Log event correlation analysis method and device capable of concurrent and interrupted analysis

A technology of event correlation and analysis method, applied in the direction of electrical components, digital transmission systems, transmission systems, etc., can solve the problems of fast extraction speed, no information, low intelligence, etc., to improve accuracy, improve accuracy, and guarantee safe effect
CN102158355AInactive Publication Date: 2011-08-17GUANGZHOU LANKE TECH
9 Cites 49 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGZHOU LANKE TECH
Publication Date
2011-08-17
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a log event correlation analysis method and a device capable of concurrent and interrupted analysis. The method comprises the following steps: firstly defining an analysis rule and uploading the rule to an event correlation analysis module; acquiring a log message of each log source in sequence, and uploading the log messages to the event correlation analysis module; analyzing logs by the event correlation analysis module; storing intermediate state variables of the existing event correlation analysis to a state storage module in the analysis process; and if certain correlated event is triggered in the analysis process, sending an alarming signal of the correlated event outwards. The device comprises a rule definition module, a log message acquisition module, an alarm output module and an event correlation analysis module. According to the invention, the concurrent and interrupted analysis can be carried out on the multiple logs, thus strengthening the log audit function of network monitoring and a network management system, improving the accuracy of network early warming, and ensuring the safety of the network monitoring and the network management system.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of event correlation analysis in the field of information security, in particular to a log event correlation analysis method and device for performing concurrent and intermittent analysis on multiple different logs. Background technique

[0002] In recent years, due to the rapid development of information technology, the scale of enterprise information technology infrastructure construction has continued to expand, and IT monitoring and operation and maintenance systems have also been widely used. Such systems are aimed at network equipment, hosts, operating systems, database systems and various application systems. The technical means of monitoring is mainly to collect various log data, and through effective analysis of these data, users or administrators can discover and avoid disasters in advance, and find the root cause of security incidents. The log here refers to certain operations of the system on som...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More