Logs generated by network devices and systems provide important information for network management. In this paper, we describe a centralized syslog system which gathers and analyzes log messages from a number of routers, switches and firewalls. The gathered logs are filtered and categorized with regular expression, and finally stored in a MySQL database with format. Through the statistics analysis, feature-based detection on security events, the system can effectively find out abnormal behavior of network devices and ensure the network security. Some methods are found out to allow us to check if the network behavior is unusual. These perspective methods also provide the basis of network management and security strategy design for administrators, thereby strengthen further network management. I. INTRODUCTIONWith the continuous and rapid development of the computer networks and network applications, the security issues need more special attention. In order to safeguard the network security, people tend to adopt quite a lot measures.Among them, the log messages which record various system events occurred every day in the network devices, play an important role in network security management. Shanghai education and research network (SHERNET)is a large metropolitan computer network, which connects all the universities in Shanghai. The backbone nodes which composed a ring topology are connected by 10 NE40E routers. Each node site consists of a large number of routers, switches, firewalls, and application servers. Since the SHERNET has been transformed several times, the number, species and complexity of the network devices are increasing sharply. In order to find out the network anomalies and security threats, it is necessary to view all the log messages generated every day by active networking devices. It is out of human capabilities. So we should use some special software tools which help us to skip over mostly daily event messages to find out the network anomalies and security threats effectively and accurately.As the complexity and diversity of the network devices, a standard network protocol named syslog is applied to gather log messages from firewalls, routers, switches and other network devices. For the purpose of solving problems in practice, a syslog system which can gather, analyze and store log messages is designed. Network devices in SHERNET can send their log messages to the centralized syslog server which filters raw logs and stores parsed results.By collecting and extracting useful information, the administrators can keep abreast of the network status and solve security issues timely.The rest of the paper is organized as follows. Section II discusses related works on syslog. Section III presents an overview of our system. Section IV gives implementation of the system. Section V gives statistical analysis techniques to logs. Section VI concludes with a discussion of the results. II. RELATED WORKS A. Syslog ProtocolThe syslog protocol was introduced by the Computer Science Research Group (CSRG) at the Univ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.