Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Rapid association classification and hierarchical storage method for network security logs

A hierarchical storage and associated classification technology, applied in the field of data communication, to improve performance, save associated work, and reduce file IO operations

Pending Publication Date: 2022-07-26
深圳市东晟数据有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The main purpose of the present invention is to propose a fast association classification and hierarchical storage method of network security logs, aiming to solve the performance problem of Json log format output

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rapid association classification and hierarchical storage method for network security logs
  • Rapid association classification and hierarchical storage method for network security logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] A method for fast associative classification and hierarchical storage of network security logs proposed in this embodiment includes the following steps:

[0037] S1: Define a log template in XML format according to different application metadata, and the log template includes alarm log information, associated flow log information, application metadata log information, message log information, and file attachment log information;

[0038] Specifically, the template sample is as follows:

[0039]

[0040]

[0041]

[0042]

[0043]

[0044]

[0045]

[0046]

[0047]

[0048]

[0049]

[0050]

...

[0051]

[0052] S2: Associate alarm logs, associated flow logs, application metadata logs, message logs, and file attachment logs through the flow (flow id) and transaction (transaction id) information in the logs. Each alarm log outputs a complete log, which defines the log template is defined as keywords in the output log; refer to the specific assoc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a rapid association classification and hierarchical storage method for network security logs, which comprises the following steps: defining an XML (Extensible Markup Language) format log template according to different application metadata, the log template comprising alarm log information, association flow log information, application metadata log information, message log information and file attachment log information; associating the alarm logs, the associated flow logs, the application metadata logs, the message logs and the file attachment logs together through flow and transaction information in the logs, wherein each alarm log outputs a complete log; performing hierarchical storage mechanism output on logs, including values in alarm log information, associated flow log information, application metadata log information, message log information and file attachment log information; the hierarchical storage mechanism adopts two levels, the first level adopts a memory file system, and the second level adopts an SSD / HD storage system with RAID. According to the technical scheme, the performance problem of Json log format output is solved.

Description

technical field [0001] The invention relates to the technical field of data communication, in particular to a method for fast associative classification and hierarchical storage of network security logs. Background technique [0002] In the field of network security, when network security devices such as IPS / IDS devices analyze the access traffic of the existing network, they can conduct in-depth analysis of the traffic according to the security detection rules issued by the device, and find existing attack behaviors, abnormal logins, and intrusions. Behavior and other behaviors, and then record the related alarm information, flow information, application information, packet information, attachments and other information of these behaviors through the device's own log system for later log auditing system query or forensics. [0003] There are many log output methods in IPS / IDS devices, such as outputting to Syslog, outputting to Redis, and outputting to log files, among whic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L41/069G06F16/35G06F16/18
CPCH04L41/069G06F16/35G06F16/18
Inventor 杨晶亮涂明沈圳王振邦周嘉宜
Owner 深圳市东晟数据有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products