of the keys When the critical node of the path fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of alarm storms, collects the alarms, and processes the alarms in time.

Abstract

Disclosed are an Internet of Things (IoT) alarm suppression method and system, the method comprising: Step A: upon receipt of alarm information reported by a device in an IoT, determining whether the device reporting the alarm information is a device on a preset critical path; if so, then executing step B; Step B: determining whether historical alarm information identical with a protocol corresponding to the alarm information has been reported in the reporting device; if not, then executing step C; Step C: broadcasting the alarm information to a device in the broadcast group. Further disclosed is an IoT alarm suppression system. The present invention avoids isolating reported alarms from each other, and provides a hierarchical relation of an abundance of nodes. If one of the critical nodes of a critical path malfunctions, alarms reported by other associated nodes on the critical path can be promptly suppressed, so as to greatly reduce pressure on the alarm server, reduce the risk of an alarm storm, enable high-efficiency collection, and process the alarm promptly.

Description

物联网告警抑制方法及系统Internet of Things alarm suppression method and system 技术领域Technical field
本发明涉及物联网通信技术领域,尤其涉及物联网告警抑制方法及系统。The present invention relates to the field of Internet of Things communication technologies, and in particular, to an Internet of Things alarm suppression method and system.
背景技术Background technique
物联网传感器设备一般地域分散,数量众多,难于管理。考虑物联网传感器设备如何高效的管理,特别是当海量的传感器由于网络抖动等原因向网管系统发送海量告警时,对网管系统的冲击,而且这些告警绝大部分是重复且无意义,如何抑制这些告警,如何有效的把其中有用的告警广播并及时通知到相关责任人去处理,是本发明的主要内容。IoT sensor devices are generally geographically dispersed and numerous in number and difficult to manage. Consider how to manage the IoT sensor equipment efficiently, especially when a large number of sensors send massive alarms to the network management system due to network jitter, etc., and the impact on the network management system, and most of these alarms are repeated and meaningless, how to suppress these The alarm, how to effectively broadcast the useful alarms and timely notify the relevant responsible person to deal with, is the main content of the present invention.
在实际的使用过程中,海量传感器是通过一个个交互或路由节点不断抵达到网管服务器的,这其中就存在关键路径问题,即像一棵大树一样,一旦其中某个树的主干发生故障,会影响主干下面所有的节点,导致大面积上报故障,但实际上只是主干这个节点的故障是主要原因,其他受影响的传感器上报都是被动影响的结果,所以需要一种手段去抑制这些被动上报的告警,减少告警垃圾产生。In actual use, the mass sensor continuously reaches the network management server through one interaction or routing node. There is a critical path problem, that is, like a big tree, once the trunk of one of the trees fails, It will affect all the nodes under the trunk, causing large-area reporting failures, but in fact it is only the main fault of the backbone. The other affected sensors are reported as passive results, so a means is needed to suppress these passive reports. Alarms to reduce the generation of alarm garbage.
上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above content is only used to assist in understanding the technical solutions of the present invention, and does not constitute an admission that the above is prior art.
发明内容Summary of the invention
本发明实施例提供了一种物联网告警抑制方法及系统,以至少解决垃圾告警信息多的技术问题。The embodiment of the invention provides an Internet of Things alarm suppression method and system, so as to solve at least technical problems of garbage alarm information.
本发明实施例提供了一种物联网告警抑制方法,该方法包括以下步骤:The embodiment of the invention provides an Internet of Things alarm suppression method, which comprises the following steps:
A、当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;若是,则执行步骤B;A, when receiving the alarm information reported by the device in the Internet of Things, determining whether the reporting device of the alarm information is a device in a preset critical path; if yes, executing step B;
B、判断与所述告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报;若否,则执行步骤C;B, determining whether the same historical alarm information of the protocol corresponding to the alarm information has been reported in the reporting device; if not, executing step C;
C、对广播组内的设备广播所述告警信息。C. Broadcast the alarm information to devices in the broadcast group.
所述对广播组内的设备广播所述告警信息的步骤之前还包括: The step of broadcasting the alarm information to the device in the broadcast group further includes:
判断所述告警信息中的关键字段是否满足预设条件;若是,则执行步骤C。Determining whether the key segment in the alarm information meets a preset condition; if yes, executing step C.
所述对广播组内的设备广播所述告警信息的步骤包括:The step of broadcasting the alarm information to the device in the broadcast group includes:
分析所述关键字段,获得所述告警信息的广播组的范围和所述广播组的优先级;Analyzing the key field to obtain a range of the broadcast group of the alarm information and a priority of the broadcast group;
根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。The alarm information is broadcast to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
所述根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息的步骤之后还包括:The step of broadcasting the alarm information to the device in the broadcast group according to the range of the broadcast group and the priority of the broadcast group further includes:
若预设时间内没有收到所述广播组内设备反馈的告警信息确认消息,则逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm is received. Information confirmation message and stop broadcasting;
若对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息,则停止广播。If the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
所述对广播组内的设备广播所述告警信息的步骤之后还包括:After the step of broadcasting the alarm information to the device in the broadcast group, the method further includes:
记录所有的广播路径,并根据所述广播路径生成广播分析报表。Record all broadcast paths and generate broadcast analysis reports based on the broadcast paths.
此外,为至少实现上述目的,本发明实施例还提供一种物联网告警抑制系统,该系统包括:In addition, in order to achieve at least the foregoing, the embodiment of the present invention further provides an Internet of Things alarm suppression system, where the system includes:
第一判断模块,设置为在接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;The first judging module is configured to determine, when receiving the alarm information reported by the device in the Internet of Things, whether the reporting device of the alarm information is a device in a preset critical path;
第二判断模块,设置为在判断所述告警信息的上报设备不是预设的关键路径中的设备时,判断与所述告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报;The second judging module is configured to: when it is determined that the reporting device of the alarm information is not the device in the preset critical path, determine whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device ;
广播模块,设置为在判断与所述告警信息协议相同的告警信息在所述上报设备中没有上报时,对广播组内的设备广播所述告警信息。The broadcast module is configured to broadcast the alarm information to devices in the broadcast group when it is determined that the same alarm information as the alarm information protocol is not reported in the reporting device.
所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system further includes:
第三判断模块,设置为判断所述告警信息中的关键字段是否满足预设条件;若是,则对广播组内的设备广播所述告警信息。 The third determining module is configured to determine whether the key segment in the alarm information meets a preset condition; if yes, broadcast the alarm information to a device in the broadcast group.
所述广播模块包括:The broadcast module includes:
分析单元,设置为分析所述关键字段,获得所述告警信息的广播组的范围和所述广播组的优先级;An analyzing unit, configured to analyze the key field, obtain a range of a broadcast group of the alarm information, and a priority of the broadcast group;
广播单元,设置为根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。The broadcast unit is configured to broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system further includes:
逐级广播模块,设置为在预设时间内没有收到所述广播组内设备反馈的告警信息确认消息时,逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;The step-by-step broadcast module is configured to broadcast the alarm information confirmation message that is lower than the feedback of the device in the broadcast group to the broadcast broadcast group Alarm information until receiving an alarm message confirmation message and stopping the broadcast;
自动停止模块,设置为在对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息时,停止广播。The automatic stop module is configured to stop broadcasting when the alarm information is not received after the alarm information is broadcast to the devices in the broadcast group and all the management broadcast groups.
