MONITORING DEVICE INFORMATION ANALYZING DEVICE AND METHOD, AND NON-TRANSITORY STORAGE MEDIUM STORING PROGRAM

摘要

A monitoring device information analyzing device calculates a log variation amount from a log variation amount of a monitoring target device h and a log variation amount of the monitoring target device on another day, by referring to a template information storage unit storing a time at which a log message arises, the log message arising in the past, a template that is associated with an ID of the monitoring target device, and a template ID of the template to calculate the log variation amount of the monitoring target device and to obtain the log variation amount of the monitoring target device on the other day at the same time zone; obtains the log variation amount that is to be a sample; executes verification according to a statistical method, and determines the sample as an advance log, if a test statistic is greater than a predetermined threshold value.

主权项

1. A monitoring device information analyzing device that extracts, from log information that is output from a plurality of monitoring target devices, a log such that there is a change in an amount of generation before and after a specific event, the monitoring device information analyzing device comprising:
a log variation amount calculation unit that calculates a log variation amount that is to be a sample from a log variation amount of a monitoring target device h and a log variation amount of the monitoring target device h on another day at a same time zone, by referring to, upon a given target event, the monitoring target device h, time of occurrence and end time of the target event, and a time width (Tpre, Tpos) before and after the target event being provided, a template information storage unit storing a time at which a log message arises, the log message arising in a past, a template that is associated with an ID of the monitoring target device h, and a template ID of the template to calculate the log variation amount of the monitoring target device h and to obtain the log variation amount of the monitoring target device h on the other day at the same time zone; and a verification unit that obtains the log variation amount that is to be the sample, that executes verification according to a statistical method by using the sample, and that determines the sample as an advance log, if a test statistic is greater than a predetermined threshold value.