CN1996876A - Distributed audit system - Google Patents
Distributed audit system Download PDFInfo
- Publication number
- CN1996876A CN1996876A CN 200610061404 CN200610061404A CN1996876A CN 1996876 A CN1996876 A CN 1996876A CN 200610061404 CN200610061404 CN 200610061404 CN 200610061404 A CN200610061404 A CN 200610061404A CN 1996876 A CN1996876 A CN 1996876A
- Authority
- CN
- China
- Prior art keywords
- communication module
- data
- audit
- module group
- auditable unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to one distribution audit system, which comprises multiple audit units to form one downward tree structure distribution network and to form upper and down link with upper audit unit sending order and strategy data to down audit unit and with downward audit unit sending log data to upper audit unit. This invention distribution audit system connects multiple audit units to form one degreed distribution audit network.
Description
Technical field
The present invention relates to networking technology area, relate in particular to a kind of distributed audit system that is applicable to the complete network audit.
Background technology
Along with the develop rapidly and the extensive use of Internet technology, disposing a large amount of network security audit products in the present network, these network audit products are divided into different classifications according to business, the environment of its audit.Such as the banking network auditing system of auditing at financial business is arranged in bank, the green internet supervisory control system that prevents user capture illegal website, resource is arranged in school, Internet bar, the express network auditing system that in telecommunications industry, has pair backbone network to audit, network crime behavior audit and warning system are arranged in public security organ, system that (OA, mail, file-sharing etc.) audit at various enterprises business (as the Desktop Monitoring auditing system based on member of No. 200410014138.3 patent announcement of China) or the like is arranged in enterprise.
Yet, above-mentioned these existing network security audit products are only audited at service application data and network environment in the industry-by-industry, the data content of its preservation has nothing in common with each other, and the data format of the product of different producers also is not quite similar under the situation of product of the same type.Under these circumstances, cause and to carry out very difficulty of unified management to the data of all types and form, and in current demand, often to realize unified management and analysis to multiple business, carry out suspect's investigation and analysis such as network crime behavior audit and warning system that enterprise, school Internet bar might need Audit data to be offered public security.The product of also not auditing is at present unified to handle to various data.
Secondly, may there be relationship between superior and subordinate between the audit product of each deployment, just belong to relationship between superior and subordinate such as the public security organ's network crime behavior audit in the province Room and the public security organ's network crime behavior audit and the warning system of warning system and each districts and cities, and the higher level often needs simultaneously a plurality of subordinates to be unified control and management, and send unified application strategy, often need identical responsive keyword filtration strategy be set such as public security organ to all auditing systems in certain zone, and present existing audit product does not also have multistage notion, can't realize the control of higher level to subordinate.
Once more, in the time of at the auditing of various express networks (as the backbone network of telecommunications), because the data volume of network is excessive, existing express network auditing system is owing to function singleness, performance are limited, can't preserve all network datas, cause being difficult to guarantee the accuracy of audit, be difficult to satisfy audit requirement.
Summary of the invention
Can't realize that in order to overcome existing network audit product the higher level is to the control of subordinate and the deficiency that can't satisfy the express network audit requirement, the invention provides a kind of distributed audit system, it not only can realize the control of higher level to subordinate, and can satisfy the express network audit requirement.
For solving the problems of the technologies described above, the technical solution adopted in the present invention is: a kind of distributed audit system is provided, described distributed audit system comprises a plurality of auditable unit, described a plurality of auditable unit is built into the distributed network of a downward tree structure, and formation relationship between superior and subordinate, higher level's auditable unit is to subordinate's auditable unit transferring command and policy data, and subordinate's auditable unit transmits the audit log data to higher level's auditable unit.
Described each auditable unit comprises server communication module group and client communication module group respectively, and the server communication module group of higher level's auditable unit is connected communication with the client communication module group of at least one subordinate's auditable unit.
The client communication module group of described subordinate auditable unit only is connected communication with the server communication module group of higher level's auditable unit.
The connection procedure of described server communication module group and client communication module group uses ICP/IP protocol.
Described auditable unit also comprises control centre's module, and the server communication module group of this auditable unit inside is connected and swap data by this control centre's module with the client communication module group.
Described auditable unit also comprises a data-interface module, and it is connected with the client communication module group, is used for the different service types Audit data is classified and the data format of the audit product of the different manufacturers of same type is unified.
Described server communication module group comprises that the inner control centre's module of a data dispatch module and its is connected, be connected communication by a public communication module with the client communication module group of subordinate auditable unit, after system initialization finishes, the server communication module group is set up a monitoring service, detect and receive being connected with public communication module by the presence detection module from subordinate's auditable unit, the data that reception is uploaded from the client communication module group of subordinate's auditable unit send to subordinate's client communication module group to control command, system user strategy simultaneously.
Described client communication module group comprises that the inner control centre's module of a data dispatch module and its is connected, after system initialization finishes, the client communication module group connects by presence notification module and public communication module and higher level's server communication module group, public communication module receives control command, the system user strategy that issues from higher level's server communication module group, simultaneously Audit data is sent to higher level's server communication module group.
Described control centre module comprises interconnective data dispatch module and local data base, the data dispatch module is to handling from the data of server communication module group, and judge whether it needs to be saved in local data base, whether need to be transmitted to the client communication module group, the data dispatch module is to handling from the data of client communication module group, and judges whether it needs to be saved in local data base, whether needs to be transmitted to the server communication module group.
Described data-interface module is connected with the client communication module group by the data dispatch module, it comprises and is used for the different service types Audit data is classified and the data format of the audit product of the different manufacturers of same type is carried out unified audit analysis interface module, the audit analysis interface module is classified to network audit according to the type of present audit operations, be the data format of a standard of every class definition, and the data transformation interface of standard is provided.
Beneficial effect of the present invention is: because a plurality of auditable unit of distributed audit system of the present invention couple together, set up the distributed auditing the network of a classification, the superior and the subordinate's control and the management of auditing system have been realized, can also carry out data in the work disposal express network by controlling many network audit unit simultaneously, satisfy the express network audit requirement.
Description of drawings
Fig. 1 is the schematic diagram of distributed audit system of the present invention;
Fig. 2 is the schematic diagram of the server communication module of distributed audit system of the present invention;
Fig. 3 is the schematic diagram of the client communication module of distributed audit system of the present invention;
Fig. 4 is the schematic diagram of control centre's module of distributed audit system of the present invention;
Fig. 5 is the schematic diagram of the data interface module of distributed audit system of the present invention.
Embodiment
See also Fig. 1, distributed audit system of the present invention is the distributed network that is made up by a plurality of auditable unit 100, it is a downward tree structure, each auditable unit 100 is exactly the node in this distributed network, and each auditable unit 100 comprises server communication module group 10, client communication module group 20, control centre's module 30 and data-interface module 40 respectively.Server communication module group 10 and client communication module group 20 by separately between each node (being auditable unit 100) link together, and form relationship between superior and subordinate.Be appreciated that, the relation of the superior and the subordinate's auditable unit 100 that connects in the distributed network of distributed audit system of the present invention resembles the relation of the even higher level of node and the next stage node of tree root, in this network, be order and policy data to descending data, to up be the audit log data.
See also Fig. 2 to Fig. 5, wherein the server communication module group 10 of auditable unit 100 is connected with its inner control centre's module 30 by data dispatch module 11, is connected communication by public communication module 12 with the client communication module group 20 of subordinate auditable unit 100.After system initialization finishes, server communication module group 10 is set up a monitoring service, detect and receive be connected (higher level can keep being connected with a plurality of subordinates simultaneously) by presence detection module 13 and public communication module 12 from subordinate's auditable unit 100, when set up public communication module 12 and being connected of subordinate auditable unit 100 finish after, the data that reception is uploaded from the client communication module group 20 of subordinate's auditable unit 100 send to subordinate's client communication module group 20 to control command, system user strategy simultaneously.
Client communication module group 20 is connected with its inner control centre's module 30 by data dispatch module 21.After system initialization finishes, client communication module group 20 attempts connecting with higher level's server communication module group 10 with public communication module 22 (subordinate's client communication module can only keep being connected simultaneously with higher level's server communication module) by presence notification module 23, when with set up being connected of higher level's server communication module group 10 finish after, public communication module 22 receives control command, the system user strategy that issues from higher level's server communication module group 10, simultaneously Audit data is sent to higher level's server communication module group 10.
Be appreciated that, the connection procedure of server communication module group 10 and client communication module group 20 can use ICP/IP protocol, need possess TCP/IP network system module (figure does not show) in the corresponding distributed audit system, auditable unit 100 need possess at least one card of throwing the net (figure does not show) on hardware simultaneously.
Control centre's module 30 comprises interconnective data dispatch module 31 and local data base 32.Control centre's module 30 is used for the communication data scheduling of the superior and the subordinate, itself and the server communication module group 10 and client communication module group 20 swap datas of auditable unit 100 inside.31 pairs of data from server communication module group 10 of data dispatch module are handled, judge whether it needs to be saved in local data base 32, whether need to be transmitted to client communication module group 20, then corresponding data is copied to client communication module group 20 if desired; 31 pairs of data from client communication module group 20 of data dispatch module are handled, judge whether it needs to be saved in local data base 32, whether need to be transmitted to server communication module group 10, then corresponding data is copied to server communication module group 10 if desired.
Data-interface module 40 is connected with client communication module group 20 by data dispatch module 42, it comprises and is used for the different service types Audit data is classified and the data format of the audit product of the different manufacturers of same type is carried out unified audit analysis interface module 41, audit analysis interface module 41 is classified to network audit according to the type of present audit operations, be the data format of a standard of every class definition, and the data transformation interface of standard is provided.
Be appreciated that, the operation principle of distributed audit system of the present invention is as described below: after system initialization is finished, the server communication module group 10 that higher level's auditable unit is 100 li is set up monitoring service, waits for the connection request of the client communication module group 20 of subordinate's auditable unit 100.When the client communication module group 20 of subordinate's auditable unit 100 is sent connection request, and after connecting, the server communication module group 10 that higher level's auditable unit is 100 li waits for that the client communication module group 20 of subordinate's auditable unit 100 sends the audit log data, subordinate's auditable unit 100 checks whether the audit log that need upload is arranged, if had by data-interface module 40 according to the definition standard data format data are handled, then the data after handling are upwards sent by client communication module group 20, after the server communication module group 10 that higher level's auditable unit is 100 li receives and uploads data, data are submitted to the control centre's module 30 of oneself, control centre's module 30 of higher level's auditable unit 100 will judge whether these data need to preserve and upwards transmit, upwards transmit if desired, then judge whether to connect, if connected then upwards transmit by client communication module group 20 with its higher level.Simultaneously control centre's module 30 of higher level's auditable unit need to judge whether control command, the strategy transmitted, if having then transmit these data by server communication module group 10 to the client communication module group 20 of 100 li of subordinate's auditable unit.
Be appreciated that, distributed audit system of the present invention is the audit operations formulation uniform data format of each class by the data-interface module, and for the audit product data transformation interface is provided, unite by conversion by different data format, analyze with storage and uniform for the audit log that the auditable unit of different vendor is caught and provide convenience different vendor; Secondly, by ICP/IP protocol each auditable unit is coupled together, set up the distributed auditing the network of a classification, the Multistage Control and the management of auditing system have been realized, the higher level can also can analyze the Audit data in a plurality of auditable unit simultaneously very like a cork to certain regional auditable unit Provisioning Policy; Once more, by setting up distributed auditing the network, can control many network audit unit simultaneously and carry out work, can give a plurality of auditable unit to the data that the data in the express network can't be handled an original auditable unit by distributed network like this handles, each auditable unit only with handling a part of data volume, just can guarantee that all data in the express network can both be handled by auditing system.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being made within the spirit and principles in the present invention, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1, a kind of distributed audit system, it is characterized in that: described distributed audit system comprises a plurality of auditable unit, described a plurality of auditable unit is built into the distributed network of a downward tree structure, and formation relationship between superior and subordinate, higher level's auditable unit is to subordinate's auditable unit transferring command and policy data, and subordinate's auditable unit transmits the audit log data to higher level's auditable unit.
2, distributed audit system as claimed in claim 1, it is characterized in that: described each auditable unit comprises server communication module group and client communication module group respectively, and the server communication module group of higher level's auditable unit is connected communication with the client communication module group of at least one subordinate's auditable unit.
3, distributed audit system as claimed in claim 2 is characterized in that: the client communication module group of described subordinate auditable unit only is connected communication with the server communication module group of higher level's auditable unit.
4, distributed audit system as claimed in claim 3 is characterized in that: the connection procedure of described server communication module group and client communication module group uses ICP/IP protocol.
5, distributed audit system as claimed in claim 4, it is characterized in that: described auditable unit also comprises control centre's module, and the server communication module group of this auditable unit inside is connected and swap data by this control centre's module with the client communication module group.
6, distributed audit system as claimed in claim 5, it is characterized in that: described auditable unit also comprises a data-interface module, it is connected with the client communication module group, is used for the different service types Audit data is classified and the data format of the audit product of the different manufacturers of same type is unified.
7, distributed audit system as claimed in claim 6, it is characterized in that: described server communication module group comprises that the inner control centre's module of a data dispatch module and its is connected, be connected communication by a public communication module with the client communication module group of subordinate auditable unit, after system initialization finishes, the server communication module group is set up a monitoring service, detect and receive being connected with public communication module by the presence detection module from subordinate's auditable unit, the data that reception is uploaded from the client communication module group of subordinate's auditable unit are simultaneously control command, the system user strategy sends to subordinate's client communication module group.
8, distributed audit system as claimed in claim 7, it is characterized in that: described client communication module group comprises that the inner control centre's module of a data dispatch module and its is connected, after system initialization finishes, the client communication module group connects by presence notification module and public communication module and higher level's server communication module group, public communication module receives control command, the system user strategy that issues from higher level's server communication module group, simultaneously Audit data is sent to higher level's server communication module group.
9, distributed audit system as claimed in claim 8, it is characterized in that: described control centre module comprises interconnective data dispatch module and local data base, the data dispatch module is to handling from the data of server communication module group, and judge whether it needs to be saved in local data base, whether need to be transmitted to the client communication module group, the data dispatch module is to handling from the data of client communication module group, and judges whether it needs to be saved in local data base, whether needs to be transmitted to the server communication module group.
10, distributed audit system as claimed in claim 9, it is characterized in that: described data-interface module is connected with the client communication module group by the data dispatch module, it comprises and is used for the different service types Audit data is classified and the data format of the audit product of the different manufacturers of same type is carried out unified audit analysis interface module, the audit analysis interface module is classified to network audit according to the type of present audit operations, be the data format of a standard of every class definition, and the data transformation interface of standard is provided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100614047A CN100454842C (en) | 2006-06-30 | 2006-06-30 | Distributed audit system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100614047A CN100454842C (en) | 2006-06-30 | 2006-06-30 | Distributed audit system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1996876A true CN1996876A (en) | 2007-07-11 |
| CN100454842C CN100454842C (en) | 2009-01-21 |
Family
ID=38251824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100614047A Expired - Fee Related CN100454842C (en) | 2006-06-30 | 2006-06-30 | Distributed audit system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100454842C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286903B (en) * | 2008-05-06 | 2010-09-15 | 北京锐安科技有限公司 | Method for enhancing integrity of sessions in network audit field |
| CN103780678A (en) * | 2013-12-27 | 2014-05-07 | 北京天融信软件有限公司 | Event flow control method in network audit and system thereof |
| CN105721256A (en) * | 2016-04-25 | 2016-06-29 | 北京威努特技术有限公司 | Auditing data duplication eliminating method of distributed deploying and auditing platform |
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN106878029A (en) * | 2015-12-14 | 2017-06-20 | 任子行网络技术股份有限公司 | A kind of network data auditing system and method |
| CN110929130A (en) * | 2019-10-14 | 2020-03-27 | 上海辰锐信息科技公司 | Distributed scheduling-based police department level audit data query method |
| CN112100663A (en) * | 2020-09-18 | 2020-12-18 | 王莉莉 | Archive management system for hospital archive office |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1177435C (en) * | 2001-08-24 | 2004-11-24 | 华为技术有限公司 | Hierarchical management system for distributed network management platform |
| CN1160899C (en) * | 2002-06-11 | 2004-08-04 | 华中科技大学 | Distributed dynamic network security protecting system |
-
2006
- 2006-06-30 CN CNB2006100614047A patent/CN100454842C/en not_active Expired - Fee Related
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286903B (en) * | 2008-05-06 | 2010-09-15 | 北京锐安科技有限公司 | Method for enhancing integrity of sessions in network audit field |
| CN103780678A (en) * | 2013-12-27 | 2014-05-07 | 北京天融信软件有限公司 | Event flow control method in network audit and system thereof |
| CN103780678B (en) * | 2013-12-27 | 2017-03-22 | 北京天融信软件有限公司 | Event flow control method in network audit and system thereof |
| CN106878029A (en) * | 2015-12-14 | 2017-06-20 | 任子行网络技术股份有限公司 | A kind of network data auditing system and method |
| CN106878029B (en) * | 2015-12-14 | 2019-11-22 | 任子行网络技术股份有限公司 | A kind of network data auditing system and method |
| CN105721256A (en) * | 2016-04-25 | 2016-06-29 | 北京威努特技术有限公司 | Auditing data duplication eliminating method of distributed deploying and auditing platform |
| CN105721256B (en) * | 2016-04-25 | 2019-05-03 | 北京威努特技术有限公司 | A kind of Audit data De-weight method of distributed deployment audit platform |
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN106776942B (en) * | 2016-11-30 | 2019-10-15 | 任子行网络技术股份有限公司 | A kind of transmission preservation system and method for network audit log |
| CN110929130A (en) * | 2019-10-14 | 2020-03-27 | 上海辰锐信息科技公司 | Distributed scheduling-based police department level audit data query method |
| CN110929130B (en) * | 2019-10-14 | 2023-07-14 | 上海辰锐信息科技有限公司 | Public security level audit data query method based on distributed scheduling |
| CN112100663A (en) * | 2020-09-18 | 2020-12-18 | 王莉莉 | Archive management system for hospital archive office |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100454842C (en) | 2009-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100454842C (en) | Distributed audit system | |
| CN101146051B (en) | An enterprise-level instant communication interconnection system and method for realizing enterprise interconnection | |
| CN101371237B (en) | Performing message payload processing functions in a network element on behalf of an application | |
| CN101099345B (en) | Interpreting an application message at a network element using sampling and heuristics | |
| CN109714358A (en) | A kind of injection molding MES cloud platform of micro services | |
| CN102640137A (en) | Hierarchical publish and subscribe system | |
| CN102138306A (en) | Prioritizing network traffic | |
| US20110113014A1 (en) | Methodology of Applying Storage and Logistics Center Model to Achieve Business Data Exchange between Systems | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| CN102281181A (en) | Method, device and system for realizing multicast forwarding in EVB (Extended VLAN (Virtual Local Area Network) Bridge) equipment | |
| CN103067359A (en) | System and method based on connection multiplexing and capable of improving server concurrent processing capacity | |
| CN103457802A (en) | Information transmission system and method | |
| CN105531977A (en) | Mobile device connection control for synchronization and remote data access | |
| CN103988196A (en) | Throttling of rogue entities to push notification servers | |
| CN102065416A (en) | Method, device and system for formatting logs | |
| CN101662480B (en) | Log system based on access control | |
| CN102355358B (en) | Method and device for realizing multicast | |
| CN109034831A (en) | A kind of foodstuff traceability supervisory systems and its implementation based on block chain | |
| CN102271331A (en) | Method and system for detecting reliability of service provider (SP) site | |
| CN104113510A (en) | Virtual desktop system and message data transmitting method thereof | |
| KR20060131431A (en) | Network device for preventing leakage of secret data and method thereof | |
| CN101887612A (en) | Terminal application implementing method | |
| CN105991695A (en) | File data processing method and system | |
| CN102368747A (en) | Method for providing online information in instant messaging and system thereof | |
| CN105007232A (en) | Network big data processing platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090121 Termination date: 20210630 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |