Log processing method and device

A processing method and log technology, applied in the field of information processing, can solve the problems of excessive filtering of logs, ineffective filtering of information redundancy, inconsistent query and retrieval performance of security information, etc., so as to improve the real effectiveness and reduce a large amount of redundancy The effect of the log

Active Publication Date: 2016-07-20
CHINA MOBILE COMM GRP CO LTD
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The centralized security management platform of the prior art has the following disadvantages: 1) the redundancy of multiple log information originating from different levels in different network structures cannot be effectively filtered, resulting in inconsistency of security information and low query and retrieval performance; 2) filtering The subjectivity of artificial configuration of rules will cause excessive filtering and invalid filtering of logs, resulting in the loss of security information and a large amount of redundancy of security information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log processing method and device
  • Log processing method and device
  • Log processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] The embodiment of the present invention provides a log processing method, which is applied to a centralized security management platform. During the specific implementation process, the centralized security management platform can be an ordinary computer or server or an industrial control computer (industrial computer), etc. The function realized by the log processing method can be realized by calling the program code by the processor in the centralized security management platform, and of course the program code can be stored in the computer storage medium; it can be seen that the centralized security management platform at least includes a processor and a storage medium.

[0042] In the process of log processing, it is generally to obtain logs within a time window such as |T2-T1|=T0. As mentioned above, T1 is the initial time, and T2 is the time to obtain logs. When T2 and When T1 is different, T0 is not 0, and T0 is defined as the time window; in the process of specif...

Embodiment 2

[0072] Based on the foregoing first embodiment, the embodiment of the present invention provides a log processing method, which is applied to a centralized security management platform. During the specific implementation process, the centralized security management platform can be an ordinary computer or server or an industrial control computer (industrial personal computer) and other equipment, the function realized by the log processing method can be realized by the processor in the centralized security management platform calling the program code, of course the program code can be stored in the computer storage medium; it can be seen that the centralized security management platform includes at least processor and storage media.

[0073] figure 2 It is a schematic diagram of the implementation flow of the log processing method in Embodiment 2 of the present invention, as figure 2 As shown, the method includes:

[0074] Step 201, obtaining the first log package;

[0075...

Embodiment 3

[0095] The embodiment of the present invention provides a log processing method, which is applied to a centralized security management platform. During the specific implementation process, the centralized security management platform can be an ordinary computer or server or an industrial control computer (industrial computer), etc. The function realized by the log processing method can be realized by calling the program code by the processor in the centralized security management platform, and of course the program code can be stored in the computer storage medium; it can be seen that the centralized security management platform at least includes a processor and a storage medium.

[0096] exist Figure 1-3 In the illustrated embodiment, the processing of a log within a time window is taken as an example for illustration. exist image 3 In the illustrated embodiment, based on the foregoing image 3 The processing method of processing a log described in the illustrated embodim...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a log processing method. The method comprises the following steps: obtaining a first log packet; analyzing each log in the first log packet to obtain field information satisfying a preset condition; when N is an integer larger than or equal to 2, obtaining a first log from the first log packet, wherein the first log is a log in the first log packet; judging whether the field information of the first log is the same as the field information of a first sub-log to obtain a first judgment result; when the first judgment result indicates that the field information of the first log is the same as the field information of the first sub-log, obtaining a first log source and a first sub-log source, wherein the first log source is a log source of the first log, and the first sub-log source is the log source of the first sub-log; and determining whether to discard the first log or not according to the priority of the first log source and the priority of the first sub-log source. The invention further discloses a log processing device.

Description

technical field [0001] The invention relates to information processing technology, in particular to a log processing method and device. Background technique [0002] In order to continuously respond to new security challenges, enterprises have successively deployed firewalls, unified threat management (UTM, United Threat Management), intrusion detection and prevention systems, vulnerability scanning systems, antivirus systems, terminal management systems, etc., to build a series of security defense lines. However, these security defense lines only defend against security threats from certain aspects, forming "islands of security defense" one by one, which cannot produce synergistic effects. What's more serious is that these complex information technology (IT, Information Technology) resources and their security defense facilities continuously generate a large number of security logs and events during the operation process, forming a large number of "information islands". Th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
Inventor 张站朝何申张雯俞诗源
Owner CHINA MOBILE COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap