This invention relates to a storage system used for a computer system, and more particularly to a log management technique for a storage system.
Recent advances of network technology have been introducing computer systems connected to networks in various environments such as companies, schools, and homes. In companies and schools, a group of computers installed in an organization are connected to a network to allow information sharing among the computers, and each computer is connected to the Internet to transmit information. The trend dramatically increases an information amount processed in systems. To adapt to the increasing information amount in circulation, capacities of storage systems used by users are also increasing rapidly.
In the above-mentioned situation where widespread network systems have made it common to use the storage systems connected to networks, the improvement of security in a storage system becomes increasingly important.
In recent years, thefts and corruptions of information have occurred due to unauthorized intrusions into network systems, while even government and municipal offices or companies have suffered damage from unauthorized access to tamper with their Websites.
Such security issues involve a method of exploit security holes to attack an operating system or software via computer network. In addition, there is a fear that unauthorized access to a storage system may cause data stored in the storage system to be read, deleted, or altered in structure.
For example, JP 2002-111667 A discloses one of security countermeasures to such unauthorized access, in which a log is maintained in order to detect and monitor unauthorized operation. In addition, the maintained log is stored for later use as an inspection record upon occurrence of any problems or failures.
Further, the security evaluation standard ISO/IEC 17799 stipulates that log collection is recommended in order to facilitate the procedure for handling failures or security-related issues upon the occurrence thereof. Further, various laws and regulations are beginning to stipulate that a log be obtained from an information system, and the obtained log be stored for a long term. Furthermore, when an information system failure results in a serious accident or incident, it is necessary to use a log as an evidence for diagnosing the cause thereof.
By storing manipulation records and operation records of an information system, such a diagnosis is possible as to whether the cause of failure is attributed to a certain action of a device in the information system or a certain operation during unauthorized access. Therefore, the log is significant information in terms of running the information system.
Meanwhile, a storage system have adopted a method of keeping a record of access from hosts as an access log. When a storage usage of the access log reaches an upper limit, older records of the access log are overwritten by newer records thereof to be deleted in order.