Log policy management device, log policy management method, and log policy management program

The log policy management system addresses the complexity of managing log information formats in cloud systems by using a policy detection unit to set policy information based on service provider and device characteristics, enhancing efficiency and simplifying management.

JP7886360B2Active Publication Date: 2026-07-07OBIC CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
OBIC CO LTD
Filing Date
2024-01-31
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

In cloud systems or data centers with multiple terminal devices, managing the information processing format of log information becomes complex and cumbersome due to varying system control levels and log information types acquired by each terminal device.

Method used

A log policy management system that includes a policy detection unit to identify and set policy information based on a storage unit associated with the service provider, log policy application target, log setting classification, and policy level, simplifying the management of log information processing formats for each terminal device.

Benefits of technology

This system streamlines and simplifies the management of log information processing formats for each terminal device, enabling centralized and efficient policy information application.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007886360000001
    Figure 0007886360000001
  • Figure 0007886360000002
    Figure 0007886360000002
  • Figure 0007886360000003
    Figure 0007886360000003
Patent Text Reader

Abstract

To simplify and facilitate management of information processing formats of log information.SOLUTION: A storage unit in which a determination target that is a provider of a service, a log policy application target to which policy information for controlling acquisition of log information is applied, a log setting classification indicating types of log information to be collected for each log policy application target, a policy level indicating an information processing format of acquired log information, and policy information to be set are associated with each other is referred by a policy detection unit on the basis of the determination target, the log policy application target, the log setting classification, and the policy level to detect policy information corresponding to the determination target, the log policy application target, the log setting classification, and the policy level. A policy setting unit sets the detected policy information to the corresponding log policy application target.SELECTED DRAWING: Figure 1
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to a log policy management device, a log policy management method, and a log policy management program.

Background Art

[0002] Patent Document 1 (Japanese Patent Application Laid-Open No. 2016-130997) discloses an information processing apparatus capable of providing an MFP that can surely execute opening / closing control of ports reflecting a security policy even when an extended AP is installed.

[0003] When installing an extended AP, this information processing apparatus edits policy setting items including existing ones based on the analysis result of port control information regarding the unique ports used by the extended AP. Then, it accepts setting input via the edited policy setting items and generates setting information. By applying a filtering rule to the FW unit according to the setting information, it is possible to maintain security when an extended AP is installed.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] Here, in a so-called cloud system or data center including a plurality of terminal devices, for example, depending on the system control level required by the customers operating these or the process of customer system introduction, the types or patterns of log information acquired by each terminal device are different.

[0006] Therefore, managing the information processing format of log information from each terminal device became complex and cumbersome. This problem becomes more pronounced as the number of terminal devices to be managed increases.

[0007] The present invention has been made in view of the above-mentioned problems, and aims to provide a log policy management device, a log policy management method, and a log policy management program that simplify and facilitate the management of the information processing format of log information for each terminal device. [Means for solving the problem]

[0008] To solve the above-mentioned problems and achieve the objective, the log policy management device according to the present invention includes a policy detection unit that references a storage unit associated with a determination target which is the service provider, a log policy application target which is the target to which policy information controlling the acquisition of log information is applied, a log setting classification which indicates the type of log information to be collected for each log policy application target, a policy level which indicates the information processing form of the acquired log information, and a policy setting unit which detects policy information corresponding to the determination target, log policy application target, log setting classification and policy level, based on the determination target, log policy application target, log setting classification and policy level, and sets the detected policy information to the corresponding log policy application target.

[0009] Furthermore, in order to solve the above-mentioned problems and achieve the objectives, the log policy management method according to the present invention comprises a policy detection step in which a policy detection unit refers to a storage unit associated with a determination target which is the service provider, a log policy application target which is the target to which policy information that controls the acquisition of log information is applied, a log setting classification which indicates the type of log information to be collected for each log policy application target, a policy level which indicates the information processing form of the acquired log information, and a policy information to be set, based on the determination target, log policy application target, log setting classification and policy level, and detects policy information corresponding to the determination target, log policy application target, log setting classification and policy level; and a policy setting step in which a policy setting unit sets the detected policy information to the corresponding log policy application target.

[0010] Furthermore, in order to solve the above-mentioned problems and achieve the objectives, the log policy management program according to the present invention makes a computer function as a policy detection unit that detects policy information corresponding to the determination target, log policy target, log setting classification and policy level, and a policy setting unit that sets the detected policy information to the corresponding log policy target, by referring to a storage unit that associates the determination target, log policy target, log setting classification and policy level, based on the determination target, log policy target, log setting classification and policy level, and a policy setting unit that sets the detected policy information to the corresponding log policy target. [Effects of the Invention]

[0011] This invention makes it possible to simplify and streamline the management of the information processing format of log information for each terminal device. [Brief explanation of the drawing]

[0012] [Figure 1] Figure 1 shows the system configuration of the log policy management system according to the first embodiment. [Figure 2]Figure 2 is a diagram illustrating the configuration of the configuration information management master provided in the log policy management device of the first and second embodiments. [Figure 3] Figure 3 is a diagram illustrating the configuration of the policy master provided in the log policy management device of the first and second embodiments. [Figure 4] Figure 4 shows an overview of the configuration of the setting master provided in the log policy management device of the first and second embodiments. [Figure 5] Figure 5 is a block diagram showing the hardware configuration of the log policy management device provided in the log policy management system of the first embodiment. [Figure 6] Figure 6 shows an example of a configuration information management master provided in the log policy management device of the log policy management system of the first embodiment. [Figure 7] Figure 7 shows an example of a policy master provided in the log policy management device of the log policy management system of the first embodiment. [Figure 8] Figure 8 shows an example of a configuration master provided in the log policy management device of the log policy management system of the first embodiment. [Figure 9] Figure 9 shows a configuration information management master table in the log policy management device of the log policy management system of the first embodiment, in which update flag information is set for each server function that sets policy information. [Figure 10] Figure 10 shows how the log policy management device of the log policy management system of the first embodiment sets policy information corresponding to the operating status for each server function for which update flag information has been set. [Figure 11] Figure 11 shows a configuration information management master table in the log policy management device of the first embodiment, where the update flag information for each server function to which policy information is set has been erased, and the master change history of the server function whose policy information has been changed has been incremented. [Figure 12] FIG. 12 is a diagram showing an example in which the operating status of each server device in the configuration information management master table has changed to another operating status. [Figure 13] FIG. 13 is a diagram showing a state in which new policy information is set for a server device whose operating status has changed to another operating status. [Figure 14] FIG. 14 is a diagram showing an example in which the server role of each server device in the configuration information management master table has changed. [Figure 15] FIG. 15 is a diagram showing an example in which new policy information is set for a server device whose server role has changed. [Figure 16] FIG. 16 is a diagram showing a state in which various information of a newly added server device is added to the configuration information management master table. [Figure 17] FIG. 17 is a diagram showing an example in which policy information corresponding to the operating status is set for a newly added server device. [Figure 18] FIG. 18 is a diagram showing the system configuration of the log policy management system according to the second embodiment. [Figure 19] FIG. 19 is a block diagram showing the hardware configuration of the log policy management device of the log policy management system according to the second embodiment. [Figure 20] FIG. 20 is a diagram showing an example of the configuration information management master table provided in the log policy management device of the log policy management system according to the second embodiment. [Figure 21] FIG. 21 is a diagram showing an example of the policy master table provided in the log policy management device of the log policy management system according to the second embodiment. [Figure 22] FIG. 22 is a diagram showing an example of the setting master table provided in the log policy management device of the log policy management system according to the second embodiment. [Figure 23]Figure 23 shows how policy information corresponding to employee rank is set on each server device by the log policy management device of the log policy management system of the second embodiment. [Figure 24] Figure 24 shows the configuration information management master table in the log policy management device of the second embodiment, where the update flag information for each server device with policy information set has been cleared and the master change history of the server device whose policy information has been changed has been incremented. [Figure 25] Figure 25 shows an example of changing the worker rank in the configuration information management master table. [Figure 26] Figure 26 shows how new policy information is set for the server device of a worker whose worker rank has been changed. [Figure 27] Figure 27 shows an example of changes to the server device's work details in the configuration information management master table. [Figure 28] Figure 28 shows how new policy information has been set for a server device whose work content has been changed. [Figure 29] Figure 29 shows the configuration information management master table with the work details and worker ranks of the newly added server devices added. [Figure 30] Figure 30 shows how policy information corresponding to worker ranks has been set for a newly added server device. [Modes for carrying out the invention]

[0013] A log policy management system, which is an embodiment to which the present invention is applied, will be described in detail below with reference to the drawings. However, the present invention is not limited to the following embodiments.

