Log sending system for distributed security audit collection devices and sending method

Abstract

The invention discloses a log sending system for distributed security audit collection devices and a sending method. The log sending system comprises an audit center and an audit unit which are connected through an industrial Ethernet. The audit center comprises a first log management module, wherein the first log management module is connected with an alarm management module, a policy issuing communication module, an audit center management module and a first timing module; the policy issuing communication module and the first timing module are connected with a policy management module; and the audit center management module is connected with an audit center database. The audit unit comprises a second log management module, wherein the second log management module is connected with a second timing module, a communication module and an audio unit management module; and the audio unit management module is connected with an audio unit database. According to the system and the method, deficiencies in the prior art can be improved, the processing speed of the audio center is improved, and the stability and reliability of the audio center are improved.

Description

technical field [0001] The invention relates to the technical field of network security audit, in particular to a log sending system and sending method for distributed security audit collection equipment. Background technique [0002] The network security audit system is a special product for information security that records and analyzes the protocols, data and behaviors in the network, and makes certain response measures. It generally adopts a bypass access method. The distributed deployment audit platform is to deploy multiple audit devices in a distributed manner in the network, and one audit center management host (hereinafter referred to as the audit center) is responsible for the audit equipment units (hereinafter referred to as audit units or audit devices or Collecting end equipment) to meet the user's requirements for network behavior audit and filing, provide complete network behavior records, and facilitate information tracking, system security management and ris...

AI Technical Summary

Problems solved by technology

[0004] Due to the multiple audit devices in the existing distributed network audit system, after collecting data, they are dispersed and sent log data to an audit center in the form of carrier multi-channel access and conflict detection mechanisms of their respective Ethernets, and a single audit device within a unit of time When the log data sent by the collection end to the audit center is fixed, as the number of device collection ends increases, the flow of log data sent to the audit center will increase sharply. Cause serious network load, the workload of the audit center is heavy, occupy too much storage space, increase the amount of data processed per unit time, affect the speed of audit processing, and even cause the audit center to collapse

Images