| The fact that every device of network sysytems produces logs to record itsbehavior or correlative network events makes us serious think about these logs’management and audit. Therefore, how to manage and audit these logs becomes verysignificant. In this paper, the main aim is constructing a distributed platform for logsurveillance and audit so that we can collect various audit data and log data which liein the various locations in network, and enforce a uniform management and audit.In this paper, we firstly analyze the requirments for building a system to manageand audit logs in network. And a distributed architecture of the system is presented.Based on the above distributed architecture, a demo system, which is equipment withthe model of B/S and C/S, is designed and implemented. Focusing on the above system,we do mainly the following works in this thesis.(1) On the basis of a thorough study on the exited products about auditing logs,we explore a new type of log format, which is suitable for various logs conversion andfusion;(2) On the basis of comparing with the exited auditing methods, a new enginebased on data mining is presented;(3) A demo system about managing and auditing logs is designed andimplemented.According to the results of testing the demo system, the system can surveillance,management and audit the logs. The system also provides a stronger support forsecurity auditing in network. |
PDF Full Text Request