[0014] [System Overview] Figure 1 is a diagram illustrating the overview of the log policy management system according to this embodiment. As shown in Figure 1, the log policy management system comprises a log policy management device 1 that centrally manages policy information for controlling the acquisition of log information, a configuration terminal device 51 for setting policy information for the log policy management device 1, and log policy targets to which the policy information is applied.

[0015] Figure 1 shows an example where a server function 53, a virtual server function built within the log policy management device 1, is subject to log policy application. The server function 53 loads file data (OS image, disk image) prepared for each virtual server on the host OS (Operating System) server device and programmatically provides services for each company with predetermined roles.

[0016] In addition to this virtual server function, other devices to which policy information can be configured, such as physical server devices, client terminal devices, mobile devices, or IoT (Internet of Things) devices, can also be targeted for log policy application.

[0017] The log policy management device 1 is equipped with a configuration information management master table 11 (or a configuration information management master table 81, which will be described later). As shown in Figure 2, this configuration information management master table 11 stores information such as the policy determination target, environment unit name, log setting classification, policy level, and update flag. The policy determination target is the entity providing the service, and in the first embodiment it will be described as "company name," and in the second embodiment described later it will be described as "worker."

[0018] In the first embodiment, the environmental unit name is the "server name" assigned to the server function of each company that sets the policy information. In the second embodiment, it is the "server name" of the server device operated by the worker.

[0019] The log configuration classification indicates the type of log information to be collected for each target to which the log policy applies. In the first embodiment, this log configuration classification indicates the type of log information to be collected based on the role (server role) provided by each server function 53. That is, in the first embodiment, the roles set as log configuration classifications are "DB: Database function", "AP: Application server function", "WEB: Web server function", "AD (Active Directory®): Active Directory® server function", and "Other (roles)".

[0020] As will be explained later using Figure 8, if server function 53 is "DB: Database Server Function," database log information is collected. If server function 53 is "AP: Application Server Function," unique log information corresponding to the specified application program is collected. If server function 53 is "WEB: Web Server Function," IIS (Internet Information Services) log information is collected. If server function 53 is a server function of "Other (role)," arbitrary log information is collected.

[0021] In contrast, in the second embodiment, the log setting classification is set to log information collected in accordance with the type of work performed by the server device 63, such as "data correction," "file import," "file export," "system shutdown," and "investigation."

[0022] As will be explained later using Figure 22, if the work performed on server device 63 is "data correction," database log information is collected. Also, if the work performed on server device 63 is "file import" or "file export," file access log information is collected. Furthermore, if server device 63 is "system stopped," fault monitoring log information is collected. Also, if the work performed on server device 63 is "investigation," performance log information is collected.

[0023] The policy level is information that indicates the information processing format of the acquired log information. In the first embodiment, it indicates the information processing format of the log information corresponding to the "operating status" of each server function 53, and in the second embodiment, it indicates the information processing format of the log information corresponding to the "worker rank" of the worker operating each server device 63.

[0024] The "update flag" is information set for the server function 53 or server device 63 that configures policy information, and is deleted after the policy information is configured. Further details will be provided later.

[0025] As shown in Figure 3, the policy master table 12 (and the policy master table 82 described later) has a policy number set for each policy level that indicates the information processing format of the policy information. Specifically, in the first embodiment, policy numbers such as "Policy 01" and "Policy 02" are associated with operational status (policy level) such as "Before / After Operation," "Preparation for Operation," or "Failure." In the second embodiment, policy numbers such as "Policy 01" and "Policy 02" are associated with worker rank (policy level) such as "A" and "B."

[0026] As shown in Figure 4, the settings master table 13 (and the settings master table 83 described later) are configured with associated information for each policy number, including log setting classification, log information to be acquired, setting items, and the information processing method of the acquired log information (how the acquired log information is processed = policy information).

[0027] In the first embodiment, "Log setting classification" refers to the function (role; DB, AP, etc.) of each server function 53 described above. "Log information" is information indicating the type of log information acquired by that server function 53. "Setting item" indicates the maximum amount of log information to be acquired (maximum log size (MB)). Furthermore, policy information indicates the information processing method, such as "overwriting" or "archiving (storing in storage unit 2)" the log information acquired after the maximum log size (MB) is reached.

[0028] In contrast, in the second embodiment, "log setting classification" refers to the work performed by each server device 63 as described above (data modification, file import, etc.). "Log information" is information indicating the type of log information acquired by that server device 63. "Setting item" indicates the maximum amount of log information to be acquired (maximum log size (MB)). Furthermore, the policy information indicates the information processing method, such as "overwriting" or "archiving (storing in storage unit 2)" the log information acquired after the maximum log size (MB) is reached.

[0029] Such a log policy management system pre-registers the configuration information to which the log policy applies and the management policy for the log information in a group of masters (configuration information management master tables 11 and 81 in Figure 2, policy master tables 12 and 82 in Figure 3, and setting master tables 13 and 83 in Figure 4).

[0030] Next, the server function 53 (or server device 63) reads the aforementioned master data and applies the policy information to each environment unit. At this time, log policy application targets are selected for those with an update flag of "1," and the policy information application process is executed for the detected environment units using the policy determination target and environment unit name as keys. Similarly, the process of changing the policy information for acquiring log information is also performed for environment units whose policy level or log setting classification has been changed, or for newly added environment units.

[0031] This allows for centralized management of policy information based on operational status or worker rank, and enables simultaneous application to each environmental unit.

[0032] [First Embodiment] The following describes a specific embodiment of such a log policy management system.

[0033] First, the log policy management system described as the first embodiment is an example of centrally managing policy information for each company name (for each policy judgment target) and each server name (for each environment unit).

[0034] (System configuration of the first embodiment) Figure 5 is a block diagram showing the hardware configuration of the log policy management device 1 provided in the log policy management system of the first embodiment. As shown in Figure 5, the log policy management device 1 includes a storage unit 2, a control unit 3, a communication interface unit 4, and an input / output interface unit 5. An input device 6 and an output device 7 are connected to the input / output interface unit 5.

[0035] Furthermore, the log policy management device 1 is equipped with a server function 53, which is a virtual server function, and a firewall function 54.

[0036] For the memory unit 2, a storage device such as ROM (Read Only Memory), RAM (Random Access Memory), HDD (Hard Disk Drive), or SSD (Solid State Drive) can be used.

[0037] A configuration terminal device 51 is connected to the communication interface unit 4 via a private network 50 such as a LAN (Local Area Network).

