【作者】 毛洪涛；

【导师】 李昀； 高宝；

【作者基本信息】 北京林业大学 ， 管理科学与工程， 2007， 硕士

【摘要】 随着网络技术的发展，计算机网络越来越大，拓扑结构越来越复杂，包含的网元越来越多。这些网元在运行过程中会产生各种各样的网络事件，这些事件潜在地展示了网元的运行状态和行为，例如：链路断路、网络拥塞等。有效地监视这些网络事件是实现网络管理的重要保障。传统网管系统大都注重对单个网元当前状态的监测，把大量网元的当前检测数据或历史检测数据交给网络管理员进行分析。然而，在网络环境下，网络事件往往是相互关联的，一个简单的问题可以影响许多设备和子系统，引起大量的相关事件，甚至可能形成事件“风暴”。因此，网络管理系统必须使用事件关联分析技术才能应对大量的网络事件，为快速定位故障根源与发现安全隐患提供帮助。本论文在分析各种事件关联分析技术特点的基础上，讨论了基于事件的网络管理系统的基本模型，并以该模型为指导，设计实现了一个基于事件的网络管理系统——ESEC。ESEC系统同时使用轮询方式与异步方式采集网络事件，在设计中使用了插件结构。事件关联分析使用硬编码与基于规则推理相结合的方式，硬编码方式用来处理基于拓扑模型的关联分析；基于规则推理的方式用来处理异步事件的关联分析，包括系统日志和SNMP Trap。ESEC系统采用多种方式发出事件告警，包括：界面显示、Email和声音提示。ESEC系统核心程序采用C语言编写并使用PERL语言开发的SEC(Simple Event Correlator)事件关联器，执行效率高。在用户接口上，系统采用Web方式，界面友好，功能实用。ESEC系统通过合理使用事件关联技术，达到了减少重复、冗余的网络事件的目的，并实现了对网络中设备、服务器以及服务的监测。更多还原

【Abstract】 With the development of network technology, computer network becomes larger and larger in its scale, gets increasingly complicated in its topological architecture. More and more network elements are included into network. Network elements can produce various kinds of routine events which can indicate their running state, e.g. broken link, network congestion, etc. It is very important to effectively monitor these network events for sound network management. Traditional network management systems focus on monitoring current state of a single network element, collecting state data and directly submitting them to administrators for analysis. However, in computer network, there are correlations among events. A simple network problem alone can make many devices and subsystems produce a lot of related events, even worse, an "event storm" may arise as a result. So network management system must be capable of managing and correlating events, which will help administers to quickly decide original faults and detect security attack events.Based on the analysis of event correlation methodology, this paper is expected to discuss a basic model of event-based network management system, and develop an event-based network management system, named ESEC, to meet real-life requirements.ESEC has two ways to collect network events:polling and asynchronous detecting methods. Using plug-in to collect data is one of characteristics of ESEC. In ESEC, hard coding and rule-based reasoning are used to correlate events. The former is suitable for event correlation based on network topological architecture; the latter is used to correlate asynchronous events with rule-based reasoning, e.g. Syslog, SNMP Trap. To have powerful ability of rule-based reasoning, SEC is integrated in the system. On event alert function, ESEC provides there ways to notify administrators, display in management GUI, Email and make sound to notice.Core code of ESEC network management system is developed with C program. Integration of the core and SEC make ESEC system highly effective. GUI of ESEC is based on B/S, which is easy to use.ESEC network management system aims at reducing repeated and redundant network events. With the help of event correlation technology, ESEC make it, and can monitor network devices, servers and network services.更多还原