所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system further includes:
记录生成模块,设置为记录所有的广播路径,并根据所述广播路径生成广播分析报表。A record generation module is configured to record all broadcast paths and generate a broadcast analysis report according to the broadcast path.
本发明实施例通过在接收到物联网中的设备上报的告警信息时,判断该告警信息的上报设备是否为预设的关键路径中的设备,若是则进一步判断与该告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报,若没有上报,则对广播组内的设备广播所述告警信息;这样,使上报的告警信息彼此之间不再孤立,而是由丰富的节点层次关系,当其中一个关键路径的关键节点发生故障时,可以及时抑制这条关键路径上其他关联节点上报的告警,达到大大减轻告警服务器的压力,减少产生告警风暴的风险,高效收集,及时处理告警的目的。When receiving the alarm information reported by the device in the Internet of Things, the embodiment of the present invention determines whether the device for reporting the alarm information is a device in a preset critical path, and if so, further determines that the protocol corresponding to the alarm information is the same Whether the historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich in nodes. Hierarchical relationship, when the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating alarm storms, collects efficiently, and processes them in time. The purpose of the alarm.
附图说明DRAWINGS
图1为本发明物联网告警抑制方法第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of an Internet of Things alarm suppression method according to the present invention;
图2为本发明物联网告警抑制方法第二实施例的流程示意图;2 is a schematic flowchart of a second embodiment of an Internet of Things alarm suppression method according to the present invention;
图3为图2中对广播组内的设备广播告警信息的步骤的细化流程示意图;3 is a schematic flowchart of a step of broadcasting alarm information to devices in a broadcast group in FIG. 2;
图4为本发明物联网告警抑制方法第三实施例的流程示意图; 4 is a schematic flowchart of a third embodiment of an Internet of Things alarm suppression method according to the present invention;
图5为本发明物联网告警抑制方法第四实施例的流程示意图;5 is a schematic flowchart of a fourth embodiment of an Internet of Things alarm suppression method according to the present invention;
图6为本发明物联网告警抑制方法第五实施例的流程示意图;6 is a schematic flowchart of a fifth embodiment of an Internet of Things alarm suppression method according to the present invention;
图7为本发明物联网告警抑制系统第一实施例的功能模块示意图;7 is a schematic diagram of functional modules of a first embodiment of an Internet of Things alarm suppression system according to the present invention;
图8为本发明物联网告警抑制系统第二实施例的功能模块示意图;8 is a schematic diagram of functional modules of a second embodiment of an Internet of Things alarm suppression system according to the present invention;
图9为图8中广播模块的细化功能模块示意图;9 is a schematic diagram of a refinement function module of the broadcast module in FIG. 8;
图10为本发明物联网告警抑制系统第三实施例的功能模块示意图;10 is a schematic diagram of functional modules of a third embodiment of an Internet of Things alarm suppression system according to the present invention;
图11为本发明物联网告警抑制系统第四实施例的功能模块示意图;11 is a schematic diagram of functional modules of a fourth embodiment of an Internet of Things alarm suppression system according to the present invention;
图12为本发明物联网告警抑制方法优选实施例的流程示意图。FIG. 12 is a schematic flowchart diagram of a preferred embodiment of an Internet of Things alarm suppression method according to the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明实施例提供一种物联网告警抑制方法。Embodiments of the present invention provide an Internet of Things alarm suppression method.
参照图1,图1为本发明物联网告警抑制方法第一实施例的流程示意图。Referring to FIG. 1, FIG. 1 is a schematic flowchart diagram of a first embodiment of an Internet of Things alarm suppression method according to the present invention.
在第一实施例中,该物联网告警抑制方法包括:In the first embodiment, the method for suppressing the Internet of things alarm includes:
步骤S10,当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;Step S10: When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
在物联网中的设备开始上报告警信息之前,在网管系统(即物联网告警抑制系统)的服务器上配置相关配置参数,该相关配置参数包括:关键路径配置、各种抑制协议配置、处理组的人员、每个组人员的优先级、组的优先级权重,告警分析策略等;其中,在配置关键路径过程中,关键路径一般由IP地址或IP段作为关键字,组成一个树状结构,每个节点需要配置抑制协议,抑制协议包括Internet控制报文协议(Internet Control Message Protocol,ICMP),简单网络管理协议(Simple Network Management Protocol,SNMP)等协议。 Before the device in the Internet of Things starts to report the alarm information, configure related configuration parameters on the server of the network management system (that is, the Internet of Things alarm suppression system). The related configuration parameters include: critical path configuration, various suppression protocol configurations, and processing groups. The personnel, the priority of each group, the priority weight of the group, the alarm analysis strategy, etc.; in the process of configuring the critical path, the critical path is generally composed of an IP address or an IP segment as a key to form a tree structure. Each node needs to be configured with a suppression protocol. The suppression protocol includes the Internet Control Message Protocol (ICMP) and the Simple Network Management Protocol (SNMP).
当网管系统接收到设备上报的告警信息后,首先判断该设备是不是关键路径中的设备,若是,则进行下一步;若不是,则直接丢弃该告警信息,这样就直接屏蔽了非关键路径上的设备上报的告警信息,即抑制关键路径上设备的关联设备上报的告警信息,从而大大减轻告警服务器的压力,减少产生告警风暴的风险。After receiving the alarm information reported by the device, the network management system first determines whether the device is a device in the critical path. If yes, proceed to the next step; if not, discard the alarm information directly, thus directly shielding the non-critical path. The alarm information reported by the device is used to suppress the alarm information reported by the device on the critical path. This greatly reduces the pressure on the alarm server and reduces the risk of alarm storms.
步骤S20,若上报告警信息的设备为预设的关键路径中的设备,则判断与告警信息对应的协议相同的历史告警信息在上报设备中是否已经上报;In step S20, if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
此步骤为了防止关键路径中的设备重复上报相同的告警信息,从而进一步减少网络中无用告警信息的数量,进一步优化网络,避免出现告警风暴。In this step, the device in the critical path is repeatedly reported to report the same alarm information, which further reduces the number of useless alarms in the network and further optimizes the network to avoid alarm storms.
步骤S30,若与告警信息对应的协议相同的历史告警信息在上报设备中没有上报,则对广播组内的设备广播告警信息;Step S30: If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, the device broadcasts the alarm information to the device in the broadcast group.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information that is the same as the protocol corresponding to the alarm information has been reported in the reporting device, step S40 is performed, that is, the alarm information is discarded.
在本实施例中,通过在接收到物联网中的设备上报的告警信息时,判断该告警信息的上报设备是否为预设的关键路径中的设备,若是则进一步判断与该告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报,若没有上报,则对广播组内的设备广播所述告警信息;这样,使上报的告警信息彼此之间不再孤立,而是由丰富的节点层次关系,当其中一个关键路径的关键节点发生故障时,可以及时抑制这条关键路径上其他关联节点上报的告警,达到大大减轻告警服务器的压力,减少产生告警风暴的风险,高效收集,及时处理告警的目的。In this embodiment, when the alarm information reported by the device in the Internet of Things is received, it is determined whether the device for reporting the alarm information is a device in a preset critical path, and if yes, the protocol corresponding to the alarm information is further determined. Whether the same historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich. When the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating an alarm storm, and collects efficiently. Handle the purpose of the alarm in time.
参照图2,图2为本发明物联网告警处理方法第二实施例的流程示意图;2 is a schematic flowchart of a second embodiment of an Internet of Things alarm processing method according to the present invention;
在第二实施例中,该物联网告警抑制方法包括:In the second embodiment, the method for suppressing the Internet of things alarm includes:
步骤S10,当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;Step S10: When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
步骤S20,若上报告警信息的设备为预设的关键路径中的设备,则判断与告警信息对应的协议相同的历史告警信息在上报设备中是否已经上报;In step S20, if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
步骤S50,若与告警信息对应的协议相同的历史告警信息在上报设备中没有上报,则判断告警信息中的关键字是否满足预设条件; Step S50: If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
告警信息中的关键字段包括告警码、告警类型、告警设备类型、附加信息等,分析告警信息,判断该告警信息中的关键字段是否满足预设条件,例如,预设条件规定告警码为单数的告警信息需要广播,则当上报的告警信息的告警码为单数时,则判定该告警信息需要对广播组内的设备广播。The key field in the alarm information includes the alarm code, the type of the alarm, the type of the alarm device, and the additional information. The alarm information is analyzed to determine whether the key segment in the alarm information meets the preset condition. For example, the preset condition specifies that the alarm code is If the singular alarm information needs to be broadcast, if the alarm code of the reported alarm information is singular, it is determined that the alarm information needs to be broadcast to the devices in the broadcast group.
步骤S30,若告警信息中的关键字段满足预设条件,则对广播组内的设备广播告警信息;Step S30: If the key segment in the alarm information meets the preset condition, the device broadcasts the alarm information to the device in the broadcast group.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,或者告警信息中的关键字段不满足预设条件,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information with the same protocol as the alarm information has been reported in the reporting device, or the key segment in the alarm information does not meet the preset condition, Then, step S40 is performed, that is, the alarm information is discarded.
进一步地,参照图3,图3为图2中对广播组内的设备广播告警信息的步骤的细化流程示意图。Further, referring to FIG. 3, FIG. 3 is a schematic flowchart of a step of broadcasting the alarm information to the devices in the broadcast group in FIG.
在本实施例中,步骤S30包括:In this embodiment, step S30 includes:
步骤S301,分析关键字段,获得告警信息的广播组的范围和广播组的优先级;Step S301, analyzing the key field, obtaining the range of the broadcast group of the alarm information and the priority of the broadcast group;
广播组的范围和广播组的优先级都可以配置的,例如广播组的范围可以划分为维护组、管理组,实施组等,配置不同组的优先级,例如维护组优先级大于管理组,管理组优先级大于实施组。此外,广播的告警级别也可以配置,例如一级告警的广播范围最大。The scope of the broadcast group and the priority of the broadcast group can be configured. For example, the scope of the broadcast group can be divided into the maintenance group, the management group, and the implementation group. The priority of the different groups is configured. For example, the priority of the maintenance group is greater than that of the management group. The group priority is greater than the implementation group. In addition, the broadcast alarm level can also be configured, for example, the broadcast range of the first level alarm is the largest.
步骤S302,根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。Step S302: Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
当网管系统接收到设备的告警信息后,首先分析该告警信息获得该信息的广播范围和优先级,然后从关联度最高用户组开始广播,用户组内也按配置的优先级,先从关联度最高的人开始广播,通过email和短信的方式推送告警消息,当用户通过网管告警系统确认该条告警后,广播流程终止,如果预设时间(例如15分钟)告警没有得到确认和处理,根据组内的优先级配置,依次向组内其他人广播告警消息。After receiving the alarm information of the device, the network management system first analyzes the alarm information to obtain the broadcast range and priority of the information, and then starts broadcasting from the highest user group with the highest relevance. The user group also has the priority according to the configuration. The highest person starts broadcasting and pushes the alarm message by email and SMS. After the user confirms the alarm through the network management alarm system, the broadcast process is terminated. If the alarm is not confirmed and processed by the preset time (for example, 15 minutes), according to the group. The priority configuration inside, in turn, broadcasts an alarm message to other people in the group.
进一步地,参照图4,图4为本发明物联网告警处理方法第三实施例的流程示意图。Further, referring to FIG. 4, FIG. 4 is a schematic flowchart diagram of a third embodiment of an Internet of Things alarm processing method according to the present invention.
在第三实施例中,该物联网告警处理方法包括: In the third embodiment, the method for processing an Internet of Things alarm includes:
步骤S10,当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;Step S10: When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
步骤S20,若上报告警信息的设备为预设的关键路径中的设备,则判断与告警信息对应的协议相同的历史告警信息在上报设备中是否已经上报;In step S20, if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
步骤S50,若与告警信息对应的协议相同的历史告警信息在上报设备中没有上报,则判断告警信息中的关键字是否满足预设条件;Step S50: If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
若告警信息中的关键字段满足预设条件,则执行步骤S301分析关键字段,获得告警信息的广播组的范围和广播组的优先级;If the key segment in the alarm information meets the preset condition, step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
步骤S302,根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。Step S302: Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,或者告警信息中的关键字段不满足预设条件,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information with the same protocol as the alarm information has been reported in the reporting device, or the key segment in the alarm information does not meet the preset condition, Then, step S40 is performed, that is, the alarm information is discarded.
进一步地,参照图5,图5为本发明物联网告警处理方法第四实施例的流程示意图。Further, referring to FIG. 5, FIG. 5 is a schematic flowchart of a fourth embodiment of an Internet of Things alarm processing method according to the present invention.
在第四实施例中,该物联网告警处理方法包括:In the fourth embodiment, the method for processing an Internet of Things alarm includes:
步骤S10,当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;Step S10: When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
步骤S20,若上报告警信息的设备为预设的关键路径中的设备,则判断与告警信息对应的协议相同的历史告警信息在上报设备中是否已经上报;In step S20, if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
步骤S50,若与告警信息对应的协议相同的历史告警信息在上报设备中没有上报,则判断告警信息中的关键字是否满足预设条件;Step S50: If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
若告警信息中的关键字段满足预设条件,则执行步骤S301分析关键字段,获得告警信息的广播组的范围和广播组的优先级;If the key segment in the alarm information meets the preset condition, step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
步骤S302,根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。 Step S302: Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
步骤S60,若预设时间内没有收到所述广播组内设备反馈的告警信息确认消息,则逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;若对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息,则停止广播。Step S60: If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm information is up to Receiving the alarm information confirmation message and stopping the broadcast; if the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
当关联度最高的组广播结束后,如果告警信息还没有得到处理,系统自动升级广播范围,向下一个更高级别的组进行广播,这个组应该是和前一个组有管理和考核关系的组,该组内的广播方式也是按配置的优先级来进行,依次间隔预设时间(例如15分钟)广播,直至告警信息得到处理。如果该组广播结束后告警信息还没有得到处理,依次向上升级,直至告警信息得到处理,如果配置的广播组都广播结束后,告警信息还没有得到处理,广播流程也自动结束,不再广播。After the broadcast with the highest association is over, if the alarm information has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group. This group should be the group with management and evaluation relationship with the previous group. The broadcast mode in the group is also performed according to the configured priority, and is broadcasted at intervals of a preset time (for example, 15 minutes) until the alarm information is processed. If the alarm information has not been processed after the broadcast of the group is complete, the alarm information is processed in the upward direction until the alarm information is processed. If the broadcast group is broadcasted, the alarm information is not processed and the broadcast process is automatically terminated.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,或者告警信息中的关键字段不满足预设条件,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information with the same protocol as the alarm information has been reported in the reporting device, or the key segment in the alarm information does not meet the preset condition, Then, step S40 is performed, that is, the alarm information is discarded.
进一步地,参照图6,图6为本发明物联网告警处理方法第五实施例的流程示意图。Further, referring to FIG. 6, FIG. 6 is a schematic flowchart diagram of a fifth embodiment of an Internet of Things alarm processing method according to the present invention.
在第五实施例中,该物联网告警处理方法包括:In the fifth embodiment, the method for processing an Internet of Things alarm includes:
步骤S10,当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;Step S10: When receiving the alarm information reported by the device in the Internet of Things, determining whether the device for reporting the alarm information is a device in a preset critical path;
步骤S20,若上报告警信息的设备为预设的关键路径中的设备,则判断与告警信息对应的协议相同的历史告警信息在上报设备中是否已经上报;In step S20, if the device that reports the alarm information is the device in the preset critical path, it is determined whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device.
步骤S50,若与告警信息对应的协议相同的历史告警信息在上报设备中没有上报,则判断告警信息中的关键字是否满足预设条件;Step S50: If the historical alarm information with the same protocol as the alarm information is not reported in the reporting device, determine whether the keyword in the alarm information meets the preset condition;
