The invention discloses a method for collecting and synchronizing multi-source network security events. In an existing collection process of the multi-source network security events, the local times of the devices are not synchronous. The method comprises the following steps: 1) collecting the multi-source network security events: an event collection terminal collects the events generated by network security devices in real time and stores the events in an ehaache cache framework; 2) synchronous check of event source times: each event source is synchronized with the time of a server as the reference; 3) calling a RMI mechanism by a node in the ehaache cache framework in a remote method to perform event synchronization with the other nodes in the ehaache cache framework; and 4) reading event information from the ehaache cache framework by the server in real time, and processing the event information. According to the method disclosed by the invention, the time differences of the devices and the server are obtained accurately in real time by sending synchronous data packets, and calculating the network delay and a local time difference, and thus the method has the advantages of easy implementation and accurate synchronization.