CN105589786A - Management method and apparatus for Windows log - Google Patents
Management method and apparatus for Windows log Download PDFInfo
- Publication number
- CN105589786A CN105589786A CN201510917929.5A CN201510917929A CN105589786A CN 105589786 A CN105589786 A CN 105589786A CN 201510917929 A CN201510917929 A CN 201510917929A CN 105589786 A CN105589786 A CN 105589786A
- Authority
- CN
- China
- Prior art keywords
- daily record
- data
- record data
- log
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/248—Presentation of query results
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0695—Management of faults, events, alarms or notifications the faulty arrangement being the maintenance, administration or management system
Abstract
The invention discloses a management method and apparatus for a Windows log. The method comprises the steps of: collecting log data and system information which need to be managed in a window platform; storing the log data and the system information into a log database, analyzing the log data in the log database, and generating a data analysis result; and carrying out data imaging on the data analysis result to generate a visual image. According to the method, automatic extraction of log information of a device in a network system is achieved, convenience is provided for management and maintenance of the system, and validity of the log is improved.
Description
Technical field
The present invention relates to log management technical field, particularly relate to a kind of Windows daily recordManagement method and device.
Background technology
At present, daily record is an important means obtaining network system situation. And complicated networkSystem is made up of miscellaneous safety means, the network equipment, host computer system and application thereof etc.,Produce a large amount of log informations every day, how it is carried out to unified management, analyze timely to themSeparate system status, find potential threat, and in the very first time, anomalous event is carried out to response fast,It is the key that improves network system overall security.
Windows operating platform, as a kind of operating system of main flow, is often applied to variousOn server and other hardware device, and that the daily record of its generation has legibility is poor, data volumeGreatly, relevance is poor, is easily modified and the feature such as destruction. The event viewer himself providingCan only carry out basic log information and check, directly perceived not. And along with equipment in network quantityConstantly increase, go to check that by platform the method for daily record is also not easy to network system by event viewerAdminister and maintain.
Summary of the invention
The object of this invention is to provide a kind of management method and device of Windows daily record, with realityBe now the log information that automatically extracts equipment in network system, administering and maintaining of system provides justProfit, and improve the validity of daily record.
For solving the problems of the technologies described above, the invention provides a kind of manager of Windows daily recordMethod, the method comprises:
In window platform, collect the daily record data and the system information that need management;
Described daily record data and system information are stored in log database, to log databaseIn daily record data analyze, generated data analysis result;
Data results is carried out to graphical data, generate visual image.
Optionally, daily record data and the system of described collection needs management in window platformBefore information, also comprise:
In log database, daily record data is unified to describe, generate descriptor; DescribedDescriptor comprises daily record data numbering, daily record data title, daily record data size, original dayWill data, goal systems host name and goal systems IP address.
Optionally, daily record data and the system of described collection needs management in window platformAfter information, also comprise:
Described daily record data is backed up.
Optionally, described described daily record data is backed up after, also comprise:
The daily record data process of backup is encrypted, the daily record data of backup is stored in to strange land serviceOn device.
Optionally, described daily record data in log database is analyzed, generated data dividesAnalysing result comprises:
Daily record data in log database is carried out to statistical analysis, filter out garbage, willThe information filtering that system is useless is fallen.
The present invention also provides a kind of management devices of Windows daily record, and this device comprises:
Proxy module is extracted in daily record, for collect the daily record that needs management at window platformData and system information;
Log analysis module, for being stored to daily record data by described daily record data and system informationIn storehouse, the daily record data in log database is analyzed generated data analysis result;
Graphical data module, for data results is carried out to graphical data, generation canDepending on change image.
Optionally, described daily record is extracted proxy module and is also comprised:
Daily record description unit, at log database, daily record data being unified to describe,Generate descriptor; Described descriptor comprises daily record data numbering, daily record data title, dayWill size of data, original log data, goal systems host name and goal systems IP address.
Optionally, described device also comprises:
Log backup module, for backing up described daily record data.
Optionally, described Log backup module also comprises:
Backup ciphering unit, for encrypting the daily record data process of backup, to the daily record of backupData are stored on the server of strange land.
Optionally, described log analysis module comprises:
Memory cell, for being stored to log database by described daily record data and system informationIn;
Screening unit, for the daily record data of log database is carried out to statistical analysis, screeningGo out garbage, by system useless information filtering fall.
