The Research and Implementation of Visual Log Analysis System
|School||Xi'an University of Electronic Science and Technology|
|Keywords||Security Information management Log management Information security Network Log analysis Correlative Analysis|
From the perspective of information security risk management, the auditing system aiming at running logs of the system for all types and logs of network access is an integral part of information security system. Therefore, Log Analysis, as component of security defense system, plays an important role in network security. An effective Log Analysis System, by the overall analysis to log activities, analyses and complements drawbacks in intimidation detection and analysis made by current various types of products. What’s more, it is able to provide effective technological approaches for trace of responsibility and location of breakdown.Based on researching merits and faults existed in the similar sort of products, this paper, in accordance with practical demand and integrating the development of data digging technology, designs and makes the Visual Log Analysis System.Firstly, this paper introduces the basic concept about Log Analysis System and describes in brief the importance of the System. By comparison with some products resembled at home and abroad, this paper describes the trends of the Log Analysis System and discusses the current problems in the log analysis system. And then, by integrating the practical demand proposed by partial enterprises, the basic function to a new type of the Log Analysis System is effectively displayed.On the base of the above-mentioned, this paper designed the Visual Log Analysis System which meets the new demand from clients and described in details the framework of the system, structure of database, the flowchart of the modules for collection and analysis, the structure of the interface for client management and alarming engine interface. It illustrates designing principle of database, discusses the approach of storage for bulk of logs, and puts forward the storing modes based on equipment or time as the basic data diagram. It promotes the system maintainability with increase of consulting efficiency, optimizes the way of collection of data and proposes the mode of integrity of increasing data cache and multithreading perform, extremely broadens the capability of system. What’s more, it puts forward the multi-layer model of the log dealing, which divides the process into receiving, filtering, connecting, analyzing-alarming and storage, and separately describes the flowchart of each layer and crucial dealing ways. The design contrives data structure of partial section by linking analyzing process. It illustrates the designing principle of management program under the log analyzing system and the analyzing in details the designing way of safety module, and lists main function menu. Besides, it states the specific application in the research of linking analysis in connection with key attribution. Moreover, practical design of alarming principle is shown, which displays specific items in the alarming principle as well as detailed usage in the system. It eventually shows the details in real test environment and verifies the function designed of Visual Log Analysis System which is able to attain the practical need of clients.