Design And Implementation Of Log Analysis System For Linux

Log file records the trace of a computer runtime status. It is generally used in the process of system debug, monitor and security detection. Log management and analysis is the fundamental instrument of system management and intrusion detection. It is also the necessary measurement of evaluating the status of system and validating policy of the network security. So the log analysis tool is becoming an important part of security detection and indispensable component of system maintenance.This paper presents the design and implementation of a distributed log analyzing system for Linux named LASL. It analyzes the present log analysis technology, including the trend of log analysis, the architecture of the log analysis system and log analysis approaches. Focusing on the requirement of distributed log management in the network environment, it puts forward a log analysis module which based on Mobile Agent. Under this principle, the paper describes the design of LASL architecture, the work through, the platform, modules and the communication mechanism.To enhance the flexibility and robustness of the log analysis, this paper introduces the concept of Dynamic Agent and Static Agent. The former is responsible for the LASL system communication, delivering the log analysis reports and status information. The latter stays on the customer computer and takes care of complicated transaction process. We design and implement the log analysis agent on Linux, which merges the traditional filtering, matching and event analysis tools into Mobile Agent technology. LSM (Linux Security Mechanism) provides the log protection mechanism, which guarantees the security and effective of log analysis. At the same time, we also make a deeply research on the log analysis mechanism and work through of the log analysis.At last, the paper summarizes the advantage of combination Mobile Agent and the log analysis and the disadvantage of the performance and security. It also provides the system deployment, testing result and discussion about the solution of the system improvement.