The management method of a kind of Windows daily record provided by the present invention and device, at windowIn platform, collect the daily record data and the system information that need management; By described daily record data and systemInformation is stored in log database, and the daily record data in log database is analyzed, rawBecome data results; Data results is carried out to graphical data, generate visual image.Visible, the daily record data of windows platform is collected to extraction, carry out analyzing and processing formationPatterned image form, for the maintenance and management of network system is provided convenience, and will processGood log store, in log database, daily record data is carried out to statistical analysis, screens out nothingBy information, form visual figure, offer log management personnel, for the management of system andMaintenance is provided convenience. And daily record is carried out to intelligentized analysis and screening, so when beingSystem can obtain Useful Information while breaking down the very first time, has improved the validity of daily record.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, belowTo the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, aobvious andEasily insight, the accompanying drawing in the following describes is only embodiments of the invention, common for this areaTechnical staff, is not paying under the prerequisite of creative work, can also be attached according to what provideFigure obtains other accompanying drawing.
Fig. 1 is the flow chart of the management method of a kind of Windows daily record provided by the present invention;
Fig. 2 is the structural representation of the management devices of a kind of Windows daily record provided by the present inventionFigure;
Fig. 3 is daily record data analysis process figure.
Detailed description of the invention
Core of the present invention is to provide a kind of management method and device of Windows daily record, with realityNow automatically extract the log information of equipment in network system, for administering and maintaining of system provides justProfit, and improve the validity of daily record.
In order to make those skilled in the art person understand better the present invention program, below in conjunction with thisAccompanying drawing in inventive embodiments, carries out clear, complete to the technical scheme in the embodiment of the present inventionGround is described, and obviously, described embodiment is only the present invention's part embodiment, instead ofWhole embodiment. Based on the embodiment in the present invention, those of ordinary skill in the art are not havingMake the every other embodiment obtaining under creative work prerequisite, all belong to the present invention's protectionScope.
Please refer to Fig. 1, Fig. 1 is the manager of a kind of Windows daily record provided by the present inventionThe flow chart of method, the method comprises:
S11: collect the daily record data and the system information that need management in window platform;
Wherein, in window platform collect need management daily record data and system information itBefore, in log database, daily record data is unified to describe, generate descriptor; DescribeInformation comprises daily record data numbering, daily record data title, daily record data size, original log numberAccording to, goal systems host name and goal systems IP address.
S12: daily record data and system information are stored in log database, to daily record dataDaily record data in storehouse is analyzed, generated data analysis result;
Wherein, the daily record data in log database is analyzed generated data analysis resultProcess be specially: the daily record data in log database is carried out to statistical analysis, filters out nothingWith letter, by system useless information filtering fall. Wherein, garbage refers to useless daily recordData, by system useless information filtering fall by useless daily record data to filter out.
Wherein, in window platform collect need management daily record data and system information itAfter, also comprise: daily record data is backed up. After daily record data is backed up, to standbyThe daily record data process of part is encrypted, the daily record data of backup is stored on the server of strange land, asThis carries out back-up processing, has improved the stability of system.
S13: data results is carried out to graphical data, generate visual image.
Concrete, daily record data is stored in the middle of log database, by daily record data is enteredRow is analyzed and statistics, and the daily record data obtaining is generated and analyzes a certain amount of data result, and canGenerate visualized graphs by graphical data module, offer log analysis administrative staff. GenerateVisual image comprises the patterned image form of generation.
In log database, store log information tables of data, daily record carried out to unified description,Log information numbering, log information name, daily record size, original log data, target are comprisedThe fields such as system host, goal systems IP address.
Above method, detailed, the journal file that may exist in search goal systems is daily recordData, while obtaining filename, size, creation-time, modification time, the access of journal fileBetween and deposit position and MD5 value, and the journal file of collecting is write with certain formatFile. Described form preferably writes with behavior unit, between each information field to cut apart.Carry out the encrypted backup of fixed time point. According to setting the time point of specifying, carry out one automaticallyThe server remote backup of fixing time. There are abnormal feelings even if can ensure like this at local agentUnder condition, also can carry out according to the backup information of service end inquiry and the extraction of daily record, described encryptionThe use DEA symmetric encipherment algorithm of optimal algorithm selection.
To collect come daily record data time, can preset some keywords, such as system is requiredTime period, IP address, user name, type, source, the agreement of use etc., according to theseKeyword, simultaneously in conjunction with log file formats, adopts association analysis algorithm to divide daily record dataAnalyse, concrete daily record data analysis process is: by the daily record data gathering according to the keyword time,Type, time filter, and will the useless data filtering of native system be fallen; According to primary attribute pairDaily record data after filtration merges, by the thing of time, different user ID that type is identicalPart is regarded as the daily record data of same attribute, merges into a single whole; The daily record data of handling well is dividedDo not rearrange arrangement according to type, time, date, source, event; Finally according toDaily record data is carried out association analysis by primary attribute time and type.
Because traditional Windows system journal legibility is poor, data volume is large, and relevance is poor,Easily be modified and destroy, and in the time that the equipment being managed is more and more, the management of daily record is more nextMore inconvenient. And the method has realized the automatic collection to a large amount of host side daily records in network, analyze,Greatly alleviate system manager's work load; To daily record carried out intelligentized analysis andScreening can be obtained Useful Information the very first time in the time that system breaks down, and has improved daily recordValidity; Daily record is carried out to back-up processing, improved the stability of system.
The management method of a kind of Windows daily record provided by the present invention, at window platformThe daily record data that middle collection need to be managed and system information; By daily record data and system information storageTo log database, the daily record data in log database to be analyzed, generated data dividesAnalyse result; Data results is carried out to graphical data, generate visual image. It is visible,The daily record data of windows platform is collected extraction by the method, carries out analyzing and processing formationPatterned image form, for the maintenance and management of network system is provided convenience, and will processGood log store, in log database, daily record data is carried out to statistical analysis, screens out nothingBy information, form visual figure, offer log management personnel, for the management of system andMaintenance is provided convenience. And daily record is carried out to intelligentized analysis and screening, when system goes outWhen existing fault, can the very first time obtain Useful Information, improve the validity of daily record.
Please refer to Fig. 2, Fig. 2 is the management dress of a kind of Windows daily record provided by the present inventionThe structural representation of putting, this device comprises:
Proxy module 101 is extracted in daily record, for collecting the day that needs management at window platformWill data and system information;
Log analysis module 102, for being stored to daily record data by daily record data and system informationIn storehouse, the daily record data in log database is analyzed generated data analysis result;
Graphical data module 103, for data results is carried out to graphical data, rawBecome visual image.
Optionally, daily record is extracted proxy module and is also comprised: daily record description unit, and in daily recordIn database, daily record data is unified to describe, generate descriptor; Descriptor comprises dayWill data number, daily record data title, daily record data size, original log data, target systemSystem host name and goal systems IP address.
Described device also comprises: Log backup module, and for daily record data is backed up.
Wherein, Log backup module also comprises: backup ciphering unit, and for the daily record to backupData process is encrypted, and the daily record data of backup is stored on the server of strange land.
Log analysis module comprises:
Memory cell, for being stored to log database by daily record data and system information;
Screening unit, for the daily record data of log database is carried out to statistical analysis, screeningGo out garbage, by system useless information filtering fall. Wherein, garbage refers to uselessDaily record data, by system useless information filtering fall by useless daily record data to filter out.
Concrete, proxy module is extracted in daily record, is installed on the host side that need to extract daily record, negativeDuty is extracted daily record and the system information in main frame, and daily record data is transferred to log analysis moduleIn.
Log analysis module is screened analysis generation to extracting the host log data of collectingA certain amount of data result, and generate visualized graphs by datumization image module, offer dayWill analysis management personnel are responsible for storing log information into daily record data with unified form simultaneouslyIn storehouse. In log database, defined the Log Types and the form that need storage, specification is all kinds ofSame log information data, carry out unified description to all kinds of daily records, facilitate carrying of log informationGet backup and analysis.
Detailed, daily record extract proxy module can carry out daily record extraction, system information acquisition,Local Log backup and daily record data transmission. Log analysis module can be carried out log data acquisition,Log backup storage, daily record data analysis, daily record data statistics, graphical data. Daily record is carriedDelivery piece, log analysis module is connected by network mode with data image module.
Detailed, the present invention comprises daily record and extracts proxy module, log analysis module, datagramShape module three part compositions. It is that agent side is extracted in daily record that proxy module is extracted in daily record, and daily record dividesAnalysing module is log analysis server. Daily record extract agent side comprise system journal extraction module,System information acquisition module, local Log backup module and daily record data transport module, compriseFour modules. Log analysis server comprises log data acquisition module, Log backup storage mouldPiece, daily record data analysis module, daily record data statistical module and extraction proxy management module.
