JP2010170297A - Terminal equipment monitoring system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a terminal equipment monitoring system by which various multiple pieces of network information of a computer can be monitored by a monitoring server while specifying the business computer, which forms multiple networks of segment units. <P>SOLUTION: The terminal equipment monitoring system 10 includes: business computers 11A-11C, 12A-12C and 13A-13C forming networks 11-13; and a monitoring server 14 for monitoring them. The computers 11A-11C, 12A-12C and 13A-13C are respectively provided with a network information acquisition means for acquiring network information passing the communication port and a network information transferring means for converting the network information into a text format, and for transferring it to the monitoring server 14. The monitoring server 14 includes a network information collection means and a network information output means for collecting and outputting the network information transferred from the computers 11A-11C, 12A-12C and 13A-13C. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a terminal device monitoring system including a plurality of user terminal devices that form a plurality of networks in segment units and a monitoring server that monitors the user terminal devices.

  There is an equipment management system that includes a plurality of business terminal devices used by employees and a monitoring server that is connected to an in-house network formed from the business terminal devices and monitors the terminal devices in time series (Patent Literature) 1). The monitoring server prohibits execution of unauthorized operations other than those permitted for those business terminal devices, and permits the acquisition of permitted operation history when the terminal device executes permitted operations. Operation history acquisition means, non-permission operation history acquisition means for acquiring a non-permission operation history when these terminal devices execute a non-permission operation, history output means for outputting the acquired permission operation history and non-permission operation history, Have The permitted operation history includes mail transmission information in these business terminal devices and external network access information when these terminal devices access the external network.

  JP 2007-241513 A

  In the device management system disclosed in Patent Document 1, the monitoring server collects mail transmission information and external network access information from a business terminal device, and the mail transmission information and external network access information converted into a spreadsheet are received from the monitoring server. Is output. In this device management system, business terminal devices are connected to each other via a LAN to form an in-house network, and a monitoring server is connected to the in-house network via a hub. Various histories of these terminal devices are sent to the monitoring server through the hub. On the other hand, in order to construct a network in segment units beyond the in-house network, each network is connected using a router. When acquiring mail transmission information and external network access information from each terminal device that forms a network in segment units, the monitoring server is connected to the mirror port of the router, and the monitoring server is connected to the mirror port of the router and the mail transmission information in those terminal devices Get external network access information. However, the router changes the terminal device's private IP address to a global IP address or changes the MAC address of the terminal device when mail transmission information or external network access information sent from the terminal device passes through the router. There is a case. If those addresses of the terminal device are changed in the router, the monitoring server cannot identify the terminal device, and the mail transmission information and the external network access information cannot be obtained separately for each terminal device.

  An object of the present invention is to provide a terminal device monitoring system that allows a monitoring server to monitor various types of network information of user terminal devices while identifying user terminal devices that form a plurality of networks in segment units. It is in.

  A terminal device monitoring system according to the present invention for solving the above-described problems includes a plurality of user terminal devices that form a plurality of networks in segment units, and a monitoring server that monitors the user terminal devices, and the user terminal device includes: Network information acquisition means for acquiring various types of network information through the communication port of the user terminal device; network information transfer means for transferring the network information to a monitoring server while converting the acquired network information into a text format; The monitoring server includes network information collecting means for collecting network information transferred from the user terminal device, and network information output means for outputting the collected network information.

  As an example of the present invention, the network information collecting means collects the network information by dividing into network for each segment unit based on the address information of the network, and collects the network information based on the address information of the user terminal device. The network information output means divides and collects network information for each network in segment units and outputs the network information for each user terminal device that forms the network. Output is classified into

  As another example of the present invention, the network information includes website access information when the user terminal device accesses a predetermined website, external network access information when the user terminal device accesses an external network, and a user. And e-mail transmission information when a predetermined e-mail is transmitted from the terminal device.

  As another example of the present invention, the communication port includes a wired LAN port, a wireless LAN port, a modem port, and a PC card interface port.

  As another example of the present invention, the user terminal device obtains operation log information acquisition means for acquiring operation log information of the user terminal device within the operation permission time and outside the operation permission time, and the acquired operation log information as text Operation log information transfer means for transferring the operation log information to the monitoring server while converting the format to the monitoring server, the operation log information collecting means for collecting the operation log information transferred from the user terminal device, and the collection Operation log information output means for outputting the operation log information.

  As another example of the present invention, the operation log information collecting means divides and collects operation log information for each network in segment units based on the address information of the networks, and based on the address information of the user terminal devices. The operation log information is classified and collected for each user terminal device forming the network, and the operation log information output means divides and outputs the operation log information for each network of the segment unit. Output is classified for each user terminal device forming the network.

  As another example of the present invention, the operation log information includes terminal usage information within the operation permission time of the user terminal device, terminal usage information outside the operation permission time of the user terminal device, and user terminal in an external environment other than the network Terminal usage information of the device.

  As another example of the present invention, the operation log information includes application usage information of permitted applications in the user terminal device, installation information of various applications in the user terminal device, and uninstallation information of various applications in the user terminal device. It is.

  As another example of the present invention, the operation log information includes start / end information of the user terminal device, print operation information in the user terminal device, and access operation information for a file used in the user terminal device.

  As another example of the present invention, the operation log information includes, in the user terminal device, printing operation information in a terminal device that is prohibited from printing, and in the user terminal device that is prohibited from taking out information. Operation information and activation operation information of the immobilization application in the user terminal device are included.

  According to the terminal device monitoring system of the present invention, the user terminal device acquires various pieces of network information that have passed through the communication port, converts the acquired network information into a text format, and transfers the information to the monitoring server. Unlike the case where network information is transferred to the monitoring server through the mirror port of the router, the private IP address or MAC address of each user terminal device is not changed, and the monitoring server uses the address information of each user terminal device. The terminal devices can be specified based on the information, and various pieces of network information can be collected in a state corresponding to each terminal device. The terminal device monitoring system can cause the monitoring server to monitor various types of network information of the user terminal devices while specifying the user terminal devices that form a plurality of networks in segment units. In this terminal device monitoring system, since the monitoring server outputs the network information, the monitor can grasp the network access status of the user terminal device via the monitoring server, and the monitor can access the network access for each user terminal device. Can be monitored.

  The terminal server monitoring system in which the monitoring server divides and outputs the network information for each network in the segment unit and outputs the network information for each user terminal apparatus that forms the network. Thus, the network access status of the user terminal device for each network can be grasped, and the network access can be monitored for each network. In this terminal device monitoring system, the monitor can grasp the network access status for each user terminal device via the monitoring server, and can monitor the network access for each user terminal device.

  The terminal device monitoring system including the website access information of the user terminal device, the external network access information, and the e-mail transmission information as the network information. The monitor accesses the website for each user terminal device via the monitoring server. Therefore, unauthorized access to an illegal website by a network user can be restricted. In the terminal device monitoring system, since the monitor can grasp and monitor the access status to the external network for each user terminal device via the monitoring server, it is possible to regulate unauthorized access to the external network by the network user. it can. In the terminal device monitoring system, since the monitor can grasp and monitor the transmission status of e-mail for each user terminal device via the monitoring server, it is possible to regulate unauthorized transmission and unauthorized transmission of information by network users. it can. In this terminal device monitoring system, a monitor can accurately grasp unauthorized access and unauthorized transmission based on website access information, external network access information, and e-mail transmission information, and can suppress unauthorized acts by network users. Therefore, it is possible to construct a secure global network that spans multiple networks in segment units.

  A terminal device monitoring system including a wired LAN port, a wireless LAN port, a modem port, and a PC card interface port as communication ports. The user terminal device acquires various types of network information that have passed through those communication ports, and the acquired network. Since the information is converted into a text format and transferred to the monitoring server, the monitoring server can collect network information passing through all communication ports. The terminal device monitoring system can cause the monitoring server to monitor network information that has passed through all communication ports of the user terminal devices while identifying user terminal devices that form a plurality of networks in segment units. In this terminal device monitoring system, since the monitoring server outputs the network information, the monitor can grasp the network access status through all the communication ports of the user terminal device via the monitoring server. All network access in the user terminal device can be monitored.

  The user terminal device converts the operation log information of the user terminal device within the operation permission time and outside the operation permission time into a text format and transfers it to the monitoring server, and the monitoring server collects the operation log information from the user terminal device, and In the terminal device monitoring system that outputs operation log information, the operation log information within the operation permission time and outside the operation permission time is centrally managed by the monitoring server, and the operation permission time of the terminal device and the operation permission are permitted via the monitoring server. It is possible to grasp the operation situation outside the hours. This terminal device monitoring system can acquire not only the operation log information of the user terminal device within the operation permission time but also the operation log information of the terminal device outside the operation permission time. Unauthorized actions such as unauthorized removal, falsification, and destruction of various information can be reliably regulated.

  The terminal device monitoring system in which the monitoring server divides and outputs the operation log information for each network of the segment unit and outputs the operation log information for each user terminal device that forms the network. Through the network, it is possible to grasp various operation states of the user terminal device for each network, and it is possible to monitor various operations of the user terminal device for each network. In this terminal device monitoring system, a monitor can grasp various operation states for each user terminal device via a monitoring server, and can monitor various operations for each user terminal device.

  Terminal device monitoring including terminal usage information within the operation permission time of the user terminal device, terminal usage information outside the operation permission time of the user terminal device, and terminal usage information of the user terminal device in an external environment other than the network as operation log information Since the monitoring server collects the terminal usage status within the operation permission time and outside the operation permission time of each user terminal device in the plurality of networks, the terminal usage history within the operation permission time and outside the operation permission time is stored in the monitoring server. Centrally managed, it is possible to grasp the terminal usage status within the operation permission time or outside the operation permission time for each user terminal device via the monitoring server. In the terminal device monitoring system, since the monitoring server collects terminal usage information of the user terminal device in the external environment other than the network, the terminal usage history in the external environment is centrally managed in the monitoring server, and the user terminal is connected via the monitoring server. It is possible to grasp the terminal usage status of the external environment for each device. The terminal device monitoring system can identify not only the use of the user terminal device within the operation permission time but also the user terminal device used outside the operation permission time or in the external environment, and it can be determined by users of a plurality of networks in segment units. Unauthorized actions such as unauthorized removal, falsification, and destruction of various information can be reliably regulated.

  As the operation log information, the terminal device monitoring system including application usage information of permitted applications in the user terminal device, installation information of various applications in the user terminal device, and uninstallation information of various applications in the user terminal device includes a plurality of monitoring servers. Since the usage operation history of the permitted application of each user terminal device in the network is collected, the usage operation history of the permitted application is centrally managed in the monitoring server, and the usage operation status of the permitted application for each user terminal device via the monitoring server And can limit the unlimited use of the application. In the terminal device monitoring system, since the monitoring server collects the installation operation history and the uninstallation operation history of various applications of the user terminal device, the installation operation history and the uninstallation operation history are centrally managed in the monitoring server. It is possible to grasp the installation operation status and the uninstallation operation status for each user terminal device. Since the terminal device monitoring system can identify a user terminal device that has performed an installation operation of various applications and an uninstallation operation of various applications, it restricts unnecessary application installation actions by users of a plurality of networks in segment units. It is possible to restrict unauthorized uninstallation of applications by users of the network.

  As the operation log information, a terminal device monitoring system including start / end information of a user terminal device, print operation information in the user terminal device, and access operation information to a file used in the user terminal device, the monitoring server has a plurality of networks. Since the start / end operation history of each user terminal device is collected, the start / end operation history of the user terminal device is centrally managed in the monitoring server, and the start / end operation status for each user terminal device is monitored via the monitoring server. I can grasp it. In the terminal device monitoring system, since the monitoring server collects the printing operation history of each user terminal device in a plurality of networks, the printing operation history of the terminal device is centrally managed in the monitoring server, and the user terminal device is transmitted via the monitoring server. It is possible to grasp the printing operation status for each. Since the terminal device monitoring system can grasp the user terminal device that performed the printing action using the printing activity history, the unauthorized operation such as unauthorized printing of various information or unauthorized removal by a plurality of network users in the segment unit Can be regulated. In the terminal device monitoring system, since the monitoring server collects the access operation history to the file of each user terminal device of the plurality of networks, the access operation history to the file of the user terminal device is centrally managed and monitored by the monitoring server. It is possible to grasp the operation status of accessing the file for each user terminal device via the server. Since the terminal device monitoring system can grasp the user terminal device that has accessed the file using the file access operation history, it is possible to carry out unauthorized file removal, falsification, destruction, etc. It can regulate fraud.

  Terminal device monitoring including, as operation log information, print operation information in a user terminal device that is prohibited from printing, take-out operation information in a user terminal device that is prohibited from taking out information, and activation operation information of a movement-prohibited application in the user terminal device In the system, since the monitoring server collects the printing operation history in the user terminal device that is not permitted to print, the printing operation history in the user terminal device is centrally managed in the monitoring server, and the user who is not permitted to print via the monitoring server. The print operation status in the terminal device can be grasped. Since the terminal device monitoring system can grasp the user terminal device that is not permitted to print using the print operation history, the network user can perform unauthorized actions such as unauthorized printing of the prescribed information or unauthorized removal by the network user. Can be regulated. In the terminal device monitoring system, since the monitoring server collects the take-out operation history in the user terminal device that is not allowed to take out information, the take-out operation history in the user terminal device is centrally managed in the monitoring server, via the monitoring server It is possible to grasp the carry-out operation status in a user terminal device that is not allowed to be taken out. Since the terminal device monitoring system can grasp the user terminal device that is not allowed to take out using the take-out operation history, the network user can perform unauthorized acts such as unauthorized viewing of the prescribed information and unauthorized removal by the network user. Can be regulated. In the terminal device monitoring system, since the monitoring server collects the start operation history of the prohibited operation in the user terminal device, the start operation history of the disable operation in the user terminal device is centrally managed in the monitoring server. It is possible to grasp the activation operation status of the movement-prohibited application in the user terminal device. Since the terminal device monitoring system can grasp the user terminal device that has performed the activation operation of the prohibited operation application using the activation operation history of the prohibited operation application, the terminal device monitoring system suppresses an access act to the prohibited operation application in the user terminal device. be able to.

The schematic block diagram of the terminal device monitoring system shown as an example. The figure explaining transfer of information from a computer to a monitoring server. The figure of a display screen of certification procedure. The figure which shows an example of website access information. The figure which shows an example of website access information. The figure which shows an example of external network access information. The figure which shows an example of external network access information. The figure which shows an example of electronic mail transmission information. The figure which shows an example of electronic mail transmission information. The figure which shows an example of the usage history information within operation permission time. The figure which shows an example of the usage history information within operation permission time. The figure which shows an example of the use history information outside operation permission time. The figure which shows an example of the use history information outside operation permission time. The figure which shows an example of the usage history information in an external environment. The figure which shows an example of the usage history information in an external environment. The figure which shows an example of the installation operation log | history of an application. The figure which shows the content of the installed application. The figure which shows an example of the uninstallation operation log | history of an application. The figure which shows the content of the uninstalled application. The figure which shows an example of printing operation log | history information. The figure which shows an example of printing operation log | history information. The figure which shows an example of file access history information. The figure which shows an example of file access history information. The figure which shows an example of printing action log | history information. The figure which shows an example of printing action log | history information. The figure which shows an example of take-out action history information. The figure which shows an example of take-out action history information. The figure which shows an example of a movement prohibition application access history information. The figure which shows an example of a movement prohibition application access history information.

  The details of the terminal device monitoring system according to the present invention will be described with reference to the accompanying drawings. FIG. 1 is a schematic configuration diagram of a terminal device monitoring system 10 shown as an example, and FIG. 2 is a diagram for explaining transfer of information from business computers 11A to 11C, 12A to 12C, and 13A to 13C to the monitoring server 14. It is. The terminal device monitoring system 10 includes a plurality of business computers 11A to 11C, 12A to 12C, and 13A to 13C (user terminal devices) that form a plurality of networks 11, 12, and 13 in segment units, and a supervisor manages And the monitoring server 14 to be formed. In the present embodiment, as the plurality of networks 11, 12, and 13, the network 11 constructed at the head office via the LAN and the networks 12 and 13 constructed at each branch office via the LAN are illustrated as examples. , 12 and 13 will be described as an example in which they are separated by a router (not shown). In addition, although the three networks 11, 12, and 13 are illustrated, the number of networks is not particularly limited. In addition, although three business computers 11A to 11C, 12A to 12C, and 13A to 13C are illustrated in each of the networks 11, 12, and 13, the number of business computers is not particularly limited.

  In the terminal device monitoring system 10, the monitoring server 14 monitors various network access statuses and various operation statuses of the business computers 11A to 11C, 12A to 12C, and 13A to 13C in a time-series and endless manner. Although not shown in these networks 11, 12 and 13, a DNS server for setting a correspondence between a host name and an IP address assigned to the host name, a Web server necessary for publishing a home page, other A database server that provides functions to read and write various data in response to requests from client computers and other servers, a mail server for sending and receiving e-mails, and storing all data such as created texts and images There is a server group such as a document server that makes it possible to search. A global IP address is set for each of the networks 11, 12, and 13. Each network 11, 12, 13 can be individually specified based on the address information.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C each have a central processing unit, a memory, and a large-capacity hard disk, and are connected to each server group existing in the networks 11, 12, and 13. Private IP addresses and MAC addresses are set in the business computers 11A to 11C, 12A to 12C, and 13A to 13C. Based on the address information, each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C can be individually specified. The business computers 11A to 11C, 12A to 12C, and 13A to 13C have built-in communication ports such as a wired LAN port 15, a wireless LAN port 16, a modem port 17, and a PC card interface port 18. The business computers 11A to 11C, 12A to 12C, and 13A to 13C are connected to an input device such as a keyboard and a mouse and an output device such as a display 19 and a printer via an interface (wired or wireless).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C can be connected to the Internet and can send and receive e-mails. Further, the business computers 11A to 11C, 12A to 12C, and 13A to 13C can access a predetermined Web site and log in to the site, and can use an external network other than the networks 11, 12, and 13 formed by itself ( You can log in to the network by accessing other than the head office or branch office. In the networks 11, 12, and 13 (main office or branch office), electronic mail can be transmitted and received between the business computers 11A to 11C, 12A to 12C, and 13A to 13C, either via a wired LAN or a wireless LAN. The various business computers 11A to 11C, 12A to 12C, and 13A to 13C can transmit various information to the other business computers 11A to 11C, 12A to 12C, and 13A to 13C. 12A-12C and 13A-13C can receive various information from the other business computers 11A-11C, 12A-12C, 13A-13C.

  Between these networks 11, 12, and 13, business computers 11 A to 11 C, 12 A to 12 C, and 13 A to 13 C of one network 11, 12, 13 (head office or branch office) are connected to the other network 11, 12, 13 via the Internet. 13 (head office or branch office) business computers 11A to 11C, 12A to 12C, 13A to 13C can be accessed and logged in, and e-mails can be sent and received between these business computers 11A to 11C, 12A to 12C, and 13A to 13C Is possible. Furthermore, the business computers 11A to 11C, 12A to 12C, and 13A to 13C of one network 11, 12, and 13 from the business computers 11A to 11C of the other network 11, 12, and 13 via the wired LAN or the wireless LAN, Various types of information can be transmitted to 12A to 12C and 13A to 13C, and the business computers 11A to 11C, 12A to 12C, and 13A to 13C on one network 11, 12, and 13 are operated on the other network 11, 12, and 13 Various information can be received from the computers 11A to 11C, 12A to 12C, and 13A to 13C. In addition, the business computers 11A to 11C, 12A to 12C, and 13A to 13C of the networks 11, 12, and 13 can transmit various information as e-mails to the monitoring server 14 via the Internet, and a wired LAN or a wireless LAN can be used. The business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C of the networks 11, 12, and 13 can transmit various types of information to the monitoring server 14.

  Various types of network information and various types of operation log information in the computers 11A to 11C, 12A to 12C, and 13A to 13C are acquired in the memories of the business computers 11A to 11C, 12A to 12C, and 13A to 13C. An agent application that transfers information to the monitoring server 14 is installed. The business computers 11A to 11C, 12A to 12C, and 13A to 13C start the agent application stored in the memory based on the control by the operating system, and execute the following means according to the application.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C execute and acquire network information acquisition means for directly acquiring various types of network information through the communication ports 15 to 18 from the ports 15 to 18 Network information transfer means for converting the network information into a text format and transferring (transmitting) the network information converted into the text format to the monitoring server 14 is executed. The business computers 11A to 11C, 12A to 12C, and 13A to 13C operate to acquire operation log information of the business computers 11A to 11C, 12A to 12C, and 13A to 13C within the operation permission time and outside the operation permission time. The log information acquisition means is executed, the acquired operation log information is converted into a text format, and the operation log information transfer means for transferring (transmitting) the operation log information converted into the text format to the monitoring server 14 is executed.

  Transfer of network information and operation log information to the monitoring server 14 is performed at predetermined intervals, for example, every 5 minutes, every 10 minutes, every 20 minutes, or the like. In the network information transfer means and operation log information transfer means, in addition to the network information and operation log information, a global IP address for specifying the networks 11, 12, 13 and the business computers 11A to 11C, 12A to 12C, Private IP addresses and MAC addresses for specifying 13A to 13C are transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C to the monitoring server 14.

  The network information includes website access information when each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C accesses a predetermined website, and each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C. External network access information when accessing an external network other than the networks 11, 12, and 13 formed by itself, and when a predetermined e-mail is transmitted from each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C Email transmission information.

  The operation log information includes computer usage information (terminal usage information) within the operation permission time of each business computer 11A to 11C, 12A to 12C, 13A to 13C, and each business computer 11A to 11C, 12A to 12C, 13A to Computer usage information (terminal usage information) outside the operation permission time of 13C, computer usage information (terminal usage information) of business computers 11A to 11C, 12A to 12C, and 13A to 13C in an external environment other than the networks 11, 12, and 13 ), Application usage information of permitted applications in each business computer 11A to 11C, 12A to 12C, 13A to 13C, installation information of various applications in each business computer 11A to 11C, 12A to 12C, 13A to 13C, Business computer 11A~11C, 12A~12C, included uninstall information of various applications in 13A~13C.

  The operation log information includes start / end information of each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C, print operation information on each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and each business computer Computer 11A-11C, 12A-12C, 13A-13C access operation information for files used, computers 11A-11C, 12A-12C, 13A-13C for which printing is prohibited among computers 11A-11C, 12A to 12C, 13A to 13C, printing operation information, and computers 11A to 11C, 12A to 12C, and 13A to 13C that are prohibited from bringing out information among the business computers 11A to 11C, 12A to 12C, and 13A to 13C Take-out operation information, Computer 11 A- 11 C, 12A - 12C, includes starting the operation information of the movable prohibited applications in 13A - 13C.

  The monitoring server 14 is a computer having a central processing unit, a memory, and a large-capacity hard disk, and has a DNS server function, a Web server function, a database server function, a mail server function, and a document server function. A management computer 21 having an input device such as a keyboard and a mouse and an output device such as a display 20 and a printer is connected to the monitoring server 14. The monitoring server 14 can be connected to the Internet, can access a predetermined Web site and log in to the site, and can access the network 11, 12, 13 or other network and log in to the network. it can. The monitoring server 14 can receive e-mails from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and can send e-mails to the business computers 11A to 11C, 12A to 12C, and 13A to 13C. It is. Various information can be received from the business computers 11A to 11C, 12A to 12C, and 13A to 13C via a wired LAN or a wireless LAN, and various information can be received by the business computers 11A to 11C, 12A to 12C, and 13A to 13C. Can be sent.

  The memory of the monitoring server 14 collects various network information and various operation log information received from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and stores the collected information in a predetermined format. The agent application that is output in is installed. Based on the control by the operating system, the monitoring server 14 activates the agent application stored in the memory and executes the following means according to the application. The monitoring server 14 executes network information collecting means for collecting network information transferred (transmitted) from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and outputs the collected network information in a predetermined format. The network information output means is executed. The monitoring server 14 executes operation log information collecting means for collecting operation log information transferred (transmitted) from each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C. Execute the operation log information output means that outputs in the format.

  The monitoring server 14 divides network information into network units 11, 12, and 13 for each segment unit based on the address information of the networks 11, 12, and 13 in the network information collecting means, and collects the network information for each of the business computers 11A to 11A. Based on the address information of 11C, 12A to 12C, and 13A to 13C, network information is collected separately for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C that form the networks 11, 12, and 13. The monitoring server 14 classifies and outputs the network information for each of the networks 11, 12, and 13 in the segment unit in the network information output means, and the business computers 11A to 11C that form the networks 11, 12, and 13 , 12A to 12C, and 13A to 13C are output separately.

  The monitoring server 14 collects operation log information by segmenting the network 11, 12, 13 in units of segments based on the address information of the networks 11, 12, 13 in the operation log information collecting means, and for each business computer. Based on the address information of 11A to 11C, 12A to 12C, and 13A to 13C, the operation log information is divided into business computers 11A to 11C, 12A to 12C, and 13A to 13C that form the networks 11, 12, and 13, respectively. collect. The monitoring server 14 outputs the operation log information by segmenting the network 11, 12, 13 for each segment in the operation log information output means, and the business computer forming the networks 11, 12, 13. 11A to 11C, 12A to 12C, and 13A to 13C are divided and output.

  FIG. 3 is a diagram showing a display screen of an authentication procedure displayed on the business computers 11A to 11C, 12A to 12C, 13A to 13C, and the displays 19 and 20 of the management computer 21. The monitoring server 14 authenticates the computers 11A to 11C, 12A to 12C, and 13A to 13C, 21 when the business computers 11A to 11C, 12A to 12C, 13A to 13C, and the management computer 21 are activated. In the authentication, it is determined whether or not the computers 11A to 11C, 12A to 12C, 13A to 13C, and 21 are to log in to the system 10. The authentication method performed by the monitoring server 14 is password authentication. In addition to password authentication, fingerprint authentication, voiceprint authentication, retina authentication, and IC card authentication can also be performed. As the password authentication, a one-time password can be adopted. When the computers 11A to 11C, 12A to 12C, 13A to 13C, and 21 are activated, as shown in FIG. 3, a user name input area and a password input area are displayed on the displays 19 and 20. Employees and managers enter user names and passwords in these input areas.

  The monitoring server 14 compares the input user name and password with those stored in the memory, and determines whether the user name and password are correct. If the user name and password are correct and the authentication result is acceptable, the monitoring server 14 logs the computers 11A to 11C, 12A to 12C, 13A to 13C, and 21 into the system 10. If the user name or password is incorrect and the authentication result is impossible, the monitoring server 14 prohibits the login of the computers 11A to 11C, 12A to 12C, 13A to 13C, and 21 to the system 10 and displays a login impossible message. Displayed on the displays 19 and 20. In this system 10, the monitoring server 14 authenticates the computers 11A to 11C, 12A to 12C, and 13A to 13C, 21 when the business computers 11A to 11C, 12A to 12C, 13A to 13C, and the management computer 21 are activated. If the authentication information is incorrect, the computers 11A to 11C, 12A to 12C, 13A to 13C, and 21 cannot log in to the system 10, so that the authentication information is altered or the authentication information is diverted to the system 10. Unauthorized entry can be prevented.

  4 and 5 are diagrams showing an example of the website access information displayed on the display 20, and show the website access status of the computers 11A to 11C, 12A to 12C, and 13A to 13C for a week. 4 and 5, the display of specific names, numerical values, and the like of each item of the website access information is omitted. The monitoring server 14 collects the website access information from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in a time series, and goes to the websites of the computers 11A to 11C, 12A to 12C, and 13A to 13C. Monitor access.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C access a predetermined website using the Internet (including the case of transmitting and receiving predetermined contents), the website access information passes through the communication port and the computer 11A to 11C, 12A to 12C, and 13A to 13C. Each of the computers 11A to 11C, 12A to 12C, and 13A to 13C acquires Web site access information passing therethrough from the communication port (Web site access information acquiring unit of the network information acquiring unit), and the acquired Web site access information Is converted into a text file (text format), and the Web site access information converted into the text file is temporarily stored in the hard disk.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the Web site access information stored in the hard disk to the monitoring server 14 at predetermined time intervals (the Web site access information transfer unit of the network information transfer unit) ). The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with the website access information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the website access information, they erase the website access information from the hard disk.

  The monitoring server 14 collects the website access information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected website access information on the hard disk (network information collection Web site access information collecting means). The monitoring server 14 stores the website access information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address, and stores the website access information on the computers 11A to 11C and 12A to 12A. 12C and 13A to 13C are stored separately.

  When there is a request for outputting website access information from the management computer 21, the monitoring server 14 displays the website access information stored in the hard disk on the display 20 of the management computer 21 and connects the website access information to the computer 21. Output from the printer (Web site access information output means of the network information output means). The monitoring server 14 classifies and outputs the website access information for each of the networks 11, 12, and 13 and outputs the website access information for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  The supervisor of the system 10 logs in the management computer 21 to the system 10 and then selects website access information from the report item on the report display screen (not shown) displayed on the display 20 of the computer 21. Specify the period. When the website access information is selected and the period is designated, the website access information in the designated period is displayed on the display 20 as shown in FIG. In FIG. 4, as the website access information, the computer name (computer name that accessed the website) in the computer name display area, the MAC address in the MAC address display area, the workgroup / domain display area, the period specified in the period display area In addition, the work group / domain, the number of accesses in the Web site access count display area, the number of bytes in the byte count display area, and the number of packets in the packet count display area are displayed.

  When the computer name displayed in the underlined portion on the screen of FIG. 4 is selected, the details of the website access information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20, as shown in FIG. Is done. FIG. 5 shows the details of the website access information as the month and day (Website access information display date and time) in the month and day display area, the computer name in the computer name display area, the workgroup / domain in the workgroup / domain display area, and the IP. An IP address is displayed in the address display area, and a MAC address is displayed in the MAC address display area. Furthermore, the website address is displayed in the website address display area, the protocol is displayed in the protocol display area, the number of bytes is displayed in the byte number display area, the number of packets is displayed in the packet number display area, and the connection time (connection time to the website) is displayed in the connection time display area. It is displayed. The monitor of the system 10 can output the Web site access information shown in FIGS. 4 and 5 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C acquire Web site access information that has passed through the communication port, convert the acquired Web site access information into a text format, and the monitoring server 14. Unlike the case where the website access information is transferred to the monitoring server 14 through the mirror port of the router, the private IP addresses and MAC addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C are changed. The monitoring server can collect the website access information in a state in which the computers correspond to each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  The system 10 allows the monitor to grasp the website access status of the business computers 11A to 11C, 12A to 12C, and 13A to 13C for each of the networks 11, 12, and 13 via the monitoring server 14, and the website access Can be monitored for each of the networks 11, 12, and 13. Further, the monitor can grasp the website access status for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C via the monitoring server 14, and the website access is made to the business computers 11A to 11C, 12A. It is possible to monitor every 12C and 13A-13C.

  The system 10 outputs the computers 11A to 11C, 12A to 12C, and 13A to 13C accessing the website as website access information, the number of website accesses, the website access date and time, the website address, and the connection time to the website. From the above, by using the website access information, the monitor can know details of access to the websites of the computers 11A to 11C, 12A to 12C, and 13A to 13C, and employees can access the website. It can be reliably monitored. This system 10 can regulate unauthorized access and unauthorized access to illegal websites by employees.

  6 and 7 are diagrams showing an example of external network access information displayed on the display 20, and show the external network access status of the computers 11A to 11C, 12A to 12C, and 13A to 13C for a week. In FIGS. 6 and 7, the display of specific names, numerical values, and the like of each item of the external network access information is omitted. The monitoring server 14 collects the external network access information from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and sends them to the external networks in the computers 11A to 11C, 12A to 12C, and 13A to 13C. Monitor access.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C access a predetermined external network using the Internet or a LAN (including a case where predetermined content is transmitted / received), the external network access information passes through the communication port. Are transferred to the computers 11A to 11C, 12A to 12C, and 13A to 13C. Each of the computers 11A to 11C, 12A to 12C, and 13A to 13C acquires external network access information passing therethrough from the communication port (external network access information acquisition means among the network information acquisition means), and the acquired external network access information Is converted into a text file (text format), and the external network access information converted into the text file is temporarily stored in the hard disk.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the external network access information stored in the hard disk to the monitoring server 14 at predetermined time intervals (external network access information transfer means among the network information transfer means) ). The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the external network access information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the external network access information, the external network access information is deleted from the hard disk.

  The monitoring server 14 collects the external network access information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected external network access information on the hard disk (network information collection External network access information collecting means). The monitoring server 14 stores the external network access information for each of the networks 11, 12, 13 based on the global IP address, private IP address, and MAC address, and stores the external network access information in the computers 11A to 11C, 12A to 12C and 13A to 13C are stored separately.

  When there is a request for output of external network access information from the management computer 21, the monitoring server 14 displays the external network access information stored in the hard disk on the display 20 of the management computer 21 and connects the external network access information to the computer 21. Output from the printer (external network access information output means of the network information output means). The monitoring server 14 classifies and outputs the external network access information for each of the networks 11, 12, and 13, and outputs the external network access information for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  The supervisor of the system 10 logs in the management computer 21 to the system 10, and then selects external network access information from the report items on the report display screen displayed on the display 20 of the computer 21 and specifies the period. When the external network access information is selected and the period is designated, the external network access information in the designated period is displayed on the display 20 as shown in FIG. In FIG. 6, as external network access information, the computer name (computer name that accessed the external network) is displayed in the computer name display area, the MAC address is displayed in the MAC address display area, and the workgroup / domain display area is the period specified in the period display area. Workgroup / domain, external network access count display area, external network access count, external byte count display byte count, traffic packet count display area packet count, internal byte count display area byte count, traffic The number of packets is displayed in the packet number display area.

  When the computer name displayed in the underlined portion on the screen of FIG. 6 is selected, as shown in FIG. Is done. FIG. 7 shows the details of the external network access information as the month / day (external network access information display date / time) in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address. An IP address is displayed in the address display area, and a MAC address is displayed in the MAC address display area. In addition, external IP (external network address) in the external IP display area, protocol type in the protocol type display area, port in the port display area, protocol in the protocol display area, byte count and traffic packet count in the external byte count display area The number of packets is displayed in the area, the connection time is displayed in the connection time display area, the number of bytes is displayed in the internal byte number display area, the number of packets is displayed in the traffic packet number display area, and the connection time is displayed in the connection time display area. The monitor of the system 10 can output the external network access information shown in FIGS. 6 and 7 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C acquire external network access information through the communication port, convert the acquired external network access information into a text format, and monitor server 14 Unlike the case where the external network access information is transferred to the monitoring server 14 through the mirror port of the router, the private IP addresses and MAC addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C are changed. The monitoring server can collect the external network access information in a state in which the computers 11A to 11C, 12A to 12C, and 13A to 13C correspond to each other.

  The system 10 allows the monitor to grasp the external network access status of the business computers 11A to 11C, 12A to 12C, and 13A to 13C for each of the networks 11, 12, and 13 via the monitoring server 14, and the external network access Can be monitored for each of the networks 11, 12, and 13. In addition, the supervisor can grasp the external network access status for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C via the monitoring server 14, and the external network access is assigned to the business computers 11A to 11C, 12A. It is possible to monitor every 12C and 13A-13C.

  The system 10 outputs, as external network access information, the name of the computer that has accessed the external network, the number of external network accesses, the external network access date and time, the external network address, and the connection time to the external network. Can be used to know the details of access to the external network of the computers 11A to 11C, 12A to 12C, and 13A to 13C, and the employee's access to the external network can be reliably monitored. This system 10 can regulate unauthorized access and unauthorized access to illegal external networks by employees.

  8 and 9 are diagrams showing an example of the e-mail transmission information displayed on the display 20, and show the e-mail transmission status of the computers 11A to 11C, 12A to 12C, and 13A to 13C for the week. In FIGS. 8 and 9, the display of specific names, numerical values, etc. of each item of the e-mail transmission information is omitted. The monitoring server 14 collects e-mail transmission information from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and sends e-mails in the computers 11A to 11C, 12A to 12C, and 13A to 13C. Monitor transmissions.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C transmit an electronic mail using the Internet, the electronic mail transmission information is transferred from the communication port to the computers 11A to 11C, 12A to 12C, and 13A to 13C. . Each of the computers 11A to 11C, 12A to 12C, and 13A to 13C acquires e-mail transmission information passing therethrough from the communication port (e-mail transmission information acquisition means of the network information acquisition means), and the acquired e-mail transmission information Is converted into a text file (text format), and the e-mail transmission information converted into the text file is temporarily stored in the hard disk.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C transfer e-mail transmission information stored in the hard disk to the monitoring server 14 at a predetermined time interval (e-mail transmission information transfer means of network information transfer means) ). The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the e-mail transmission information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the e-mail transmission information, the e-mail transmission information is deleted from the hard disk.

  The monitoring server 14 collects e-mail transmission information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected e-mail transmission information in the hard disk (network information collection E-mail transmission information collecting means). The monitoring server 14 stores the e-mail transmission information for each of the networks 11, 12, 13 based on the global IP address, the private IP address, and the MAC address, and stores the e-mail transmission information in the computers 11A to 11C, 12A. 12C and 13A to 13C are stored separately.

  When there is a request for output of e-mail transmission information from the management computer 21, the monitoring server 14 displays the e-mail transmission information stored in the hard disk on the display 20 of the management computer 21 and connects the e-mail transmission information to the computer 21. Output from the printed printer (e-mail transmission information output means of the network information output means). The monitoring server 14 classifies and outputs the e-mail transmission information for each of the networks 11, 12, and 13, and outputs the e-mail transmission information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C.

  The supervisor of the system 10 logs the management computer 21 into the system 10, then selects e-mail transmission information from the report items on the report display screen displayed on the display 20 of the computer 21 and specifies the period. When the e-mail transmission information is selected and the period is designated, the external network access information in the designated period is displayed on the display 20 as shown in FIG. In FIG. 8, as e-mail transmission information, the computer name (the name of the computer that sent the e-mail) in the computer name display area, the MAC address in the MAC address display area, the workgroup / domain display area, the period specified in the period display area The work group / domain is displayed in the transmission number display area, and the number of transmissions of the electronic mail is displayed in the transmission number display area.

  When the computer name displayed in the underlined portion on the screen of FIG. 8 is selected, the details of the e-mail transmission information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20 as shown in FIG. Is done. FIG. 9 shows the details of the e-mail transmission information, such as the month and day (e-mail transmission information display date and time) in the month and day display area, the computer name (computer name that sent the e-mail) in the computer name display area, and the work group / domain. The work group / domain is displayed in the display area, the IP address is displayed in the IP address display area, and the MAC address is displayed in the MAC address display area. Furthermore, the sender (user name of the computer 11A-11C, 12A-12C, 13A-13C that sent the email) is sent to the sender display area, the email send date / time is sent to the email send date / time display area, and the destination (email is sent to the destination display area). The subject (the subject of the sent e-mail) is displayed in the subject display area. The monitor of the system 10 can output the e-mail transmission information of FIGS. 8 and 9 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C themselves acquire e-mail transmission information that has passed through the communication port, convert the acquired e-mail transmission information into a text format, and monitor server 14. Since the e-mail transmission information is transferred to the monitoring server 14 through the mirror port of the router, the private IP addresses and MAC addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C are changed. The monitoring server can collect e-mail transmission information in a state in which the computers 11A to 11C, 12A to 12C, and 13A to 13C correspond to each other.

  The system 10 allows the monitor to grasp the e-mail transmission status of the business computers 11A to 11C, 12A to 12C, and 13A to 13C for each of the networks 11, 12, and 13 via the monitoring server 14, and Transmission can be monitored for each network 11, 12, 13. Further, the supervisor can grasp the e-mail transmission status for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C via the monitoring server 14, and the e-mail can be transmitted to the business computers 11A to 11C, It can monitor every 12A-12C and 13A-13C.

  The system 10 outputs, as e-mail information, the name of the computer that transmitted the e-mail, the number of e-mail transmissions, the user name of the component device that transmitted the e-mail, the e-mail transmission date and time, the e-mail transmission destination address, and the e-mail subject. From the above, by using the e-mail information, the supervisor can know the details of the e-mails transmitted from the computers 11A to 11C, 12A to 12C, and 13A to 13C. Can be monitored. This system 10 can regulate unauthorized transmission and unauthorized transmission of information by employees.

  10 and 11 show the start / end operation history (start / end history information) within the operation permission time of the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and the computers 11A to 11C, 12A to 12C, and 13A to 13A to 13C. Use operation history within 13C operation permission time (use operation history information within operation permission time), use operation history of permitted applications within operation permission time of computers 11A to 11C, 12A to 12C, and 13A to 13C (within operation permission time) It is a figure which shows an example of application usage history information), and shows the weekly usage history of the computers 11A to 11C, 12A to 12C, and 13A to 13C. In FIGS. 10 and 11, the display of specific names, numerical values, etc. of each item of the usage history is omitted. The monitoring server 14 collects operation log information within the operation permission time from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and the computers 11A to 11C, 12A to 12C, and 13A to 13C. The operation status within the permitted operation time is monitored.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C determine whether their use is within the operation permission time or outside the operation permission time by using the timer function, and when it is activated within the operation permission time, Judged to be used within the permitted time. The operation permission times of the computers 11A to 11C, 12A to 12C, and 13A to 13C are stored in their hard disks. When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are turned on (ON) within the operation permission time, the computer names and global IP addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C , Private IP address, MAC address, and the start date and time of the computers 11A to 11C, 12A to 12C, 13A to 13C (operation history information acquisition means within the operation permission time of the operation log information acquisition means) Convert history information (operation log information) to a text file (text format).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are turned off within the operation permission time (OFF), the computer names and global IP addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C The private IP address, the MAC address, and the end date and time of the computers 11A to 11C, 12A to 12C, and 13A to 13C are acquired (the operation history information acquisition means end history information acquisition means of the operation log information acquisition means), and the acquired end Convert history information (operation log information) to a text file (text format).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are used within the operation permission time, the use operation history information (computer name, (Including a global IP address, private IP address, and MAC address) (the operation log information acquisition means used operation history information acquisition means within the operation permission time), and the acquired use operation history information is stored in a text file (text format). ).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C start the permitted application installed therein, and when the computers 11A to 11C, 12A to 12C, and 13A to 13C use the application, the application use of the application History information (including computer name, global IP address, private IP address, MAC address) is acquired (application usage history information acquisition means within the operation permission time of the operation log information acquisition means), and the acquired application usage history information Is converted to a text file (text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the start history information, the end history information, the use operation history information, and the application use history information within the operation permission time converted into text files on the hard disk. . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the start history information, end history information, use operation history information, and application use history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (operation log). Among the information transfer means, start history information transfer means, end history information transfer means, use operation history information transfer means, application use history information transfer means). The computers 11A to 11C, 12A to 12C, and 13A to 13C send the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with start history information, end history information, use operation history information, and application use history information. Forward. When the computer 11A to 11C, 12A to 12C, and 13A to 13C transfer the start history information, the end history information, the use operation history information, and the application use history information, they erase the information from the hard disk.

  The monitoring server 14 chronologically stores text files of start history information, end history information, use operation history information, and application use history information within the operation permission time transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The collected information is stored in the hard disk (a start history information collecting means, an end history information collecting means, a use operation history information collecting means, an application use history information collecting means among the operation log information collecting means). The monitoring server 14 stores start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address. These pieces of information are stored separately for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  When the monitoring computer 14 requests the management computer 21 to output start history information, end history information, use operation history information, and application use history information within the operation permission time, the management computer 21 stores the information stored in the hard disk. Information is output from a printer connected to the computer 21 (starting history information output means, end history information output means, use operation history information output means, operation use of application log information output means) History information output means). The monitoring server 14 classifies and outputs start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13, and outputs these information to the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, The data is output after being divided into 13A to 13C.

  The supervisor of the system 10 logs the management computer 21 into the system 10, and then selects the usage history information within the operation permission time from the report item on the report display screen displayed on the display 20 of the computer 21. specify. When the usage history information within the operation permitted time is selected and the period is designated, as shown in FIG. 10, the usage history information (starting history information, end history information, used operation history information, application within the operation permitted time in the designated period is displayed. Usage history information) is displayed on the display 20. FIG. 10 shows, as the use history information within the operation permission time, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, and the work group in the work group / domain display area. / Domain, initial startup time is displayed in the initial startup time display area, final end time is displayed in the final end time display area, and the number of operations of the computers 11A to 11C, 12A to 12C, and 13A to 13C is displayed in the operation count display area.

  When the computer name displayed in the underlined portion on the screen of FIG. 10 is selected, as shown in FIG. 11, the details of the usage history information within the operation permission time of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed. It is displayed on the display 20. FIG. 11 shows the details of the usage history information within the operation permission time, the operation date in the month / day display area, the business computer name in the computer name display area, the work group / domain, IP address in the work group / domain display area. An IP address is displayed in the display area, and a MAC address is displayed in the MAC address display area. Furthermore, the power ON / OFF display area is recorded with the power ON / OFF, the user name is displayed in the user name display area (the name of the employee who manages the business computers 11A to 11C, 12A to 12C, and 13A to 13C), and the start date and time display area is started. Date and time (application use start date and time), end date and time display area end date and time (application use end date and time), operation time display area operation time (application use time), application name display area application name (used application name) ), The operation window name (the operation window name of the used application) is displayed in the operation window name display area. The monitor of the system 10 can output the usage history information of FIGS. 10 and 11 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C obtain use history information (start history information, end history information, use operation history information, application use history information) within the operation permission time, Since the acquired usage history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or the computers 11A to 11C, 12A to 12C, The use history information within the operation permission time for each of 13A to 13C can be grasped. This system 10 can monitor the use operation status and the application use status within the operation permission time of each of the computers 11A to 11C, 12A to 12C, and 13A to 13C, and can regulate the unlimited use of the application. .

