In an auditing system using a log, a method has been mainly used, in which an access log is compared with an authority of a user himself, thereby checking whether or not there is an access or an operation to resource beyond the authority of the user. However, even if it is the operation within the authority of the user himself, the operation at an inappropriate timing (for instance, changing a module when a correction module and so on is not updated) is possible. Therefore, there is a problem that it is difficult to detect a malicious crime or an erroneous operation at the time of checking.
To solve the problem, Patent Literature 1 discussed below discloses a method to analyze and audit a log using a usage application workflow and an access log.