The design and implementation of log audit system is researched in this paper, with its corresponding Rapid Matching Mechanism proposed. It is matching rule library and matching algorithm that has great effect on rule matching, whose efficiency determines whether the whole audit system performs well or not. After analyzing the current kinds of matching rule libraries, including their feature and limitation, we propose a new kind of rule library, based on tree (rule tree), to change the traditional linear rule matching mode to decrease the invalid matching number, to improve the matching performance; also it brings more convenience to manage the rule library. According to the feature of rule tree, an improved matching algorithm, which is made up of reconstructed second floor rule matching method (based on AVL tree), and third floor rule matching method (based on improved Wu-Manber algorithm), is proposed to solve the low efficiency problem of simple matching algorithm based on rule tree. The whole audit system and its internal modules are designed and implemented according to the request of the above fast matching mechanism; it is proved that audit system, with fast matching mechanism inside, can protect the security of system, also provide more predominant performance. |