The design and implement of the centralized log gathering and analysis system

Logs generated by network devices and systems provide important information for network management. In this paper, we describe a centralized syslog system which gathers and analyzes log messages from a number of routers, switches and firewalls. The gathered logs are filtered and categorized with regular expression, and finally stored in a MySQL database with format. Through the statistics analysis, feature-based detection on security events, the system can effectively find out abnormal behavior of network devices and ensure the network security. Some methods are found out to allow us to check if the network behavior is unusual. These perspective methods also provide the basis of network management and security strategy design for administrators, thereby strengthen further network management.