論文名稱(外文):A Study of Service Availability Monitoring Based on SIEM System
外文關鍵詞:SplunkSIEMRecords AnalysisLog Analysis
系統的運作,包括網路、伺服器、系統和服務,會產生日誌輸出。有效分析這些日誌可以監測服務的運作,並能在有異常情況發生時,提供關鍵資訊給管理人員進行事件研判。但是由於日誌格式的類型和多樣性,需要花費大量的時間來彙整,才能獲得有用的資訊。為了解決這個問題,通常是運用日誌收集與分析系統來集中管理所有的日誌。被監控的系統會自動將日誌傳送至日誌收集系統所在的主機中。因此,在本研究中我們運用 Splunk 建構一個系統來整合所有的日誌,透過分析系統與服務的日誌,對服務的存活以及效能進行監控。管理人員可以通過所開發的界面查看這些日誌,並且可以接近即時地檢查多個系統的運作情況。
The network devices and servers produce logs as they performed their services.
Analyzing these logs can monitor the operation of the services and provide critical information to managers in the event of anomalies. However, due to the type and variety of log formats, it will take a lot of time to gather to get useful information.
To solve this problem, it is common to use a log collection and analysis system to centrally manage all logs. The monitored system automatically transfers the logs to the host where the log collection system is located. Therefore, in this study, we used Splunk to construct a system to integrate all logs, and to monitor the survival and performance of the service by analyzing the logs of the system and services.
Managers can view these logs through the interface we developed and can check the operation of multiple systems in near real time.
