| With the developing of network technology, the Internet based on TCP/IP protocol is used widely, which has had a great affect on our life. The great success of TCP/IP architecture results from the exoteric and simple characters of TCP/IP protocol. However, these characters brought several problems of security and management. So it's important for network managers to develop system to monitor network traffic and resource. So that network managers could manage network more effectively.Based on these demands, this dissertation presents the method of the network monitoring that is achieved by firewall log data analysis, as well as the monitoring of the network bandwidth usage and network traffic. The main contents in this dissertation are the followings:First of all, base on discussing in technology of network metric and network accounting, the research of traffic collection, the format of the log and the technology of firewall are analyzed. Furthermore base on analyzing the problems on network management, the method of the monitoring of the network running is addressed by the use of the processing of the log records of network firewall.Secondly, the system architecture model is addressed. The key methods of log pre-processing, data-design and Web services are discussed. On this basis, the function of system is analyzed and the system is analyzed and designed.Finally, the problems on network management are addressed. The application of log analytic system in network management is introduced, in which the characteristics of function and operation are evaluated.Compared with the fields of network metric, network accounting and log auditing using firewall log method, this dissertation has the following characteristics:(1) The method of the monitoring to the running network is addressed by the use of firewall log. The contents of monitoring include network bandwidth usage, computer accessing, network services and exceptional sessions. This is an easy method for the monitoring of the network running.(2) The firewall log is used to base data of research. Compared with packets captured and traffic collection with SNMP, it can collect all characteristics and has no influence on performance of device and bandwidth of network.(3) Key data is analyzed and extracted by regular expression. Different format log can be analyzed by constructing different regular expression.(4) Web services architecture is adopted, which can be inquired by web-browser, as well as provides services to other client programs. Standard protocol is adopted which can be operated with other platforms. |
PDF Full Text Request