摘要 |
PROBLEM TO BE SOLVED: To perform intrusion suspicion level determination on the basis of filter policy and configuration information in a plurality of sites, and to easily perform central analysis of log information by a log analysis means. SOLUTION: Each the site that is a monitoring target has: a log filter policy storage means storing the log filter policy for filtering the log information stored in an intrusion detection means; a configuration information storage means storing the configuration information inside the site; an illegal intrusion suspicion level determination means comparing the log filter policy stored in the log filter policy storage means, the configuration information stored in a configuration information setting means, and the log information stored by the intrusion detection means to determine an illegal intrusion suspicion level; and a log information transfer means arranging the log information having the illegal intrusion suspicion level determined by the illegal intrusion suspicion level determination means of a prescribed level or above in each the illegal intrusion suspicion level, adding site identification information, and transferring it to the log analysis means. COPYRIGHT: (C)2005,JPO&NCIPI |