The invention provides a network behavior information processing method, a log transmitting method, a network behavior information processing device and a system, wherein the network behavior information processing method comprises the steps of acquiring an operation log of a monitored host device, wherein the operation log comprises a non-encrypted protocol data packet; performing preprocessing on the operation log according to a protocol type, extracting an operation instruction which corresponds with the operation log; and filtering the operation instruction based on a preset alarm role, thereby determining the operation instruction which accords with the preset alarm role. In the network behavior information processing method, the instruction which is carried in a UNIX-type host is utilized; specific data packet acquisition is performed on a preset port; furthermore the acquired data packet is automatically stored as a log file; the log file is transmitted to a Syslog process; the Syslog transmits the operation log in a quasi-real time mode; and furthermore the processing method processes the non-encrypted protocol log and determines the alarm operation. The network behavior information processing method, the log transmitting method, the network behavior information processing device and the system settle problems of data mis-deletion, data destruction, data leakage, etc. caused by on-Internet illegal operation or valid violation operation in an Internet data center (IDC).