若告警信息中的关键字段满足预设条件,则执行步骤S301分析关键字段,获得告警信息的广播组的范围和广播组的优先级;If the key segment in the alarm information meets the preset condition, step S301 is performed to analyze the key segment, and the range of the broadcast group of the alarm information and the priority of the broadcast group are obtained;
步骤S302,根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。Step S302: Broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
步骤S60,若预设时间内没有收到所述广播组内设备反馈的告警信息确认消息,则逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收 到告警信息确认消息并停止广播;若对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息,则停止广播。Step S60: If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm information is up to Receiving The alarm information confirmation message is stopped and the broadcast is stopped. If the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
步骤S70,记录所有的广播路径,并根据广播路径生成广播分析报表。Step S70, recording all broadcast paths, and generating a broadcast analysis report according to the broadcast path.
每条告警信息的广播过程,包括向哪些组、哪些人发送了广播,谁最终处理的告警都需要记录到数据库中,并能生成广播的分析报告,通过人工分析这些报告中的告警信息广播路径和告警信息确认过程,来优化广播策略配置,进一步提高广播的效率,形成闭环。The broadcast process of each alarm information, including which groups and people are sent the broadcast, and the final alarms are recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm information broadcast paths in these reports. And the alarm information confirmation process to optimize the broadcast policy configuration, further improve the efficiency of the broadcast, and form a closed loop.
在网管系统广播所有组和人后,如果还没有接收到告警信息的处理消息,就自动停止广播并记录广播路径到数据库中。After all the groups and people are broadcasted by the network management system, if the processing message of the alarm information has not been received, the broadcast is automatically stopped and the broadcast path is recorded to the database.
在通过分析数据库中的广播路径,生成广播分析报表,运维人员通过分析该报表,优化广播策略,并明确告警处理的责任人是否及时处理告警,做出相关考核处理。After analyzing the broadcast path in the database, a broadcast analysis report is generated. The operation and maintenance personnel analyze the report to optimize the broadcast policy, and clarify whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,或者告警信息中的关键字段不满足预设条件,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information with the same protocol as the alarm information has been reported in the reporting device, or the key segment in the alarm information does not meet the preset condition, Then, step S40 is performed, that is, the alarm information is discarded.
此外,为实现上述目的,本发明还提供一种物联网告警抑制系统,参照图7,该系统包括:In addition, in order to achieve the above object, the present invention further provides an Internet of Things alarm suppression system. Referring to FIG. 7, the system includes:
第一判断模块100,设置为在接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;The first judging module 100 is configured to determine, when receiving the alarm information reported by the device in the Internet of Things, whether the reporting device of the alarm information is a device in a preset critical path;
在物联网中的设备开始上报告警信息之前,在网管系统(即物联网告警抑制系统)的服务器上配置相关配置参数,该相关配置参数包括:关键路径配置、各种抑制协议配置、处理组的人员、每个组人员的优先级、组的优先级权重,告警分析策略等;其中,在配置关键路径过程中,关键路径一般由IP地址或IP段作为关键字,组成一个树状结构,每个节点需要配置抑制协议,抑制协议包括Internet控制报文协议(Internet Control Message Protocol,ICMP),简单网络管理协议(Simple Network Management Protocol,SNMP)等协议。Before the device in the Internet of Things starts to report the alarm information, configure related configuration parameters on the server of the network management system (that is, the Internet of Things alarm suppression system). The related configuration parameters include: critical path configuration, various suppression protocol configurations, and processing groups. The personnel, the priority of each group, the priority weight of the group, the alarm analysis strategy, etc.; in the process of configuring the critical path, the critical path is generally composed of an IP address or an IP segment as a key to form a tree structure. Each node needs to be configured with a suppression protocol. The suppression protocol includes the Internet Control Message Protocol (ICMP) and the Simple Network Management Protocol (SNMP).
当网管系统接收到设备上报的告警信息后,首先判断该设备是不是关键路径中的设备,若是,则进行下一步;若不是,则直接丢弃该告警信息,这样就直接屏蔽了非关键路径上的设备上报的告警信息,即抑制关键路径上设备的关联设备上报的告警信息,从而大大减轻告警服务器的压力,减少产生告警风暴的风险。 After receiving the alarm information reported by the device, the network management system first determines whether the device is a device in the critical path. If yes, proceed to the next step; if not, discard the alarm information directly, thus directly shielding the non-critical path. The alarm information reported by the device is used to suppress the alarm information reported by the device on the critical path. This greatly reduces the pressure on the alarm server and reduces the risk of alarm storms.
第二判断模块110,设置为在判断所述告警信息的上报设备不是预设的关键路径中的设备时,判断与所述告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报;The second judging module 110 is configured to: when it is determined that the reporting device of the alarm information is not the device in the preset critical path, determine whether the historical alarm information with the same protocol as the alarm information is already in the reporting device Report
此模块为了防止关键路径中的设备重复上报相同的告警信息,从而进一步减少网络中无用告警信息的数量,进一步优化网络,避免出现告警风暴。This module further reduces the number of useless alarms in the network, and further optimizes the network to avoid alarm storms.
广播模块120,设置为在判断与所述告警信息协议相同的告警信息在所述上报设备中没有上报时,对广播组内的设备广播所述告警信息。The broadcast module 120 is configured to broadcast the alarm information to devices in the broadcast group when it is determined that the same alarm information as the alarm information protocol is not reported in the reporting device.
若告警信息的上报设备不为预设关键路径中的设备,或者若与告警信息对应的协议相同的历史告警信息在上报设备中已经上报,则执行步骤S40,即丢弃告警信息。If the reporting device of the alarm information is not the device in the preset critical path, or if the historical alarm information that is the same as the protocol corresponding to the alarm information has been reported in the reporting device, step S40 is performed, that is, the alarm information is discarded.
在本实施例中,通过在接收到物联网中的设备上报的告警信息时,判断该告警信息的上报设备是否为预设的关键路径中的设备,若是则进一步判断与该告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报,若没有上报,则对广播组内的设备广播所述告警信息;这样,使上报的告警信息彼此之间不再孤立,而是由丰富的节点层次关系,当其中一个关键路径的关键节点发生故障时,可以及时抑制这条关键路径上其他关联节点上报的告警,达到大大减轻告警服务器的压力,减少产生告警风暴的风险,高效收集,及时处理告警的目的。In this embodiment, when the alarm information reported by the device in the Internet of Things is received, it is determined whether the device for reporting the alarm information is a device in a preset critical path, and if yes, the protocol corresponding to the alarm information is further determined. Whether the same historical alarm information has been reported in the reporting device, and if not reported, the alarm information is broadcast to the devices in the broadcast group; thus, the reported alarm information is no longer isolated from each other, but is rich. When the critical node of one of the critical paths fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of generating an alarm storm, and collects efficiently. Handle the purpose of the alarm in time.
进一步地,参照图8,图8为本发明物联网告警处理系统第二实施例的功能模块示意图。Further, referring to FIG. 8, FIG. 8 is a schematic diagram of functional modules of a second embodiment of the Internet of Things alarm processing system of the present invention.
在第二实施例中,所述物联网告警抑制系统还包括:In the second embodiment, the Internet of Things alarm suppression system further includes:
第三判断模块130,设置为判断所述告警信息中的关键字段是否满足预设条件;若是,则对广播组内的设备广播所述告警信息。The third determining module 130 is configured to determine whether the key segment in the alarm information meets a preset condition; if yes, broadcast the alarm information to a device in the broadcast group.
告警信息中的关键字段包括告警码、告警类型、告警设备类型、附加信息等,分析告警信息,判断该告警信息中的关键字段是否满足预设条件,例如,预设条件规定告警码为单数的告警信息需要广播,则当上报的告警信息的告警码为单数时,则判定该告警信息需要对广播组内的设备广播。The key field in the alarm information includes the alarm code, the type of the alarm, the type of the alarm device, and the additional information. The alarm information is analyzed to determine whether the key segment in the alarm information meets the preset condition. For example, the preset condition specifies that the alarm code is If the singular alarm information needs to be broadcast, if the alarm code of the reported alarm information is singular, it is determined that the alarm information needs to be broadcast to the devices in the broadcast group.
进一步地,参照图9,图9为图8中广播模块的细化功能模块示意图。Further, referring to FIG. 9, FIG. 9 is a schematic diagram of a refinement function module of the broadcast module in FIG.
广播模块120包括: The broadcast module 120 includes:
分析单元1201,设置为分析所述关键字段,获得所述告警信息的广播组的范围和所述广播组的优先级;The analyzing unit 1201 is configured to analyze the key segment, obtain a range of the broadcast group of the alarm information, and a priority of the broadcast group;
广播组的范围和广播组的优先级都可以配置的,例如广播组的范围可以划分为维护组、管理组,实施组等,配置不同组的优先级,例如维护组优先级大于管理组,管理组优先级大于实施组。此外,广播的告警级别也可以配置,例如一级告警的广播范围最大。The scope of the broadcast group and the priority of the broadcast group can be configured. For example, the scope of the broadcast group can be divided into the maintenance group, the management group, and the implementation group. The priority of the different groups is configured. For example, the priority of the maintenance group is greater than that of the management group. The group priority is greater than the implementation group. In addition, the broadcast alarm level can also be configured, for example, the broadcast range of the first level alarm is the largest.
广播单元1202,设置为根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。The broadcasting unit 1202 is configured to broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
当网管系统接收到设备的告警信息后,首先分析该告警信息获得该信息的广播范围和优先级,然后从关联度最高用户组开始广播,用户组内也按配置的优先级,先从关联度最高的人开始广播,通过email和短信的方式推送告警消息,当用户通过网管告警系统确认该条告警后,广播流程终止,如果预设时间(例如15分钟)告警没有得到确认和处理,根据组内的优先级配置,依次向组内其他人广播告警消息。After receiving the alarm information of the device, the network management system first analyzes the alarm information to obtain the broadcast range and priority of the information, and then starts broadcasting from the highest user group with the highest relevance. The user group also has the priority according to the configuration. The highest person starts broadcasting and pushes the alarm message by email and SMS. After the user confirms the alarm through the network management alarm system, the broadcast process is terminated. If the alarm is not confirmed and processed by the preset time (for example, 15 minutes), according to the group. The priority configuration inside, in turn, broadcasts an alarm message to other people in the group.
进一步地,参照图10,图10为本发明物联网告警处理系统第三实施例的功能模块示意图。Further, referring to FIG. 10, FIG. 10 is a schematic diagram of functional modules of a third embodiment of the Internet of Things alarm processing system of the present invention.
在第三实施例中,物联网告警抑制系统还包括:In the third embodiment, the Internet of Things alarm suppression system further includes:
逐级广播模块140,设置为在预设时间内没有收到所述广播组内设备反馈的告警信息确认消息时,逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;The step-by-step broadcast module 140 is configured to: when the alarm information confirmation message fed back by the device in the broadcast group is not received within a preset time, the device broadcasts to the device in the management broadcast group whose priority is lower than that of the broadcast group. Describe the alarm information until receiving the alarm information confirmation message and stopping the broadcast;
自动停止模块150,设置为在对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息时,停止广播。The automatic stop module 150 is configured to stop broadcasting when the alarm information confirmation message has not been received after the alarm information is broadcast to the devices in the broadcast group and all the management broadcast groups.
当关联度最高的组广播结束后,如果告警信息还没有得到处理,系统自动升级广播范围,向下一个更高级别的组进行广播,这个组应该是和前一个组有管理和考核关系的组,该组内的广播方式也是按配置的优先级来进行,依次间隔预设时间(例如15分钟)广播,直至告警信息得到处理。如果该组广播结束后告警信息还没有得到处理,依次向上升级,直至告警信息得到处理,如果配置的广播组都广播结束后,告警信息还没有得到处理,广播流程也自动结束,不再广播。After the broadcast with the highest association is over, if the alarm information has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group. This group should be the group with management and evaluation relationship with the previous group. The broadcast mode in the group is also performed according to the configured priority, and is broadcasted at intervals of a preset time (for example, 15 minutes) until the alarm information is processed. If the alarm information has not been processed after the broadcast of the group is complete, the alarm information is processed in the upward direction until the alarm information is processed. If the broadcast group is broadcasted, the alarm information is not processed and the broadcast process is automatically terminated.
进一步地,参照图11,图11为本发明物联网告警处理系统第四实施例的功能模块示意图。 Further, referring to FIG. 11, FIG. 11 is a schematic diagram of functional modules of a fourth embodiment of the Internet of things alarm processing system of the present invention.
在第四实施例中,所述物联网告警抑制系统还包括:In the fourth embodiment, the Internet of Things alarm suppression system further includes:
记录生成模块160,设置为记录所有的广播路径,并根据所述广播路径生成广播分析报表。The record generation module 160 is configured to record all broadcast paths and generate a broadcast analysis report according to the broadcast path.
每条告警信息的广播过程,包括向哪些组、哪些人发送了广播,谁最终处理的告警都需要记录到数据库中,并能生成广播的分析报告,通过人工分析这些报告中的告警信息广播路径和告警信息确认过程,来优化广播策略配置,进一步提高广播的效率,形成闭环。The broadcast process of each alarm information, including which groups and people are sent the broadcast, and the final alarms are recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm information broadcast paths in these reports. And the alarm information confirmation process to optimize the broadcast policy configuration, further improve the efficiency of the broadcast, and form a closed loop.
在网管系统广播所有组和人后,如果还没有接收到告警信息的处理消息,就自动停止广播并记录广播路径到数据库中。After all the groups and people are broadcasted by the network management system, if the processing message of the alarm information has not been received, the broadcast is automatically stopped and the broadcast path is recorded to the database.
在通过分析数据库中的广播路径,生成广播分析报表,运维人员通过分析该报表,优化广播策略,并明确告警处理的责任人是否及时处理告警,做出相关考核处理。After analyzing the broadcast path in the database, a broadcast analysis report is generated. The operation and maintenance personnel analyze the report to optimize the broadcast policy, and clarify whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
此外,本发明还提供物联网告警方法和系统的优选实施例。In addition, the present invention also provides a preferred embodiment of an Internet of Things alerting method and system.
为了实现智能高效的告警抑制和广播,物联网告警系统优选实施例包括:In order to implement intelligent and efficient alarm suppression and broadcast, a preferred embodiment of the Internet of Things alarm system includes:
1、关键路径配置模块1, the critical path configuration module
在网管服务器系统上配置关键路径,该路径一般由IP地址或IP段作为关键字,组成一个树状结构,每个节点需要配置抑制协议。抑制协议包括ICMP,SNMP等支持的协议。Configure a critical path on the network management server system. The path is usually a key structure. The IP address or IP segment is used as a key to form a tree structure. Each node needs to be configured with a suppression protocol. The suppression protocol includes protocols supported by ICMP, SNMP, and the like.
2、告警抑制模块2. Alarm suppression module
在网管服务器收到设备上报的告警后,首先判断该设备是不是在关键路径中的设备,如果是,判断相同协议的告警在该设备关联的关键路径节点中是否已经上报,如果已经上报,丢弃该告警,如果不是,把告警转给告警模块继续处理。After the network management server receives the alarm reported by the device, it first determines whether the device is in the critical path. If yes, it determines whether the alarm of the same protocol has been reported in the critical path node associated with the device. The alarm, if not, forwards the alarm to the alarm module to continue processing.
3、告警分析模块3. Alarm analysis module
告警分析模块输入是网管系统中产生的各种告警,分析模块通过分析告警码,告警类型和告警设备类型,附加信息等关键字段,分析该告警,并输出判断该告警是否需要广播,广播的范围(不同的组织)有哪些,这些组的优先级。 The alarm analysis module input is various alarms generated in the network management system. The analysis module analyzes the alarm by analyzing key codes such as alarm codes, alarm types, alarm device types, and additional information, and outputs whether to determine whether the alarm needs to be broadcast or not. What are the scopes (different organizations) and the priorities of these groups.
