摘要
论文主要针对蜜罐技术中日志分析的薄弱环节,引入了日志分析工具Log Parser,利用Log Parser支持众多日志格式的输入和输出,能够对不同日志格式进行统一和数据融合,并提供灵活的日志过滤规则的自定义,研究了运用Log Parser来分析蜜罐日志进行主动防御的方法和优势。同时,对于日志分析技术来说,蜜罐日志的低噪声级别让日志分析结果更加准确有效。
In order to improve the log analysis method in honeypot system, a tool called Log Parser is proposed in this article. Log Parser supports data input and output of many different formats, and could standardize the different log formats and correlate the log file data. Thus the honeypot log file data is analyzed effectively and flexibly using Log Parser, and simultaneously, the result would be more accurate by using honeypot log file as the data source because of its low noise property.
出处
《信息安全与通信保密》
2009年第3期96-98,共3页
Information Security and Communications Privacy
