1、 I 网络安全审计系统中日志的分析及处理 摘要 复杂网络系统在运行过程中会产生大量的日志数据,这些日志包含了关于网络运行、 安全及状态等方面的数据。 网络安全审计系统正是顺应了网络安全管理的潮流, 通过综合 审计技术使网络安全体系的各模块做到资源整合,协调一致,达到整体安全控制的效果。 网络安全审计系统把日志记录存储在数据库中, 用户通过用户控制台来审计分析数据库日 志, 这不仅能够有效地审计系统的安全, 同时避免了处理庞大的日志数据而浪费大量系统 资源。 本课题主要研究的是网络安全审计系统中日志的分析及处理。 通过对不同类型日志进 行数据清理和数据归并, 达到网络安全日志的统一格式化, 在保
2、留各自安全产品个性的同 时消除其冗余和复杂配置的差异。 这为日志的审计提供了大量有效的日志数据。 在此基础 上,用户可以按不同的日志类型来查询数据,也可以按不同的组合字段模糊查询并选择合 适的数据表导出备份。 系统采用.NET 开发平台,开发语言选择 C#,数据库服务器选用 SQL Server2005,从 而实现网络安全审计系统中日志的分析及处理。 关键词:网络安全审计系统;日志的分析及处理;.NET;数据清理;数据归并 II THE LOG ANALYSIS AND PROCESSING IN THE SYSTEM OF NETWORK SECURITY AUDIT Abstract Co
3、mplex network system will produce a large amount of log data in the processing of operation. These logs contain information about the network operation, security and state of the data. The system of network security audit is conform to the trend of network security management, which through the comp
4、rehensive audit technique makes each module of the network security system to achieve integration and coherence of resources, then achieves the effect of overall safety control. Network security audit system stores log records in a database. Users audit and analysis logs through the user console ,wh
5、ich can not only audit the systems security more effectively, but also avoid processing huge log data and wasting a large amount of system resources. The main subject of the study is log analysis and treatment of the network security auditing system. Through the data cleaning and data merging of dif
6、ferent types of log, we can get a unified format of network security log, at the same time , eliminate the redundancy and differences in their complex configuration while retaining their individuality of security products. This provides a valid log data to the log audit. On this basis, the system support data query according to different type of log and fuzzy inquiry according to different combinations of fields. Users can also select appropriate data tables to export and back up . The system
