1. Field of the Invention
The present invention relates to a technique for managing logs recorded in relay computers in a network system where computers belonging to various different networks perform communications with one another through a communication path via multiple relay computers.
2. Description of Related Art
Logs have hitherto been used to ascertain a communication status in a client/server system. For example, in the communication between a telnet client and a telnetd server of the UNIX system, a user ID which generates a connection, a connection start time, the name of a client computer in which a telnet client is started, etc. are recorded as a log in a server computer in which the telnetd server is started. Therefore, a network administrator can ascertain who accesses the server computer by referring to this log.
Further, when some problem occurs during communication, the nature of the problem can be output to the log, and further the cause of the problem can be specified by using this function.
The following methods exist as a method of grasping the communication status with no log;
(1) Notification of a communication problem which is defined by X.25 in the same network,
(2) Notification of a problematic computer in a network management based on SNMP, etc.
Recently, the client/server system in an open network has been more and more widespread as the internet, etc. propagates. In the open network, a firewall is usually set up to ensure security of an internal network from an unauthorized access from external ones.
The firewall is actually realized by a relay computer having a firewall function, and the communication between the client and the server is performed via a relay computer having the firewall function.
Recently, in order to perform careful security management, multiple relay computers each of which has the firewall function are interposed in a communication path between the client and the server, and thus the client/server system is being developed into a system in which multiple computers work in cooperation with one another.
In a relay computer having the firewall function, a user who uses the relay computer, a connection start time, the name of a client computer, etc. are recorded in the log of the relay computer to check the usage status of the network system. Therefore, when some problem occurs during communication between the client and the server, the network administrator refers to the log recorded by the relay computer to specify the location at which the problem occurs and the cause of the problem.
However, when multiple relay computers are disposed in the communication path between the client and the server, in order to specify the problematic location and the problem cause, the network administrator must visit the relay computers one by one to check all the logs recorded by the respective apparatuses, and thus the logs which are dispersively recorded in the relay computers cannot be checked at one place.
According to an object of the present invention, in such a network system where two computers belonging to different networks communicate with each other through a communication path via multiple relay computers, the multiple relay computers on the communication path work in cooperation with one another so that logs which are dispersively recorded in these relay computers can be collectively managed by one management apparatus.
In order to attain the above object, the present invention includes a network system with a function of collectively managing dispersive logs which includes multiple networks having relay computers and computers, and a network comprising the relay computers which are connected to one another, the communication between the computers which belong to different networks being performed via multiple relay computers, characterized by further including a management computer comprising:
means for receiving a log-check instruction, means for transmitting request information of the log check to a relay computer belonging to the same network as the computer concerned; and means for receiving result information of the log check and means for outputting the result information, wherein each of the relay computers comprises log recording means for recording log information on a communication relayed by the relay computer and identifier information for identifying the communication while associating the log information and identifier information with each other, log check means for searching the log information corresponding to the request information of the log check which is received from the management computer or another relay computer and generating the result information of the log check, request information transmitting means for transmitting the request information of the log check to another relay computer, and means for transmitting the result information thus generated and the result information received from the other relay computer to a relay computer or a management computer which is a request origin.
According to the present invention, when request information of the log check is sent from the management computer, log information of the desired communication within the communication being conducted among the entire network being connected via the relay computers will all be collected at the management computer. Accordingly, by inputting log-check instruction to the management computer, a network administrator can manage log information which are dispersively managed at a plurality of relay device.
In the present invention, the management computer is disposed to belong to any of the network.
Further, the request information of the log check is successively transferred among all the relay computers which relay the communication corresponding to the request information, and the result information of the log check is successively accumulated and transferred in the direction opposite to the transfer direction of the request information.
Further, each of the client computers comprises means for generating the identifier information for identifying a communication on a communication path when the computerstablishes the communication path with another computer belonging to a network to which the computer concerned does not belong, and means for transmitting the identifier information to a relay computer which establishes a communication path with the computer concerned, and wherein the relay computer includes means for transmitting the identifier information received from the client computer or another relay computer to another relay computer which establishes a communication path with the relay computer concerned.
Further, the identifier information transmitted from the computer is generated so as to contain at least one of an identifier for a user of the computer concerned, the name of an application program which is started by the user, the date and time at which the communication path is established, the address of the network of the computer concerned and a process identifier which is added at the start time of the application program.
Further, the request information transfer means of the relay computer transmits the identifier information corresponding to the received request information as request information of log check, and the log check means of the relay computer searches the log information on the basis of the identifier information when the identifier information is received as the request information of the log management.
Further, the request information transmitting means of the relay computer judges on the basis of the storage content of the log recording means whether there is a relay computer to which the request information should be transmitted.