Design And Implementation Of Log Report Subsystem Of Enterprise Security Platform Based On REST Architecture

With the rapid development of information technology,the Internet plays an increasingly important role in our daily study and work.For enterprises,scientific research institutes,state units,universities and other unit anddepartments,the degree of informatization and networking is getting higher and higher.This makes information security and network security more important.For enterprises and other organizations,it may be necessary to have multiple network security devices(Web application protection systems,intrusion detection systems,etc.)to ensure the security of network information throughout the enterprise.Different devices generate a large number of different kinds of logs,which are the main data of network information security,and the importance is self-evident.If you only rely on human analysis,statistics,and management of a large number of different types of logs,the workload will be huge.At this point,a system is needed to centrally access,manage,and generate reports for logs of different devices.In this way,the enterprise security platform log reporting subsystem came into being.This thesis adopts the software engineering research method,and discusses in detail the process of designing and implementing a log security subsystem of enterprise security platform based on REST architecture.The main work of this thesis is as follows.(1)Analyzed the existing enterprise security platform that the subsystem relies on,and proposed a solution of the log report subsystem based on REST architecture,which can maximize the separation of the front and back ends,and satisfy the back end using both Spring and Django needs.(2)In-depth research on the various technologies that this article relies on,such as REST architecture,Hive data warehouse tools,Flume distributed massive log collection and aggregation and transmission systems,Heka components,etc.,clarifies the research direction of the thesis.(3)Through the preliminary research and analysis of the business process of the system,the demand analysis of the log report subsystem was completed.(4)Completed the three-tier architecture design of the system "front-end-server-database",and implemented the REST architecture to completely separate the front and back ends.The front-end adopts the architecture of AngularJS.The backend that I am responsible for adopts the Spring framework and the Django framework.The data is exchanged or invoked between the front and back through an Http request or Thrift.The database uses both Hive and PostGreSQL as storage tools for data.(5)According to the system function,the system function module is divided,and each function module is designed and implemented.(6)The system test plan is designed according to the requirements,design and implementation of the system.The functional test and performance test of the system were completed by designing and running test cases,and the test results and data were analyzed in detail.After a number of rounds of testing,all test cases of the system were passed,achieving all functional and non-functional requirements.The log reporting subsystem finally implements five functions: log access,log query,log backup and recovery,report generation,and log alarm.In the process of implementing the log access module,for the feature of device log diversity,the configuration method of reading data from the database to dynamically configure Flume and then restarting the Flume is adopted,instead of directly writing the Flume configuration information into the configuration file.The purpose of this method is to update the Flume configuration by updating the data directly in the database instead of modifying the configuration file when the device log type is created,modified,or deleted.At the same time,in order to meet the different needs of the log database in big data mode and small data mode,the method of reading data from the database and then dynamically creating the log data table is adopted.In the log report module,for the complex types of reports,the Django framework is used to turn the data query of various reports into plugins.When generating a report,you only need to introduce the query plug-in provided by the relevant device to get the log data required for this kind of report.At the same time,Python-style plugins are also convenient for adding,modifying,and deleting.As a subsystem of the enterprise security platform,the system has been put into operation based on the enterprise security platform.The system can currently access logs of multiple network security devices and generate corresponding reports.It also provides log query,log backup recovery,log alerting to efficiently and conveniently manage network security device logs.