  FIGS. 12 and 13 illustrate use operation histories outside operation permission times (operation operation history information outside operation permission hours) of computers 11A to 11C, 12A to 12C, and 13A for business computers 11A to 11C, 12A to 12C, and 13A to 13A. It is a figure which shows an example of the use operation log | history outside operation permission time of permission application in 13C (application use history information outside operation permission time), and shows the weekly use history of computers 11A-11C, 12A-12C, 13A-13C. Show. In FIGS. 12 and 13, display of specific names, numerical values, and the like of each item of the usage history is omitted. The monitoring server 14 collects operation log information outside the operation permission time from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and each of the computers 11A to 11C, 12A to 12C, and 13A to 13C. The operation status outside the permitted operation time is monitored.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C determine whether their use is within the operation permission time or outside the operation permission time by using the timer function, and start up after the operation permission time has elapsed. Judge that it is used outside of the operation permission time. When the computers 11A to 11C, 12A to 12C, and 13A to 13C are turned on (ON) outside the operation permission time, the computer names, global IP addresses, and private names of the computers 11A to 11C, 12A to 12C, and 13A to 13C The IP address, the MAC address, and the startup date and time of the computers 11A to 11C, 12A to 12C, and 13A to 13C are acquired (the operation history information acquisition unit out of the operation log information acquisition unit), and the acquired startup history information Convert (operation log information) to a text file (text format).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are turned off (OFF) outside the operation permission time, the computer names and global IP addresses of the computers 11A to 11C, 12A to 12C, and 13A to 13C The private IP address, MAC address, and the end date and time of the computers 11A to 11C, 12A to 12C, and 13A to 13C are acquired (the operation log information acquiring unit is the operation permission non-operation time end history information acquiring unit), and the acquired end Convert history information (operation log information) to a text file (text format).

  If the business computers 11A to 11C, 12A to 12C, and 13A to 13C are used outside the operation permission time, the operation history information (computer name, computer name, (Including a global IP address, private IP address, and MAC address) (operation log information acquisition means out of operation permission time use operation history information acquisition means), and the acquired use operation history information in a text file (text format) ).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C start the permitted application installed in the operation permission time, and the computers 11A to 11C, 12A to 12C, and 13A to 13C use the application, Acquire application usage history information (including computer name, global IP address, private IP address, MAC address) of the application (application usage history information acquisition means outside operation permission time out of operation log information acquisition means) and acquisition Convert the used application history information into a text file (text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the start history information, the end history information, the use operation history information, and the application use history information outside the operation permission time converted into text files on the hard disk. . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the start history information, end history information, use operation history information, and application use history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (operation log). Among the information transfer means, start history information transfer means, end history information transfer means, use operation history information transfer means, application use history information transfer means). The computers 11A to 11C, 12A to 12C, and 13A to 13C send the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with start history information, end history information, use operation history information, and application use history information. Forward. When the computer 11A to 11C, 12A to 12C, and 13A to 13C transfer the start history information, the end history information, the use operation history information, and the application use history information, they erase the information from the hard disk.

  The monitoring server 14 chronologically stores text files of start history information, end history information, use operation history information, and application use history information outside the operation permission time transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The collected information is stored in the hard disk (a start history information collecting means, an end history information collecting means, a use operation history information collecting means, an application use history information collecting means among the operation log information collecting means). The monitoring server 14 stores start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address. These pieces of information are stored separately for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  When the monitoring server 14 requests the management computer 21 to output start history information, end history information, use operation history information, and application use history information outside the operation permission time, the management computer 21 stores the information stored in the hard disk. Information is output from a printer connected to the computer 21 (starting history information output means, end history information output means, use operation history information output means, operation use of application log information output means) History information output means). The monitoring server 14 classifies and outputs start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13, and outputs these information to the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, The data is output after being divided into 13A to 13C.

  The supervisor of the system 10 logs the management computer 21 into the system 10, and then selects the usage history information outside the operation permitted time from the report item on the report display screen displayed on the display 20 of the computer 21. specify. When the operation history outside the permitted operation time is selected and the period is specified, as shown in FIG. 12, the usage history information outside the operation permitted time in the specified period (start history information, end history information, used operation history information, application Usage history information) is displayed on the display 20. In FIG. 12, as the usage history information outside the operation permission time, the computer name display area, the business computer name in the MAC name display area, the MAC address in the work group / domain display area, the work group in the period specified in the period display area / Domain, the user name is displayed in the user name display area, and the usage count outside the operation permission time is displayed in the usage count display area.

  When the computer name displayed in the underlined portion in the screen of FIG. 12 is selected, as shown in FIG. 13, details of usage history information outside the operation permission time of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed. It is displayed on the display 20. FIG. 13 shows the details of the usage history information outside the operation permission time as the operation date in the month / day display area, the business computer name in the computer name display area, the work group / domain, IP address in the work group / domain display area. The IP address is displayed in the display area, and the MAC address is displayed in the MAC address display area. Further, the user name (employee name managing the business computers 11A to 11C, 12A to 12C, 13A to 13C) is displayed in the user name display area, the start date and time (application use start date and time), and the end date and time display area. End date and time (application use end date and time), operation time display area operation time (application use time), application name display area application name (used application name), operation window name display area operation window name (use The name of the operation window of the selected application) is displayed. The monitor of the system 10 can output the usage history information shown in FIGS. 12 and 13 from the printer.

  In the system 10, the business computers 11A to 11C, 12A to 12C, and 13A to 13C acquire use history information (start history information, end history information, use operation history information, application use history information) outside the operation permission time, Since the acquired usage history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or the computers 11A to 11C, 12A to 12C, It is possible to grasp the use history information outside the operation permission time for each of 13A to 13C. The system 10 can monitor the use operation status and application use status outside the operation permission time of each computer 11A to 11C, 12A to 12C, 13A to 13C, and the computers 11A to 11C, 12A outside the operation permission time. Use of ~ 12C, 13A-13C can be restricted.

  FIGS. 14 and 15 illustrate the use operation history (external environment use operation history information) of the business computers 11A to 11C, 12A to 12C, and 13A to 13C in the external environment other than the networks 11, 12, and 13, and the computers 11A to 11A in the external environment. It is a figure which shows an example of the use operation log | history (external environment application use log information) of the application of 11C, 12A-12C, 13A-13C, and the external environment use log of the week of computers 11A-11C, 12A-12C, 13A-13C Indicates. In FIGS. 14 and 15, the display of specific names, numerical values, and the like of each item of the usage history is omitted. The monitoring server 14 collects operation log information in the external environment from the business computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and is external to the computers 11A to 11C, 12A to 12C, and 13A to 13C. Monitor the operational status of the environment.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the private IP address and MAC address that identify them to the monitoring server 13 at regular time intervals (3 minute intervals, 5 minute intervals, etc.) for monitoring. The communication state with the server 13 (communication enabled or disabled) is confirmed. When the address information cannot be transferred to the monitoring server 13, the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C determine that communication with the monitoring server 13 is impossible and determine use in the external environment. When the computers 11A to 11C, 12A to 12C, and 13A to 13C are turned on (ON) after determining that communication with the monitoring server 13 is impossible, the computers of the computers 11A to 11C, 12A to 12C, and 13A to 13C A name, a global IP address, a private IP address, a MAC address, and the activation date and time of the computers 11A to 11C, 12A to 12C, and 13A to 13C (external environment activation history information acquisition means of the operation log information acquisition means) Convert the acquired startup history information (operation log information) into a text file (text format).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are turned off (OFF) after determining that communication with the monitoring server 13 is impossible, the computers 11A to 11C, 12A to 12C, and 13A to 13C Computer name, global IP address, private IP address, MAC address, and end date and time of the computers 11A to 11C, 12A to 12C, and 13A to 13C (external environment end history information acquisition means among operation log information acquisition means) ), And the acquired end history information (operation log information) is converted into a text file (text format).

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C are used in an external environment, use operation history information (computer name, global IP) of the computers 11A to 11C, 12A to 12C, and 13A to 13C is used. Address (including private IP address, MAC address)) (external environment use operation history information acquisition means among operation log information acquisition means), and converts the obtained use operation history information into a text file (text format). . The business computers 11A to 11C, 12A to 12C, and 13A to 13C start the permitted application installed in the external environment, and when the computers 11A to 11C, 12A to 12C, and 13A to 13C use the application, the application Application usage history information (including computer name, global IP address, private IP address, MAC address) is acquired (external environment application usage history information acquisition means among operation log information acquisition means), and acquired application usage history Convert information to a text file (text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store start history information, end history information, use operation history information, and application use history information in the external environment converted into text files on the hard disk. When the business computers 11A to 11C, 12A to 12C, and 13A to 13C can communicate with the monitoring server 14, the start history information, the end history information, the use operation history information, and the application use history in the external environment stored in the hard disk Information is transferred to the monitoring server 14 (starting history information transfer means, end history information transfer means, use operation history information transfer means, application use history information transfer means among the operation log information transfer means). The computers 11A to 11C, 12A to 12C, and 13A to 13C send the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with start history information, end history information, use operation history information, and application use history information. Forward. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer start history information, end history information, use operation history information, and application use history information in the external environment, the information is deleted from the hard disk.

