Secure computer systems can be subject to attacks or attempts at fraudulent entry. In general, one tries to ward off these attacks by establishing log files, for example system log files or network log files, and by running scans on these files for detecting a malfunction or an intrusion. The systems that perform the auditing of log files generally rely on a complicated method that poses problems in the writing, and moreover, the resulting audit is difficult to read. Furthermore, when the intrusion occurs in several successive non-concomitant stages, the system may very well not detect it. In addition, the writing of the audit conditions is not very flexible, not very modifiable, and poses modularity problems. Thus, in most rule-based systems, it is necessary to describe the audit conditions in the form of programs describing the activation of rules conditioned by events; for example, in order to describe an audit condition that specifies a step A, followed a short time later by B, followed a short time later by c, it is necessary to describe queuing rules for step A, which if successful must activate queuing rules for step B, which if successful must activate queuing rules for step C. This way of writing the sequence A, B, C is tedious, and results in errors that are hard to detect with a simple reading. Furthermore, certain known systems require the log files to be scanned several times.