JP2003216457A - Error log collecting and analyzing agent system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To resolve a problem when a plurality of products are related to a work system and work of sequentially specifying a fault cause from a point of trouble in a whole of the work system is difficult since log files per each product have to be tracked. <P>SOLUTION: The error log collecting and analyzing agent system is characterized by that it collects pieces of log information outputted by products of a plurality of vendors at the point of trouble, it organizes the pieces of log information in time sequence in accordance with a reference of importance of the whole of the work system and not by importance determined per each product, and it generates an essential cause of the trouble and its countermeasure as a report. By the feature, when there is trouble in the work system, not only the recognizable trouble of the system but also it essential cause is specified, and MTTR is shortened. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention collects and analyzes log information during normal operation or when a failure occurs in a computer system composed of a single or a plurality of application products to determine the cause of the failure. The present invention relates to a fault information notification system that notifies a system administrator of a countermeasure method.

[0002]

2. Description of the Related Art Normally, when developing computer software for medium to large-scale business systems, it is rare to develop all application products in-house. In many cases, one business system is constructed by combining several products provided by existing vendors. When operating a system constructed with products from multiple vendors in this way, it is necessary to confirm whether the entire system is operating normally and whether each product of each vendor is operating normally by registering it in the database. This was done by judging the data consistency and analyzing the contents of the log file output by each system. Of these, the log file contents often have different formats depending on each vendor, and when a failure occurs, it is necessary to check the error location for each product and combine them to estimate the cause of the failure, which requires a lot of time. Was. Furthermore, since the importance of the message output to the log file depends on the importance determined for each product, if the importance of the product alone is low, the important message may be missed by the entire system. As a method for supporting the analysis of the log file, Japanese Patent Laid-Open No. 9-321728 discloses a technique of extracting only log recording time information from the log information and creating a recording time index.

[0003]

The technique of the above-mentioned known example is said to have the effect of enabling the maintenance personnel to efficiently search for log information necessary for performing isolation and analysis when a failure occurs. However, although it is possible to efficiently search for log information based on a specific time, if multiple products are related to the business system, the log file for each product must be traced, so
It is considered difficult to sequentially identify the cause of a failure in the entire business system from the time of failure occurrence. Moreover, even if the cause of the error is identified, only the administrator who is familiar with the system can work in order to consider the actual countermeasures from it, so the recovery work in the absence of the administrator takes a lot of time. , There is a problem. The object of the present invention is to solve the above-mentioned problems of the prior art, which are particularly expected to occur in a business system constructed by combining a plurality of products, and to solve MTTR (Mean Time To) when a failure occurs.
Repair: improving the maintenance efficiency of the system by shortening the time taken from service stop due to a failure to service recovery.

[0004]

In order to solve the above problems, an error log collection / analysis agent system at the time of failure according to the present invention collects log information output by products of a plurality of vendors at the time of failure and Organized in chronological order,
The feature is that the log information is organized according to the standard of the importance of the business system as a whole, not the importance determined for each product, and the essential cause of the occurred failure and the countermeasure method are generated as a report. To do. With this function, when a failure occurs in the business system, not only the visible system failure but also the root cause of the failure can be identified.
To shorten. For log information with different output formats for each vendor, the message code, the message, and if the message code is related to an error, the cause information of the error and the countermeasure method for the error are stored in the database provided in the agent in advance. Convert to a common format and register. The process of registering data in this database in a common format sets keywords using regular expressions from the message list manual distributed by each vendor as an electronic medium, and extracts only the messages that the system administrator deems important. . Further, the database included in this agent has a function of registering information related to a plurality of products forming a computer system when the products have mutual relations of functions. When a system failure occurs, the agent system of the present invention collects the log information of the products that make up the system, arranges them in chronological order, and acquires the cause of the error corresponding to the message code and the countermeasure method from the database. And generate a fault information report. The system administrator refers to the error cause and countermeasure method described in the failure information report to carry out the system recovery activity. According to the present invention, it becomes easy to investigate the cause of failure related to a plurality of products and establish countermeasure procedures. Also, in order to arrange the error occurrence order accurately in chronological order, this agent system
It has a function to synchronize the system time of the computer running the software that constitutes the business system.

