A monitoring and early warning platform for campus network based on log analysis is designed and implemented. The open source software of rsyslog is used to collect log information of campus network device or * nix system, and store in mysql database in real time. Log information is analyzed and processed based on Apriori algorithm to monitor potential attacks dynamically. Once dangerous behavior is found, the platform can automatically deploy access control list (ACL), and promptly issue a warning notice to administrators to deal with in advance. Platform provides a valuable reference for security management of the campus network.