Real-time online log detection method and system

The invention relates to a real-time online log detection method. The real-time online log detection method comprises the steps of 1 converting a whole training log into a discrete event sequence, 2 building a detection model, 3 conducting subsection on a log to be detected to generate at least one log section and allocating a log section sequence for each log section, 4 conducting abnormal degree grading on one log section to obtain a relative entropy, 5 judging whether the relative entropy is a positive value or not, considering the current log section to be abnormal if the relative entropy is the positive value, and executing the step 7; otherwise, considering the current log section to be normal, 6 judging whether the relative entropy is larger than a threshold value or not, and considering the current log section to be abnormal if the relative entropy is larger than the threshold value; otherwise, executing the step 8, 7 sending an abnormal alarm to a user and enabling a program to be detected to return to the state before the log section is detected, and 8 judging whether a log section which is not graded exists in an abnormal log or not, and executing the step 4 if the log section which is not graded exists in the abnormal log; otherwise, finishing the detection. By means of the real-time online log detection method, abnormal states can be detected in real time, complicated parameters are not required to be set, and the real-time online log detection method is simple and effective.