[0005]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing an embodiment of the present invention. The configuration of the present invention will be described below with reference to FIG. The agent system 02 according to the present invention is largely composed of a failure countermeasure information master creation unit 08, a preparation processing unit 05, a log information analysis processing unit 10,
The fault report creation processing unit 15 and the inter-network time synchronization processing unit 07 are composed of four processing units. The failure countermeasure information master creating unit 08 is a processing unit that creates a failure countermeasure information master 09 in which the cause of an error and a countermeasure method are collected in advance before executing the analysis processing by the agent system.

The preparation processing section 05, which is composed of the log information acquisition processing section 06, reads the analysis parameter 03 and the collection target product definition 04, and acquires the log files of the log file group 01 to be collected into the agent system. At this time, the analysis parameter 03 includes the analysis target end time of the log information, the criterion for determining the importance of the information necessary for identifying the cause of the system failure, and the interval between one message and the next message. The information of the related information reference time, which means whether to judge the related message, is included. The collection target product definition 04 includes file path information indicating the location of the log file of each product on the computer system.

The log information lexical analysis processing unit 11, the event time series sorting unit 12, and the failure cause / countermeasure specifying unit 13 organize the collected log information in time series and take a countermeasure against the failure. The cause of the error and the countermeasure method are estimated by making an inquiry to the information master 09, and the failure countermeasure / cause temporary file 14 is generated.

A failure report creation processing section 15 composed of a failure cause / countermeasure report creating section 16 and an operation information mail sending section 17 stores a failure information report 18 and operation information 19 based on the failure countermeasure / cause temporary file 14. To generate. The agent system includes an inter-network time synchronization processing unit 07 in order to synchronize the time of log files of products on different computers.

FIG. 2 is a diagram showing a processing flow of the present invention. Hereinafter, the process of fault monitoring of this agent system will be described with reference to FIG.

First, when the agent system is started (S200), the analysis parameter setting process of the preparation processing section 05 is performed.
In (S201), the analysis parameter 03 is read and the parameter value required for the log information analysis process is specified. Details of the information defined in the analysis parameter will be described later with reference to FIG. Next, the preparation processing unit 05 reads the collection target product definition 04, acquires the file path information of the collection target log file, and sequentially fetches the contents of the collection target log file group 01 (S202). In the collection target product definition 04, the storage destination of the log file for each log collection target product is defined in advance in a format conforming to the operating system installed in the computer terminal. At this time, the collection target log file group 01 can include files on a remote server via the network. If the file import fails when reading the log file due to the fact that the file does not exist, etc., a message containing the details of the import failure is displayed, and then the process for importing the next log file starts. The acquired log information is passed to the log information analysis processing unit 10 as it is.

Next, the log information lexical analysis processing unit 11 of the log information analysis processing unit 10 analyzes the read log information (S203) and corresponds to the date, time, message code and message code at which the log was output. Extract messages and other additional information. Log information lexical analysis processing unit 1
The configuration of No. 1 will be described later with reference to FIG.

Next, the event time series sorting process 12 is executed (S204), and the sorting process is performed in descending order from the time when the failure occurs on the data that matches the condition specified by the analysis parameter 03, and the processing result is displayed. Fault cause / countermeasure identification part 1
Hand over to 3. By this processing, log information of a plurality of products that form the system can be collected and arranged in a time series.

The failure cause / countermeasure specifying unit 13 uses the message code of the log information as a keyword in advance to perform the failure countermeasure information master process in the failure countermeasure information master creating unit 08.
The failure countermeasure information master 09 constructed in (S211) is inquired about the cause of the error and the countermeasure method for recovering from the failure (S205). The obtained result is temporarily stored in the failure countermeasure cause temporary file 14 by the temporary file writing process (S206). Then, the content of the failure cause / countermeasure temporary file 14 is read by the temporary file reading processing (S207) of the failure report creation processing unit 15, and the contents of the failure that occurred and its cause and the countermeasure method are included by the report creation processing 16. Create a failure information report 18
(S208).

The operation information mail transmission unit 17 notifies the system administrator of the same contents as the failure information report 18 (S209). By referring to the failure information report 18 created by this agent system, the system administrator can easily understand the context of processing up to the occurrence of failure even when the cause of failure involves multiple products. Therefore, it is possible to quickly understand the content of the failure and its cause and take countermeasures. Furthermore, the operation information 19 is sent by e-mail by regularly operating this agent system.
By acquiring the information, the warning information issued by the computer system can be grasped and the failure can be prevented beforehand.

