摘要 |
A log collection unit (110) of a log analysis server (100) collects an application log (211) from a WF server (200), which retains the application log (211) therein, further collects an operation log (511) from an ID control unit (500), through which an operator terminal (400) accesses a business server (600) and which enters operation records in the operation log (511), with each operation record indicating the state of an access to the business server (600), and further collects an access log (611) from the business server (600), which enters access records in the access log (611), with each access record indicating the state of an access to the business server (600). On the basis of the application log (211), the operation log (511), and the access log (611) collected by the log collection unit (110), a log analysis unit (130) determines whether the access state logged in each access record is authorized. |