The invention belongs to the field of network security situation awareness, and particularly relates to a network log information security scene type analysis system and an analysis method thereof. The system comprises a log collection processing system, a distributed storage system, a data processing system and a log analysis system, wherein the log collection processing system is used for collecting log information and arp address table information from an exchanger and transmitting the log information and the arp address table information to the distributed storage system; the distributed storage system is used for storing the log information and the arp address table information; the data processing system is used for obtaining the log information and the arp address table information from the distributed storage system, analyzing the log information and the arp address table information, and realizing violent login security scene analysis operation and network device security scene trend analysis operation; and the log analysis system is used for displaying an analysis situation of the data processing system. According to the system and the method, the analysis on an unknown network device security scene trend of a terminal and the monitoring of violent login are realized, and the network information security can be subjected to risk early warning in time.