Method and system for auditing log

Abstract

The invention discloses a method and a system for auditing log, and relates to the field of computer safety. The method includes acquiring the raw log of login operator on various systems; analyzing contents of the raw log and acquiring source addresses, IP (internet protocol) addresses of equipment and operation commands by means of parsing; positioning operators, the equipment and operation importance level on the basis of the source addresses, the IP addresses of the equipment and the operation commands; creating audit views corresponding to the operators and machines; monitoring the importance level in the audit views to determine whether alarm conditions are met or not, initiating alarms if the alarm conditions are met, recording the operators, the corresponding operating equipment, corresponding operation contents and the corresponding importance level into audit sensitive information sets for auditing, consulting and analyzing. Contents of the audit views include the operating equipment, the operation contents and the importance level. The operators, the corresponding operating equipment, the corresponding operation contents and the corresponding importance level which are recorded in the audit sensitive information sets meet the alarm conditions. The method and the system have the advantages that data of the log are analyzed and processed by the aid of computer programs, the operation audit views which are based on viewing angles of the operators are created, accordingly, the equipment operated by the certain operators, the generated operation contents and the like can be automatically monitored, the alarms can be initiated for the equipment operated by the certain operators, the generated operation contents and the like, manual intervention can be omitted, the log can be automatically audited, and the audit efficiency and accuracy can be greatly improved.

Description

technical field [0001] The invention relates to the technical field of computer network information security, in particular to a log audit method and system. Background technique [0002] In recent years, there have been incidents of important data being stolen in enterprises. According to the latest statistics, 70% of serious attacks on enterprises come from within the organization, including internal personnel or maintenance personnel who provide third-party IT support etc., they take advantage of their positions to make security problems caused by illegal operations increasingly frequent and prominent, and these operations are closely related to the customer's business. For such safety issues of operational behaviors and violations that are closely related to the business, strong measures must be taken to prevent and prevent them, and the audit of operators came into being. [0003] The existing operator information system audit scheme: collect the login operation logs o...

AI Technical Summary

Problems solved by technology

[0004] In the existing operator operation audit scheme, if the operator is to be audited, the relationship between the source address and the operator needs to be manually maintained first, and the source address and the operator need to be in one-to-one correspondence. Only by retrieving the operator's IP address can the operator's operation log be obtained, and after the event, it is necessary to manually analyze the correlation between the logs to determine whether the operation is a high-risk operation. The audit work is cumbersome and the efficiency is very low.

Images