Abstract: The logs of network devices, network security devices, and business application systems are an important data resource for troubleshooting equipment and system failures in network operations and maintenance. However, a large amount of log data is stored in different devices in a decentralized manner, which makes it difficult to view and use, and it is difficult to meet the requirements of quickly identifying, locating, and solving problems in network operation and maintenance. Therefore, in order to improve the network operation and maintenance capabilities of business personnel, it is necessary to build a unified log collection, storage, and processing system. This article introduces a log system built with ELK open source components, which has been applied in the earthquake industry network to achieve real-time collection, storage, processing, and display of logs from business systems, security devices, and network devices in the seismological industry network. The implementation details are elaborated in detail, providing a typical demonstration for the promotion and application of this architecture.