Journal accounting method and system

Abstract

The invention discloses a log statistical method, including log collecting and resolving step, log storing step, intermediate result regular generating step and statistical result generating step, and concretely speaking, collecting log from a device, resolving the received original log sent by the device into the one able to be identified by a log statistical system; collecting statistical dimension data of the log and storing them into a dictionary list, and adding the log as record to a log list; dividing the log into sets according to the time and statistical dimension data, making calculation on the sets and obtaining the intermediate result and then storing it to an intermediate list; determining statistical conditions and obtaining statistical result by the intermediate list. The invention can be applied to information safety field, able to raise log statistical speed and reduce the complexity in maintaining statistical dimension data of the log.

Description

technical field [0001] The invention relates to the field of computer information security, in particular to a method and system for processing log data. Background technique [0002] With the development of information technology, the amount of data is increasing rapidly, and the accumulation of data is also increasing. Security is an important consideration in data transmission, exchange and processing. For this reason, many devices related to information processing (such as firewalls, intrusion detection systems, routers and servers, etc.) will generate logs, which record Various things happen on the device and in the network every day, and the status of each device and the entire network can be understood through the query and statistics of the logs. [0003] If the amount of logs is relatively small (hundreds or less), experienced administrators can read one by one to find out the abnormalities, find the event logs of concern and count the data. However, in the field ...

AI Technical Summary

Problems solved by technology

The second type of statistical dimension data can be further divided into two categories: one type is stable and will not change during system operation, such as network protocols, the processing method of this type of statistical dimension data is relatively simple; the other type is constantly changing , such as user names, virus names, intrusion attack names, etc., due to the addition and deletion of users, the upgrade of virus signature databases and intrusion attack signature databases when each device is in use, these statistical dimension data are constantly changing, which can be called dynamic Statistical dimension data, the existing technology directly processes the log table and directly performs statistical calculations from the log table, which makes the processing of dynamic statistical dimension data more complicated and the operation speed of the audit system is low

[0006] At the same time, with the development of the network and a large number of servers using DNS round robin to achieve load balancing, it is usually impossible to understand the situation in a comprehensive

Images