Plug-in type heterogeneous Syslog access processing system and method

Abstract

The invention discloses a plug-in type heterogeneous Syslog access processing system and method. The system comprises a stream processing task management module, a data stream input module, a data stream processing module, a data stream output module, an external data management module and a plug-in script management module. The data stream input module supports access of various heterogeneous Syslog data, data cleaning, conversion, formatting, enriching and other processing operations are carried out through the data stream processing module, and the data stream is output to a database, a Logstash server, a log server or a message queue through the data stream output module. The plug-in script management module manages the plug-in script. The stream processing task management module is responsible for monitoring and managing the execution state of each processing module. The external data management module supports introduction of an external data source and supports data processing related operations. According to the method, flexible access, processing and output of multi-source heterogeneous Syslog data are realized, useless alarm data are effectively filtered, and technical support is provided for faster processing of threat events.

Description

Technical field [0001] The present invention belongs to the field of data processing, in particular, it relates to an insert-isomer Syslog access processing system and method. Background technique [0002] Combat cyber warfare is the main form of future high-tech warfare, cyber attacks can effectively paralyze the enemy's combat system, disrupt enemy logistics, public enemy induce public opinion. Diverse network attack scenario, invisible, intangible, once the attack will greatly enhance the effective implementation of the strategic and tactical level of combat mission execution. Modern military complex network topology, many security equipment, security logs the number of explosive growth, with the growing threats of network security log a single device judged insufficient to support high-level threat events, in order to effectively detect threats event, the need for multiple type security log correlation analysis, however, each type of safety device input data in multiple forma...

AI Technical Summary

Problems solved by technology

The topology of modern military networks is complex, there are many security devices, and the number of security logs is growing explosively. With the continuous enhancement of network threats, the security logs of a single device are not enough to support the research and judgment of high-level threat events. In order to effectively detect threat events, it is necessary to target multiple However, the input data formats of various types of security devices are diverse, and data preprocessing is difficult. Every time a device is connected, the system needs to be re-customized. The development workload is heavy and the flexibility is insufficient.

Images