基于Elasticsearch的高校无线网日志分析

高校师生逐年递增,带来了大量的无线用户数据,需要从海量数据中快速精确地检索出有价值的信息进行分析。作者利用ELK技术对无线AP控制器的用户日志进行实时采集和处理,重点探讨了利用Elasticsearch通过postman操作数据检索、聚合分析等技术手段对用户行为进行实时与历史分析。使用Springboot集成ES客户端进行底层操作,形成方便处理的数据格式和分析结果,为后续展示层提供依据。     

系统日志故障预测中的ELK与LSTM应用与实践

随着业务系统规模不断扩大,系统结构也变得十分复杂,常规基于规则的方法已经很难判断多个系统相互作用下的复合型故障,也难以对潜在故障进行预测.本文在多业务系统的复杂场景下,使用ELK平台对日志进行集中化管理,梳理出复杂系统环境下日志与各业务系统、主机、进程之间的关系,筛选出系统中直接与故障相关的日志文件,进而在深度学习框架TensorFlow中使用这些海量数据对LSTM算法模型进行训练,从而实现对系统的实时故障预测.     

基于ELK的Apache日志实时分析系统探索与分析模型研究

Web日志详细地记录了Web服务器的运行情况,可从其中了解Web服务器运行性能和访问行为,全面分析Web日志可有效改善Web服务器结构,提升Web服务器性能,并可从其中识别用户行为,提升Web服务核心竞争力。文章从Apache日志角度出发,以ELK为基础构建了集中式的日志实时分析系统,通过对数据采集、清洗、格式化、分析、可视化等步骤创建实时日志分析模型,为网站管理决策提供科学依据。     

面向集群服务器系统的监控平台综述

为保证云计算、高性能计算集群服务器系统的服务能力,需构建监控平台对各种来源数据的实现统一管理、统计分析和展现。本文面向集群服务器系统监控平台的搭建方式,综述当前各种常见的监控平台架构和组件,分析各类平台在部署、数据规模、统计分析能力以及时效性等方面的不同。分析结果表明,集群服务器系统监控平台搭建方案应根据监控数据规模、时效性要求、查询和统计需求选择方案。     

基于Filebeat自动收集Kubernetes日志的分析系统

Docker容器产生的日志分散在不同的相互隔离的容器中,并且容器具有即用即销的特点,传统的解决方式是将日志文件挂载到宿主机上,但是容器经常会漂移,给日志的统一查看带来挑战,并且传统的Docker容器集群日志分析系统存在扩展性弱、效率低下等问题.本文采用Kubernetes实现容器管理、服务发现及调度,使用Filebeat采集容器及宿主机上的日志文件,并使用Redis作为缓存,Logstash转发,使用主流的开源日志收集系统ELK实现日志的存储、查看、检索.该系统具有可靠性、可扩展性等特点,提高运维人员的工作效率.     

基于多尺度重采样思想的类指数核函数构造

该文按照多尺度重采样思想,构造了一种类指数分布的核函数(ELK),并在核回归分析和支持向量机分类中进行了应用,发现ELK对局部特征具有捕捉优势。ELK分布仅由分析尺度决定,是单参数核函数。利用ELK对阶跃信号和多普勒信号进行Nadaraya-Watson回归分析,结果显示ELK降噪和阶跃捕捉效果均优于常规Gauss核,整体效果接近或优于局部加权回归散点平滑法(LOWESS)。多个UCI数据集的SVM分析显示,ELK与径向基函数(RBF)分类效果相当,但比RBF具有更强的局域性,因此具有更细致的分类超平面,同时分类不理想时可能产生更多的支持向量。对比而言,ELK对调节参数敏感性低,这一性质有助于减少参数优选的计算量。单参数的ELK对局域特征的良好捕捉能力,有助于这类核函数在相关领域得到推广。     

Network Log-Based SSH Brute-Force Attack Detection Model

The rapid advancement of IT technology has enabled the quick discovery, sharing and collection of quality information, but has also increased cyberattacks at a fast pace at the same time. There exists no means to block these cyberattacks completely, and all security policies need to consider the possibility of external attacks. Therefore, it is crucial to reduce external attacks through preventative measures. In general, since routers located in the upper part of a firewall can hardly be protected by security systems, they are exposed to numerous unblocked cyberattacks. Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability, block unauthorized access, and generate relevant logs. Most logs created through unauthorized access are caused by SSH brute-force attacks, and therefore IP data of the attack can be collected through the logs. This paper proposes a model to detect SSH brute-force attacks through their logs, collect their IP address, and control access from that IP address. In this paper, we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks. To do so, the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value. In addition, the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.     

Application of Cat-CVD for ULSI technology

The ULSI technology has been following Moore's law into the sub-100 nm era, although several challenging technical issues must be resolved. This paper describes possible application of Cat-CVD for ULSI technology beyond the 45 nm node. Especially, Cat-CVD SiN film for a transistor gate sidewall and/or a pre-metallic liner layer, and removal of photo resist (ash) by Cat-induced hydrogen atoms in the interconnect structure with an extreme low-k material are mainly discussed.