[0038] The output device 7 can be a display unit such as a monitor device (including a home television), a printing device, or a speaker device. The input device 6 can be a keyboard device, a mouse device, a microphone device, or a monitor device that works in cooperation with a mouse device to provide a pointing device function.

[0039] The storage unit 2 stores a log policy management program that simplifies and streamlines the acquisition and management of log information for each server function 53. The storage unit 2 also contains three storage areas: a configuration information management master table 11, a policy master table 12, and a settings master table 13.

[0040] The server function 53 operates as a virtual server device based on the host OS and predetermined application programs stored in the memory unit 2. It loads file data (OS image or disk image, etc.) prepared for each virtual server and programmatically provides predetermined services to each company.

[0041] As shown in Figure 6, the configuration information management master table 11 located in the storage unit 2 stores company name, server name, server role, operating status, and update flag. The "company name" is the target of the policy judgment mentioned above, and in this example, it is "Company A", "Company B", and "Company C". The server names, which are the environment unit names mentioned above, are "xxx101" and "xxx102" for "Company A", "xxx201", "xxx202", and "xxx203" for "Company B", and "xxx301" for "Company C".

[0042] Furthermore, the server role of server function 53 of "XXX101" in "Company A" is "DB: Database Server Device," and the server role of server function 53 of "XXX102" is "AP: Application Server Device."

[0043] Furthermore, the server role for server function 53 of "XXX201" from "Company B" is "WEB: Web server device". Also, the server roles for server function 53 of "XXX202" from "Company B" are "DB: Database server device", "AP: Application server device", "Web: Web server device", and "AD (Active Directory(registered trademark)): Active Directory(registered trademark) server device". Furthermore, the server role for server function 53 of "XXX203" from "Company B" is "Other".

[0044] Furthermore, the server roles of server function 53 of "C Company's" "xxx301" are "DB: Database Server Device", "WEB: Web Server Device", and "AD (Active Directory(registered trademark)): Active Directory(registered trademark) Server Device".

[0045] Regarding the operational status policy levels mentioned above, "Pre- and Post-Operation" is set for each server function 53 of "XXX101" and "XXX102" of "Company A". Additionally, "Prepared for Operation" is set for each server function 53 of "XXX201", "XXX202", and "XXX203" of "Company B". Furthermore, "Fault" is set for server function 53 of "XXX301" of "Company C".

[0046] The operational status of each company's server function 53 is set from the configuration terminal device 51 to the log policy management device 1. The policy level, "Operational Status," indicates the status of the service introduction and operation process for each company. This operational status is changed collectively for each "Company Name," which is the customer to which the system has been introduced. In addition, the "Operational Status" is updated to "Failure" if a failure in a specific server function of a specific company is known in advance. Furthermore, if the server function causing the failure has not been identified when the failure occurs, the policy level of all server functions may be changed for investigation. This changes the log information acquired, making it possible to identify the server function causing the failure.

[0047] Update flag information is information attached to the server function 53 that sets policy information. The example in Figure 6 shows an example where update flag information of "1" is attached to all server functions 53 from "Company A" to "Company C" (an example in which all server functions 53 are subject to policy information setting).

[0048] As shown in Figure 7, the policy master table 12 has policy numbers set for each operating status. The policy number is used to identify the policy information to be set in the server function 53. Specifically, the policy number "Policy01" is set for the "Preparation for Operation" operating status, and the policy number "Policy02" is set for the "Testing Phase" operating status. In addition, the policy number "Policy03" is set for the "Before and After Operation" operating status, and the policy number "Policy04" is set for the "Stable Operation" operating status. Furthermore, the policy number "Policy05" is set for the "Failure" operating status.

[0049] As shown in Figure 8, the configuration master table 13 stores policy information for each role of each server function 53, including the type of log information to be acquired, the maximum amount of log information to be acquired (maximum log size (MB)), and the information processing method indicated by a policy number, which is performed according to each operating status when the acquired log information reaches the maximum log size (MB).

[0050] Specifically, when the operating status of the "DB: Database Server Device" server function 53 is "Preparing for Operation," if the acquired database log information exceeds, for example, "100MB," it performs information processing to overwrite the previously acquired database log information (information processing method of Policy 01). Also, when the operating status of the "DB: Database Server Device" server function 53 is "Testing Phase," if the acquired database log information exceeds, for example, "500MB," it performs information processing to overwrite the previously acquired database log information (information processing method of Policy 02).

[0051] Furthermore, when the operating status of the "DB: Database Server Device" is "before or after operation," if the acquired database log information exceeds, for example, "1,000 MB," the server function 53 performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 (information processing method of Policy 03). Also, when the operating status of the "DB: Database Server Device" is "stable operation," if the acquired database log information exceeds, for example, "500 MB," the server function 53 performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 (information processing method of Policy 04).

[0052] Furthermore, if the operating status of the "DB: Database Server Device" server function 53 is "failed," and the acquired database log information exceeds, for example, "2,000 MB," it performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 (information processing method of Policy 05).

[0053] Similarly, server function 53 of the "WEB: Web Server Device" acquires "IIS log information (IIS: Internet Information Services)". When the operating status is "Preparation for Operation", if the acquired IIS log information exceeds, for example, "100MB", it performs information processing to overwrite the previously acquired IIS log information (information processing method of Policy01). Also, when the operating status of the "WEB: Web Server Device" is "Testing Phase", if the acquired IIS log information exceeds, for example, "500MB", it performs information processing to overwrite the previously acquired IIS log information (information processing method of Policy02).

[0054] Furthermore, when the operating status of the "WEB: Web Server Device" is "before or after operation," if the acquired IIS log information exceeds, for example, "1,000 MB," the server function 53 performs information processing (archiving) to store the acquired IIS log information in the storage unit 2 (information processing method of Policy 03). Also, when the operating status of the "WEB: Web Server Device" is "stable operation," if the acquired IIS log information exceeds, for example, "500 MB," the server function 53 performs information processing (archiving) to store the acquired IIS log information in the storage unit 2 (information processing method of Policy 04).

[0055] Furthermore, if the operating status of the "WEB: Web Server Device" server function 53 is "failed," and the acquired IIS log information exceeds, for example, "2,000 MB," it performs information processing (archiving) to store the acquired IIS log information in the storage unit 2 (information processing method of Policy 05).

[0056] This log information processing (policy) is set based on the importance of the log information, which changes depending on the operating status. For example, log information generated during the preparation period for server function 53 is of low importance and is managed by overwriting. After server function 53 is operational, the importance of the log information increases as it becomes necessary for verifying any failures that have occurred, so past log information is saved through archiving.

[0057] Furthermore, a particularly large amount of log information is required for analysis before and after operation, and in the event of a failure. For this reason, a large maximum log size is set, and a smaller maximum log size is set after stable operation is complete. Note that the relationship between the server role or log information type and setting items for server function 53 is just an example, and can be set arbitrarily according to the configuration.

[0058] (Functional configuration of the log policy management device) Next, the control unit 3 executes the log policy management program stored in the storage unit 2, and functions as a policy detection unit 22, a policy setting unit 23, an update flag control unit 24, and a change history storage control unit 25, as shown in Figure 5.

[0059] The policy detection unit 22 to the change history storage control unit 25 will be described as being implemented as a software program based on the log policy management program. However, all or part of the policy detection unit 22 to the change history storage control unit 25 may be implemented in hardware. In either case, the same effects as described later can be obtained.

[0060] The policy detection unit 22 refers to the determination target (policy determination target such as company name or worker), the log policy application target (server name) to which policy information controlling the acquisition of log information is applied, the log setting classification (server role or work content) indicating the type of log information to be collected for each log policy application target, the policy level (operating status or worker rank) indicating the information processing format of the acquired log information, and the storage units (configuration information management master table 11 to setting master table 13) associated with the policy information to be set, based on the determination target, log policy application target, log setting classification, and policy level. The policy detection unit 22 then detects the policy information corresponding to the determination target, log policy application target, log setting classification, and policy level.

[0061] The policy setting unit 23 sets the detected policy information to be applied to all corresponding log policies.

[0062] The update flag control unit 24 stores update flag information indicating a change in log setting classification (server role or work content), a change in policy level, or the addition of a new log policy target (server function 53 or server device 63) in the storage unit (configuration information management master table 11), associating it with the log policy target whose log setting classification or policy level has been changed, or the log policy target that has been added.

[0063] In this case, the policy detection unit 22 detects policy information from the storage unit (configuration information management master table 11) for log policy targets to which update flag information has been set. The policy setting unit 23 then sets the policy information detected from the storage unit (configuration information management master table 11 to setting master table 13) for log policy targets to which update flag information has been set.

[0064] Furthermore, in the first embodiment, the log setting classification is the role (server role) to which the log policy applies, and the policy level is the operating status of the target of the log policy (see Figure 6). In this case, the policy detection unit 22 detects policy information corresponding to the role and operating status of the target of the log policy from the storage unit (configuration information management master table 11 to setting master table 13).

[0065] Furthermore, when the role of any log policy target is changed, or when the operating status of any log policy target is changed to another operating status, the update flag control unit 24 sets update flag information for the corresponding log policy target and stores it in the storage unit (configuration information management master table 11).

[0066] Furthermore, after the policy information has been set, the update flag control unit 24 deletes the update flag information to which the log policy applies from the storage unit (configuration information management master table 11).

[0067] The change history storage control unit 25 increments the master change history, which indicates that the policy information in the storage unit (configuration information management master table 11) has been changed, each time a change is made to the policy information.

[0068] Furthermore, policy information is set in the storage unit (configuration information management master table 11 to setting master table 13) via the setting terminal device 51.

[0069] The policy setting unit 23 communicates with each log policy target via a firewall (firewall function 54) that allows only one-way communication from the policy setting unit 23 to each log policy target.

[0070] (Policy information setting operation) Next, the operation for setting policy information for each server function 53 in the log policy management device 1 of the first embodiment will be described.

[0071] First, for the server function 53 that sets the policy information as described above, the update flag control unit 24 adds an update flag of "1" to the configuration information management master table 11 shown in Figure 9. The example in Figure 9 shows an example where an update flag of "1" has been added to all server functions 53 of companies A through C.

[0072] The policy detection unit 22 refers to the policy master table 12 shown in Figure 7 based on the operating status of each server function 53 and detects the policy numbers (Policy01 to Policy05) for each server function 53 for which update flag information has been set.

[0073] Furthermore, the policy detection unit 22 refers to the setting master table 13 shown in Figure 8 based on the server role and policy number of the server function 53 for which the update flag information is set. The policy detection unit 22 then detects policy information indicating the information processing format of the acquired log information, which corresponds to the server role and policy number of the server function 53 for which the update flag information is set.

[0074] The policy setting unit 23 sets the policy information detected by the policy detection unit 22 for the server functions 53 for which update flag information has been set, as shown in Figure 10. In this example, as described above, the update flag information of "1" has been added to all server functions 53. Therefore, as shown in Figure 10, the policy setting unit 23 sets policy information for all server functions 53 that indicates the information processing format of log information according to the operating status and server role of each server function 53.

[0075] Once the policy information is set in this manner, the update flag control unit 24 deletes the update flag information of the server function 53 for which the policy information has been set from the configuration information management master table 11, as shown in Figure 11. The example in Figure 11 shows that the update flag information attached to each server function 53 of companies A through C has been deleted because the policy information setting for all of these server functions 53 has been completed.

[0076] The update flag control unit 24 re-adds update flag information to the server function 53 whose policy information is being changed. Then, the policy setting unit 23 sets policy information corresponding to the current operating status and role for the server function 53 to which the update flag information has been added.

[0077] Furthermore, as shown in Figure 11, the change history storage control unit 25 increments the master change history in the configuration information management master table 11, which indicates that the policy information has been changed, each time the policy information is changed. In this example, since the policy information for each server function 53 is set for the first time, the master change history of "1 (times)" is set for each server function 53. When the policy information is changed, the master change history of that server function 53 is incremented by one by the change history storage control unit 25 to "2 (times)".

[0078] (If the operating status changes to another operating status) Next, as shown in Figure 12(a), the initial operating status of the server function 53 of Company A's "xxx101" was "before / after operation," but this operating status changed to "faulty" via the configuration terminal device 51, as shown in Figure 12(b). Also, as shown in Figure 12(a), the initial operating status of the server function 53 of Company C's "xxx301" was "faulty," but this operating status changed to "stable operation" via the configuration terminal device 51, as shown in Figure 12(b).

[0079] As shown in Figure 12(b), the update flag control unit 24 adds an update flag of "1" to the server function 53 of Company A's "xxx101" and the server function 53 of Company C's "xxx301" whose operating status has been changed.

[0080] The policy detection unit 22 determines that the server role of server function 53 of Company A's "xxx101" is "DB" and that the operating status has changed to "failure". Under these conditions, it refers to the policy master table 12 shown in Figure 7 and the setting master table 13 shown in Figure 8. In this case, the policy detection unit 22 detects "Policy05", which is the policy number for "failure", from the policy master table 12.

[0081] Furthermore, the policy detection unit 22 detects policy information for "Policy05" in the role of "DB" from the setting master table 13 shown in Figure 8, which states, "Set the maximum log size of the database log to 2000MB, and when the amount of acquired database logs (log size) reaches this maximum log size of 2000MB, store (archive) these 2000MB of database logs in the storage unit 2." Then, the policy setting unit 23 sets the detected policy information in the server function 53 of Company A's "xxx101" as shown in Figure 13.

[0082] As a result, in server function 53 of Company A's "xxx101", database log information is processed according to the information processing format of the configured "Policy05" policy information.

[0083] In this way, when previous policy information is changed and set to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company A's "xxx101" by one. In this case, the master change history for the server function 53 of Company A's "xxx101" is incremented from "1 (times)" to "2 (times)".

[0084] Similarly, as shown in Figure 12(b), the server roles of server function 53 of Company C's "xxx301" are "DB", "WEB", and "AD", and the operating status has been changed to "stable operation". Therefore, under these conditions, the policy detection unit 22 refers to the policy master table 12 shown in Figure 7 and the setting master table 13 shown in Figure 8. In this case, the policy detection unit 22 detects "Policy04", which is the policy number for "stable operation", from the policy master table 12.

[0085] Furthermore, the policy detection unit 22 detects policy information for "Policy04" in the roles of "DB," "WEB," and "AD" from the configuration master table 13 shown in Figure 8. In this example, the log information corresponding to the roles of "DB," "WEB," and "AP" is database log information, IIS log information, and product A's proprietary log information.

[0086] Furthermore, regardless of the role, the policy information for "Policy04" is "set the maximum log size for log information to 500MB, and when the amount of acquired log information (log size) reaches this maximum log size of 500MB, store (archive) this 500MB of log information in the storage unit 2." The policy setting unit 23 sets this policy information in the server function 53 of Company C's "xxx301" as shown in Figure 13.

