Method Apparatus and System for Security Monitoring Based On Log Analysis

摘要

Disclosed are a method, device, and system for security monitoring based on log analysis. The method comprises the following steps of: collecting logs generated by a client device; detecting an event which requires security measures based on real-time analysis on the logs; generating, based on the logs corresponding to the detected event, normalized log information corresponding to the event; determining whether the detected event is a high risk event that requires requesting a server to analyze the logs in detail; and performing, based on the determination, any one of transmitting a detail analysis request containing the normalized log information to the server or performing the security action by the client device.