LOG ANALYSIS SYSTEM
First Claim
1. A log analysis system comprising:
- a first processor unit configured to append common information to analysis target information generated by events;
the processor unit being configured to make information granularities uniform based on the contents of the analysis target information and the common information to output analysis unit information; and
a second processor unit configured to integrate the analysis unit information output from the first processor unit to generate detection target event candidates, the second processor unit being configured to determine whether or not the events have at least one specific quality, the events having generated the analysis target information specified by the detection target event candidates.
1 Assignment
0 Petitions
Accused Products
Abstract
A log analysis system includes a first processor unit, a second processor unit, a third processor unit, and a fourth processor unit. The first processor unit normalizes the detection log acquired by an acquirer, allocating the detection log into predefined monitoring target units, and outputs the monitoring target units. The second processor unit appends common information based on a predefined rule to each of the monitoring target units of the detection log output from the first processor unit, arranges the monitoring target units into information granularities based on the content of the detection log and common information, and outputs the monitoring target units as analysis unit information. The third processor unit gathers the analysis unit information output from the second processor unit and setting detection target event candidates based on a predefined rule, and outputs the detection target event candidates and the determination results.
-
Citations
3 Claims
-
1. A log analysis system comprising:
-
a first processor unit configured to append common information to analysis target information generated by events;
the processor unit being configured to make information granularities uniform based on the contents of the analysis target information and the common information to output analysis unit information; anda second processor unit configured to integrate the analysis unit information output from the first processor unit to generate detection target event candidates, the second processor unit being configured to determine whether or not the events have at least one specific quality, the events having generated the analysis target information specified by the detection target event candidates.
-
-
2. A log analysis method performed by one or more computers, the method comprising:
-
appending common information to analysis target information generated by events; making information granularities uniform based on the contents of the analysis target information and the common information to output analysis unit information; integrating the analysis unit information into detection target event candidates; and determining whether or not the events have at least one specific quality, the events having generated the analysis target information specified by the detection target event candidates.
-
-
3. A computer program product comprising one or more computer programs embodied on a non-transitory computer readable medium, the one or more computer programs comprising codes for:
-
appending common information based on a first predefined rule to analysis target information generated by events; making information granularities uniform based on the contents of the analysis target information and the common information to output analysis unit information; integrating the analysis unit information into detection target event candidates; and determining whether or not the events have at least one specific quality, the events having generated the analysis target information specified by the detection target event candidates.
-
Specification