Method, device and system for real time parsing of device log

Abstract

The embodiment of the invention discloses a realtime analysis method, a realtime analysis device and a realtime analysis system of an equipment journal, relating to the computer network safety management technology. The invention is invented to realize realtime receiving and analysis of the equipment journal without compiling an analysis code and restarting the system. The method comprises the following steps: dynamic loading of an equipment journal analysis configuration file is completed and a corresponding journal analyzer is created; a journal sent by equipment is received; a corresponding journal analyzer is searched; if a corresponding journal analyzer is searched, the received equipment journal is analyzed and the analysis result is sent to an audit center. The device comprises a loading unit, a creating unit, a receiving unit, a searching unit, a journal analyzer and a transmitting unit. The system comprises an equipment control desk, a journal collecting module and an audit center. When a new equipment type is added in the system, the embodiment of the invention can realize realtime receiving and analyzes the journal of the newly arranged equipment type without restarting the system and compiling an analysis code.

Description

technical field [0001] The invention relates to computer network security management technology, in particular to a method, device and system for analyzing equipment logs in real time. Background technique [0002] Logs are records that describe the behavior of a computer system or device. In the field of computer security, logs are mainly used to monitor user behavior, record users' usage of the system, and prevent users from unauthorized use; diagnose abnormal network behaviors, and evaluate abnormal behaviors through log observation; problem monitoring is through log systems. Monitor the usage of system resources or network traffic to detect if problems occur. In the log audit system, network device logs are collected, and through real-time analysis of log information, system administrators can keep abreast of network and business operations, and quickly identify and stop security threats. [0003] Usually, the logs sent by the device are strings with a certain format. ...

AI Technical Summary

Problems solved by technology

[0005] In the prior art, another method for real-time processing of logs of various types of devices is to complete the real-time analysis of device logs in the form of plug-ins. In the process of realizing the present invention, the inventor found through research: 1 . When a new device needs to be supported, the parsing code needs to be compiled according to the log format of the device itself; 2. When the log format of a certain device needs to be modified, the parsing code needs to be changed, and the system also needs to update the parsing code after the change. Recompilation is more troublesome

Images