The Research Of Log Management And Event Track Based On Windows Platform

As the development of information society, the application of computer has appeared in every aspects of people's life. However, security problem has always bothered us. It can make computer out of work, and also cause the important information loss or leak seriously. That would make great losses for users. The Windows Operation System is the most widely used system in personal computer. It has been comprehensively approbated as its powerful function and usage. But things are not always good, security and stability problem occurred in windows constantly. Microsoft Windows Operation System has its own secure mechanism.Event tracker was one of them. Every event happened in the system was stored in a special log file, it has the most important value. The main research of this paper is not only to extract key record in the enormous windows event log, provide remindful function in real time to make the user find problem in time, but also add database dump function in the system, even if the event log was delete, we can also recover the loss log. This paper mainly researches the extraction and analysis of the windows event log file, carries out the function above meanwhile, it also implement the function of log management. The log management includes the log dump, log delete and log query. For the security of program, the system also adds the password management function. This function is used to put the system passwords which were encrypted by MD5 into the database. Before login, modify the password and do the dangerous operations, it can verify the correctness of the input password, and decides if the user has the operation right..NET is a net oriented, multi-user supported integrated development environment introduced by Microsoft. It define a Common Language Subject, it is a mixed language which provides the seamless integrated for the language and class libraries that accord with its criterion. .Net unifies the program libraries, provides the communication criterions for the next generation network. The support of XML makes the program easier. This paper use C# to program. It is a language for .NET, bring fast development, and inherit the advantage of C and C++.The main research of this paper is about the windows event log, The event log in Microsoft Windows provide a standard method to make the application program record the software and hardware event. The event definition in windows can be classified: information event was the important event but not happened often, warning event was the not immediate event but can cause problem later, error event may cause seriously problem.This paper adopts the Microsoft SQL Server 2000 as the background database. It was the SQL Server database management system by Microsoft. It inherits the advantage of SQL Server 7.0, and provides many other functions. It also has a new characteristic, query cache storage; it caches the query result and gives it back to the caller. It improves the system performance observably. SQL Server uses login verification and database admission verify. SQL Server supports the Windows NT identity verification and SQL Server identity verification. It support many roles, the definition of role makes the purview management easier. SQL Server can obtain many advantages on the compatibility today. Moreover, SQLServer2000 has the expansibility and dependability; it can develop internet system quickly. Especially it can store XML data, and outputs the result in XML. It is propitious to construct system's interoperability. These characteristics acts most important role.The purpose of designing this system is extracting the key records of the windows'event log, and accessing the log records through database's managing function, and designing the nice operational interface. Then, making user can operate this system to complete the management on the inner log of the computer easily, under the circumstance of he or she having not any professional knowledge.The system consists of four parts like UI management module, database management module, log-connection module and assistant management module.Now, the function of each module as following:1. UI management module shows the whole work view to users. It includes login and operation view. The system offer the administrator's login view, one can enter the system's operation view and go along next step after inputting the correct password.2. Database management module realized that manages all log records in the database, it includes transfer-storage log, delete log, query log and so on. Additionally, it offers the management to password of user-login too. 3. Log connection module realized that connects to application program log, system log and security log, and that track and operating to these log documents.4. Assistant management module offered some practical assistant function to users, it includes that exporting the selected log records to the common text file, extremely convenience the operation to users; besides, this module offered the help document function, the inner detailed instructions sufficiently allow users to use this system in a short period of time.Through this research to the subject, let me grip the language of c# deeply, and have a deep understanding of the internal mechanism of operation of windows event log and the operation of SQLServer database.Although the system has been developed, there are still two shortcomings. First, windows owned event log itself can't record all activities in computer system completely, and the contents of records are relatively crabbed and obscure to the basic knowledge of computer wreaked user; second, protective measures of system is less so that it is susceptible to hackers and virus attacks. The next important work is improving the shortcut. I will make the system more strong and perfect in the next development.