The present invention relates to a system wherein a manager gathers log data from agents through a network, and in particular to a log data gathering and management system wherein a manager manages log data existing within the system on the basis of common log data formats.
An operating system (OS) and application programs executed or run on an information processor output various log information therefrom. Several methods for gathering the output log information are known generally. For example, Japanese Patent Application Laid-Open No. Hei 5-250229 discloses a log data gathering technique for detecting error codes in log data upon gathering log data from a plurality of computers to thereby preferentially transmit log data outputted from a computer placed in an error state. Furthermore, Japanese Patent Application Laid-Open No. Hei 5-28008 discloses a log information gathering system for detecting that the number of log information stored in storage means has reached a predetermined number when an information processing system gathers failure logs, and suppressing log registration to thereby prevent important failure information from missing. Moreover, Japanese Patent Application Laid-Open No. Hei 6-111029 discloses a data gathering technique for respectively adding times at which data outputted from low-order terminal equipment have been gathered, to data and transferring same to an upper control device to thereby prevent impairment of a time-sequential relationship between respective data outputted from a plurality of terminals.
In a distributed processing system wherein a plurality of computers are connected to one another through a network and processing is executed or implemented while the computers are communicating with other computers respectively, one user is able to access a plurality of widespread computers and files. Accordingly, the centralization of log data outputted from individual computers to a central computer and the storage of the log data in a database are necessary to analyze the log data to thereby detect an unauthorized access to the computers or files. However, since log data outputted from various system programs or application programs are respectively different in data format from one another, the mere gathering and centralization of the log data outputted from the individual computer programs make it difficult to analyze the log data. Since the times held by the individual computers are not necessarily coincident with one another over all the computers, the times applied to individual log data are generally shifted from each other. It is thus difficult to arrange the intensively-set log data in order of the proper times.