| With the development of computer technology,computer equipment and network equipment is becoming more and more complex. The logging system records the running information to maintain these devices running safe and stable. Because different devices which includes different log informations on different logging system. It’s very difficult to read and analysis log informations by human beings.Currently, Most logging analysis tools just could analysis a kind of log information. Only a few tools which could analysis several kinds of log information is limiting. If several kinds of log informations is audited jointly, and the analysis system with high flexibility will improve system security greatly. This article is based on this issue.Analysising and summarying the logon、logout、process tracking and policy change from the activity of users based on Windows, and carrying out some judgment rules. For different types of log information, the XML configuration file is used for saveing parsing-format. By this method, the program can automatically parse the log information. This paper presents a tree structure to organize the various types of rules. It could auditing different log types together by using this method. Finally, we implement a model system which could automatic analysis different types of log informations jointly. |
PDF Full Text Request