Multi-level cluster-type construction multi-source safety log collection system and method

A clustered, multi-layered technology, applied in the field of multi-source security log collection systems, can solve the problems of not considering collection requirements, difficult to meet the reliability and real-time requirements of multi-source security logs, and inability to realize dynamic allocation of log source load, etc. Achieve the effect of improving real-time performance and reliability, load balancing solution, and high compatibility

Active Publication Date: 2017-03-22
STATE GRID CORP OF CHINA +2
View PDF5 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method does not consider the collection requirements of multi-source heterogeneous logs such as multi-source hosts, access l

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-level cluster-type construction multi-source safety log collection system and method
  • Multi-level cluster-type construction multi-source safety log collection system and method
  • Multi-level cluster-type construction multi-source safety log collection system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In the specific implementation, the first step is to build a multi-source security log collection system. The system consists of Syslog client, access control server, load balancer, collection pre-cluster, Hbase storage service cluster, ES storage service cluster, Hbase database cluster and ES cluster composition. Syslog client is a kind of client software that security log is encapsulated into Syslog (is a kind of standard that is used to transmit record file message in the network of Internet protocol) message format, common open source Syslog software has NXLog and Evtsys, the present invention The Syslog software used on Windows and Linux hosts is NXLog, and the log on the network device uses the default Syslog software of the device. The Syslog client encapsulates the security log into a Syslog message and sends it to the access control server. The access control server is an HA (High Available, high-availability cluster) composed of two computers installed with f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a multi-level cluster-type construction multi-source safety log collection system and method. The network device logs such as a switch and a firewall and the multi-source heterogeneous logs such as a network behavior log are uniformly collected; on the aspect of log source control, the log source configuration can be dynamically added, deleted and modified and the start-stop operation of a single log source collection task is realized in the condition without any influence on the collection of other log sources so as to ensure the unremittance of the log collection; on the aspect of the collection method, a cluster-type construction design is employed, when one collection node has faults or the performance has bottlenecks, the load can be dynamically deployed so as to ensure the reliability and the timeliness of the large-scale log data collection; and on the aspect of the data storage, the safety log is stored into an Hbase database and an ES index so as to support the intelligent big data analysis and support the log online query analysis.

Description

technical field [0001] The invention relates to a multi-source security log collection system and method with a multi-level cluster structure. Background technique [0002] According to the survey report of the National Internet Center, the threat of high-intensity organized attacks against my country's information systems in 2015 was severe. Software and hardware devices such as hosts, firewalls, switches, and Web services that make up the information system all have log data that record user access behaviors, including user operation behaviors, access requests, and system error exceptions. Therefore, it is necessary to collect information system security logs to fully grasp the system security status, trace the source of attacks and locate system vulnerabilities. [0003] Logs related to security events in information systems mainly include host logs, access logs, firewall logs, network device logs, and network behavior logs. Network attacks against information systems a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/08H04L29/06
CPCH04L63/10H04L63/1425H04L67/1008H04L67/1001H04L67/56
Inventor 田建伟田峥黎曦薛海伟漆文辉刘洁
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap