Method for automatically extracting and analyzing firewall logs based on XML rule model

An automatic extraction and analysis method technology, applied in hardware monitoring and other directions, can solve the problems of unable to analyze abnormal behavior information, no abnormal log analysis function, and inconvenient unified analysis of firewalls

Inactive Publication Date: 2014-02-12
CHINA TOBACCO ZHEJIANG IND
View PDF1 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Now there are some tools for managing firewall logs, but these tools usually only manage logs of a specific firewall, such as the log management system of Tianrongxin, which mainly manages logs of Log collection, storage, display and query, but without the analysis function of abnormal logs, it is impossible to analyze abnormal behavior information from a large number of logs
Since the log information of various firewalls does not adopt a unified format and is unstructured data, it brings great inconvenience to the unified analysis of firewalls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for automatically extracting and analyzing firewall logs based on XML rule model
  • Method for automatically extracting and analyzing firewall logs based on XML rule model
  • Method for automatically extracting and analyzing firewall logs based on XML rule model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The following describes the specific implementation method of the technical solution proposed by the present invention based on the firewall log.

[0041] Such as figure 1 As shown, the firewall log extraction method implemented by the present invention first obtains the firewall log file regularly, step S1. Read the XML model corresponding to the log file according to the XML analysis model, step S2.

[0042] Obtain a log record from the log file according to the XML model definition, step S3. It is judged whether the characteristic value of the log record matches the "record type" defined by XML, step S4. If it does not match, go to S3. If they match, advance the corresponding log parameters according to the attributes in the "data item" under the "record type", step S5.

[0043] It is judged whether all records in the log file have been processed, step S6. If not finished, go to S3. If all the records have been processed, save all the extracted log records in the struc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for automatically extracting and analyzing firewall logs based on an XML rule model. The method includes the following steps of defining XML log analysis templates, automatically extracting the firewall logs and analyzing the firewall logs. According to the method, quintuple information of time, a source IP address, a source port, a destination IP address and a destination port contained in each log is extracted. The XML templates are formulated according to the structural features of each type of firewall log files, record type defined feature identification contained in the firewall log files is contained in the XML template, according to the identification, the firewall log files are extracted, the quintuple information in the firewall logs is automatically identified, and whether the operating state of a destination device is normal or not is automatically judged according to predefined safety rules. By the adoption of the method, a large amount of firewall log information can be automatically rapidly extracted, abnormal network access behaviors are analyzed, and a basis is provided for network safety analysis and management.

Description

Technical field [0001] The invention relates to a method for automatically extracting firewall security logs based on an XML rule model in the field of information security. According to the structural characteristics of firewall security log files, XML language is used to define rule templates, and the template-based log analysis system enters the automatic extraction of firewall log information During the process, the extracted log information is matched with the corresponding XML security rules, so as to effectively determine whether the extracted firewall log information reflects the abnormal operation and usage of the target device or system, which is in the field of information technology. Background technique [0002] Firewalls have been widely used in computer network security. The firewall has a log recording function, which can record all access to the internal network and external network through the firewall. The content of the log mainly includes time, source IP add...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/34
Inventor 姜学峰李威李健俊董惠良
Owner CHINA TOBACCO ZHEJIANG IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap