CN1996876A - Distributed Audit System - Google Patents

Distributed Audit System Download PDF

Info

Publication number
CN1996876A
CN1996876A CN 200610061404 CN200610061404A CN1996876A CN 1996876 A CN1996876 A CN 1996876A CN 200610061404 CN200610061404 CN 200610061404 CN 200610061404 A CN200610061404 A CN 200610061404A CN 1996876 A CN1996876 A CN 1996876A
Authority
CN
China
Prior art keywords
audit
module
data
communication module
unit
Prior art date
Application number
CN 200610061404
Other languages
Chinese (zh)
Other versions
CN100454842C (en
Inventor
申屠青春
阮伟军
林飞
Original Assignee
深圳市中科新业信息科技发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中科新业信息科技发展有限公司 filed Critical 深圳市中科新业信息科技发展有限公司
Priority to CN 200610061404 priority Critical patent/CN100454842C/en
Publication of CN1996876A publication Critical patent/CN1996876A/en
Application granted granted Critical
Publication of CN100454842C publication Critical patent/CN100454842C/en

Links

Abstract

This invention relates to one distribution audit system, which comprises multiple audit units to form one downward tree structure distribution network and to form upper and down link with upper audit unit sending order and strategy data to down audit unit and with downward audit unit sending log data to upper audit unit. This invention distribution audit system connects multiple audit units to form one degreed distribution audit network.

Description

分布式审计系统 Distributed Audit System

技术领域 FIELD

本发明涉及网络技术领域,尤其涉及一种适用于网络完全审计的分布式审计系统。 The present invention relates to network technologies, and particularly to a suitable network audit fully distributed auditing system.

背景技术 Background technique

随着互联网技术的飞速发展和广泛应用,现在的网络里部署着大量的网络安全审计产品,这些网络审计产品根据其审计的业务、环境等分为不同的类别。 With the rapid development of Internet technology and a wide range of applications, the network is now deployed a large number of network security audit products, network audit these products are divided into different categories based on its audit business environment. 比如在银行里有针对金融业务进行审计的金融网络审计系统,在学校、网吧里有防止用户访问非法网站、资源的绿色上网监控系统,在电信行业里有对主干网络进行审计的高速网络审计系统,在公安机关里有网络犯罪行为审计与报警系统,在企业中有针对各种企业内部业务(OA、邮件、文件共享等)进行审计的系统(如中国第200410014138.3号专利揭示的基于构件的桌面监控审计系统)等等。 For example, have in the bank financial network auditing systems for the financial services audit, in schools, Internet cafes to prevent users from accessing illegal sites, resources Green Internet monitoring system, there are in the telecommunications industry in high-speed network audit system for the backbone network audit there cybercrime audit and alarm system in the public security organs, there for a variety of internal business (OA, e-mail, file sharing, etc.) audit system in the enterprise (such as Chinese patent No. 200410014138.3 discloses a component-based desktop monitoring audit system) and so on.

然而,上述这些现有网络安全审计产品仅针对各个行业里的业务应用数据和网络环境进行审计,其保存的数据内容各不相同,而同类型产品的情况下不同的厂家的产品的数据格式也不尽相同。 However, these products are only existing network security audit for each industry business applications and network environment audit data, save the data vary in content, but different manufacturers of the products of the same type of product in the case of data formats not exactly. 在这样的情况下,导致要对所有类型和格式的数据进行统一管理非常困难,而在现实需求中又往往要实现对多种业务的统一管理和分析,比如企业、学校网吧有可能需要把审计数据提供给公安的网络犯罪行为审计与报警系统进行犯罪嫌疑人的调查分析。 In this case, lead to very difficult to unified management of all data types and formats, but in reality they are often in demand to achieve unified management and analysis of a variety of services, such as businesses, schools, Internet cafes may need to audit data provided to the police crime investigation and analysis of network audit conducted suspects and alarm system. 目前还没有审计产品对各种数据进行统一处理。 There is no audit product various data centrally.

其次,各个部署的审计产品之间可能存在上下级关系,比如省厅的公安机关网络犯罪行为审计与报警系统与各个地市的公安机关网络犯罪行为审计与报警系统就属于上下级关系,而上级往往需要同时对多个下级进行统一控制和管理,并发送统一的应用策略,比如公安机关经常需要对某个区域内的所有审计系统设置相同的敏感关键字过滤策略,而目前现有的审计产品还没有多级的概念,无法实现上级对下级的控制。 Secondly, there is between the various audit products may deploy superior-subordinate relationship, such as the public security organs cybercrime ministries and agencies Audit and alarm systems and public security organs crime network in various cities of the audit and alarm systems belong to the superior-subordinate relationship, the higher At the same time often requires multiple subordinate unified control and management, and to send a unified application strategy, such as public security authorities often need to set the same sensitive keyword filtering policies for all audit system in an area, and currently available audit products No multiple levels of concept, can not achieve superior control over subordinates.

再次,针对各种高速网络(如电信的主干网络)的进行审计的时候,由于网络的数据量过大,现有的高速网络审计系统由于功能单一、性能有限,无法保存所有的网络数据,导致很难保证审计的正确率,难以满足审计要求。 Again, for the audit of various high-speed network (such as the telecommunications backbone network), because of the excessive data network, the existing high-speed network audit system due to the single function, performance is limited, we can not save all of the data network, resulting in difficult to ensure the accuracy of the audit, it is difficult to satisfy audit requirements.

发明内容 SUMMARY

为了克服现有网络审计产品无法实现上级对下级的控制以及无法满足高速网络审计要求的不足,本发明提供一种分布式审计系统,其不仅可实现上级对下级的控制,而且能满足高速网络审计要求。 In order to overcome the existing network auditing product can not be achieved, and superior to subordinate control can not meet the requirements of high-speed network audit deficiencies, the present invention provides a distributed auditing system, which can be achieved not only superior to the lower control, and to meet high-speed network audit Claim.

为解决上述技术问题,本发明所采用的技术方案是:提供一种分布式审计系统,所述分布式审计系统包括多个审计单元,所述多个审计单元构建成一个向下的树形结构的分布式网络,并形成上下级关系,上级审计单元向下级审计单元传递命令和策略数据,下级审计单元向上级审计单元传递审计日志数据。 To solve the above technical problem, the technical solution employed in the present invention are: to provide a distributed auditing system, the audit system comprises a distributed plurality of audit unit constructed as a plurality of auditing a downward tree structure units a distributed network, and is formed on the subordinate relationship, superior auditing unit transmitting data to a lower order, and auditing strategies unit, the lower unit transmitting audit data to the audit log superior auditing unit.

所述每个审计单元分别包括服务器通讯模组和客户端通讯模组,上级审计单元的服务器通讯模组与至少一个下级审计单元的客户端通讯模组连接通讯。 Each audit units each comprising a server and a client communication module communication module, communication module superior auditing server unit and the client at least a communication module connected to the communication unit is lower audit.

所述下级审计单元的客户端通讯模组仅与一个上级审计单元的服务器通讯模组连接通讯。 The lower unit audit client communication module connected only to communicate with the server communication module a superior auditing unit.

所述服务器通讯模组与客户端通讯模组的连接过程使用TCP/IP协议。 The server communication module and a communication module connected to the client process using the TCP / IP protocol.

所述审计单元还包括一控制中心模组,该审计单元内部的服务器通讯模组和客户端通讯模组通过该控制中心模组连接并交换数据。 The audit unit further comprises a central control module, the internal audit server unit and the client communication module and communication module connected to the control center via the data exchange module.

所述审计单元还包括一数据接口模组,其与客户端通讯模组连接,用于对不同业务类型审计数据进行分类并对同一类型的不同厂家的审计产品的数据格式进行统一。 The audit unit further comprises a data interface module, which is connected to a client communications module for auditing product classify different types of audit data traffic and different manufacturers of the same type of data format uniform.

所述服务器通讯模组包括一数据调度模块与其内部的控制中心模组连接,通过一公共通讯模块与下级审计单元的客户端通讯模组连接通讯,当系统初始化完毕后,服务器通讯模组建立一个监听服务,通过在线状态检测模块和公共通讯模块检测并接收来自下级审计单元的连接,接收来自下级审计单元的客户端通讯模组上传的数据,同时把控制命令、系统用户策略发送给下级客户端通讯模组。 The server includes a data communication module and its internal scheduling module control center module, connecting the communication module through a common communication client communication module and lower the audit unit, when the system initialization is complete, the server communication module to establish a monitoring services, online status detected by the detecting module and a common communication module connected to and receiving from a subordinate unit of the audit, the client receives the data uploaded from the communication module lower audit unit while the control command, the user system transmits to the policy-level clients communication module.

所述客户端通讯模组包括一数据调度模块与其内部的控制中心模组连接,当系统初始化完毕后,客户端通讯模组通过在线状态通知模块和公共通讯模块与上级服务器通讯模组建立连接,公共通讯模块接收来自上级服务器通讯模组下发的控制命令、系统用户策略,同时把审计数据发送给上级服务器通讯模组。 The client communications module includes a data module and its internal scheduling module connected to the control center, when the system initialization is complete, the client module and a communication module connected to the public communication module to establish communication with the upper-level server online state notification module, public communication module receiving, from a system user policy control commands from the upper-level server communication module, and sends the audit data to the upper-level server communication module.

所述控制中心模组包括相互连接的数据调度模块和本地数据库,数据调度模块对来自服务器通讯模组的数据进行处理,并判断其是否需要保存到本地数据库、是否需要转发给客户端通讯模组,数据调度模块对来自客户端通讯模组的数据进行处理,并判断其是否需要保存到本地数据库、是否需要转发给服务器通讯模组。 The control center includes a data module and scheduling module are interconnected local database, a data scheduling module for data from the server communication module for processing, and determines whether it needs to be saved to the local database, the client need to be forwarded to the communication module data scheduling module data from the client communications module for processing, and determines whether it needs to be saved to the local database, if the server needs to be forwarded to the communication module.

所述数据接口模组通过数据调度模块与客户端通讯模组连接,其包括用于对不同业务类型审计数据进行分类并对同一类型的不同厂家的审计产品的数据格式进行统一的审计分析接口模块,审计分析接口模块根据目前审计业务的类型对网络审计分类,为每类定义一个标准的数据格式,并提供标准的数据转换接口。 The data interface module is connected to the client via a data communication module scheduling module, which comprises a service type for different audit data and classifying different manufacturers of the same type of product audit data format unified interface module audit analysis audit analysis interface module according to the type of the current audit network audit classified, to define a standard format for each type of data, and data conversion interface standard.

本发明的有益效果在于:由于本发明分布式审计系统多个审计单元连接起来,建立了一个分级的分布式审计网络,实现了审计系统的上下级控制和管理,还能够通过同时控制多台网络审计单元进行工作处理高速网络里的数据,满足高速网络审计要求。 Advantageous effects of the present invention is that: due to the distributed system of the present invention, a plurality of audit audit units joined establishes a hierarchical distributed network audits, realized on the lower level control and management audit systems, but also can be controlled by multiple network simultaneously audit processing unit operates in high speed data networks, high-speed network to meet the audit requirements.

附图说明 BRIEF DESCRIPTION

图1是本发明分布式审计系统的示意图;图2是本发明分布式审计系统的服务器通讯模块的示意图;图3是本发明分布式审计系统的客户端通讯模块的示意图;图4是本发明分布式审计系统的控制中心模块的示意图;图5是本发明分布式审计系统的数据接口模块的示意图。 1 is a schematic of the present invention, a distributed auditing system; FIG. 2 is a schematic view of the audit server communication module of the present invention is a distributed system; FIG. 3 is a schematic view of a client communications module distributed auditing system according to the invention; FIG. 4 of the present invention is distributed control center module, audit system schematic; FIG. 5 is a schematic view of a distributed system audit data interface module of the present invention.

具体实施方式 Detailed ways

请参阅图1,本发明分布式审计系统是由多个审计单元100构建的分布式网络,其是一个向下的树形结构,每个审计单元100就是这个分布式网络里的节点,每个审计单元100分别包括服务器通讯模组10、客户端通讯模组20、控制中心模组30及数据接口模组40。 Please refer to FIG. 1, a distributed auditing system according to the present invention is constructed by a plurality of audit units distributed network 100, which is a downward tree structure 100 is a node in the distributed network each audit units each each audit unit 100 includes a server communication module 10, the client communication module 20, central control module 30 and data interface module 40. 每个节点(即审计单元100)之间通过各自的服务器通讯模组10和客户端通讯模组20连接在一起,并形成上下级关系。 Each connection between a node (i.e., the audit unit 100) via respective server communication module 10 and the client communication module 20 together and form a hierarchical relationship. 可以理解,在本发明分布式审计系统的分布式网络里连接的上下级审计单元100的关系就象树根的上一级节点和下一级节点的关系,在这个网络里向下行的数据是命令和策略数据,向上行的是审计日志数据。 It will be appreciated, the relationship between the audit relationship in a distributed network system where the present invention is distributed on the lower connector unit 100 as audit on a root node and a next-level node, the data in this row down the network is command and policy data, line up the audit log data.

请一并参阅图2至图5,其中审计单元100的服务器通讯模组10通过数据调度模块11与其内部的控制中心模组30连接,通过公共通讯模块12与下级审计单元100的客户端通讯模组20连接通讯。 Referring to FIGS. 2 to 5, wherein the audit unit of the server 10 through the communication module 100, a data scheduling module 11 and its internal control center module 30 is connected, through a common communication module 12 and the lower mold audit client communication unit 100 group 20 intercellular communication. 当系统初始化完毕后,服务器通讯模组10建立一个监听服务,通过在线状态检测模块13和公共通讯模块12检测并接收来自下级审计单元100的连接(一个上级可以同时与多个下级保持连接),当公共通讯模块12与下级审计单元100的连接建立完成后,接收来自下级审计单元100的客户端通讯模组20上传的数据,同时把控制命令、系统用户策略发送给下级客户端通讯模组20。 When the system initialization is complete, the server communication module 10 to create a listening service, online status detected by the detector 12 and the common module 13 and receiving communication module connector (while maintaining a higher level can be connected to a plurality of lower-level) from a subordinate unit 100 the audit, after the completion of the common communication module 12 establishes connection with the lower audit unit 100, a data communication module client 20 uploads the lower unit 100 receives the audit, while the control command, the user system to a lower-level policy client communication module 20 .

客户端通讯模组20通过数据调度模块21与其内部的控制中心模组30连接。 The client communication module 20 through the data control center scheduling module 21 module 30 is connected to its inside. 当系统初始化完毕后,客户端通讯模组20通过在线状态通知模块23和公共通讯模块22尝试与上级服务器通讯模组10建立连接(一个下级客户端通讯模块同时只能与一个上级服务器通讯模块保持连接),当与上级服务器通讯模组10的连接建立完成后,公共通讯模块22接收来自上级服务器通讯模组10下发的控制命令、系统用户策略,同时把审计数据发送给上级服务器通讯模组10。 When the system initialization is complete, the client communication module 20 through the online notification module 23 and public communication module 22 attempts and 10 upper-level server communication module to establish a connection (a lower-level client communication module can simultaneously maintain a higher level server communication module connection), when the server establishes a connection with the upper communication module 10 is completed, the public communication module 22 receives a control command issued from the upper-level server communication module 10, the system user policy, and transmits audit data to the upper-level server communication module 10.

可以理解,服务器通讯模组10与客户端通讯模组20的连接过程可使用TCP/IP协议,相应的分布式审计系统里需具备TCP/IP网络系统模块(图未示),同时审计单元100在硬件上需具备至少一张网卡(图未示)。 It will be appreciated, the server communication module 10 is connected with the client communication process module 20 may use the TCP / IP protocol, corresponding distributed auditing systems need to have TCP / IP network system modules (not shown), while the audit unit 100 the hardware need to have at least one network card (not shown).

控制中心模组30包括相互连接的数据调度模块31和本地数据库32。 A data control center includes a scheduling module 30 interconnected modules 31 and 32 local database. 控制中心模组30用于上下级的通讯数据调度,其只与审计单元100内部的服务器通讯模组10和客户端通讯模组20交换数据。 Control center module 30 for scheduling data communication over the lower, only 20 which exchanges data with the internal audit server unit 100 and the communication module 10 client communication module. 数据调度模块31对来自服务器通讯模组10的数据进行处理,判断其是否需要保存到本地数据库32、是否需要转发给客户端通讯模组20,如果需要则把相应数据拷贝给客户端通讯模组20;数据调度模块31对来自客户端通讯模组20的数据进行处理,判断其是否需要保存到本地数据库32、是否需要转发给服务器通讯模组10,如果需要则把相应数据拷贝给服务器通讯模组10。 Data scheduling module 31 for data from the server communication module 10 is processed to determine if it needs to be saved to the local database 32, whether to forward to the client communication module 20, if the data needs to put the respective copy to the client communication module 20; data scheduling module 31 for data from the client communications module 20 is processed to determine if it needs to be saved to the local database 32, the server need to be forwarded to the communication module 10, if necessary to put the appropriate data copy server communications module group 10.

数据接口模组40通过数据调度模块42与客户端通讯模组20连接,其包括用于对不同业务类型审计数据进行分类并对同一类型的不同厂家的审计产品的数据格式进行统一的审计分析接口模块41,审计分析接口模块41根据目前审计业务的类型对网络审计分类,为每类定义一个标准的数据格式,并提供标准的数据转换接口。 A data interface module 40 via a data scheduling module 20 is connected with the client communication module 42, which includes a product audit classify different types of audit data traffic and different manufacturers of the same type of data format to unified interface to audit analysis module 41, interface module 41 audit analysis according to the type of the current audit network audit classified, to define a standard format for each type of data, and data conversion interface standard.

可以理解,本发明分布式审计系统的工作原理如下所述:系统初始化完成后,上级审计单元100里的服务器通讯模组10建立监听服务,等待下级审计单元100的客户端通讯模组20的连接请求。 It will be appreciated, the working principle of the present invention, a distributed auditing system as follows: After the system is initialized, the upper unit 100 in the audit server communication module 10 to establish the monitoring service, the client waits for the lower audit unit 100 connected to communication module 20 request. 当下级审计单元100的客户端通讯模组20发出连接请求,并且建立连接后,上级审计单元100里的服务器通讯模组10等待下级审计单元100的客户端通讯模组20发送审计日志数据,下级审计单元100检查是否有需要上传的审计日志,如果有则通过数据接口模组40按照定义的标准数据格式对数据进行处理,然后把处理后的数据通过客户端通讯模组20向上发送,上级审计单元100里的服务器通讯模组10接收到上传数据后,把数据提交给自己的控制中心模组30,上级审计单元100的控制中心模组30将判断该数据是否需要保存和向上转发,如果需要向上转发,则判断是否已经与其上级建立连接,如果已经建立连接则通过客户端通讯模组20向上转发。 After the lower unit audit client communications module 100 sends a connection request 20, and the connection is established, the upper unit 100 in the audit server communication module 10 waits for the lower unit audit client communication module 100 transmits the audit log data 20, lower audit unit 100 checks whether there is the need to upload the audit log, if the data is processed in accordance with standard data format defined by the data interface module 40, and transmits the processed data 20 upwardly through the client communication module, superior auditing after the server unit 100 in the communication module 10 receives the upload data and sends the data to the own control center module 30, the upper unit control center audit module 100 will be 30 determines whether the data needs to be saved and forwarded upstream, if desired up forward, it is determined whether its parent to establish a connection, if the connection has been established then forwarded up through the client communication module 20. 同时上级审计单元的控制中心模组30判断是否有需要转发的控制命令、策略,如果有则通过服务器通讯模组10向下级审计单元100里的客户端通讯模组20转发该数据。 At the same time the control center module superior auditing unit 30 determines whether the control command to be forwarded, strategy, if there is then forwards the data through the server communication module 10 to the lower unit 100 in the audit client communication module 20.

可以理解,本发明分布式审计系统通过数据接口模组为每一类的审计业务制定统一的数据格式,并为审计产品提供数据转换接口,通过把不同厂商的不同数据格式通过转换统一起来,为对不同厂商的审计单元捕获的审计日志进行分析和统一存储提供了便利;其次,通过TCP/IP协议把各个审计单元连接起来,建立一个分级的分布式审计网络,实现了审计系统的多级控制和管理,上级能够很轻松地对某个区域的审计单元设置策略,也可以同时分析多个审计单元里的审计数据;再次,通过建立分布式审计网络,能够同时控制多台网络审计单元进行工作,这样可以把高速网络里的数据通过分布式网络把原来一台审计单元无法处理的数据分给多个审计单元进行处理,每个审计单元只用处理一部分数据量,就能保证高速网络里的所有数据都能被审计系统处理。 It is understood that the present invention is to develop a distributed audit system through the data interface module for the audit of each type of unified data format, and provides data conversion interface products for the audit by the different vendors of different data formats by converting unite as audit logs from different vendors audit unit captured for analysis and unified storage provides a convenient; secondly, the individual audit units are connected via TCP / IP protocol together to establish a hierarchical distributed network audit, to achieve a multi-level control system audit and management, superiors can easily set policies for audit unit of an area, you can also analyze multiple audit unit in the audit data at the same time; again, through the establishment of a distributed network audit, can simultaneously control multiple network audit unit work , so that data can be the data in the high-speed network through a distributed network auditing unit to the original can not be processed to a plurality of sub-unit for processing the audit, the audit each processing unit with only part of the amount of data, the network is able to ensure high-speed All data can be processed audit system.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围,凡在本发明的精神和原则之内所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above are only preferred embodiments of the present invention but are not intended to limit the scope of the present invention, where any changes made within the spirit and principle of the present invention, equivalent substitutions, improvements should be included within the scope of the present invention.

Claims (10)

1.一种分布式审计系统,其特征在于:所述分布式审计系统包括多个审计单元,所述多个审计单元构建成一个向下的树形结构的分布式网络,并形成上下级关系,上级审计单元向下级审计单元传递命令和策略数据,下级审计单元向上级审计单元传递审计日志数据。 1. A distributed auditing system, which is characterized in that: said system comprises a distributed auditing constructing a plurality of audit unit, the plurality of units into a distributed network auditing a downward tree structure, and is formed on the subordinate relationship , superior auditing unit to pass commands and data to a lower audit policy unit, the lower the audit unit audit log data to deliver superior auditing unit.
2.如权利要求1所述的分布式审计系统,其特征在于:所述每个审计单元分别包括服务器通讯模组和客户端通讯模组,上级审计单元的服务器通讯模组与至少一个下级审计单元的客户端通讯模组连接通讯。 2. The distributed auditing system according to claim 1, wherein: each of said units each include a server audit server communication module and the communication module client communication module, superior auditing unit with at least one lower-level auditing the client communication module connected to the communication unit.
3.如权利要求2所述的分布式审计系统,其特征在于:所述下级审计单元的客户端通讯模组仅与一个上级审计单元的服务器通讯模组连接通讯。 Distributed auditing system according to claim 2, wherein: said lower unit audit client communication module connected only to communicate with the server communication module a superior auditing unit.
4.如权利要求3所述的分布式审计系统,其特征在于:所述服务器通讯模组与客户端通讯模组的连接过程使用TCP/IP协议。 4. The distributed auditing system according to claim 3, wherein: said server communication process module and a client communication module connected to the TCP / IP protocol.
5.如权利要求4所述的分布式审计系统,其特征在于:所述审计单元还包括一控制中心模组,该审计单元内部的服务器通讯模组和客户端通讯模组通过该控制中心模组连接并交换数据。 5. The distributed auditing system according to claim 4, wherein: the audit unit further comprises a central control module, the internal audit server unit and the client communication module through the communication module control center mold group and exchange data.
6.如权利要求5所述的分布式审计系统,其特征在于:所述审计单元还包括一数据接口模组,其与客户端通讯模组连接,用于对不同业务类型审计数据进行分类并对同一类型的不同厂家的审计产品的数据格式进行统一。 6. The distributed auditing system according to claim 5, wherein: the audit unit further comprises a data interface module, which is connected with the client communication module, for different types of traffic and classifies audit data audit products for different manufacturers of the same type of data format unification.
7.如权利要求6所述的分布式审计系统,其特征在于:所述服务器通讯模组包括一数据调度模块与其内部的控制中心模组连接,通过一公共通讯模块与下级审计单元的客户端通讯模组连接通讯,当系统初始化完毕后,服务器通讯模组建立一个监听服务,通过在线状态检测模块和公共通讯模块检测并接收来自下级审计单元的连接,接收来自下级审计单元的客户端通讯模组上传的数据,同时把控制命令、系统用户策略发送给下级客户端通讯模组。 7. The distributed auditing system according to claim 6, wherein: said module comprises a server communication module and its internal data scheduling control center module is connected, via a common communication module and the client unit lower audit communication module connected to the communication, when the system initialization is complete, the server communication module to establish a monitoring service, and receive a connection from the lower detecting unit audit by the state detection module and a public line communication module, the client communication module receives from a subordinate unit audit group upload data, while the control command, the system sends a user policy to lower client communication module.
8.如权利要求7所述的分布式审计系统,其特征在于:所述客户端通讯模组包括一数据调度模块与其内部的控制中心模组连接,当系统初始化完毕后,客户端通讯模组通过在线状态通知模块和公共通讯模块与上级服务器通讯模组建立连接,公共通讯模块接收来自上级服务器通讯模组下发的控制命令、系统用户策略,同时把审计数据发送给上级服务器通讯模组。 8. The distributed auditing system according to claim 7, wherein: the client communication module comprises a data control center module of its internal scheduling module is connected, when the system initialization is complete, the client communication module by establishing the online status notification module and a common upper-level server communication module and communication module connected to a common communications module receives, from the system user policy control commands from the upper-level server communication module, and sends the audit data to the upper-level server communication module.
9.如权利要求8所述的分布式审计系统,其特征在于:所述控制中心模组包括相互连接的数据调度模块和本地数据库,数据调度模块对来自服务器通讯模组的数据进行处理,并判断其是否需要保存到本地数据库、是否需要转发给客户端通讯模组,数据调度模块对来自客户端通讯模组的数据进行处理,并判断其是否需要保存到本地数据库、是否需要转发给服务器通讯模组。 9. The distributed auditing system according to claim 8, wherein: said module comprises a control center and a data scheduling module interconnected local database, a data scheduling module for data from the server communication module for processing, and determine whether it needs to be saved to the local database, the client need to be forwarded to the communication module, a data scheduling module for data from the client communications module for processing, and determines whether it needs to be saved to the local database, whether to forward the communication to the server module.
10.如权利要求9所述的分布式审计系统,其特征在于:所述数据接口模组通过数据调度模块与客户端通讯模组连接,其包括用于对不同业务类型审计数据进行分类并对同一类型的不同厂家的审计产品的数据格式进行统一的审计分析接口模块,审计分析接口模块根据目前审计业务的类型对网络审计分类,为每类定义一个标准的数据格式,并提供标准的数据转换接口。 10. The distributed auditing system according to claim 9, wherein: the data interface module is connected via a data communications client module and scheduling module, and which comprises means for classifying different types of audit data traffic different manufacturers of the same type of audit product data format unified audit analysis interface module, audit analysis interface module according to the type of the current audit the network audit classified for each class defines a standard data format, and to provide a standard data conversion interface.
CN 200610061404 2006-06-30 2006-06-30 Distributed audit system CN100454842C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610061404 CN100454842C (en) 2006-06-30 2006-06-30 Distributed audit system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610061404 CN100454842C (en) 2006-06-30 2006-06-30 Distributed audit system

Publications (2)

Publication Number Publication Date
CN1996876A true CN1996876A (en) 2007-07-11
CN100454842C CN100454842C (en) 2009-01-21

Family

ID=38251824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610061404 CN100454842C (en) 2006-06-30 2006-06-30 Distributed audit system

Country Status (1)

Country Link
CN (1) CN100454842C (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286903B (en) 2008-05-06 2010-09-15 北京锐安科技有限公司 Method for enhancing integrity of sessions in network audit field
CN103780678A (en) * 2013-12-27 2014-05-07 北京天融信软件有限公司 Event flow control method in network audit and system thereof
CN105721256A (en) * 2016-04-25 2016-06-29 北京威努特技术有限公司 Auditing data duplication eliminating method of distributed deploying and auditing platform
CN106776942A (en) * 2016-11-30 2017-05-31 任子行网络技术股份有限公司 Network audit log transmitting and saving system and method
CN106878029A (en) * 2015-12-14 2017-06-20 任子行网络技术股份有限公司 Network data auditing system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1177435C (en) 2001-08-24 2004-11-24 华为技术有限公司 Hierarchical management system for distributed network management platform
CN1160899C (en) 2002-06-11 2004-08-04 华中科技大学 Distributed dynamic network security protecting system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286903B (en) 2008-05-06 2010-09-15 北京锐安科技有限公司 Method for enhancing integrity of sessions in network audit field
CN103780678A (en) * 2013-12-27 2014-05-07 北京天融信软件有限公司 Event flow control method in network audit and system thereof
CN103780678B (en) * 2013-12-27 2017-03-22 北京天融信软件有限公司 A network audit events in the flow control method and system
CN106878029A (en) * 2015-12-14 2017-06-20 任子行网络技术股份有限公司 Network data auditing system and method
CN105721256A (en) * 2016-04-25 2016-06-29 北京威努特技术有限公司 Auditing data duplication eliminating method of distributed deploying and auditing platform
CN105721256B (en) * 2016-04-25 2019-05-03 北京威努特技术有限公司 A kind of Audit data De-weight method of distributed deployment audit platform
CN106776942A (en) * 2016-11-30 2017-05-31 任子行网络技术股份有限公司 Network audit log transmitting and saving system and method

Also Published As

Publication number Publication date
CN100454842C (en) 2009-01-21

Similar Documents

Publication Publication Date Title
Conner et al. A trust management framework for service-oriented environments
CN101069169B (en) Caching content and state data at a network element
US8725892B2 (en) Techniques for providing connections to services in a network environment
CN101099345B (en) Interpreting an application message at a network element using sampling and heuristics
EP2076999B1 (en) Network service usage management systems and methods
US20140032690A1 (en) Method and Apparatus For High-Speed Processing of Structured Application Messages in a Network Device
US9087319B2 (en) System and method for designing, developing and implementing internet service provider architectures
US9111088B2 (en) Policy-based physical security system for restricting access to computer resources and data flow through network equipment
JP2007502554A (en) Network asset tracker for identifying the user of the networked computer
US20060092861A1 (en) Self configuring network management system
CN101621405B (en) Distributed type management monitoring system, monitoring method and establishing method thereof
CN102739771A (en) Cloud application integrated management platform and method supporting service fusion
CN101023420A (en) Performing message and transformation adapter functions in a network element on behalf of an application
CN101438255A (en) Network and application attack protection based on application layer message inspection
CN101047549A (en) Data synchronous system and its method
CN102411533A (en) Log-management optimizing method for clustered storage system
CN101969475A (en) Business data controllable distribution and fusion application system based on cloud computing
CN100346610C (en) Security policy based network security management system and method
CN101146051B (en) An enterprise-level instant communication interconnection system and method for realizing enterprise interconnection
CN102724176A (en) Intrusion detection system facing cloud calculating environment
CN101557314A (en) Distributed network management system and data configuration management method
Goth Software-defined networking could shake up more than packets
CN103812699A (en) Monitoring management system based on cloud computing
CN103023993B (en) An enterprise information system based on cloud computing
CN104246786B (en) Field found in the selection mode

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted