Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Log event correlation analysis method and device capable of concurrent and interrupted analysis

A technology of event correlation and analysis method, applied in the direction of electrical components, digital transmission systems, transmission systems, etc., can solve the problems of fast extraction speed, no information, low intelligence, etc., to improve accuracy, improve accuracy, and guarantee safe effect

Inactive Publication Date: 2011-08-17
GUANGZHOU LANKE TECH
View PDF9 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has fast extraction speed, but has no analysis function, simple function and low intelligence
(2) Regular expression method: use regular expressions to analyze log files. Regular expressions are actually a regular expression. This method can realize complex string analysis in a single log, but it cannot be applied to multiple logs. conjoint analysis
[0004] However, the current event correlation analysis methods do not consider the concurrent analysis and discontinuous analysis of multiple logs. The concurrent analysis of logs means that a single analysis module can analyze logs from multiple different sources within the same time Perform event correlation analysis between logs. Log intermittent analysis means that the analysis module can save the state of the previous log analysis. When a new log fragment arrives, it can continue to run in combination with the saved previous analysis state.
Existing methods do not provide enlightenment to realize the above functions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log event correlation analysis method and device capable of concurrent and interrupted analysis
  • Log event correlation analysis method and device capable of concurrent and interrupted analysis
  • Log event correlation analysis method and device capable of concurrent and interrupted analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Such as figure 1 As shown, a log event correlation analysis device that can implement concurrent and intermittent analysis, including:

[0048] The rule definition module is used to provide a human-computer interaction interface for users to define rules;

[0049] The log message collection module is used to sequentially collect log messages from different sources according to the set time interval and the latest time stamp of the log in the state preservation module, and send the latest time stamp of the collected log to the state after the collection is completed. save module;

[0050] The event correlation analysis module is used to analyze log messages according to the defined rules. If multiple log sources need to be analyzed at the same time, multiple log messages should be merged first, and then analyzed. When analyzing logs Use the various intermediate state variable values ​​saved in the last analysis, and update the intermediate state variables in the state ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a log event correlation analysis method and a device capable of concurrent and interrupted analysis. The method comprises the following steps: firstly defining an analysis rule and uploading the rule to an event correlation analysis module; acquiring a log message of each log source in sequence, and uploading the log messages to the event correlation analysis module; analyzing logs by the event correlation analysis module; storing intermediate state variables of the existing event correlation analysis to a state storage module in the analysis process; and if certain correlated event is triggered in the analysis process, sending an alarming signal of the correlated event outwards. The device comprises a rule definition module, a log message acquisition module, an alarm output module and an event correlation analysis module. According to the invention, the concurrent and interrupted analysis can be carried out on the multiple logs, thus strengthening the log audit function of network monitoring and a network management system, improving the accuracy of network early warming, and ensuring the safety of the network monitoring and the network management system.

Description

technical field [0001] The invention relates to the technical field of event correlation analysis in the field of information security, in particular to a log event correlation analysis method and device for performing concurrent and intermittent analysis on multiple different logs. Background technique [0002] In recent years, due to the rapid development of information technology, the scale of enterprise information technology infrastructure construction has continued to expand, and IT monitoring and operation and maintenance systems have also been widely used. Such systems are aimed at network equipment, hosts, operating systems, database systems and various application systems. The technical means of monitoring is mainly to collect various log data, and through effective analysis of these data, users or administrators can discover and avoid disasters in advance, and find the root cause of security incidents. The log here refers to certain operations of the system on som...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24
Inventor 梁英宏杨东晓王玉中司徒新红周铁道龚春媚
Owner GUANGZHOU LANKE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com