[0087] As a result, in the server function 53 of Company C's "xxx301," database log information, IIS log information, and product A's proprietary log information are processed according to the information processing format of the configured "Policy04" policy information.

[0088] In this way, when previous policy information is changed and set to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company C's "xxx301" by one. In this case, the master change history for the server function 53 of Company C's "xxx301" is incremented from "1 (times)" to "2 (times)".

[0089] (When the server device is assigned a server role) Next, as shown in Figure 14(a), the server role "AP" was set for the server function 53 of Company A's "xxx102". In addition to this "AP" role, let's assume that the server role "WEB" is also set, as shown in Figure 14(b). This setting is performed by an administrator or similar person via the configuration terminal device 51 shown in Figure 1.

[0090] As shown in Figure 14(b), the update flag control unit 24 adds an update flag of "1" to the server function 53 of Company A's "xxx102", which has been newly given the role of a "WEB" server.

[0091] The policy detection unit 22, assuming that the server roles of the server function 53 of Company A's "xxx102" are "AP" and "WEB" and the operating status is "before and after operation", refers to the policy master table 12 shown in Figure 7 and the configuration master table 13 shown in Figure 8 under these conditions. In this case, the policy detection unit 22 detects "Policy03", which is the policy number for "before and after operation", from the policy master table 12. The policy detection unit 22 also detects the policy information for "Policy03" in the roles of "AP" and "WEB". In this example, the log information corresponding to the roles of "AP" and "WEB" is product A's proprietary log information and IIS log information.

[0092] Furthermore, regardless of the role, the policy information for "Policy03" is "set the maximum log size for log information to 1000MB, and when the amount of acquired log information (log size) reaches this maximum log size of 1000MB, store (archive) this 1000MB of log information in the storage unit 2." The policy setting unit 23 sets this policy information in the server function 53 of Company A's "xxx102" as shown in Figure 15.

[0093] As a result, in the server function 53 of Company A's "xxx102", product A's proprietary log information and IIS log information are processed according to the information processing format of the configured "Policy03" policy information.

[0094] In this way, when previous policy information is changed and set to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company A's "xxx102" by one. In this case, the master change history for the server function 53 of Company A's "xxx102" is incremented from "1 (times)" to "2 (times)".

[0095] (If the number of server devices to be managed increases) Next, as shown in Figure 16(a), the server functions 53 managed by the log policy management device 1 in the first embodiment were "6 units," but as shown in Figure 16(b), let's assume that one more server function 53, "xxx401" from company D, has been added.

[0096] When the number of server functions 53 increases, the administrator registers (stores) the company name (Company D), server name (xxx401), server role (DB and AP), and operating status (ready to operate) of the increased server functions 53 in the configuration information management master table 11 via the configuration terminal device 51 shown in Figure 1, as shown in Figure 16(b).

[0097] Furthermore, as shown in Figure 16(b), the update flag control unit 24 adds an update flag of "1" to the increased server function 53 of Company D's "xxx401". This update flag may also be set by the administrator via the configuration terminal device 51.

[0098] Next, the server roles of the increased server function 53 of Company D's "xxx401" are "DB" and "AP," and the operational status is "Ready to operate." Therefore, under these conditions, the policy detection unit 22 refers to the policy master table 12 shown in Figure 7 and the configuration master table 13 shown in Figure 8. In this case, the policy detection unit 22 detects "Policy01," which is the policy number for "Ready to operate," from the policy master table 12. The policy detection unit 22 also detects the policy information for "Policy01" in the roles of "DB" and "AP."

[0099] In this example, the log information corresponding to the roles of "DB" and "AP" is database log information and product A's unique log information. The policy information for "Policy01" is that, regardless of the role, "the maximum log size for each log information is set to 100MB, and each time the amount of acquired log information (log size) reaches the maximum log size of 100MB, the acquired log information is overwritten with new 100MB of log information." The policy setting unit 23 sets this policy information to the server function 53 of D company's "xxx401" which has been added as shown in Figure 17.

[0100] As a result, in the server function 53 of the added "xxx401" from company D, the database log information and product A's unique log information are processed according to the information processing format of the configured "Policy01" policy information.

[0101] In this example, since the policy information is set to the default setting, the change history storage control unit 25 sets the master change history shown in Figure 11 for the increased server function 53 of Company D's "xxx401" to "1 (times)" (it is not incremented).

[0102] (Effects of the first embodiment) In systems equipped with multiple terminal devices, such as so-called cloud systems or data centers, the type of log information acquired and the information processing format differ depending on the level of system control required by the customer operating these systems or the customer's system implementation process. This has resulted in a complex and cumbersome process for acquiring and managing log information for each server function 53. This problem becomes more pronounced as the number of server functions 53 to be managed increases.

[0103] Therefore, the log policy management device 1 of the first embodiment centrally manages policy information indicating the information processing format of log information, which is set for each server function 53 according to the server role provided by the server function 53 and the operating status of the server function 53. Then, this policy information is reflected in each corresponding server function 53 in a single batch according to changes in the operating status, etc.

[0104] This makes it easy and convenient to manage the information processing format of log information in each server function 53, and enables centralized management.

[0105] [Second Embodiment] Next, a log policy management system according to a second embodiment of the present invention will be described. The first embodiment described above was an example in which a virtual server function 53 for each policy determination target (each company) was constructed within the log policy management device 1, and policy information was set for this server function 53. In contrast, the log policy management system of the second embodiment is an example in which the system is configured by connecting the log policy management device to a configuration terminal device and a server device which becomes the environment unit for each policy determination target via the same or multiple different networks, such as the Internet or a LAN (Local Area Network).

[0106] Furthermore, the log policy management device of this second embodiment may be configured to include virtual server functionality, as in the first embodiment described above. In this case as well, the same effects as those described later can be obtained.

[0107] Furthermore, in the description of this second embodiment, the same reference numerals as in the first embodiment are used for parts that perform the same operation as in the first embodiment described above, thereby omitting redundant explanations.

[0108] As shown in Figures 18 and 19, this second embodiment of the log policy management system is configured by interconnecting a configuration terminal device 61, each server device 63, and a log policy management device 70 via the same network 60, such as a LAN. A router device 64, which functions as a firewall, is provided between each server device 63 and the log policy management device 70, as described above.

[0109] As shown in Figure 20, the configuration information management master table 81 has the work content and worker rank set for each server device 63 for employees A to E. Specifically, for server device 63 with the server name "xxx101" for employee A, the work content is set to "data correction". Also, employee A's worker rank is set to "A". Similarly, for server device 63 with the server name "xxx102" for employee B, the work content is set to "file import". Also, employee B's worker rank is set to "B".

[0110] Furthermore, for server device 63 with the server name "xxx201" assigned to employee C, the task "File Retrieval" is set. Employee C's worker rank is set to "C". Also, for server device 63 with the server name "xxx202" assigned to employee D, the task "System Down". Employee D's worker rank is set to "A". Additionally, for server device 63 with the server name "xxx203" assigned to employee E, the tasks "File Import", "File Retrieval", and "Investigation" are set. Employee E's worker rank is set to "C".

[0111] As shown in Figure 21, the policy master table 82 has policy numbers assigned to each worker rank. Specifically, the policy number "Policy01" is assigned to worker rank "A," the policy number "Policy02" is assigned to worker rank "B," and the policy number "Policy03" is assigned to worker rank "C."

[0112] As shown in Figure 22, the configuration master table 83 stores the type of log information to be acquired for each task, the upper limit of the amount of log information to be acquired (maximum log size (MB)), and the information processing method (policy information) indicated by a policy number, which is performed according to each worker rank when the amount of log information to be acquired reaches the maximum log size (MB).

