| At present, face to the conditions that rapidly expanding the size of the network, frequently increasing applications of the network, as well as increasingly serious threat to the network, the mainstream security technology feel powerless and incapable, as an important means for the security audit, the log-audit technology and its research value has drawn greater attention! In this thesis, we attach more importance to technology of log real-time data acquisition and real-time audit. Also research the technology for inter-module communication problems.In this thesis, by using C language development in the Linux platform we achieve a more stable log-audit system. First of all, based on log analysis and comparison of the acquisition approaches, we adopted Syslog-ng to obtain log data and temporary caching in the form of documents. Then, by analyzing the technology of real-time audit algorithms as well as the interface of databases, we adopt the regular match expressions and ODBC to fulfill the real-time audit engine and database interface respectively. Then based on the requirements of security and inter-module communication, we focused on the development of auxiliary protocol cooperation with SSH. In the process, towards to the real-time engine, we proposed audit log best track map (BTM) algorithm, improve the speed of audit. And towards to the inter-module communication, we put forward auxiliary protocol to achieve mutual authentication, and by cooperating with SSH protocol to transfer log-file. So to some extent they enhance the efficiency and security of system. Finally, by implementing a series of tests of function and performance, we verify the basic functions and performance of it. |
PDF Full Text Request