分析模块中分析逻辑都是可以配置的,这些配置包括用户组配置,可以配置不同定位的用户组,比如操作维护组,管理组,实施组等。配置不同组的优先级,配置广播的告警级别,配置每个告警码的分析策略等。The analysis logic in the analysis module is configurable. These configurations include user group configuration. You can configure different user groups, such as operation and maintenance groups, management groups, and implementation groups. Configure the priority of different groups, configure the alarm severity for broadcasts, and configure the analysis policy for each alarm code.
4、告警广播模块4, alarm broadcast module
当网管系统接收到设备的告警后,首先会通过告警分析模块得到该告警的广播范围和优先级,然后从关联度最高用户组开始广播,用户组内也按配置的优先级,先从关联度最高的人开始广播,通过email和短信的方式推送告警消息,当用户通过网管告警系统确认该条告警后,广播流程终止,如果15分钟内(可配置)告警没有得到确认和处理,根据组内的优先级配置,依次向组内其他人广播告警消息。After receiving the alarm of the device, the network management system first obtains the broadcast range and priority of the alarm through the alarm analysis module, and then starts broadcasting from the highest user group with the highest degree of association. The user group also has the priority according to the configuration. The highest person starts broadcasting and pushes the alarm message by email and SMS. After the user confirms the alarm through the network management alarm system, the broadcast process is terminated. If the alarm is not confirmed and processed within 15 minutes, according to the group. Priority configuration, which in turn broadcasts alarm messages to others in the group.
5、告警升级广播范围模块5. Alarm upgrade broadcast range module
当关联度最高的组广播结束后,如果告警还没有得到处理,系统自动升级广播范围,向下一个更高级别的组进行广播,这个组应该是和前一个组有管理和考核关系的组,该组内的广播方式也是按配置的优先级来进行,依次(15分钟)广播,直至告警得到处理。如果该组广播结束后告警还没有得到处理,依次向上升级,直至告警得到处理,如果配置的广播组都广播结束后,告警还没有得到处理,广播流程也自动结束,不再广播。After the broadcast with the highest association is over, if the alarm has not been processed, the system automatically upgrades the broadcast range and broadcasts to the next higher level group. This group should be a group with management and assessment relationship with the previous group. The broadcast mode in the group is also performed according to the configured priority, and broadcasts in sequence (15 minutes) until the alarm is processed. If the alarm is not processed after the broadcast is complete, the alarm will be upgraded in turn until the alarm is processed. If the broadcast is configured, the alarm is not processed and the broadcast process is automatically terminated.
6、广播流程记录入库模块6, broadcast process record storage module
每条告警的广播过程,包括向哪些组,哪些人发送了广播,谁最终处理的告警都需要记录到数据库中,并能生成广播的分析报告,通过人工分析这些报告中的告警广播路径,告警确认过程,来优化广播策略配置,进一步提高广播的效率,形成闭环。The broadcast process of each alarm, including which groups and which people have sent the broadcast, and the alarms that are finally processed need to be recorded in the database, and can generate broadcast analysis reports, and manually analyze the alarm broadcast paths in these reports, and alarms. The validation process optimizes the broadcast policy configuration to further improve the efficiency of the broadcast and form a closed loop.
在优选实施例中,由上述的技术方案可以得知,使用本方案具有如下有益效果:In a preferred embodiment, it can be known from the above technical solutions that the use of the solution has the following beneficial effects:
一、通过智能广播系统有效的提高的网管系统告警的处理效率,减少垃圾告警的上报和广播的影响,提高了系统的整体运维能力;First, the intelligent broadcast system effectively improves the processing efficiency of the network management system alarms, reduces the impact of garbage alarm reporting and broadcasting, and improves the overall operation and maintenance capability of the system;
二、通过广播报表分析,更清晰的了解到每个告警的处理流程,明确责任人,对后继提高运维效率提供了技术支撑。Second, through the analysis of the broadcast report, a clearer understanding of the processing flow of each alarm, clear the responsible person, and provide technical support for the subsequent improvement of operation and maintenance efficiency.
参照图12,图12为本发明物联网告警抑制方法优选实施例的流程示意图。 Referring to FIG. 12, FIG. 12 is a schematic flowchart diagram of a preferred embodiment of an Internet of Things alarm suppression method according to the present invention.
在物联网告警抑制方法优选实施例中,以下结合图12,详细描述本发明的具体实施细节,根据技术方案中的说明,我们把具体的实施方式细化成了7个步骤,在此逐一进行说明。In the preferred embodiment of the Internet of Things alarm suppression method, the specific implementation details of the present invention are described in detail below with reference to FIG. 12. According to the description in the technical solution, we have detailed the specific implementation into seven steps, which are explained one by one. .
1.在智慧矿山的网管系统中关于智能抑制和广播系统的相关配置参数,包括关键路径配置,各种抑制协议配置,处理组的人员,每个组人员的优先级,组的优先级权重,告警分析的策略等。1. Relevant configuration parameters of the intelligent suppression and broadcast system in the network management system of the smart mine, including critical path configuration, various suppression protocol configurations, personnel of the processing group, priority of each group of personnel, priority weight of the group, Strategy for alarm analysis, etc.
2.智慧矿山的各个传感器开始上报告警,网管接收到告警上报消息后,首先分析是否是关键路上的告警,如果是检查是否关键节点有告警产生,告警类型是否匹配,如果匹配,丢弃该告警,如果不是,转发给告警模块;2. Each sensor of the smart mine starts to report the alarm. After receiving the alarm report message, the network management first analyzes whether it is an alarm on the critical road. If it is checking whether the alarm is generated on the key node, the alarm type is matched. If it matches, the alarm is discarded. If not, forward to the alarm module;
3.告警模块判断上报的告警是否需要广播,如果需要,转发告警消息给智能广播系统,智能广播系统中的告警消息分析模块,分析输出该条告警的广播范围和优先级并提交给广播模块;3. The alarm module determines whether the reported alarm needs to be broadcasted, and if necessary, forwards the alarm message to the intelligent broadcast system, and the alarm message analysis module in the intelligent broadcast system analyzes and outputs the broadcast range and priority of the alarm and submits it to the broadcast module;
4.广播模块根据接收到的告警消息,广播范围等信息后,开始对组内的人进行告警消息的广播。4. After the broadcast module broadcasts the range and other information according to the received alarm message, the broadcast module starts broadcasting the alarm message to the people in the group.
5.当一个组的人员都广播结束后,如果该条告警的确认消息还没有从告警管理模块发出,广播模块开始对该条告警的广播策略进行升级,对更高级的管理组进行广播,直至接收到告警管理模块的告警确认消息,就停止广播并记录所有广播路径到数据库中;5. After the broadcast of a group is completed, if the acknowledgement message of the alarm has not been sent from the alarm management module, the broadcast module starts to upgrade the broadcast policy of the alarm and broadcasts to the more advanced management group. Upon receiving the alarm confirmation message of the alarm management module, the broadcast is stopped and all broadcast paths are recorded to the database;
6.广播模块广播所有组和人后,如果还没有接收到告警模块的处理消息,就自动停止广播并记录广播路径到数据库中。6. After the broadcast module broadcasts all groups and people, if the processing message of the alarm module has not been received, the broadcast is automatically stopped and the broadcast path is recorded to the database.
7.在广播分析模块通过分析数据库中的广播路径,生成广播分析报表,运维人员通过分析该报表,优化广播策略,并明确告警处理的责任人是否及时处理告警,做出相关考核处理。7. The broadcast analysis module generates a broadcast analysis report by analyzing the broadcast path in the database, and the operation and maintenance personnel optimizes the broadcast policy by analyzing the report, and clarifies whether the person responsible for the alarm processing timely processes the alarm and makes relevant assessment processing.
综上所述,本发明通过智能告警抑制和广播系统的广播策略,大大提升了告警上报和广播的效率,对提升物联网设备网管系统的效率,提高整体运维能力具有广泛的适用性和实用价值。In summary, the present invention greatly improves the efficiency of alarm reporting and broadcasting through the intelligent alarm suppression and broadcast system broadcast strategy, and has wide applicability and practicality for improving the efficiency of the Internet of Things device network management system and improving the overall operation and maintenance capability. value.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种物联网告警抑制方法及系统,具有以下有益效果:使上报的告警信息彼此之间不再孤立,而是由丰富的节点层次关系,当其中一个关键路径的关键节点发生故障时,可以及时抑制这条关键路径上其他关联节点上报的告警,达到大大减轻告警服务器的压力,减少产生告警风暴的风险,高效收集,及时处理告警的目的。 As described above, the method and system for suppressing the Internet of things alarms provided by the embodiments of the present invention have the following beneficial effects: the reported alarm information is no longer isolated from each other, but is rich in node hierarchy, when one of the keys When the critical node of the path fails, the alarms reported by other related nodes on the critical path can be suppressed in time, which greatly reduces the pressure on the alarm server, reduces the risk of alarm storms, collects the alarms, and processes the alarms in time.

