| The logs of firewalls and routers and the logs of OS and application will implicate the problems of the network. But there was no tool to drill down a lot of logs and resolve the problems in the past few years. Today, many solutions have many defaults and run very slowly: instruments of security can just sum up data and syslog server pay much time to search data. The log audit system changes the situation. It develops the performance of searching and operating data. It gives IT administrators a solution by what they can administrate logs conveniently. By real time data, administrators can make the situation of the network better. The log audit system gets logs from other hosts and analyses the logs. At same time, it stores logs for a long time automatically. The design is the same as the suggestion of some departments that logs should be stored in special equipments in the same format and dealt by different methods.The article introduces the importance and effect of log audit system in the situation of today' s network, then describes the design of the system' s frame as a whole, and depicts the big modules of the system such as agent, collecting center, storing center, searching engine and configuration administration, and give some examples of the implement of key technique by pseudocode. |
PDF Full Text Request