The present invention relates to a method for monitoring a computer system, and more particularly to a technology for handling a computer log.
Conventionally, methods for transferring various types of computer logs over a network for monitoring on another computer have been widely used. However, most of those methods transfer all logs, increasing the network load and sometimes developing a problem especially when the amount of log data produced by the sending computers exceeds the network transfer capacity. The processing load of the receiving computer also increases because it must analyze a large amount of log information. To solve this problem, some operating systems add a priority to each log message. This added information specifies whether to discard messages, whether to record messages in log files, or whether to transfer messages to another computer.
As described above, the conventional methods extract and transfer logs which are assumed to be important based on the criteria determined only by the log outputting computers. Thus, the load on the network or on the log receiving computer is not always reduced because whether or not logs are important are determined based on the criteria of the log outputting computers. In addition, a log message, once considered not very important by log outputting computers, is not sent to the monitoring computer which might consider the log message very important.
Furthermore, administrators must associate log messages sent from one computer with those sent from another computer or obtain more detailed information on the logs depending upon the output log.
Some conventional methods also indicate the importance of output information by color change although the color changes based only on the importance determined by the corresponding host.
Conventionally, log information has been written directly to non-volatile storage. Log information is also written via a network to non-volatile which is usually remote non-volatile storage.
However, generated operation history data may change or may be altered while it is sent to non-volatile storage, while it is processed in the computer, or while it is stored in main storage or non-volatile storage. In conventional methods, these changes and alterations cannot be detected. Therefore, the validity of log information, when read from non-volatile storage where it has been saved, can be guaranteed, nor the changed or altered log information can be restored to the original log information even if the change or alteration is detected.