Method for automatically extracting and analyzing firewall logs based on XML rule model

An automatic extraction and analysis method technology, applied in hardware monitoring and other directions, can solve the problems of unable to analyze abnormal behavior information, no abnormal log analysis function, and inconvenient unified analysis of firewalls
CN103577307AInactive Publication Date: 2014-02-12CHINA TOBACCO ZHEJIANG IND
1 Cites 29 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA TOBACCO ZHEJIANG IND
Publication Date
2014-02-12
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to a method for automatically extracting and analyzing firewall logs based on an XML rule model. The method includes the following steps of defining XML log analysis templates, automatically extracting the firewall logs and analyzing the firewall logs. According to the method, quintuple information of time, a source IP address, a source port, a destination IP address and a destination port contained in each log is extracted. The XML templates are formulated according to the structural features of each type of firewall log files, record type defined feature identification contained in the firewall log files is contained in the XML template, according to the identification, the firewall log files are extracted, the quintuple information in the firewall logs is automatically identified, and whether the operating state of a destination device is normal or not is automatically judged according to predefined safety rules. By the adoption of the method, a large amount of firewall log information can be automatically rapidly extracted, abnormal network access behaviors are analyzed, and a basis is provided for network safety analysis and management.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field

[0001] The invention relates to a method for automatically extracting firewall security logs based on an XML rule model in the field of information security. According to the structural characteristics of firewall security log files, XML language is used to define rule templates, and the template-based log analysis system enters the automatic extraction of firewall log information During the process, the extracted log information is matched with the corresponding XML security rules, so as to effectively determine whether the extracted firewall log information reflects the abnormal operation and usage of the target device or system, which is in the field of information technology. Background technique

[0002] Firewalls have been widely used in computer network security. The firewall has a log recording function, which can record all access to the internal network and external network through the firewall. The content of the log mainly includes time, source IP add...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More