Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Log analysis method and system based on dynamic field template

A field template and parsing method technology, applied in the field of computer information, can solve the problems of the log identification mechanism being blunt, rigid, and unable to adapt to the change of log format, so as to achieve the effect of lowering the threshold of project implementation and improving the robustness.

Pending Publication Date: 2021-04-09
BEIJING VENUS INFORMATION SECURITY TECH +1
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

And because it is often impossible to predict in advance which logs in different formats need to be parsed in the real environment of the user, although the SOC will store all the parsed logs in a configuration file for direct parsing, it will still be encountered at the implementation site. Lots of unrecognized log formats
At this time, the front-end implementation engineer can only write regular expressions to analyze the logs based on the interface provided by the SOC. However, the front-end engineers are limited by the technical capabilities of the end engineers and the on-site debugging and development environment, so that the on-site regular expressions are manually written. The work has become difficult to be implemented smoothly. After the log samples are sent back to the R&D center, the back-end development engineers will complete the log analysis. This makes the SOC device often idle for a long time before the log analysis work is completed. Play its due role, so that the user's network environment cannot receive effective security operation and maintenance management services
[0006] It can be seen that the crux of the above-mentioned status quo of traditional log parsing is that the log identification mechanism based on static templates is too blunt and rigid: after using regular expressions to find the field content according to the field name, match it according to the character format of the field content, which cannot adapt to a slightly log format Changes, that is, when the log field name, field order, field content format (such as date display format), word segmentation method, etc. are different, the log recognition mechanism will fail, and it will be considered as a brand new log, and a new log needs to be rewritten Identify and field parse regular expressions to parse
The parsing mechanism of the field content of the log also completely relies on regular expressions to parse character by character. Although this can achieve parsing accuracy, it lacks adaptability to changes.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log analysis method and system based on dynamic field template
  • Log analysis method and system based on dynamic field template

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] It mainly includes the following steps:

[0058] S001: From the existing set of dynamic field templates, search for the template with the highest degree of matching with the log to be parsed in terms of field name and position order and meet the threshold requirements, wherein the dynamic field template is used to record the fields contained in the log file name and positional order, to indicate the format of the log;

[0059] S002: Based on the matching position of the fields in the found template in the log to be parsed, perform field segmentation and content extraction on the log to be parsed;

[0060] S003: If the content length of the segmented field is greater than the threshold value, update the current template by adding new fields into the current template through human-computer interaction, and use the updated template to further analyze the log to be parsed;

[0061] S004: If no template whose matching degree satisfies the threshold requirement is found, ent...

Embodiment 2

[0063] Such as figure 1 As shown, Embodiment 2 first uses the traditional method to try to parse the log:

[0064] (1) S01: Use the traditional log parsing template based on regular expressions to match and identify the entire log format;

[0065] (2) S02: If the matching and recognition is successful, the log is parsed directly based on the template with a regular expression;

[0066] If the matching identification fails, the log parsing method based on the dynamic field template described in this disclosure is used instead for parsing, and the specific steps are as follows:

[0067] (3) S1: From the existing set of dynamic field templates, find the template with the highest matching degree with the log to be parsed in terms of field name and position order and meet the threshold requirements, wherein the dynamic field template is used to record the log file Included field names and positional order to indicate the format of the log.

[0068] An exemplary dynamic field tem...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a log analysis method and system based on a dynamic field, and the method comprises the steps: carrying out the analysis of a log through a dynamic field template which records a log field name and a field position sequence, and automatically discovering the field change between a to-be-analyzed log format and an existing template through comparing the analyzed field content with the length of the field content in the template; and dynamically updating the template by activating the human-computer interaction interface to supplement a new field, so that the analysis method can automatically adapt to the change of the log format in the aspects of field sequence, field number, field content format change and the like, a regular expression does not need to be written, and the engineering implementation threshold of an SOC product is reduced for a front-end engineer.

Description

technical field [0001] The invention relates to the field of computer information technology, in particular to a security log analysis method and system in a large-scale network environment. Background technique [0002] Security Operations Center (SOC) is a system and device that manages security events and security alarms of the monitored network by monitoring and analyzing security equipment, system, and software logs. The core function of the SOC is to collect, analyze and process logs. Log parsing refers to field segmentation of the original log, and storing the field content extracted from the log into the corresponding predefined field of the SOC system. [0003] Since the logs collected by the SOC come from different hardware and software systems, and these hardware and software systems are provided by different manufacturers, and are constantly updated and upgraded with the rapid development of IT technology, the original log data collected by the SOC Often there ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F40/205G06F40/186G06F16/18
CPCG06F16/1815G06F40/186G06F40/205
Inventor 李陟
Owner BEIJING VENUS INFORMATION SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com