Security log collection and analysis method, device and equipment and medium

An analysis method and log technology, which is applied in the field of security log collection and analysis, can solve the problems of high development cost, difficulty in analysis and use, separation of regular expressions and variables, etc., and achieve the effect of efficient processing

Active Publication Date: 2019-09-27
浙江乾冠信息安全研究院有限公司
View PDF10 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to solve network security problems, security vendors provide a variety of security devices, such as firewalls, intrusion detection systems, security audit systems, etc., but with the widespread deployment of security devices, it also brings corresponding problems, such as continuous operation The security devices of different security devices will generate a large amount of security logs, and the analysis of security logs is very complicated, and the formats of security logs generated by different security devices provided by different security vendors are also different, so it is difficult to use a unified method to analyze and use
[0003] The traditional log analysis solution generally uses XML configuration files to parse security logs, but there are the following problems in using XML configuration files to parse security logs: 1. The XML configuration files are cumbersome and inconvenient to maintain; 2. The regular expressions and Variables are separated and need to be specified by index. When the log is too long, it is easy to make mistakes; 3. The development cost is relatively high, and the configuration file is not easy to understand

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security log collection and analysis method, device and equipment and medium
  • Security log collection and analysis method, device and equipment and medium
  • Security log collection and analysis method, device and equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] This embodiment provides a method for collecting and analyzing security logs, which aims to formulate different types of analysis rules according to different scenarios and different types of security logs, and write different analysis rules into the analysis configuration file to realize the analysis of different types of security logs. unified processing.

[0033] According to the above principles, the security log collection and analysis method is introduced, as follows: figure 1 Shown:

[0034] The security log collection and analysis method specifically includes the following steps:

[0035] receive security logs;

[0036] Generate a parsing configuration file according to the formulated parsing rules;

[0037] The security log is parsed by using the parsing configuration file, and the parsed security log is stored.

[0038] In this embodiment, the syslog server is used as the log accepting server to complete the receiving of the security log. The syslog server...

Embodiment 2

[0054] Embodiment 2 discloses a device corresponding to the security log collection and analysis method in Embodiment 1, which is the virtual device structure of the above embodiment, please refer to figure 2 shown, including:

[0055] A log acquisition module 310, configured to receive a security log;

[0056] The log analysis module 320 is configured to generate an analysis configuration file according to the analysis rules, and utilize the analysis configuration file to complete security log analysis;

[0057] The result output module 330 is configured to output a security log analysis result and store the security log analysis result.

Embodiment 3

[0059] Figure 4 A schematic structural diagram of an electronic device provided by Embodiment 3 of the present invention, such as Figure 4 As shown, the electronic device includes a processor 410, a memory 420, an input device 430, and an output device 440; the number of processors 410 in a computer device may be one or more, Figure 4 Take a processor 410 as an example; the processor 410, memory 420, input device 430 and output device 440 in the electronic device can be connected by bus or other methods, Figure 4 Take connection via bus as an example.

[0060] The memory 420, as a computer-readable storage medium, can be used to store software programs, computer executable programs and modules, such as program instructions / modules corresponding to the security log collection and analysis method in the embodiment of the present invention (for example, a security log collection and analysis device The log acquisition module 310, the log parsing module 320 and the result ou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security log collection and analysis method, relates to the field of information security processing, and achieves the analysis of security logs in different formats through formulating different analysis rules. The method comprises the following steps: receiving a security log; generating an analysis configuration file according to the formulated analysis rule; and analyzing the security log by using the analysis configuration file, and storing the analyzed security log. The invention further discloses a security log collecting and analyzing device, electronic equipment and a computer storage medium, so that security logs of different formats are analyzed.

Description

technical field [0001] The present invention relates to the field of information security processing, in particular to a method, device, equipment and medium for collecting and analyzing security logs. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but it has also brought about information security issues. In order to solve network security problems, security vendors provide a variety of security devices, such as firewalls, intrusion detection systems, security audit systems, etc., but with the widespread deployment of security devices, it also brings corresponding problems, such as continuous operation The security devices of different security devices will generate massive security logs, and the analysis of security logs is very complicated, and the formats of security logs generated by different security devices provided by different security vendors are also different,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/18G06F16/10
CPCG06F16/10G06F16/1815
Inventor 董超姜峰蒋希敏刘雷陶明亮
Owner 浙江乾冠信息安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap