| With the rapid development of computer and Internet technology, every businesse lies on computer. At the same time, the security of computer attract more attentions.The promulgation of the SOX act makes the security of IT environment more important.With the computerization and automation of production, the traditional audit approach have been unable to meet the auditonal needs of the business.We need a computer-assisted audit system which can reduce the workload of the audit staff, liberate auditors from the repeating and boring part of work, allow auditors to focus on the audit business, but not the data access and storage.It also can avoid the misuse of audit work from people's errors.This topic is based on such a background. Through the log collection and sorting to a decentralized computer environment and business system, it can not only provide a unified audit approach to the auditors, but also provide the function such as the log query, reporting management, etc. The system reduces the burden of the auditors and enhances their work efficiency.At first, This paper describe the researchful background of the topic, introduce the basic knowledge of the technical basis about the log audit, such as log-collection protocol SNMP,Syslog.At the same time,we introduce some log audit systems and make a comparetion above them.And then we talk about some key technologies about the background processing of log auditing.They are log receiving buffer mechanism which can avoid log losing caused by log traffic outburst, the log normalized rules which can be dynamic configuration in order to enhance the scalability of system.We design and implement the reception and analysis of Syslog by ourselves. Finally, we introduce the overall design and solution of the log-audit system, especially the module of log collection and report management. |
PDF Full Text Request