NETWORK SYSTEM EQUIPPED WITH SECURITY MONITORING FUNCTION, LOG DATA ANALYSIS TERMINAL AND INFORMATION TERMINAL

摘要

PROBLEM TO BE SOLVED: To provide a network system for detecting a security incident in which a manager can easily perform audit by relating an event log detected and collected by a sensor with a system call log recorded by each communication terminal. SOLUTION: A log data analysis terminal 1 is provided with: a collector 10 which collects an event detected by a network sensor 20 and a host sensor 30; a console 11 which displays the event log; and a data analysis agent 13 having an incident analysis function for analyzing an event. A server 3 and a communication terminal 4 are respectively provided with system call holding parts 31 and 41 which record information related with the system call into DB 35 and 45 and information retrieving agents 33 and 43 which retrieve information in the DB35 and 45. COPYRIGHT: (C)2005,JPO&NCIPI