  The monitoring server 14 collects text files of start history information, end history information, use operation history information, and application use history information in the external environment transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series. The collected information is stored in the hard disk (a start history information collecting means, an end history information collecting means, a use operation history information collecting means, an application use history information collecting means among the operation log information collecting means). The monitoring server 14 stores start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address. These pieces of information are stored separately for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  When the monitoring computer 14 requests the management computer 21 to output start history information, end history information, use operation history information, and application use history information in the external environment, the information stored in the hard disk is displayed on the display of the management computer 21. 20 and output the information from a printer connected to the computer 21 (starting history information output means, end history information output means, use operation history information output means, operation use history information of the operation log information output means, application use history information) Output means). The monitoring server 14 classifies and outputs start history information, end history information, use operation history information, and application use history information for each of the networks 11, 12, and 13, and outputs these information to the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, The data is output after being divided into 13A to 13C.

  The supervisor of the system 10 logs the management computer 21 into the system 10 and then selects external environment use history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates the period. . When the external environment use history information is selected and the period is specified, as shown in FIG. 14, use history information in the external environment for the specified period (start history information, end history information, use operation history information, application use history information) Is displayed on the display 20. FIG. 14 shows, as the use history information in the external environment, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, and the work group / domain in the work group / domain display area. The user name is displayed in the user name display area (the name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C used in the external environment), and the use count in the external environment is displayed in the use count display area.

  When the computer name displayed in the underlined portion in the screen of FIG. 14 is selected, as shown in FIG. 15, details of usage history information in the external environment of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 17. Is displayed. FIG. 15 shows the details of the usage history information in the external environment, the operation date in the month display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area. The IP address is displayed in the MAC address display area and the MAC address is displayed in the MAC address display area. Furthermore, the external use start time is displayed in the external use start time display area, the external use end time is displayed in the external use end time display area, the user name is displayed in the user name display area, the application use start time is displayed in the application use start time display area, and the application use end time is displayed. Application use end time in the display area, application operation time in the application operation display area, application name in the application name display area (application name used for external use), operation window name in the operation window name display area (external use) The name of the operation window of the application used at the time is displayed. The monitor of the system 10 can output the usage history information shown in FIGS. 14 and 15 from the printer.

  In the system 10, the business computers 11A to 11C, 12A to 12C, and 13A to 13C acquire and acquire use history information (start history information, end history information, use operation history information, and application use history information) in the external environment. Since the external environment use history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or the computers 11A to 11C, 12A to 12C, The usage history information in the external environment for each of 13A to 13C can be grasped. Since this system 10 can monitor the usage operation status and application usage status of the computers 11A to 11C, 12A to 12C, and 13A to 13C in the external environment, the computers 11A to 11C and 12A to 12C in the external environment. , 13A to 13C can be regulated, and unauthorized actions such as unauthorized removal of information, falsification of information, and destruction of information can be regulated.

  FIG. 16 is a diagram illustrating an example of an application installation operation history (installation operation history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C. FIG. 17 illustrates the contents of the installed application (installation content information). ). In FIGS. 16 and 17, the display of specific names, numerical values, and the like of each item of the installation operation history and application contents is omitted. When various applications are installed in the business computers 11A to 11C, 12A to 12C, and 13A to 13C, the monitoring server 14 collects the installation history from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The installation status of the applications 11A to 11C, 12A to 12C, and 13A to 13C is monitored.

  When a predetermined application is installed in the business computers 11A to 11C, 12A to 12C, and 13A to 13C, installation operation history information of the application (computer name, global IP address, private IP address, MAC address, application contents) (Installation operation history information acquisition means of the operation log information acquisition means) and convert the acquired installation operation history information into a text file (text format). The contents of the application are an outline of applications such as document creation software, spreadsheet software, translation software, database construction software, communication software, and security software. The computers 11A to 11C, 12A to 12C, and 13A to 13C identify the contents from the identification code of the application when the application is installed. When the contents cannot be identified from the application identification code, the computers 11A to 11C, 12A to 12C, and 13A to 13C request the input of the contents of the application when the application is installed, and the application can be installed after waiting for the contents input. And

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the installation operation history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the installation operation history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (installation operation history information transfer means among the operation log information transfer means). . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the installation operation history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the installation operation history information, the information is deleted from the hard disk.

  The monitoring server 14 collects the installation operation history information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected installation operation history information on the hard disk (network information collection Installation operation history information collecting means). The monitoring server 14 stores the installation operation history information for each of the networks 11, 12, 13 based on the global IP address, the private IP address, and the MAC address, and stores the installation operation history information on the computers 11A to 11C, 12A. 12C and 13A to 13C are stored separately.

  When there is a request for output of installation operation history information from the management computer 21, the monitoring server 14 displays the installation operation history information stored in the hard disk on the display 20 of the management computer 21 and connects the installation operation history information to the computer 21. Output from the designated printer (installation operation history information output means of the operation log information output means). The monitoring server 14 classifies and outputs the installation operation history information for each of the networks 11, 12, and 13 and outputs the installation operation history information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C.

  The supervisor of the system 10 logs the management computer 21 into the system 10, then selects installation operation history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates a period. When installation operation history information is selected and a period is designated, installation operation history information for the designated period is displayed on the display 20 as shown in FIG. In FIG. 16, a computer name (computer name on which the application is installed) is displayed in the computer name display area, a date (installation date and time) is displayed in the date display area, and an application name (installed application name) is displayed in the application name display area.

  The management computer 21 can request the monitoring server 14 to output the contents of applications installed in the computers 11A to 11C, 12A to 12C, and 13A to 13C. When there is a request to output the contents of the installed application, the monitoring server 14 displays the contents of the application on the display 20 of the management computer 21 and outputs the contents of the application from a printer connected to the computer 21 ( Application content output means among operation log information output means). When the application name is highlighted on the screen of FIG. 16 and the content display is clicked, the contents of the installed application are displayed in the application content display area together with the computer name and application name, as shown in FIG. The system 10 regulates an unnecessary application installation act by an employee because the monitor can grasp the installation status of the application in the computers 11A to 11C, 12A to 12C, and 13A to 13C by using the monitoring server 14. be able to.

  18 is a diagram illustrating an example of an application uninstall operation history (uninstall operation history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C. FIG. 19 illustrates the contents of the uninstalled application ( It is a figure which shows (uninstallation content information). 18 and 19, the display of specific names, numerical values, and the like of each item of the uninstall operation history and application contents is omitted. When the various applications are uninstalled from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, the monitoring server 14 collects the uninstall history from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The uninstallation status of the applications of the computers 11A to 11C, 12A to 12C, and 13A to 13C is monitored.

  When a predetermined application is uninstalled from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, uninstall operation history information (computer name, global IP address, private IP address, MAC address, (Including application contents) is acquired (uninstallation operation history information acquisition means in the operation log information acquisition means), and the acquired uninstallation operation history information is converted into a text file (text format). The computers 11A to 11C, 12A to 12C, and 13A to 13C identify the contents from the identification code of the application when the application is uninstalled. When the contents cannot be identified from the identification code of the application, the computers 11A to 11C, 12A to 12C, and 13A to 13C request the input of the contents of the application when uninstalling the application, and wait for the contents input to uninstall the application. Is possible.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the uninstall operation history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the uninstall operation history information stored in the hard disk to the monitoring server 14 at a predetermined time interval (uninstall operation history information transfer among operation log information transfer means). means). The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with the uninstall operation history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the uninstall operation history information, the information is deleted from the hard disk.

  The monitoring server 14 collects the uninstall operation history information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected uninstall operation history information on the hard disk (network). (Uninstallation operation history information collecting means among information collecting means). The monitoring server 14 stores the uninstall operation history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address, and stores the uninstall operation history information on the computers 11 </ b> A to 11 </ b> C, The data are stored separately for each of 12A to 12C and 13A to 13C.

  When there is a request to output uninstall operation history information from the management computer 21, the monitoring server 14 displays the uninstall operation history information stored in the hard disk on the display 20 of the management computer 21, and the uninstall operation history information is displayed on the computer. 21 is output from the printer connected to 21 (uninstallation operation history information output means of the operation log information output means). The monitoring server 14 classifies and outputs the uninstall operation history information for each of the networks 11, 12, and 13, and outputs the uninstall operation history information for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C. To do.

  The supervisor of the system 10 logs in the management computer 21 to the system 10 and then selects the uninstall operation history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates the period. . When uninstall operation history information is selected and a period is designated, uninstall operation history information for the designated period is displayed on the display 20 as shown in FIG. In FIG. 18, the computer name (the name of the computer from which the application has been uninstalled) is displayed in the computer name display area, the date (the date and time of uninstallation) is displayed in the date display area, and the application name (the name of the uninstalled application) is displayed in the application name display area. ing.

