A method and system for auditing the network access behavior of the user

The invention discloses a method and system for realizing the auditing for the user access of network, create the time and address index for NAT log in advance, and create the time index for the dynamic host configuration protocol DHCP log, when the queried conditions are the time for the user accessing the network, and user external network IP address and/or NAT port, the method includes: according to the time for user accessing the network, user's external network IP address and/or NAT port, through the time and address index of NAT log, query the relevant record with the internal network IP address from the log; through the time index of the DHCP log, query the relevant category with MAC address from the DHCP log; according to the MAC address and time, query the relevant user information from AAA log, and audit the user's accessing of network according to the user information. The invention comprehensively utilizes the NAT system log, DHCP server system log and AAA system log, thus realizes the audit feasibility and traceability of the user's information on accessing of network, thus improves the manageability and safety of network.