Research And Implementation Of Situation Awareness System Based On Log Exception Analysis

In recent years,with the popularity and application of computers,log security threats are also escalating,which poses new challenges to the availability and security of computers.How to deal with these challenges has become a problem in front of every operation and maintenance personnel.The emergence of log situation awareness system provides a new security solution for enterprises and organizations,which can realize real-time monitoring and analysis of system logs,quickly discover and respond to potential security threats,and improve equipment security assurance capabilities.Nowadays,the log situation awareness system has been continuously improved and has gradually become a mature security solution,which realizes the whole process security assurance from log collection,real-time analysis to visual display and automated response,and has become an important part of the security defense of enterprises and organizations.This paper studies and designs a situation awareness system based on log exception analysis.The key technologies of Wazuh based host log real-time alarm and LSTM-based offline log security trend prediction are proposed for real-time logs and offline logs respectively,realizing the comprehensive threat awareness of the system.First,for real-time logs,Wazuh collects agent logs in real time,analyzes and alarms according to the configured rule set,implements rule-based log anomaly analysis,and uses ELK(Elasticsearch,Logstash and Kibana)for real-time log management in the system construction process.Logstash is used to collect real-time log analysis results of Wazuh and store them in My SQL database,so that the system can effectively collect and detect anomalies in the current environment of the system in real time.Secondly,for offline logs,Spell method is used for analysis,feature extraction is completed by log key encoding and log parameter encoding,and LSTM prediction model based on log anomaly analysis is constructed to realize log anomaly prediction,which is helpful to verify the change of security state under the historical environment of the system.Finally,through Springboot framework and My SQL database,a situation awareness system based on log exception analysis is implemented to visually present the analysis results.The situation awareness system based on log exception analysis designed in this paper takes into account both real-time logs and offline logs.It can collect,process,analyze and visualize system logs to help users understand the running status and security situation of the system,quickly identify and respond to potential security threats,and play an important role in ensuring device security.Thus promote the construction of data security and help data security governance.