Claims (10)

  1. 一种物联网告警抑制方法,所述物联网告警抑制的方法包括以下步骤:An Internet of Things alarm suppression method, the method for the Internet of Things alarm suppression includes the following steps:
    A、当接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;若是,则执行步骤B;A, when receiving the alarm information reported by the device in the Internet of Things, determining whether the reporting device of the alarm information is a device in a preset critical path; if yes, executing step B;
    B、判断与所述告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报;若否,则执行步骤C;B, determining whether the same historical alarm information of the protocol corresponding to the alarm information has been reported in the reporting device; if not, executing step C;
    C、对广播组内的设备广播所述告警信息。C. Broadcast the alarm information to devices in the broadcast group.
  2. 如权利要求1所述的物联网告警抑制方法,其中,所述对广播组内的设备广播所述告警信息的步骤之前还包括:The method for suppressing the alarm of the Internet of Things according to claim 1, wherein the step of broadcasting the alarm information to the device in the broadcast group further comprises:
    判断所述告警信息中的关键字段是否满足预设条件;若是,则执行步骤C。Determining whether the key segment in the alarm information meets a preset condition; if yes, executing step C.
  3. 如权利要求2所述的物联网告警抑制方法,其中,所述对广播组内的设备广播所述告警信息的步骤包括:The method for suppressing an Internet of Things alarm according to claim 2, wherein the step of broadcasting the alarm information to a device in a broadcast group comprises:
    分析所述关键字段,获得所述告警信息的广播组的范围和所述广播组的优先级;Analyzing the key field to obtain a range of the broadcast group of the alarm information and a priority of the broadcast group;
    根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。The alarm information is broadcast to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  4. 如权利要求3所述的物联网告警抑制方法,其中,所述根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息的步骤之后还包括:The method of claim 3, wherein the step of broadcasting the alarm information to a device in a broadcast group according to the range of the broadcast group and the priority of the broadcast group further comprises:
    若预设时间内没有收到所述广播组内设备反馈的告警信息确认消息,则逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;If the alarm information confirmation message fed back by the device in the broadcast group is not received within the preset time, the alarm information is broadcasted to the device in the management broadcast group whose priority is lower than the broadcast group, until the alarm is received. Information confirmation message and stop broadcasting;
    若对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息,则停止广播。If the alarm information is not received after the broadcast information is broadcast to the devices in the broadcast group and all the management broadcast groups, the broadcast is stopped.
  5. 如权利要求1至4任意一项所述的物联网告警抑制方法,其中,所述对广播组内的设备广播所述告警信息的步骤之后还包括:The method for suppressing an Internet of Things alarm according to any one of claims 1 to 4, wherein the step of broadcasting the alarm information to the device in the broadcast group further comprises:
    记录所有的广播路径,并根据所述广播路径生成广播分析报表。Record all broadcast paths and generate broadcast analysis reports based on the broadcast paths.
  6. 一种物联网告警抑制系统,所述物联网告警抑制系统包括: An Internet of Things alarm suppression system, the Internet of Things alarm suppression system includes:
    第一判断模块,设置为在接收到物联网中的设备上报的告警信息时,判断所述告警信息的上报设备是否为预设的关键路径中的设备;The first judging module is configured to determine, when receiving the alarm information reported by the device in the Internet of Things, whether the reporting device of the alarm information is a device in a preset critical path;
    第二判断模块,设置为在判断所述告警信息的上报设备不是预设的关键路径中的设备时,判断与所述告警信息对应的协议相同的历史告警信息在所述上报设备中是否已经上报;The second judging module is configured to: when it is determined that the reporting device of the alarm information is not the device in the preset critical path, determine whether the historical alarm information with the same protocol as the alarm information has been reported in the reporting device ;
    广播模块,设置为在判断与所述告警信息协议相同的告警信息在所述上报设备中没有上报时,对广播组内的设备广播所述告警信息。The broadcast module is configured to broadcast the alarm information to devices in the broadcast group when it is determined that the same alarm information as the alarm information protocol is not reported in the reporting device.
  7. 如权利要求6所述的物联网告警抑制系统,其中,所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system of claim 6, wherein the Internet of Things alarm suppression system further comprises:
    第三判断模块,设置为判断所述告警信息中的关键字段是否满足预设条件;若是,则对广播组内的设备广播所述告警信息。The third determining module is configured to determine whether the key segment in the alarm information meets a preset condition; if yes, broadcast the alarm information to a device in the broadcast group.
  8. 如权利要求7所述的物联网告警抑制系统,其中,所述广播模块包括:The Internet of Things alarm suppression system of claim 7, wherein the broadcast module comprises:
    分析单元,设置为分析所述关键字段,获得所述告警信息的广播组的范围和所述广播组的优先级;An analyzing unit, configured to analyze the key field, obtain a range of a broadcast group of the alarm information, and a priority of the broadcast group;
    广播单元,设置为根据所述广播组的范围和广播组的优先级,对广播组内的设备广播所述告警信息。The broadcast unit is configured to broadcast the alarm information to devices in the broadcast group according to the range of the broadcast group and the priority of the broadcast group.
  9. 如权利要求8所述的物联网告警抑制系统,其中,所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system of claim 8, wherein the Internet of Things alarm suppression system further comprises:
    逐级广播模块,设置为在预设时间内没有收到所述广播组内设备反馈的告警信息确认消息时,逐级向优先级低于所述广播组的管理广播组内的设备广播所述告警信息,直至接收到告警信息确认消息并停止广播;The step-by-step broadcast module is configured to broadcast the alarm information confirmation message that is lower than the feedback of the device in the broadcast group to the broadcast broadcast group Alarm information until receiving an alarm message confirmation message and stopping the broadcast;
    自动停止模块,设置为在对广播组和所有的管理广播组内的设备广播所述告警信息后,仍未接收到告警信息确认消息时,停止广播。The automatic stop module is configured to stop broadcasting when the alarm information is not received after the alarm information is broadcast to the devices in the broadcast group and all the management broadcast groups.
  10. 如权利要求6至9任意一项所述的物联网告警抑制系统,其中,所述物联网告警抑制系统还包括:The Internet of Things alarm suppression system according to any one of claims 6 to 9, wherein the Internet of Things alarm suppression system further comprises:
    记录生成模块,设置为记录所有的广播路径,并根据所述广播路径生成广播分析报表。 A record generation module is configured to record all broadcast paths and generate a broadcast analysis report according to the broadcast path.
PCT/CN2015/078497 2014-10-21 2015-05-07 Internet of things alarm suppression method and system WO2016062062A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410563898.3 2014-10-21
CN201410563898.3A CN105530111A (en) 2014-10-21 2014-10-21 Alarm suppression method and system for the Internet of things

