摘要
针对传统的单一设备和人工管理方式不能应对日益复杂的网络威胁和挑战,不能及时发现和准确定位网络安全事件,也不能对安全事件可能造成的后果进行准确评估的问题,本文主要讨论如何基于标准Syslog协议,通过对网络设备大量网络日志数据的集中采集,通过SQL代理处理后进行分析,构造一套日志系统,以达到对网络运行状况进行检测的目的。
The traditional reliance on a single device, or manual management approaches have failed to respond to increasingly complex challenges of network threats and can not find and accurately locate the network security incidents, security incidents can not be an accurate assessment of the consequences. This article focuses on how standards-based syslog protocol, a large number of network devices through the network of a centralized collection of log data, processed by the SQL Agent to analyze, construct a log system to achieve operational status of the network for testing purposes.
出处
《微型机与应用》
2012年第4期11-13,16,共4页
Microcomputer & Its Applications