[0113] Specifically, if the server device 63 whose task is "data correction" has a worker's work rank of "A", and the acquired database log information exceeds, for example, "100MB", it will perform information processing to overwrite the previously acquired database log information (Policy01). Also, if the server device 63 whose task is "data correction" has a worker's work rank of "B", and the acquired database log information exceeds, for example, "500MB", it will perform information processing to overwrite the previously acquired database log information (Policy02).

[0114] Furthermore, if the server device 63, whose task is "data correction," has a worker's work rank of "C," and the acquired database log information exceeds, for example, "1,000 MB," it performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 (Policy 03).

[0115] Similarly, server device 63 whose task is "file import" acquires "file access log information". When the worker's work rank is "A", if the acquired file access log information exceeds, for example, "100MB", it performs information processing to overwrite the file access log information acquired up to that point (Policy01). Also, when the worker's work rank is "B", server device 63 whose task is "file import" acquires file access log information exceeds, for example, "500MB", it performs information processing to overwrite the file access log information acquired up to that point (Policy02).

[0116] Furthermore, if the server device 63 for "file import" has a worker's work rank of "C" and the acquired file access log information exceeds, for example, "1,000 MB", it performs information processing (archiving) to store the file access log information acquired up to that point in the storage unit 2 (Policy 03).

[0117] (Functional configuration of the log policy management device) Next, the control unit 3 executes the log policy management program stored in the storage unit 2, and functions as a policy detection unit 42, a policy setting unit 43, an update flag control unit 44, and a change history storage control unit 45, as shown in Figure 19.

[0118] The policy detection unit 42 to the change history storage control unit 45 will be described as being implemented as a software program based on the log policy management program. However, all or part of the policy detection unit 42 to the change history storage control unit 45 may be implemented in hardware. In either case, the same effects as described later can be obtained.

[0119] In this second embodiment, the log setting classification described above is the work content of the log policy target (server device 63), and the policy level is the worker rank of the worker performing the work on the log policy target (see Figure 20).

[0120] The policy detection unit 42 detects policy information corresponding to the work content and worker rank of the log policy target (server device 63) from the storage unit (configuration information management master table 81 in Figure 20, policy master table 82 in Figure 21, and setting master table 83 in Figure 22).

[0121] The update flag control unit 44 sets update flag information for the corresponding log policy target (server device 63) and stores it in the storage unit (configuration information management master table 81 in Figure 20) when the work content is changed for any log policy target (server device 63) or when the worker rank of a worker for any log policy target is changed.

[0122] Furthermore, after the policy information has been set, the update flag control unit 44 deletes the update flag information to which the log policy applies from the storage unit (configuration information management master table 81 in Figure 20).

[0123] The change history storage control unit 45 increments the master change history, which indicates that the policy information in the storage unit (configuration information management master table 81 in Figure 20) has been changed, each time a change is made to the policy information.

[0124] Furthermore, policy information is configured in the storage unit (configuration information management master table 81 to setting master table 83) via the setting terminal device 61 (see Figure 19).

[0125] Furthermore, when an additional log policy target (server device 63) is added, the policy setting unit 43 sets the policy information corresponding to the work content and worker rank of the additional log policy target, which is detected by the policy detection unit 42, to the additional log policy target.

[0126] Furthermore, the policy setting unit 43 communicates with each log policy target (server device 63) via a firewall (router device 64) located between each log policy target and the log policy management device 70, which allows only one-way communication from the log policy management device 70 to each log policy target (server device 63).

[0127] (Policy information setting operation) Next, the operation for setting policy information for each server device 63 in the log policy management device 70 of the second embodiment will be described.

[0128] First, for the server device 63 that sets the policy information as described above, the update flag control unit 44 adds an update flag of "1" to the configuration information management master table 81 shown in Figure 20. The example in Figure 20 shows that the update flag of "1" has been added to all server devices 63 for employees A to E.

[0129] The policy detection unit 42, based on the work content of the server device 63 for which update flag information is set, refers to the configuration information management master table 81 shown in Figure 20 and detects the worker rank of each employee in each server device 63.

[0130] Furthermore, the policy detection unit 42 detects the policy number corresponding to each work rank by referring to the policy master table 82 based on the detected worker rank. Then, the policy detection unit 22 detects the policy information corresponding to the work content of the server device 63 for which update flag information is set and the detected policy number from the setting master table 83 shown in Figure 22.

[0131] The policy setting unit 43 sets the policy information detected by the policy detection unit 42 for the server devices 63 for which update flag information has been set, as shown in Figure 23. The example above is one in which update flag information of "1" has been added to all server devices 63. Therefore, as shown in Figure 23, the policy setting unit 43 sets policy information for all server devices 63 that indicates the information processing format of log information according to the work content and worker rank of each server device 63.

[0132] Once the policy information is set in this manner, the update flag control unit 44 deletes the update flag information of the server device 63 for which the policy information has been set from the configuration information management master table 81, as shown in Figure 24. The example in Figure 24 shows that the update flag information attached to each server device 63 for employees A to E has been deleted because the policy information setting for all of their server devices 63 has been completed.

[0133] The update flag information is added again by the update flag control unit 44 when a change in policy information is required. Then, the policy setting unit 43 sets policy information corresponding to the work content and worker rank of the server device 63 to which the update flag information has been added.

[0134] Furthermore, as shown in Figure 24, the change history storage control unit 45 increments the master change history in the configuration information management master table 81, which indicates that the policy information has been changed, each time the policy information is changed. In this example, since it is the first time that the policy information has been set for each server device 63, the master change history for each server device 63 is set to "1 (times)". The change history storage control unit 45 then increments the master change history by one for the next server device 63 in which the policy information is changed, setting it to "2 (times)".

[0135] (If the worker rank is changed) Next, as shown in Figure 25(a), the worker rank of employee A on server device 63 of "xxx101" was "A," but this worker rank was changed to "B" by an administrator via the configuration terminal device 61, as shown in Figure 25(b). Also, as shown in Figure 25(a), the worker rank of employee C on server device 63 of "xxx201" was "C," but this worker rank was changed to "B" by an administrator via the configuration terminal device 61, as shown in Figure 25(b).

[0136] As shown in Figure 25(b), the update flag control unit 24 adds an update flag of "1" to the server device 63 of employee A's "xxx101" and the server device 63 of employee C's "xxx201" whose worker rank has been changed.

[0137] As shown in Figure 25(b), the policy detection unit 42 checks the policy master table 82 shown in Figure 21 and the setting master table 83 shown in Figure 22 because the worker rank of employee A on the server device 63 of "xxx101" has changed from "A" to "B". In this case, the policy detection unit 42 detects "Policy02", which is the policy number for worker rank "B", from the policy master table 82.

[0138] Furthermore, the policy detection unit 42 detects policy information for "Policy02" in the "Data Correction" work content from the setting master table 83 shown in Figure 22, which states that "the maximum log size of the database log will be set to 500MB, and when the amount of acquired database log information (log size) reaches the maximum log size of 500MB, this 500MB of database log information will be overwritten with past database log information." Then, the policy setting unit 23 sets the detected policy information to the server device 63 of employee A's "xxx101" as shown in Figure 26.

[0139] As a result, on employee A's server device 63, "xxx101", the database log information is processed according to the information processing format of the configured "Policy02" policy information.

[0140] In this way, when the previous policy information is changed to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 24 for employee A's server device 63 for "xxx101" by one. In this case, the master change history for employee A's server device 63 for "xxx101" is incremented from "1 (times)" to "2 (times)".