FIG. 3 is a diagram showing the analysis parameter 03 which defines the operation standard of this agent system. The analysis parameter 03 includes an analysis target end time that is an analysis start point of the collected log information, an analysis target importance that is a reference when selecting error information, and related information for collecting error information into one category as related information. Define the reference time. The agent system reads these parameters at the start of the operation, and first starts the analysis process for the log information before the analysis target end time. Next, the importance of the analysis target is determined, and the log information corresponding to the degree of the system failure is extracted. The importance of the obstacle, which is the criterion for this judgment,
It is necessary to set the error countermeasure information master 09 in advance for each error message. The failure countermeasure information master 09 will be described later with reference to FIG. When the cause of a system failure is caused by a plurality of products that make up the system, it is convenient to extract the failure information as one category to find the root cause of the failure. In the example of Fig. 3, 2001/10/11 20:36:30 LOG2 of the database product log
Log information that occurs within 60 seconds based on the 00-E log information and has an A level of importance, that is, the communication control product log 2001/10/11 20:36:50 System Down log information. To extract. The processing flow of the related information extraction processing will be described later with reference to FIG.

FIG. 4 is a diagram showing a method of constructing the fault countermeasure information master 09 by the fault countermeasure information master creating unit 08. Here, as an example, description will be made on the premise of a computer system (for example, a resident management system and a staff salary management system) configured by a database system manufactured by A company, a communication control system manufactured by B company, and the like.

When a fault occurs in the computer system, the agent system inquires the fault countermeasure information master 09 of the countermeasure method for the fault using the message code output to the log information as a keyword, and creates a report of the countermeasure method. Therefore, it is necessary to build a failure countermeasure information master 09 in which information such as messages, message codes, and countermeasures is registered in advance before the computer system starts operating. Hereinafter, a method for constructing the failure countermeasure information master 09 will be described with reference to FIG.

The message codes and messages registered in the failure countermeasure information master 09 are usually distributed as a message list manual group 29 by the vendor of each product. In many cases, messages are classified into three types: error, warning, and information according to their importance. The system administrator checks the importance of these messages during daily system monitoring or when a failure occurs, and determines the presence or absence of a failure and the range of influence at the time of failure. However, this importance is determined for each product and may not necessarily match the importance when considering the entire business system. For example, the content of the message output by the database product of Company A is "Insufficient disk space 6
If it is a warning such as "0%", even if it is not a problem immediately with the operation of the database alone, considering the entire computer system that operates continuously for 24 hours, it is urgent to take measures such as adding disks. This is an important issue that requires consideration of the schedule.

In other words, it can be said that there is a risk of overlooking a critical problem in operating the entire system only by using the importance determined for each product as an index. Therefore, the system administrator needs to know the importance of the entire system, in addition to the importance determined for each product, and the failure countermeasure information master 0
Register in 9.

The work for constructing the fault countermeasure information master 09 is performed by the fault countermeasure information master creating unit 08. The failure information master creation unit 08 mainly comprises an automatic data input processing unit 25 and a user input processing unit 31, and first, a message list manual group 2 distributed by each vendor.
9 is automatically registered in the failure countermeasure information master 09.

The automatic data input processing unit 25 removes information required by the system administrator from the message code for each vendor product provided as an electronic medium and the corresponding message collection by a search function using a regular expression. It has the function of selecting and automatically registering. Regular expression is a method to generalize and express a part of a character string instead of a specific character string, and replace a part of a character string instead of a specific character string when performing a keyword search of a document. You can search in a possible state. For example, include '*', which means an arbitrary character string, in the search keyword
By searching for "LOG * -E 'as a keyword, you can find messages related to system errors from the error message collection (usually error level messages end with -E. Similarly, warning messages end with -W. , It is common for information to end with -I). The automatic data input unit 25 is composed of automatic registration processing units (26, 27, 28) corresponding to the message list manual group 29 described in a unique format for each vendor. Automatic data registration processing unit 2 made by company A
6 has a function of automatically importing necessary information from the message list manual group 29 into the fault countermeasure information master 09 about the product provided by A company as an electronic medium. The company B has a function of analyzing information about products provided as an electronic medium and importing the information into the failure information master 09.

