摘要 |
PURPOSE: A log analyzing method and system are provided to ferret out an intruder illegally intruded in an actual network and easily sense a misuse and an abnormal condition. CONSTITUTION: A log analysis target object(1) includes a network equipment or a security system. A log analysis server(100) analyzes a content of log files received from the log analysis target object(1). A log analysis database(150) stores information on the log files received from the log analysis target object(1). An optical recording medium recording unit(170) records an original log in an optical recording medium and makes a backup of it. Clients(2-1,2-2,2-3) and the log analysis server(100) are connected to a server(200) of a log analysis system provider of a remote place through the Internet(15). A rule set database(250) is provided in the server(200). The clients(2-1,2-2,2-3) and the log analysis server(100) are periodically updated with the latest check pattern from the server(200) or receives the latest check pattern from the server(200) upon request.
|