An information system is an important infrastructure which supports social infrastructures and corporate activities. A degree of importance of risk management for the information system has increased. Under such a circumstance, importance of a system audit for the information system has increased. In the system audit, for example, collection and analysis of operation information and the like in the information system are sometimes requested as corroboration of proper data management in the information system.
Technologies relating to collection and analysis of such operation information are described in, for example, the Japanese Patent Application Laid-Open No. 2010-108469, and a document entitled “IBM InfoSphere Guardium Data Security”, International Business Machine Corporation, [online], [searched on Nov. 8, 2013], Internet<URL:http://www-01.ibm.com/software/data/guardium/>.
According to a technology described in the Japanese Patent Application Laid-Open No. 2010-108469, a monitoring system collects operation logs on each of computers which serve as a plurality of monitoring targets. Then, the monitoring system compares contents of operation information among the computers. Thus, the monitoring system decides, as peculiar operation information, operation information differing from the operation information collected on other computers.
According to a technology described in the document entitled “IBM InfoSphere Guardium Data Security”, an agent operating at a kernel level on a server to be monitored captures all communication packets generated on the server and transmits the captured packets to a sniffer. The sniffer analyzes the received packets, performs information analysis and accumulation, and takes actions.