| With the further development of Internet technology,information system widely used in processing business,so ensure system efficiently,safely and stably operate and the security of related information have become an integral part of the work of operating units.Operating system and application software have all kinds of security audit functions.If strategy is enabled,the system exceptions and users' behavior will be record in the form of log,so excavate these records is of great significance.In the era of big data generating lots of log every day,manually analyze can't meet the demand of maintenance,so timely process amounts of log is very necessary.Moreover the administrator of some units is poor of safety awareness and technical capacity.They are eager to have a easy and efficient system to provide necessary technical support.In view of above two cases,building a platform which can timely process amounts of log is the key to resolve the maintenance requirements of information systems.This paper completed work include:1)Analysis common problems existing in the safety management of operating unit and define the specific needs of users;2)According to the research of the log analyze techniques and the defects of mainstream log analysis products,design a log analysis system which use Elastic Search as Agent to acquire and storage log data and delimit a middle log format to solve the heterogeneous log;3)By establishing a common security events' feature base,analyze log to find security incidents and potential security threats that hidden in the log and generate the alarm to notify the administrator.Design and achieve a log analyze system based on Agent which is Elastic Search.This system can automatically collect and analyze log.By generating alarm,the administrator can timely grasp the situation of system and hidden security threat to effectively avoid system vulnerabilities,protect the safety of monitoring object and meet the maintenance of network operations. |
PDF Full Text Request