1. Field of the Invention
The present invention relates generally to a storage apparatus and a setting/management method for the storage apparatus, and particularly to a storage apparatus management technique using setting/modification log information for a storage apparatus.
2. Description of Related Art
In recent years, the need for security management for computer systems has become obvious. Accordingly, in current computer system management, information about setting/modification operations for a system configuration is collected and stored as operation history information (log information) so that a system administrator can browse and manage such log information.
JP-A-2006-185386 (Patent Document 1) discloses a storage system that can collectively manage the above described log information Patent Document 1 proposes a technique of collectively managing log information relating to modification in a storage system configuration that can divide up a storage area and manage the resulting divided storage areas.
In order to securely and smoothly manage a storage system, all operation logs relating to setting/modification of the system configuration have to be collected. Although mere monitoring or audit of the system conditions has conventionally been conducted by collecting all operation logs relating to setting/modification of the system configuration and using the logs, no techniques for utilizing those logs more effectively have been proposed.
Moreover, because of the higher need for information security for computer systems, higher-level security is also required for storage systems. The conventional security technique in which user access is authenticated by using a user ID and password can exclude unauthorized access to the system. However, once authenticated, the authenticated user can freely operate the system. Accordingly, even if an unauthenticated or inappropriate operation takes place, such operation cannot be restricted. A technique of restricting access to important files or similar by setting an access level for each user is also well known, but the technique cannot restrict user's behavior from a perspective of setting/modification operations.
Furthermore, because of advanced functions in the current storage systems, the storage system is becoming complicated in configuration and larger in capacity. Therefore, a system administrator has to set a huge number of complicated items when modifying the system configuration, and thus the setting operations require a long time and much trouble.
Furthermore, the complicated configuration and large volume in storage systems lead to an increase in the number of setting items and operation targets, and in management information that is to be collected and stored, such as operation log information, performance log information, and failure information. Therefore, it is becoming more and more difficult to understand the state of a storage system based on collected management information.