The invention discloses a log audit subsystem applied to a cloud audit system. The subsystem includes a log collection server and a log analysis processing engine. The log collection server also includes a log collection module, a log cache module and a log distribution module. The log analysis processing engine also includes a log standardization module, a log index module, a log correlation analysis module and a log data reporting module. The log collection server is responsible for collecting, caching and distributing log data from various sources. The log analysis processing engine is responsible for carrying out standardization, correlation analysis and persistent storage on collected logs. The log analysis processing engine carries out correlation analysis on the logs, then carries out changing storage on the logs to an externally connected audit data center subsystem, standardizes the logs, and adopts flow-type computing technology such as storm for concurrent processing to support distributed deployment.