With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.