Study On Centralized Management Technology Of Multi-source Logs

With the widespread application of computer and network technology,the area of network security is facing great challenges.Theft or illegal use of confidential information occurs occasionally,seriously threatening the security of business and personal information.Computer log technology is therefore developed in this context to record events on various devices.Syslog management system is a comprehensive framework that includes the log data collection,information transmission and reception.Therefore,in this paper,the design and implementation of centralized log management system are based on the Syslog framework.In this paper,a distributed Syslog-based log collection framework is proposed,in which log data collected in the system is transmitted in Syslog format.And for non-Syslog log data,a distributed collection method is designed to convert the non-Syslog log data into Syslog format and use Syslog API to encapsulate the original log data and upload to the Syslog server.A general log parsing framework based on dynamic policy is also proposed.The introduction of dynamic policy improves the versatility and flexibility of the system.When the format and type of collected log data change,the policy file can be modified so that the system can still parse the changed log data.A multi-criteria log semantic parsing algorithm is designed.The best solution is chosen by analyzing the log attributes and match of log fields.The degree of match is determined by calculating the probability.The algorithm has multiple criteria,and by excluding numerous unsuitable matching solutions,the matching process is simplified.Then the system selects the best solution from the rest of the matching solutions.In this paper,the prototype system of multi-source centralized log management and analysis is realized.Networked devices have a large amount of log data which are an important resource for network security analysis.Unfortunately,in reality these system logs are isolated.With Syslog as framework,this system achieves centralized management of logs and can collect various types of log to perform correlation analysis.