In view of the problem of network security situation awareness and active defense of power information system, this paper introduces the related concepts and technologies of network security situational awareness. In order to monitor network security problems, a network security situation awareness technology based on multi-source logging methods by utilizing big data analysis is proposed. The deployment architecture of situation awareness platform and the idea of active defense model are proposed and applied to the information system environment of a certain electric power company. We deployed network traffic security analyzer in the export of company"s internal and external network. It can acquire and storage the original network traffic in real time. By using the big data visualization analysis tool and rich data display component, the realization of the multidimensional graphical visualization of the analysis results is presented. Through the experimental test, it realizes the real-time monitoring and early warning of the attack event and security situation, and guarantees the safe and stable operation of the company's information system.