These individual automatic registration processing units (26, 2)
7, 28) may be created as an independent component having a common interface, and in this case, when a change such as addition or replacement occurs in a product that constitutes the computer system, another automatic data registration component 30 is provided. Easy to replace.

Next, the system administrator uses the user input processing section 31 as necessary to register the additional information in the failure countermeasure information master 09. The additional information includes, for example, a know-how collection at the time of a failure that the system administrator has dealt with in the past, information provided as additional information by the vendor configuring the computer system, and the like.

FIG. 5 is a table structure of data registered in the failure countermeasure information master 09. Failure countermeasure information master 0
9, the names of the products that make up the computer system,
The information includes a message code, a message, the importance of the message when considering the entire computer system, the cause when the message is output, and the countermeasure (32) when the message is output.

FIG. 6 shows a specific example of a log file output by a product that constitutes the system. Information (33) such as the date, time, message code, and message at which the log is output is output to each log file included in the collection target log file group 01.

FIG. 7 is a configuration diagram showing the configuration of the log information lexical analysis processing unit 11. Since the log file captured by the preparation processing unit 05 is output in the unique format of each vendor, it is necessary for the log information lexical analysis processing unit 11 composed of the separate analysis processing units (34, 35, 36). Information is cut out.

For example, when the log file acquired by the preparation processing section 05 is the log information output by the database product manufactured by A company, the database analysis processing section 34 manufactured by A company performs lexical analysis processing and outputs a message. The extracted date information, time information, message code, message and additional information are extracted. The components (34, 35, 36) forming the log information lexical analysis processing unit 11 may be created as independent components having a common interface. In that case, when a product of another vendor is newly incorporated in the operating computer system or when the log file format of the existing product is changed, the change with the other log analysis component 37 becomes easy.

FIG. 8 is a diagram for explaining the processing flow of the failure cause / countermeasure specifying unit 13. Fault cause / measure identification unit 13
Then, the failure countermeasure method inquiry processing 39 is executed until the captured log information is completed (38). In the failure countermeasure method inquiry processing 39, inquiry processing is performed to the failure countermeasure information master 09 using the message code as a keyword from the log information sorted in the descending order of date and time, and the cause of the failure and the countermeasure against it from the data registered in advance. The method is acquired and stored in the failure cause / countermeasure temporary file 14.

Subsequently, the next record of the log information is read, and it is determined whether the message code is output within a unit time, starting from the output time of the message code (4
0). This is to extract log information as one category when two or more products are performing related processing. For example, in the case of a system in which two or more products are linked together, such that the communication control product manufactured by company B operates on the database product manufactured by company A, it is better to extract the failure information as a single set for analysis. It is efficient. If the database product of company A terminates abnormally, some trouble should have occurred in the communication control product of company B that cooperates, and the log information should remain, so these log information are classified as related information. Get all at once.

In such a case, the agent system considers that the log information of the communication control product manufactured by company B is output several seconds to several minutes after the log information of the database product manufactured by company A is output. The log information within the related information reference time defined in 1. is acquired from the failure countermeasure information master 09 by the related information inquiry processing 41 and stored in the failure cause / countermeasure temporary file 14 as the related information.

FIG. 9 is a diagram showing an example of the failure information report 18 that outputs the analysis result of the error log information. The failure information report 18 includes the contents in which the product in which the error has occurred and its event are arranged in time series, the cause of the error, and
A report of the countermeasure procedure for the error is output in a format like the failure report 43. The system administrator can refer to the contents described in this report and immediately take measures for disaster recovery.

By periodically operating the agent system according to the above-described embodiment of the present invention, it is possible to prevent a failure from occurring. The system administrator sets in advance the importance of operating the entire system in the message information and warning information output by each product that makes up the computer system, operates this agent system on a regular basis, and reports error information and From the e-mail information sent to the administrator,
By understanding the content that is likely to lead to a failure, it becomes possible to predict the occurrence of a failure and take countermeasures in advance. Further, there is an effect that even a general user other than the system administrator can take measures when the system failure is minor. Conventionally, the know-how of failure recovery is known only to the system administrator, and it has been extremely difficult for a person other than the administrator to recover the system. By using the agent system according to the present embodiment, the know-how of the system administrator can be registered in advance in the failure countermeasure information master, so that a person other than the system administrator can easily recover from a minor failure.