When system works, the main frame that will extract daily record is connected with log analysis server, andInstallation log agent side software on agent side is extracted in daily record, can be led to by log analysis server afterwardsCrossing extraction proxy management module is managed for configuration daily record extraction proxy. In generation, is extracted in daily recordSystem journal extraction module and system information acquisition module in reason end are extracted the system day in main frameWill and system information, system journal is daily record data, by daily record data transport module by daily recordData and system information transmissions arrive in the middle of log analysis server, simultaneously local Log backup moduleAt main frame, the daily record data extracting is carried out to local backup. Log analysis server is by daily record numberAccording to acquisition module, the information in system journal extraction module and system information acquisition module is added,And store in the middle of log database by Log backup memory module, analyze by daily record dataModule and daily record data statistical module generate daily record data to analyze a certain amount of data result, byGraphical data module generates visualized graphs, offers log analysis administrative staff.
Wherein, the journal file that may exist in system journal extraction module search goal systems,Obtain filename, size, creation-time, modification time, the access time of journal file and depositPut position and MD5 value, and the journal file information of collecting is write to literary composition with certain formatPart. Described form preferably writes with behavior unit, between each information field to cut apart. SystemSystem information acquisition module obtains goal systems configuration information, the main frame of windows operating systemThe information such as name, IP address, MAC Address, gateway address, for later daily record data is subject to matterWhen doubtful, can simulated target system provide foundation. Wherein, local Log backup module is specifiedThe encrypted backup of time point. According to setting the time point of specifying, carry out automatically certain hourServer remote backup. Even if can ensure like this to occur abnormal in the situation that at local agent, alsoCan carry out according to the backup information of service end inquiry and the extraction of daily record. Described AES is preferredUse DEA symmetric encipherment algorithm.
Daily record data transport module utilizes specification to define to the data of these journal filesLog information tables of data is carried out specification collection to system log message, then utilizes procotol pairLog information is encrypted transmission, and is kept in database. Described procotol is preferablyICP/IP protocol. Log data acquisition module major function is by system journal extraction module and isInformation in system information acquisition module is added and preserves into database, and by comparing MD5 valueJudge the integrality of journal file. When next daily record data is collected in the analysis of daily record data analysis module,Can preset some keywords, such as required time period of system, IP address, user name,The agreement of type, source, use etc., according to these keywords simultaneously in conjunction with log file formats,Adopt association analysis algorithm to carry out query analysis to daily record data table, detailed process as shown in Figure 3,Fig. 3 is daily record data analysis process figure, and detailed, detailed process is as follows:
(1) original log data message log data acquisition module being obtained is according to keywordTime, type, time filter, by native system useless information filtering fall.
(2) according to primary attribute, the information after filtering is merged, by time, type identicalThe event of different user ID regard as the information of same attribute, merge into a single whole.
(3) by the daily record data information of handling well respectively according to type, time, date, comeSource, event rearrange arrangement.
(4) finally according to primary attribute time and type, daily record data information is carried out to association analysis.
(5) repeat (2)~(4) step according to the time period of specifying, to required daily record dataInformation is analyzed.
Above-mentioned daily record data information is daily record data, and daily record data statistical module is by daily recordThe result that data analysis module is analyzed, according to specified keyword time and type to daily record numberAccording to effectively adding up. Extracting proxy management module is that agent side and log analysis are extracted in daily recordThe connection tie of server, it reads the log information coming from agent side transmission, and daily record is believedBreath transfers to other module of log analysis server to use, and has ensured the unimpeded connection of whole system.
Because traditional Windows system journal legibility is poor, data volume is large, and relevance is poor,Easily be modified and destroy, and in the time that the equipment being managed is more and more, the management of daily record is more nextMore inconvenient. And this device has been realized the automatic collection to a large amount of host side daily records in network, analyze,Greatly alleviate system manager's work load; To daily record carried out intelligentized analysis andScreening can be obtained Useful Information the very first time in the time that system breaks down, and has improved daily recordValidity; Daily record is carried out to back-up processing, improved the stability of system.
The management devices of a kind of Windows daily record provided by the present invention, daily record is extracted and is acted on behalf of mouldPiece is collected the daily record data and the system information that need management in window platform; Log analysisModule is stored to daily record data and system information in log database, in log databaseDaily record data is analyzed, generated data analysis result; Graphical data module is by data analysisResult is carried out graphical data, generates visual image. Visible, this device is flat by WindowsThe daily record data of platform is collected extraction, and carry out analyzing and processing and form patterned image form,For the maintenance and management of network system is provided convenience, and the log store of handling well is arrived to daily recordIn database, so that daily record data is carried out to statistical analysis, screen out garbage, form visualFigure, offer log management personnel, for administering and maintaining of system provided convenience. AndAnd daily record has been carried out to intelligentized analysis and screening, so can in the time that system breaks downOne time was obtained Useful Information, had improved the validity of daily record.