Publications (1)

Publication Number Publication Date
WO2016062062A1 true WO2016062062A1 (en) 2016-04-28

Family

ID=55760205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/078497 WO2016062062A1 (en) 2014-10-21 2015-05-07 Internet of things alarm suppression method and system

Country Status (2)

Country Link
CN (1) CN105530111A (en)
WO (1) WO2016062062A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112601216A (en) * 2020-12-10 2021-04-02 苏州浪潮智能科技有限公司 Zigbee-based trusted platform alarm method and system
CN112700343A (en) * 2019-10-23 2021-04-23 中国石油天然气股份有限公司 Operation monitoring method and system based on oil gas Internet of things
CN112860510A (en) * 2021-01-20 2021-05-28 中国农业银行股份有限公司 Alarm compensation method and device
CN114978789A (en) * 2021-03-19 2022-08-30 深圳市欧瑞博科技股份有限公司 Intelligent security information sending method, equipment, server and medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107908530B (en) * 2017-11-27 2019-10-18 新华三云计算技术有限公司 A kind of alert processing method and device
CN110278224A (en) * 2018-03-15 2019-09-24 罗森伯格(上海)通信技术有限公司 A kind of monitoring system and monitoring method based on NB-IoT
CN110149227A (en) * 2019-05-16 2019-08-20 平安科技(深圳)有限公司 The method and device of network alarm
CN113259262B (en) * 2021-03-29 2023-04-14 杭州涂鸦信息技术有限公司 Message reporting method and related device
CN114500248B (en) * 2022-04-01 2022-08-05 北京锐融天下科技股份有限公司 Monitoring and alarming method and system for service in Internet software system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050070247A1 (en) * 2003-09-30 2005-03-31 Larson Keith N. Emergency notification system using presence, triangulation, and wireless telephony
CN101137159A (en) * 2006-09-01 2008-03-05 中兴通讯股份有限公司 Alarm information reporting method
CN101141751A (en) * 2006-09-07 2008-03-12 中兴通讯股份有限公司 Alarm message reporting system
CN102404141A (en) * 2011-11-04 2012-04-04 华为技术有限公司 Method and device of alarm inhibition

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114945B (en) * 2007-09-04 2012-09-19 华为技术有限公司 Method for controlling alarm flux, managing equipment, managed equipment and system
CN103684880A (en) * 2013-12-31 2014-03-26 上海斐讯数据通信技术有限公司 Alarming control method and alarming device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050070247A1 (en) * 2003-09-30 2005-03-31 Larson Keith N. Emergency notification system using presence, triangulation, and wireless telephony
CN101137159A (en) * 2006-09-01 2008-03-05 中兴通讯股份有限公司 Alarm information reporting method
CN101141751A (en) * 2006-09-07 2008-03-12 中兴通讯股份有限公司 Alarm message reporting system
CN102404141A (en) * 2011-11-04 2012-04-04 华为技术有限公司 Method and device of alarm inhibition

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112700343A (en) * 2019-10-23 2021-04-23 中国石油天然气股份有限公司 Operation monitoring method and system based on oil gas Internet of things
CN112601216A (en) * 2020-12-10 2021-04-02 苏州浪潮智能科技有限公司 Zigbee-based trusted platform alarm method and system
CN112601216B (en) * 2020-12-10 2022-06-21 苏州浪潮智能科技有限公司 Zigbee-based trusted platform alarm method and system
CN112860510A (en) * 2021-01-20 2021-05-28 中国农业银行股份有限公司 Alarm compensation method and device
CN114978789A (en) * 2021-03-19 2022-08-30 深圳市欧瑞博科技股份有限公司 Intelligent security information sending method, equipment, server and medium
CN114978789B (en) * 2021-03-19 2023-11-21 深圳市欧瑞博科技股份有限公司 Intelligent sending method, device, server and medium of security information

Also Published As

Publication number Publication date
CN105530111A (en) 2016-04-27

Similar Documents

Publication Publication Date Title
WO2016062062A1 (en) Internet of things alarm suppression method and system
CN105791279B (en) A kind of mimicry SDN controller construction method
US20210083925A1 (en) Network fault analysis method and apparatus
US9152925B2 (en) Method and system for prediction and root cause recommendations of service access quality of experience issues in communication networks
CN103546343B (en) The network traffics methods of exhibiting of network traffic analysis system and system
CN101877618B (en) Monitoring method, server and system based on proxy-free mode
CN103414596B (en) The method that all manufacturer Trap and processing are recognized based on simple management procotol
WO2020087926A1 (en) Data collection and processing method, apparatus and system
KR20080027364A (en) Method and apparatus for carrying out a predetermined operation in a management device
CN112887274B (en) Method and device for detecting command injection attack, computer equipment and storage medium
US11388064B2 (en) Prediction based on time-series data
CN104021195B (en) Warning association analysis method based on knowledge base
CN105337758A (en) Alarm processing method and device, NMS, OSS, and EMS
EP3001606B1 (en) Fault processing method, device and system
CN103957118A (en) Real-time intelligent analysis method for network flow of electric power data communication network and system thereof
US10887408B2 (en) Remote monitoring of network communication devices
JP2008059114A (en) Automatic network monitoring system using snmp
US10862738B2 (en) System and method for alarm correlation and root cause determination
US20150256962A1 (en) M2m gateway device and applying method thereof
EP3154238A1 (en) Policy-based m2m terminal device monitoring and control method and device
CN105049245A (en) EPON element management system
CN107171860A (en) A kind of home gateway management platform
CN108933707B (en) Safety monitoring system and method for industrial network
CN106600010A (en) Intelligent emergency processing information system based on scene adaptation
CN103326875A (en) Teleservice performance management method, system and network management method based on threshold

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15852946

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15852946

Country of ref document: EP

Kind code of ref document: A1