摘要
本文针对日益庞大复杂的企业内部网络应用,提出一种结合Esper和Nagios的系统网络监控平台。该平台将事件流技术应用到网络安全事件处理中,利用策略分析和规则引擎主动处理网络安全事件,高效支持大规模网络事件动态决策分析。实现了事前主动警告和实时被动通告,避免了静态监控和监视系统造成的固化效果,实现了规则的动态设定和更新,能够完美配合企业的业务需要。
To address the issue of the increasing massive and complicated internal network application of the enterprises, we propose a system network monitoring platform with the combination of Esper and Nagios. This platform will apply the event flow technology to the network security event control by u- sing the strategy analysis and rule engine to actively handle the network security events. As a result, it supports the large scale dynamic network event decision-making analysis with high efficiency. It can realize the active warning and real time passive notification before and after the event. Thus, it avoids the solidified effects caused by the static monitoring and supervision system, and updates the dynamic setting of the rule with the capacity of meeting the business needs of the enterprises perfectly.
出处
《计算机工程与科学》
CSCD
北大核心
2012年第9期8-12,共5页
Computer Engineering & Science
基金
广东省科技计划资助项目(2010B080701093)
惠州市科技计划资助项目(2010B020008013
2010C020007001)
