摘要 |
<p>A system and method are provided for analyzing audit log data. Text strings from a plurality of devices are stored in a log database, each of the text strings being indicative of an audit event in the respective device. At least a portion of the text strings are retrieved from the log database and the retrieved text strings are parsed according to pre-defined parsing rules. Each of the retrieved text strings is mapped to a respective audit event. The retrieved text strings are mapped based on the respective audit event. Representations of the filtered text strings are displayed on a grid using color-coded areas. The horizontal axis of the grid represents a first time scale and the vertical axis of the grid represents a second time scale different from the first time scale.</p> |