Research And Implementation Of Data Acquisition Device Based On Plug-in Technology

The data acquisition device based on plug-in technology belongs to one of the important part of the information security integrated management platform and works as a log collector which is responsible for data acquisition from network security devices and log format then sends the unified format logs to the central database. The data acquisition device uses a log format technique by which the different ways of content representation and different order of fields in logs are translated according to the pre-established stander format. Currently varieties of network security devices(IDS, firewalls, routers, switches, etc.) in enterprises may come from different manufacturers. Therefore the devices deal with the problems in their own way but lack of correlation among them. In addition the logs from them are based on the format defined by manufacturers. Without formatting these logs security experts will analyze security incidents doubly difficult. Accordingly network security management gets half the result with twice the effort.Aimming at some problems in current data acquisition device, this project presents an improved scheme which are listed in the aspects below:1) In the existing technology each log format has to go through to find the process to judge which will affect the efficiency of the system implementation when a large number of logs arise. This project presents an improved scheme in which log format can run without the judging process by the bind of the plug and the device and port. Accordingly the efficiency of the system implementation is improved.2) When log type changed or new equipment added, the judging process will fail and discard the current log. This project designs a automatic update module which can automatically download the corresponding plug-in from library to complete the log format in the face of the above which avoids the loss of important information.3) Developing the data acquisition device including plug-in, automatic updates module, plug-in called procedures, admin interface by PHP, Mysql and Perl.Based on the standard format defined by the project, the input into the data acquisition device is the original log and the output from the data collector is a unified log format, which work as the data source in information security integrated management platform. Although the data acquisition device based on plug-in technology belongs to information security integrated management platform, but can also be used for other data acquisition environment.