Host scurity event track for complex network environments based on the analysis of log

The system log is very important for the system. We can find out the source of system error or external attacks by system log, but today´s log analysis tools for complex network environments can only provid a single application(for example web applications) or some of the system itselv´s error event to the users but a single system log contents can not be a comprehensive analysis of the ins and outs of security incidents and can not track an attack from the beginning to the end. When users find themselves attacked, though they can find put what the attacker did they can not link the operations and path of intrusion together. This paper presents a vison that matching the host logging events and intrusion events, build a log series model for a complete invasion. We can release the full path of an invasion through the sequence of log.