Event log collection method and system based on Windows kernel

The invention discloses an event log collection method and system based on a Windows kernel. The collection method comprises the steps that initialization is conducted; the method comprises the following steps: performing basic configuration on an ETW framework, acquiring Windows native event inform...

Full description

Saved in:
Bibliographic Details
Main Authors LYU MINGQI, SONG QIJIE, CHEN TIEMING, QIU XUEBO, ZHU TIANTIAN, LU XIAOMING
Format Patent
LanguageChinese
English
Published 30.09.2022
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:The invention discloses an event log collection method and system based on a Windows kernel. The collection method comprises the steps that initialization is conducted; the method comprises the following steps: performing basic configuration on an ETW framework, acquiring Windows native event information as an original event stream, and performing preliminary event filtering on the original event stream to obtain an effective original event stream; performing multi-thread concurrent processing of event analysis, event filtering and semantic correction on the effective original event stream to obtain a semantic corrected event object instance; and performing event output on the event object instance of which the semantics is corrected to finish collection. According to the method, a user-defined filtering mechanism and a self-developed event analysis method based on attribute offset are utilized, analysis, semantic filling, semantic correction and the like are carried out on event contents in combination with
Bibliography:Application Number: CN202211061051