There is a technology of determining whether or not a file to which a process that is being executed by a computer refers or which the process updates is a specific type.
For example, in a task of collecting logs that are output by an application process that is executed in an application server or the like, there are cases in which, a file, among a large number of files that are output by the application process, which is considered as a log, is desired to be specified. A log is important information in performing an investigation of a cause when a problem has occurred in an application and, in recent years, as the interest in internal control increases, the importance of collecting logs that are output by an application has increased.
In a task of collecting logs, an output destination (a full path including a file name), a format, a collection destination (a save location for extracted contents), or the like of a log is specified in a collection tool (a product, such as Fluentd, Splunk, or the like). In this case, when there is no change in the output destination of the log or the like, the above-described specification may be performed only once at the beginning but, when a system configuration is changed due to an addition or a modification of an application, a change is made to the output destination or the like of the log and the specification is performed again each time a change is made. Examples of applications include, for example, an open source (OSS), a middleware, a business application, or the like and, in the current situation, the frequency of the occurrence of an addition or a modification of such an application is high, and the system configuration is changed from day to day.
For specification of the output destination or the like of a log, an administrator performs setting with understanding of the specifications of an application, and therefore, in an environment in which a system configuration is changed from day to day, the output destination or the like of the log is frequently checked, and this causes a burden of the system administrator. Therefore, it is desired that files that are output by an application are automatically monitored and a file that is considered as a log is automatically specified.
FIG. 1 is a diagram illustrating an example of monitoring of a file that is output by an application according to related art and illustrates an example in which files of a plurality of app processes (application processes) are monitored by a single monitoring process. In this case, the monitoring process checks files one by one from a file list of each app process and determines, if a character string, such as “log” or the like, is included in a file name or an extension, that a file is a log.
FIG. 2 is a diagram illustrating another example of monitoring of a file that is output by an applicant according to related art and illustrates an example in which each of files of app processes is monitored by the corresponding one of monitoring processes. In this case, each monitoring process checks files one by one from a file list of the corresponding app process and determines, if a character string, such as “log” or the like, is included in a file name or an extension, that a file is a log.
Japanese Laid-open Patent Publication No. 2013-191012 discusses a computer log collecting system which collects logs that are output by an application. In this case, determination on whether or not a file is a log is sequentially performed on all files that exist in an application storage area.