摘要
为电力信息系统实现日志审计和日志分析,已经成为电力信息化管理部门首先需要解决的问题。本文设计并实现了一个基于ELK的电力信息监控日志审计系统。系统通过logstash、redis、elasticsearch实现对操作行为日志、设备运行日志、上网行为日志、维护记录日志的分布式采集存储,经过数据格式化、用户识别、会话识别、路径补充等于处理后,利用并行化的K-Means聚类算法对日志进行审计分析,发现和捕获海量日志中的异常行为和违规行为。实验表明,系统可以实现电力企业信息系统的安全审计功能。
Electric information system's logs audit has become the main issues of information management department. This paper design and implement an electricity information monitoring log audit system based ELK. It applies logstash, redis, elasticsearch to collect and store operational behavior logs, equipment operation logs, Internet behavior log, the maintenance log. After the pre-processing such as data formatting, user identification, session identification, path supplement, the parallel K-Means clustering algorithm is used to discover abnormal behavior and irregularities from massive log. Experimental results show that the system can achieve security audit functions for electric enterprise information system.
出处
《电脑知识与技术》
2016年第10X期61-64,共4页
Computer Knowledge and Technology
基金
基金项目:群众性科技创新(5229XT16000J)
