The invention discloses a traffic recording method and system based on information extraction. The method comprises following steps of constructing information extraction strategies, wherein different constructing methods are selected according to different conditions; capturing real time traffics; carrying out depth analysis to the real time traffics and TCP and UDP messages, thus obtaining demanded traffic information; carrying out threat detection to the traffic information; querying a corresponding information extraction strategy according to the detection result and the traffic information; selecting a suitable information extraction strategy; carrying information extraction to the real time traffics; and storing the extracted information. Through the method, the problem of too high storage pressure resulted from continuity of the traffics in the conventional traffic recording method is solved.