Security Audit System Based On The Log Agent

With the development of information and computer technology, information technology in business operations plays an increasingly important role, more and more business relies on the information technology. At the same time, security issues of computers become more apparent and complex. The threats and risks that information systems faced are also growing.Nowadays, the biggest problem is the lack of effective audit means that is "server in the net, and the regulation out of the net". Data in the information system will be automaticly handled by thousands of times per second. But the audit only relies on manual inspection, the scope and the depth of checks are limited, it is difficult to ensure the strength of audit regulations. Meanwhile, many illegal and criminal incidents were discovered after a long time. Therefore, we must make the real-time monitoring in information systems and found the violation operation by deploying the security audit product. Through it, we can collect the operation records to audit and furthermore to improve information systems.This project builds a security audit platform by log-based agent. Through it, logs of different formats from different devices were collected for unified management and safety audits. The paper describes analysis and implementation process of the security audit system based log agent. We propose a Client/Server log audit system on the basis of some problems of traditional log management and security auditing system. The main contents include, in accordance with the shortcomings of traditional audit system, we analyze and design a scientific system of audit logs; study on the data acquisition technology according to the complex distribution and types of log data, and collect data by using syslog technology; make the "log format to normalized" for the different structures, and solved the problem of the integration of varieties of logs; moreover, the thesis presents a system based on windows platform to extract and analyze logs. Finally, through a series of tests on the system for functionality and performance, it was verified that the system can audit the log data in real-time effectively.