1. Field of the Invention
The present invention relates to a technique for managing logs recorded in relay computers in a network system where computers belonging to various different networks perform communications with one another through a communication path via multiple relay computers.
2. Description of Related Art
Logs have hitherto been used to ascertain a communication status in a client/server system. For example, in the communication between a telnet client and a telnetd server of the UNIX system, a user ID which generates a connection, a connection start time, the name of a client computer in which a telnet client is started, etc. are recorded as a log in a server computer in which the telnetd server is started. Therefore, a network administrator can ascertain who accesses the server computer by referring to this log.
Further, when some problem occurs during communication, the nature of the problem can be output to the log, and further the cause of the problem can be specified by using this function.
The following methods exist as a method of grasping the communication status with no log;
(1) Notification of a communication problem which is defined by X.25 in the same network,
(2) Notification of a problematic computer in a network management based on SNMP, etc.
Recently, the client/server system in an open network has been more and more widespread as the internet, etc. propagates. In the open network, a firewall is usually set up to ensure security of an internal network from an unauthorized access from external ones.
The firewall is actually realized by a relay computer having a firewall function, and the communication between the client and the server is performed via a relay computer having the firewall function.
Recently, in order to perform careful security management, multiple relay computers each of which has the firewall function are interposed in a communication path between the client and the server, and thus the client/server system is being developed into a system in which multiple computers work in cooperation with one another.
In a relay computer having the firewall function, a user who uses the relay computer, a connection start time, the name of a client computer, etc. are recorded in the log of the relay computer to check the usage status of the network system. Therefore, when some problem occurs during communication between the client and the server, the network administrator refers to the log recorded by the relay computer to specify the location at which the problem occurs and the cause of the problem.
However, when multiple relay computers are disposed in the communication path between the client and the server, in order to specify the problematic location and the problem cause, the network administrator must visit the relay computers one by one to check all the logs recorded by the respective apparatuses, and thus the logs which are dispersively recorded in the relay computers cannot be checked at one place.