[0033]

According to the present invention, the MTTR can be shortened. Conventionally, a system administrator collects individual log files of products that make up a computer system one by one, extracts data about a specific date and time when a failure has occurred, and then leads to a system failure. It took a lot of time to recover the computer system because the procedure was to analyze such critical factors, read the manuals provided by each vendor, and then consider the countermeasures. . By leaving this procedure to this system, the MTTR can be shortened.

[Brief description of drawings]

FIG. 1 is a block diagram showing the configuration of an error log collection / analysis agent system according to the present invention.

FIG. 2 is a diagram showing a processing flow of an error log collection / analysis agent system according to the present invention.

FIG. 3 is a diagram showing a configuration example of analysis parameters of an error log collection / analysis agent system according to the present invention.

FIG. 4 is a block diagram showing a configuration of a failure countermeasure information master creation unit of the error log collection / analysis agent system according to the present invention.

FIG. 5 is a diagram showing a table configuration example of a failure countermeasure information master of an error log collection / analysis agent system according to the present invention.

FIG. 6 is a diagram showing a specific example of a log file of an error log collection / analysis agent system according to the present invention.

FIG. 7 is a block diagram showing a configuration of a log information lexical analysis processing unit of the error log collection / analysis agent system according to the present invention.

FIG. 8 is a diagram showing a processing flow of a failure cause / countermeasure specifying unit of the error log collection / analysis agent system according to the present invention.

FIG. 9 is a diagram showing an output example of a failure information report of the error log collection / analysis agent system according to the present invention.

[Explanation of symbols]

01. ． ． Collection target log file group, 02. ． ． Error log collection and analysis agent system, 03. ． ． Analysis parameter, 04. ． ． Collection target product definition, 05. ． ． Preparation processing unit, 06. ． ． Log information import processing unit, 0
7. ． ． Inter-network time synchronization processing unit, 08. ． ． Failure countermeasure information master creation unit, 09. ． ． Fault countermeasure information master, 10. ． ． Log information analysis processing unit, 11. ． ． Log information lexical analysis processing unit, 12. ． ． Event time series sorting section, 1
3. ． ． Fault cause / countermeasure identification unit, 14. ． ． Cause of failure /
Countermeasure temporary file, 15. ． ． Fault report creation processing unit, 16. ． ． Failure cause countermeasure report creation section, 1
7. ． ． Operation information mail transmission unit, 18. ． ． Fault information report, 19. ． ． Operation information

Claims (16)

