| 摘要 |
<p>PROBLEM TO BE SOLVED: To easily detect the sign of a specific event in a monitoring target system.SOLUTION: A monitoring device 300 includes a message log storage part 310, an analysis part 330 and a collation part 350. The message log storage part 310 stores the log of the input message of a monitoring target system which performs predetermined processing to an input message. The analysis part 330 generates collation definitions indicating the features of the input message in a period prior to a period when a predetermined event occurs in the monitoring target system on the basis of the log. The collation part 350 compares the features of the input message of the monitoring target system in a new period with the collation definitions, and determines the presence/absence of the sign of the predetermined event in the monitoring target system.</p> |
