Log acquisition method and system

Abstract

The invention relates to a log acquisition method and system. The log acquisition method comprises the steps of: according to contents filled in a user operation front-end interface, acquiring configuration parameters; according to the acquired configuration parameters, classifying and filtering asset logs; according to information in a configuration file, totally rolling out the classified and filtered logs; and storing the collected logs into a file system of a target log server in a multi-node shunting form. The log acquisition method disclosed by the invention supports acquisition methodsof various types of equipment and implements omnibearing multi-dimensional log audit; text storage is carried out by tree nodes so as to facilitate program calling; and the log acquisition method andsystem are beneficial to subsequent parsing and certificate storage of programs.

Description

technical field [0001] The present invention relates to the technical field related to log processing, in particular to a log collection method and system. Background technique [0002] In a complete information system, the log is a very important functional component. It can record all the behaviors generated by the system and express them according to a certain specification. We can use the information recorded by the log system to troubleshoot the system, optimize the performance of the system, or adjust the behavior of the system based on this information. In the field of security, logs play an especially important role and can be said to be one of the most important tools in security auditing. The collection of logs is convenient for auditing and certificate storage, and the invention provides a method and system for collecting logs. [0003] In the prior art, network log collection is mainly a log collection method in which passive transmission is the main method an...

AI Technical Summary

Problems solved by technology

[0004] The defect or deficiency of this method is: the log collection method is relatively simple, and although the passive log transmission method can adapt to the general production environment, but for the high-precision and high-precision security production environment, this method will lose the credibility of its data Value, because the sender under the C / S architecture is easily affected by network fluctuations. If only passive transmission is used to collect logs, when the network environment is unstable, causing network interruptions and network freezes, the log transmission process will be lost. The packet rate rises sharply, and even the socket connection in C / S mode is directly disconnected, causing irreparable losses in the end

Undifferentiated and full collection of logs is likely to generate more logs irrelevant to audit value. When an attacker imposes obfuscation purposes and sends a large number of data packets to the log server, it is prone to service downtime and increased audit difficulty.

The collected log data is not stored in a structured manner, resulting in confusing classification and slow text retrieval

Images