[0141] Similarly, as shown in Figure 25(b), employee C's worker rank changed from "C" to "B". Therefore, the policy detection unit 42 refers to the policy master table 82 shown in Figure 21 and detects the policy number "Policy02" corresponding to worker rank "B".

[0142] Furthermore, the policy detection unit 42 detects the policy information for "Policy02" in the "file export" operation from the setting master table 83 shown in Figure 22. In this example, the policy information for "Policy02" is "set the maximum log size of file access log information to 500MB, and when the amount of acquired file access log information (log size) reaches this maximum log size of 500MB, overwrite the previous file access log information with this 500MB of file access log information." The policy setting unit 23 sets this policy information on the server device 63 of employee C's "xxx201" as shown in Figure 26.

[0143] As a result, on employee C's server device 63, "xxx201", the file access log information is processed in the information processing format of the policy information "Policy02".

[0144] In this way, when the previous policy information is changed and set to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 24 for employee C's server device 63, "xxx201", by one. In this case, the master change history for employee C's server device 63, "xxx201", is incremented from "1 (times)" to "2 (times)".

[0145] (If additional work is required on the server equipment) Next, as shown in Figure 27(a), the task for employee B's server device 63, "xxx102," was set to "file import," but as shown in Figure 27(b), the task "system shutdown" was added. This setting is performed by an administrator or similar person via the configuration terminal device 61 shown in Figure 18.

[0146] As shown in Figure 27(b), the update flag control unit 24 adds an update flag of "1" to the server device 63 of employee B's "xxx102" for which the task content "system shutdown" has been added.

[0147] The policy detection unit 42 determines that employee B's work on server device 63, "xxx102," is "file import" and "system shutdown," and that the worker rank is "B." Therefore, under these conditions, it refers to the policy master table 82 shown in Figure 21 and the settings master table 83 shown in Figure 22. In this case, the policy detection unit 42 detects "Policy02," the policy number for worker rank B, from the policy master table 82. Furthermore, by referring to the settings master table 83, the policy detection unit 42 detects the policy information for "Policy02" corresponding to each of the work items, "file import" and "system shutdown."

[0148] Regardless of whether the operation is "file import" or "system shutdown," the policy information for "Policy02" is "set the maximum log size for log information to 500MB, and when the amount of acquired log information (log size) reaches this maximum log size of 500MB, this 500MB of log information will overwrite the previous log information." The policy setting unit 23 sets this policy information on the server device 63 of employee B's "xxx102" as shown in Figure 28.

[0149] As a result, in employee B's server device 63, "xxx102", file access log information and fault monitoring log information are processed in the information processing format of the policy information of "Policy02".

[0150] In this way, when the previous policy information is changed to other policy information, the change history storage control unit 25 increments the master change history shown in Figure 24 for employee B's server device 63 for "xxx102" by one. In this case, the master change history for employee B's server device 63 for "xxx102" is incremented from "1 (times)" to "2 (times)".

[0151] (If the number of server devices to be managed increases) Next, let's assume that the number of server devices 63 managed by the log policy management device 1 in the embodiment was "5" as shown in Figure 29(a), but that one more server device 63 belonging to employee F, "xxx301", has been added as shown in Figure 29(b).

[0152] When the number of server devices 63 increases, the administrator registers (stores) the operator (employee F), server name (xxx301), work content (data correction), and operator rank (A) of the increased server device 63 in the configuration information management master table 81 via the configuration terminal device 61 shown in Figure 18, as shown in Figure 29(b).

[0153] Furthermore, as shown in Figure 29(b), the update flag control unit 24 adds an update flag of "1" to the server device 63 of the increased employee F, "xxx301". This update flag may also be set by the administrator via the configuration terminal device 61.

[0154] Next, the work content for the server device 63 of employee F's "xxx301" is "data correction," and the worker rank is "A." Therefore, the policy detection unit 42 refers to the policy master table 82 shown in Figure 21 based on the worker rank of "A" and detects the policy number "Policy01." The policy detection unit 42 also refers to the setting master table 83 shown in Figure 22 based on the work content "data correction" and the policy number "Policy01" and detects the policy information that "the maximum log size of each database log information is set to 100MB, and each time the amount of acquired database log information (log size) reaches the maximum log size of 100MB, the acquired database log information is overwritten with new 100MB of database log information." The policy setting unit 23 sets this policy information on employee F's server device 63 of "xxx301" as shown in Figure 30.

[0155] As a result, on the server device 63 of employee F's "xxx301", the database log information is processed in the information processing format of the configured "Policy01" policy information.

[0156] In this example, the policy information settings are at their default values, so the change history storage control unit 25 will show that the master change history for the server device 63 of the added employee F, "xxx301," as shown in Figure 24, is "1 (times)" (it will not be incremented).

[0157] (Effects of the second embodiment) As is clear from the above explanation, the log policy management system of the second embodiment centrally manages policy information for setting the information processing format of log information according to the worker rank of the worker operating each server device 63 in the log policy management device 70. Then, this policy information is reflected all at once to the server devices 63 whose worker rank has changed.

[0158] This makes it easy and convenient to manage the information processing format of log information for each server device 63, and enables centralized management.

[0159] [Contribution to the United Nations-led Sustainable Development Goals (SDGs)] This invention can contribute to improving operational efficiency and promoting appropriate management decisions by companies, and therefore can contribute to SDGs Goals 8 and 9.

[0160] Furthermore, this invention can contribute to reducing waste and promoting paperless and electronic processes, thereby contributing to SDGs Goals 12, 13, and 15.

[0161] Furthermore, this invention can contribute to strengthening control and governance, and therefore can contribute to achieving the 16 goals of the SDGs.

[0162] [Other embodiments] The present invention can be implemented in various different forms within the scope of the technical idea described in the claims, even in embodiments other than those described above.

[0163] For example, among the processes described in the embodiments, all or part of the processes described as being performed automatically may be performed manually. Alternatively, all or part of the processes described as being performed manually may be performed automatically by known methods or the like.

[0164] Furthermore, unless otherwise specified, the processing procedures, control procedures, specific names, registration data for each process, information including parameters such as search conditions, screen examples, and database configuration shown in the specification or drawings can be arbitrarily changed.

[0165] Furthermore, with respect to log policy management devices 1 and 70, etc., the illustrated components are functional concepts and do not necessarily have to have the physical configuration shown. For example, the processing functions of log policy management devices 1 and 70, particularly those performed by the control unit 3, may be implemented entirely or partially by a program interpreted and executed by the control unit 3 (CPU: Central Processing Unit), or by hardware using wired logic.

[0166] The program is recorded on a non-temporary, computer-readable recording medium containing programmed instructions for the log policy management devices 1 and 70 to execute the processes described in the embodiment, and is mechanically read by the log policy management devices 1 and 70 as needed. In other words, the storage unit 2, such as ROM or HDD, stores a computer program that works in cooperation with the OS (Operating System) to give instructions to the control unit 3 (CPU) and perform various processes. This computer program is loaded into RAM, unpacked, and executed as appropriate by the control unit 3.

[0167] Furthermore, the log policy management programs of the log policy management devices 1 and 70 may be stored on other server devices connected to the log policy management devices 1 and 70 via any network, and may be downloaded and executed in whole or in part as needed.

[0168] Furthermore, the log policy management program for executing the processes described in the embodiment may be stored on a non-temporary computer-readable recording medium, or it may be configured as a program product.

[0169] Here, any "portable physical medium" can be used as the "recording medium," such as memory cards, USB (Universal Serial Bus) memory, SD (Secure Digital) cards, flexible disks, magneto-optical disks, ROMs, EPROMs (Erasable Programmable Read Only Memory), EEPROMs (Registered Trademark) (Electrically Erasable and Programmable Read Only Memory), CD-ROMs (Compact Disk Read Only Memory), MOs (Magneto-Optical Disks), DVDs (Digital Versatile Disks), and Blu-ray (Registered Trademark) Discs.

[0170] Furthermore, "program" refers to a data processing method written in any language or writing method, regardless of whether it is source code or binary code.

[0171] Furthermore, the term "program" is not necessarily limited to a single, monolithic entity, but also includes those that are distributed as multiple modules or libraries, and those that work in cooperation with other programs, such as an operating system, to achieve their functions.

[0172] Furthermore, for the log policy management devices 1 and 70 of the embodiment, known configurations or procedures can be used for the specific configuration, reading procedure, and post-reading installation procedure for reading the recording medium.

[0173] The storage unit 2 is a storage means such as a memory device like RAM or ROM, a fixed disk device like a hard disk, a flexible disk, and an optical disk, and stores various programs, tables, databases, and web page files used for various processing or website provision.

[0174] Furthermore, the log policy management devices 1 and 70 may be composed of known personal computer devices or information processing devices such as workstations, or they may be composed of information processing devices to which any peripheral devices are connected. In addition, the information processing devices may be implemented by implementing software (including programs or data, etc.) that realizes the processing described in the embodiment.

[0175] Furthermore, the specific forms of distribution and integration of the devices are not limited to those shown in the figures, and all or part of them can be configured by functionally or physically distributing or integrating them in any unit according to various additions or functional loads. In other words, the embodiments described above can be selectively implemented by arbitrarily combining the embodiments described above. [Industrial applicability]

[0176] This invention is suitable for applications in industries that manage many terminal devices, such as cloud service businesses and internal systems of companies. [Explanation of symbols]

[0177] 1. Log Policy Management Device 2 Storage section 3. Control Unit 4. Communication Interface Section 5 Input / Output Interface Section 6 Input devices 7 Output device 11 Configuration Information Management Master Table 12. Policy Master Table 13. Configuration Master Table 22 Policy detection unit 23 Policy Settings Section 24 Update Flag Control Unit 25 Change History Storage Control Unit 42 Policy Detection Unit 43 Policy Settings Section 44 Update Flag Control Unit 45 Change History Storage Control Unit 50 Network (LAN) 51 Configuration terminal device 53. Virtual Server Function 54 Firewall Function 60 Network (LAN) 61 Configuration terminal device 63 Server Equipment 64 Router devices 70 Log Policy Management Device 81 Configuration Information Management Master Table 82 Policy Master Table 83. Configuration Master Table

Claims

1. A policy detection unit refers to a storage unit associated with a determination target that is the service provider, a log policy application target to which policy information controlling the acquisition of log information is applied, a log setting classification indicating the type of log information to be collected for each log policy application target, a policy level indicating the information processing method of the acquired log information, and the policy information to be set, based on the determination target, the log policy application target, the log setting classification, and the policy level, and detects the policy information corresponding to the determination target, the log policy application target, the log setting classification, and the policy level. A policy setting unit sets the detected policy information to be applied to the corresponding log policy, A log policy management device having the following features.

2. The system further includes an update flag control unit that stores update flag information indicating a change in the log setting classification, a change in the policy level, or the addition of a new log policy target in the storage unit, in association with the log policy target whose log setting classification or policy level has been changed, or the log policy target that has been added. The policy detection unit detects the policy information from the storage unit for the log policy target to which the update flag information is set, The policy setting unit sets the policy information detected from the storage unit for the log policy target to which the update flag information is set. A log policy management device according to claim 1, characterized by the following:

3. The aforementioned log configuration classification is the role to which the log policy applies, The aforementioned policy level is the operational status of the target to which the log policy applies. The policy detection unit detects the policy information from the storage unit that corresponds to the role and operating status to which the log policy is applied. A log policy management device according to claim 2, characterized by the following:

4. The update flag control unit sets the update flag information for the corresponding log policy target and stores it in the storage unit when the role of any of the log policy target is changed, or when the operating status of any of the log policy target is changed to another operating status. A log policy management device according to claim 3, characterized by the following:

5. The update flag control unit deletes the update flag information to which the log policy applies from the storage unit after the policy information has been set. A log policy management device according to claim 4, characterized by the following:

6. The system further includes a change history storage control unit that increments a master change history indicating that the policy information in the storage unit has been changed each time the policy information is changed. A log policy management device according to claim 5, characterized by the following:

7. The storage unit is configured to receive the policy information via a configuration terminal device. A log policy management device according to claim 6, characterized by the following:

8. The policy setting unit communicates with each log policy target via a firewall that allows only one-way communication from the policy setting unit to each log policy target. A log policy management device according to any one of claims 1 to 7, characterized by the above.

9. The aforementioned log setting classification is the type of work to which the log policy applies. The aforementioned policy level is the worker rank of the worker performing the work to which the log policy applies. The policy detection unit detects the policy information from the storage unit that corresponds to the work content and worker rank to which the log policy is applied. A log policy management device according to claim 2, characterized by the following:

10. The update flag control unit sets the update flag information for the corresponding log policy target and stores it in the storage unit when the work content is changed for any of the log policy target targets, or when the worker rank of any of the log policy target targets is changed. A log policy management device according to claim 9, characterized by the following:

11. The update flag control unit deletes the update flag information to which the log policy applies from the storage unit after the policy information has been set. A log policy management device according to claim 10, characterized by the above.

12. The system further includes a change history storage control unit that increments a master change history indicating that the policy information in the storage unit has been changed each time the policy information is changed. A log policy management device according to claim 11, characterized by the following:

13. The storage unit is configured to receive the policy information via a configuration terminal device. A log policy management device according to claim 12, characterized by the above.

14. The policy setting unit, when an additional log policy target is added, sets the policy information corresponding to the work content and worker rank of the additional log policy target, as detected by the policy detection unit, to the additional log policy target. A log policy management device according to claim 13, characterized by the above.

15. The policy setting unit communicates with each log policy target via a firewall provided between each log policy target and the log policy management device, which allows only one-way communication from the log policy management device to each log policy target. A log policy management device according to any one of claims 9 to 14, characterized by the above.

16. A policy detection step in which a policy detection unit refers to a storage unit associated with a determination target which is the service provider, a log policy application target which is subject to policy information that controls the acquisition of log information, a log setting classification which indicates the type of log information to be collected for each log policy application target, a policy level which indicates the information processing form of the acquired log information, and the policy information to be set, based on the determination target, the log policy application target, the log setting classification and the policy level, and detects the policy information corresponding to the determination target, the log policy application target, the log setting classification and the policy level, The policy setting unit performs a policy setting step in which it sets the detected policy information as the target to which the corresponding log policy applies. A log policy management method having the following characteristics.

17. Computers, A policy detection unit refers to a storage unit associated with a determination target that is the service provider, a log policy application target to which policy information controlling the acquisition of log information is applied, a log setting classification indicating the type of log information to be collected for each log policy application target, a policy level indicating the information processing method of the acquired log information, and the policy information to be set, based on the determination target, the log policy application target, the log setting classification, and the policy level, and detects the policy information corresponding to the determination target, the log policy application target, the log setting classification, and the policy level. The detected policy information is configured to function as a policy setting unit for setting the corresponding log policy to be applied to. A log policy management program characterized by [features].