The invention discloses a Hadoop-based network security event analyzing method. The method includes that by utilizing the characteristic that hadoop is high in efficiency, fault tolerance, expandability and reliability and open in source during mass data processing and adopting the advantage that an HDFS (hadoop distributed file system) is high in fault tolerance and extensibility, a user is allowed to arrange Hadoop on common and low-price hardware to form a distributed-type system; MapReduce provides a development parallel application program and realizes distributed-type calculating and parallel task processing on a cluster; the HDFS provides support like file operation and storage in the process when the MapReduce processes tasks, a data collecting system collects network security event information from each network security device, generates data files and stores the data files in the HDFS by using an API or an instruction, data are stored on nodes of multiple common hardware resources in a distributed manner, the MapReduce is used to analyze the event information and output analyzing results to demonstrate that the MapReduce realizes distribution, tracking, execution and the like on the basis of the HDFS, the results are collected, and major tasks of the Hadoop distributed-type cluster are completed through interaction.