Management method to a kind of Windows daily record provided by the present invention and device enter aboveGo detailed introduction. Having applied specific case herein enters principle of the present invention and embodimentGone elaboration, the explanation of above embodiment is just for helping to understand method of the present invention and core thereofThought is thought. It should be pointed out that for those skilled in the art, do not departing fromUnder the prerequisite of the principle of the invention, can also carry out some improvement and modification to the present invention, these changeEnter and modify in the protection domain that also falls into the claims in the present invention.
Claims (10)
1. a management method for Windows daily record, is characterized in that, comprising:
In window platform, collect the daily record data and the system information that need management;
Described daily record data and system information are stored in log database, to log databaseIn daily record data analyze, generated data analysis result;
Data results is carried out to graphical data, generate visual image.
2. the method for claim 1, is characterized in that, described at window platformBefore daily record data and system information that middle collection need to be managed, also comprise:
In log database, daily record data is unified to describe, generate descriptor; DescribedDescriptor comprises daily record data numbering, daily record data title, daily record data size, original dayWill data, goal systems host name and goal systems IP address.
3. the method for claim 1, is characterized in that, described at window platformAfter daily record data and system information that middle collection need to be managed, also comprise:
Described daily record data is backed up.
4. method as claimed in claim 3, is characterized in that, described to described daily record numberAfter backing up, also comprise:
The daily record data process of backup is encrypted, the daily record data of backup is stored in to strange land serviceOn device.
5. the method as described in any one in claim 1 to 4, is characterized in that, instituteState the daily record data in log database is analyzed, generated data analysis result comprises:
Daily record data in log database is carried out to statistical analysis, filter out garbage, willThe information filtering that system is useless is fallen.
6. a management devices for Windows daily record, is characterized in that, comprising:
Proxy module is extracted in daily record, for collect the daily record that needs management at window platformData and system information;
Log analysis module, for being stored to daily record data by described daily record data and system informationIn storehouse, the daily record data in log database is analyzed generated data analysis result;
Graphical data module, for data results is carried out to graphical data, generation canDepending on change image.
7. device as claimed in claim 6, is characterized in that, agency is extracted in described daily recordModule also comprises:
Daily record description unit, at log database, daily record data being unified to describe,Generate descriptor; Described descriptor comprises daily record data numbering, daily record data title, dayWill size of data, original log data, goal systems host name and goal systems IP address.
8. device as claimed in claim 6, is characterized in that, described device also comprises:
Log backup module, for backing up described daily record data.
9. device as claimed in claim 8, is characterized in that, described Log backup moduleAlso comprise:
Backup ciphering unit, for encrypting the daily record data process of backup, to the daily record of backupData are stored on the server of strange land.
10. as the device as described in any in claim 6 to 9, it is characterized in that, described inLog analysis module comprises:
Memory cell, for being stored to log database by described daily record data and system informationIn;
Screening unit, for the daily record data of log database is carried out to statistical analysis, screeningGo out garbage, by system useless information filtering fall.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510917929.5A CN105589786A (en) | 2015-12-10 | 2015-12-10 | Management method and apparatus for Windows log |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510917929.5A CN105589786A (en) | 2015-12-10 | 2015-12-10 | Management method and apparatus for Windows log |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105589786A true CN105589786A (en) | 2016-05-18 |
Family
ID=55929385
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510917929.5A Pending CN105589786A (en) | 2015-12-10 | 2015-12-10 | Management method and apparatus for Windows log |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105589786A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106027558A (en) * | 2016-07-04 | 2016-10-12 | 安徽天达网络科技有限公司 | Strong-safety system log implementation method |
CN106250299A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing method of Linux daily record |
CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
CN106411582A (en) * | 2016-09-20 | 2017-02-15 | 上海爱数信息技术股份有限公司 | Method and system for collecting system logs of servers, and servers |
CN106570057A (en) * | 2016-09-29 | 2017-04-19 | 上海爱数信息技术股份有限公司 | Automatic integration and filtering method of computer logs and system |
CN107330063A (en) * | 2017-06-29 | 2017-11-07 | 环球智达科技(北京)有限公司 | The method exported for daily record |
CN107894940A (en) * | 2017-11-09 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of log analysis device and method |
CN108304528A (en) * | 2018-01-25 | 2018-07-20 | 郑州云海信息技术有限公司 | One kind encrypting methods of exhibiting based on Windows server logs |
CN113641564A (en) * | 2021-08-17 | 2021-11-12 | 孙佳晨 | Management method for monitoring log backup in real time |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780726A (en) * | 2011-05-13 | 2012-11-14 | 中兴通讯股份有限公司 | Log analysis method and log analysis system based on WEB platform |
US20150256551A1 (en) * | 2012-10-05 | 2015-09-10 | Myoung Hun Kang | Log analysis system and log analysis method for security system |
CN104951529A (en) * | 2015-06-16 | 2015-09-30 | 焦点科技股份有限公司 | Interactive analyzing method for website logs |
-
2015
- 2015-12-10 CN CN201510917929.5A patent/CN105589786A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780726A (en) * | 2011-05-13 | 2012-11-14 | 中兴通讯股份有限公司 | Log analysis method and log analysis system based on WEB platform |
US20150256551A1 (en) * | 2012-10-05 | 2015-09-10 | Myoung Hun Kang | Log analysis system and log analysis method for security system |
CN104951529A (en) * | 2015-06-16 | 2015-09-30 | 焦点科技股份有限公司 | Interactive analyzing method for website logs |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106027558A (en) * | 2016-07-04 | 2016-10-12 | 安徽天达网络科技有限公司 | Strong-safety system log implementation method |
CN106250299A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing method of Linux daily record |
CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
CN106411582A (en) * | 2016-09-20 | 2017-02-15 | 上海爱数信息技术股份有限公司 | Method and system for collecting system logs of servers, and servers |
CN106570057A (en) * | 2016-09-29 | 2017-04-19 | 上海爱数信息技术股份有限公司 | Automatic integration and filtering method of computer logs and system |
CN107330063A (en) * | 2017-06-29 | 2017-11-07 | 环球智达科技(北京)有限公司 | The method exported for daily record |
CN107894940A (en) * | 2017-11-09 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of log analysis device and method |
CN108304528A (en) * | 2018-01-25 | 2018-07-20 | 郑州云海信息技术有限公司 | One kind encrypting methods of exhibiting based on Windows server logs |
CN113641564A (en) * | 2021-08-17 | 2021-11-12 | 孙佳晨 | Management method for monitoring log backup in real time |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105589786A (en) | Management method and apparatus for Windows log | |
US10122575B2 (en) | Log collection, structuring and processing | |
CN104063473B (en) | A kind of database audit monitoring system and its method | |
CN109902072A (en) | A kind of log processing system | |
CN108268485B (en) | Log real-time analysis method and system | |
CN105204922B (en) | A kind of data acquisition platform client acquisition method | |
CN107229556A (en) | Log Analysis System based on elastic components | |
CN107273267A (en) | Log analysis method based on elastic components | |
CN108667666A (en) | A kind of intelligent O&M method and its system based on visualization technique | |
Spyridopoulos et al. | Incident analysis & digital forensics in SCADA and industrial control systems | |
CN106254096A (en) | A kind of processing means of Linux daily record | |
CN106534146A (en) | Safety monitoring system and method | |
CN108052358B (en) | Distributed deployment system and method | |
CN103166788B (en) | A kind of collection control Control management system | |
CN103036905A (en) | Method and device of enterprise network safety analysis | |
CN105376077A (en) | Network behavior information processing method, log transmitting method, network behavior information processing device and system | |
CN104700024A (en) | Method and system for auditing operational order of Unix-type host user | |
CN106250299A (en) | A kind of processing method of Linux daily record | |
CN113065026A (en) | Intelligent abnormal event detection system, method and medium based on security micro-service architecture | |
US20180295145A1 (en) | Multicomputer Digital Data Processing to Provide Information Security Control | |
CN104376254A (en) | Method and system for auditing log | |
CN104506519A (en) | Web site access security audit method for MIPS (Million Instructions Per Second) platform | |
CN204350172U (en) | A kind of video surveillance applications system | |
CN106027558A (en) | Strong-safety system log implementation method | |
CN112860471A (en) | Business operation log auditing and alarming method and system based on decision flow |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160518 |
|
RJ01 | Rejection of invention patent application after publication |