[Claims] 1. A message code output by the system as log information, a message, the importance of the message when the system is targeted, the error cause of the error message in the message, and countermeasure information are registered as a failure information master. Failure countermeasure information master creating means and inter-network time synchronization processing means for time synchronization of computers in the system, means for obtaining system independent format information from the log information, and system independent format information Log information analysis processing means having a means for analyzing, a failure report creation processing means having a means for outputting the analysis result as a failure information report and a means for transmitting the report as an e-mail for system management. Error log collection and analysis agent system. 2. The fault countermeasure information master creating unit comprises a data automatic analysis processing means for extracting a keyword by a regular expression from a message list distributed by a plurality of product vendors and a data input means for a user to input additional information. The error log collection / analysis agent system according to claim 1. 3. The log information lexical analysis processing means provided in the log information analysis processing part according to claim 1 and at least one of the data automatic analysis processing means according to claim 2 are constituted by independent components. Characteristic error log collection and analysis agent system. 4. The log information analysis processing unit according to claim 1,
An error log collection / analysis agent system comprising means for collectively organizing log information of a plurality of products in time series and means for classifying fault information in a unit time range as a category of related fault information. 5. The error log according to claim 1, wherein the means for acquiring information in a system-independent format from the log information selectively fetches necessary information from the log information based on an analysis parameter. Collection and analysis agent system. 6. A message code output by a system having a plurality of products as log information, the importance of the message when the entire system is targeted, the error cause of the error message among the messages, and countermeasure information. And a network time synchronization processing means for synchronizing the time of the computers in the system, and means for acquiring information in a format that does not depend on the individual system from the log information. A log information analysis processing means having a means for analyzing information in a system-independent format, a means for outputting the analysis result as a failure information report, and a means for transmitting the report as an e-mail for system management. Error log collection and analysis characterized by having a report creation processing means Over stringent system. 7. The plurality of products in claim 6 are products provided by a plurality of different vendors, and the means for acquiring information in a format that does not depend on the system includes a date, time and message when the log is output. An error log collection / analysis agent system characterized by extracting a code, a message corresponding to a message code, and other additional information. 8. A message code output by the system as log information, the importance of the message when the message is targeted to the system, the error cause of the error message among the messages, and the countermeasure information are registered as a failure information master. Failure countermeasure information master creation processing step,
A time synchronization processing between networks for time synchronization of computers in the system; a step of acquiring information in a system-independent format from the log information; and a log information analysis processing step of analyzing information in a system-independent format A method for collecting and analyzing an error log, comprising: a failure report creation processing step of outputting the analysis result as a failure information report and transmitting the report as an e-mail to the system administrator terminal. 9. A message code output from a system including a plurality of products as log information, the importance of the message when the entire system is targeted, the error cause of the error message among the messages, and countermeasure information. A failure countermeasure information master creating step for registering as a failure information master, an inter-network time synchronization processing step for time synchronization of computers in the system, and a step for obtaining information in a format independent of each system from the log information. A log information analysis processing step having means for analyzing information in a system-independent format, and a failure report creation processing step for outputting the analysis result as a failure information report and transmitting the report as an e-mail to the system administrator terminal. Error log collection and analysis method characterized by 10. The plurality of products in claim 9 are products provided by a plurality of different vendors, and the step of acquiring information in a format that does not depend on the system includes the date, time, and message when the log is output. An error log collection and analysis method characterized by extracting a code, a message corresponding to a message code, and other additional information. 11. A fault information master that displays a message code output by a system as log information to a computer, the importance of the message when the system is targeted, the error cause of the error message among the messages, and countermeasure information. A function for creating a failure countermeasure information master to be registered as, a time synchronization processing function between networks for synchronizing the time of computers in the system, and a function for acquiring information in a system-independent format from the log information,
Log information analysis processing function having means for analyzing system-independent format, means for outputting analysis result as failure information report, and failure report creation having function for sending the report as e-mail for system management A computer-readable recording medium that records a program for an error log collection and analysis agent that realizes a processing function. 12. A message code output by a system having a plurality of products as log information to a computer, the importance of the message when the entire system is targeted, and the error cause of the error message among the messages, Also, it is equipped with a failure countermeasure information master creation function that registers countermeasure information as a failure information master, and a time synchronization processing function between networks that synchronizes the time of the computers in the system. Faults that have a function to obtain, a log information analysis processing function to analyze information in a system-independent format, a function to output the analysis result as a fault information report, and a function to send the report as an email for system management. Error log collection and analysis age that realizes report creation processing function Computer readable recording medium recording a cement program. 13. The plurality of products according to claim 12 are products provided by a plurality of different vendors, and the function of acquiring information in a format that does not depend on the system has a date, time, and message when a log is output. A computer-readable recording medium recording an error log collection and analysis agent program, which is characterized by extracting a code, a message corresponding to the message code, and other additional information. 14. A fault information master that outputs a message code output by the system as log information to a computer, the importance of the message when the system is targeted, the error cause of the error message in the message, and countermeasure information. A function for creating a failure countermeasure information master to be registered as, a time synchronization processing function between networks for synchronizing the time of computers in the system, and a function for acquiring information in a system-independent format from the log information,
Log information analysis processing function having means for analyzing system-independent format, means for outputting analysis result as failure information report, and failure report creation having function for sending the report as e-mail for system management A program for an error log collection and analysis agent characterized by realizing processing functions. 15. A message code output by a system including a plurality of products as log information to a computer, the importance of the message when the entire system is targeted, and the error cause of the error message among the messages, Also, it is equipped with a failure countermeasure information master creation function that registers countermeasure information as a failure information master, and a time synchronization processing function between networks that synchronizes the time of the computers in the system. Faults that have a function to obtain, a log information analysis processing function to analyze information in a system-independent format, a function to output the analysis result as a fault information report, and a function to send the report as an email for system management. An error log characterized by realizing the report creation processing function Collection and analysis program for the agent. 16. The plurality of products according to claim 15 are products provided by a plurality of different vendors, and the function of acquiring information in a format that does not depend on the system has a date, time, and message when a log is output. A program for an error log collection and analysis agent, which extracts a code, a message corresponding to the message code, and other additional information.