  The management computer 21 can request the monitoring server 14 to output the contents of the application uninstalled in the computers 11A to 11C, 12A to 12C, and 13A to 13C. When there is a request to output the contents of the uninstalled application, the monitoring server 14 displays the contents of the application on the display 20 of the management computer 21 and outputs the contents of the application from a printer connected to the computer 21. (Application content output means in the operation log information output means). When the application name is highlighted on the screen of FIG. 18 and the content display is clicked, the contents of the uninstalled application are displayed in the application content display area together with the computer name and application name, as shown in FIG. In the system 10, since the supervisor can grasp the uninstallation status of the application in the computers 11A to 11C, 12A to 12C, and 13A to 13C using the monitoring server 14, the unauthorized uninstallation of the application by the employee is performed. Can be regulated.

  20 and 21 are diagrams illustrating an example of printing operation history (printing operation history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C, and the week of the computers 11A to 11C, 12A to 12C, and 13A to 13C. The print operation history is shown. In FIGS. 20 and 21, the display of specific names and numerical values for each item of the printing operation history information is omitted. When a printing operation is performed in the business computers 11A to 11C, 12A to 12C, and 13A to 13C, the monitoring server 14 collects the printing operation history from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The printing operation statuses of the computers 11A to 11C, 12A to 12C, and 13A to 13C are monitored.

  When predetermined information is printed on the business computers 11A to 11C, 12A to 12C, and 13A to 13C by a printer connected thereto, the printing operation history information of the computers 11A to 11C, 12A to 12C, and 13A to 13C ( (Including computer name, global IP address, private IP address, MAC address) (print operation history information acquisition means of the operation log information acquisition means), and the acquired print operation history information is a text file (text format) Convert to

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the printing operation history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the print operation history information stored in the hard disk to the monitoring server 14 at a predetermined time interval (print operation history information transfer means among the operation log information transfer means). . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the print operation history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the printing operation history information, the information is deleted from the hard disk.

  The monitoring server 14 collects print operation history information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected print operation history information in the hard disk (operation log information). Printing operation history information collecting means). The monitoring server 14 stores the print operation history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address, and stores the print operation history information in the computers 11 </ b> A to 11 </ b> C and 12 </ b> A to 12 </ b> A. 12C and 13A to 13C are stored separately.

  When there is a print operation history information output request from the management computer 21, the monitoring server 14 displays the print operation history information stored in the hard disk on the display 20 of the management computer 21 and connects the print operation history information to the computer 21. Output from the printer (print operation history information output means of the operation log information output means). The monitoring server 14 classifies and outputs the print operation history information for each of the networks 11, 12, and 13 and outputs the print operation history information for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  The supervisor of the system 10 logs in the management computer 21 to the system 10, then selects print operation history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates a period. When printing operation history information is selected and a period is specified, printing operation history information for the specified period is displayed on the display 20 as shown in FIG. FIG. 20 shows, as the print operation history information, the period specified in the period display area, the business computer name (the name of the computer that performed the printing operation) in the computer name display area, the MAC address in the MAC address display area, and the work group / domain. The work area / domain is displayed in the display area, the user name is displayed in the user name display area (the name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C that performed the printing operation), and the total number of print pages is displayed in the print total page number display area. The number of prints is displayed in the print number display area.

  When the computer name displayed in the underlined portion in the screen of FIG. 20 is selected, the details of the printing operation history information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20, as shown in FIG. Is done. FIG. 21 shows the details of the print operation history information as the month and day of the print operation in the month and day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area. The IP address is displayed in the MAC address display area and the MAC address is displayed in the MAC address display area. Further, the employee name is displayed in the user name display area, the print date and time in the print date display area, the document name in the document name display area, the number of print pages in the print page number display area, and the printer name in the printer name display area. The monitor of the system 10 can output the printing operation history shown in FIGS. 20 and 21 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C acquire the printing operation history information, convert the acquired printing operation history information into a text format, and transfer the information to the monitoring server 14. The monitor of the system 10 can grasp the print operation history information for each of the networks 11, 12, 13 or each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, 13 </ b> A to 13 </ b> C using the monitoring server 14. Since this system 10 can monitor printing operations in the computers 11A to 11C, 12A to 12C, and 13A to 13C, it can regulate unlimited printing operations in the computers 11A to 11C, 12A to 12C, and 13A to 13C. It is possible to regulate unauthorized printing of information by employees.

  22 and 23 are diagrams illustrating examples of file access history (file access history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C, and the week of the computers 11A to 11C, 12A to 12C, and 13A to 13C. The file access history of is shown. In FIGS. 22 and 23, the display of specific names and numerical values of each item of the file access history information is omitted. When the business computers 11A to 11C, 12A to 12C, and 13A to 13C access a predetermined file, the monitoring server 14 collects the file access history from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The file access status of the computers 11A to 11C, 12A to 12C, and 13A to 13C is monitored.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C access a predetermined file, the file access history information (computer name, global IP address) of the computers 11A to 11C, 12A to 12C, and 13A to 13C , Including the private IP address and MAC address) (file access history information acquisition means of the operation log information acquisition means), and converts the acquired file access history information into a text file (text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the file access history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the file access history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (file access history information transfer means among the operation log information transfer means). . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the file access history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the file access history information, the information is deleted from the hard disk.

  The monitoring server 14 collects the file access history information text files transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected file access history information on the hard disk (operation log information). File access history information collecting means). The monitoring server 14 stores the file access history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address, and stores the file access history information on the computers 11A to 11C and 12A to 12A. 12C and 13A to 13C are stored separately.

  When there is a request for outputting file access history information from the management computer 21, the monitoring server 14 displays the file access history information stored in the hard disk on the display 20 of the management computer 21 and connects the file access history information to the computer 21. Output from the printer (file access history information output means of the operation log information output means). The monitoring server 14 classifies and outputs the file access history information for each of the networks 11, 12, and 13 and outputs the file access history information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C.

  The supervisor of the system 10 logs the management computer 21 into the system 10 and then selects file access history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates the period. When the file access history information is selected and the period is designated, the file access history information for the designated period is displayed on the display 20 as shown in FIG. In FIG. 22, as the file access history information, for the period specified in the period display area, the business computer name (the name of the computer that performed the file access) in the computer name display area, the MAC address in the MAC address display area, the work group / domain The work group / domain is displayed in the display area, the user name is displayed in the user name display area (the name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C that performed file access), and the access count is displayed in the access count display area. ing.

  When the computer name displayed in the underlined portion in the screen of FIG. 22 is selected, the details of the file access history information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20, as shown in FIG. Is done. FIG. 23 shows the details of the file access history information, the month and date of file access in the month and day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area. The IP address is displayed in the MAC address display area and the MAC address is displayed in the MAC address display area. Furthermore, the employee name in the user name display area, the access date and time in the access date and time display area, the operation content in the operation content display area (copy, cut, write, delete, create holder, rename, etc.), and the file name in the file name display area The file name before change is displayed in the file name display area before change. The monitor of the system 10 can output the file access history shown in FIGS. 22 and 23 from the printer.

  In the system 10, the business computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C acquire the file access history information, convert the acquired file access history information into a text format, and transfer it to the monitoring server 14. A monitor of the system 10 can use the monitoring server 14 to grasp file access history information for each of the networks 11, 12, and 13 or for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C. Since this system 10 can monitor the access status of files in the computers 11A to 11C, 12A to 12C, and 13A to 13C, it restricts unlimited use of files in the computers 11A to 11C, 12A to 12C, and 13A to 13C. And unauthorized use of files by employees.

  24 and 25 are diagrams illustrating an example of printing action history (printing action history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C, and the week of the computers 11A to 11C, 12A to 12C, and 13A to 13C. Shows the printing activity history. In FIGS. 24 and 25, the display of specific names and numerical values of each item of the printing action history information is omitted. When the computer prohibited from printing among the business computers 11A to 11C, 12A to 12C, and 13A to 13C performs a printing action, the monitoring server 14 displays the printing action history as the computers 11A to 11C, 12A to 12C, It collects from 13A-13C and monitors the printing action status of each computer 11A-11C, 12A-12C, 13A-13C. In addition to the method of prohibiting printing of data on a specific computer by specifying a computer, the method of prohibiting printing on a specific computer is also prohibited from printing data stored in that drive by specifying a drive installed in the computer. There is a way to do it.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C perform a printing action on computers that are prohibited from printing, the printing actions of the computers 11A to 11C, 12A to 12C, and 13A to 13C History information (including computer name, global IP address, private IP address, MAC address) is acquired (printing action history information acquisition means of the operation log information acquisition means), and the acquired printing action history information is stored in a text file ( To text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the printing action history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the printing action history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (printing action history information transfer means among the operation log information transfer means). . The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the printing action history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the printing action history information, the information is deleted from the hard disk.

  The monitoring server 14 collects text files of printing action history information transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected printing action history information in the hard disk (operation log information). Printing action history information collecting means). The monitoring server 14 stores the printing action history information for each of the networks 11, 12, 13 based on the global IP address, the private IP address, and the MAC address, and stores the printing action history information on the computers 11A to 11C, 12A. 12C and 13A to 13C are stored separately.

  When there is a print action history information output request from the management computer 21, the monitoring server 14 displays the print action history information stored in the hard disk on the display 20 of the management computer 21 and connects the print action history information to the computer 21. Output from the printed printer (printing action history information output means of the operation log information output means). The monitoring server 14 divides and outputs the printing action history information for each of the networks 11, 12, and 13 and outputs the printing action history information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C.

  The supervisor of the system 10 logs in the management computer 21 to the system 10, and then selects printing action history information from the report items on the report display screen displayed on the display 20 of the computer 21 and specifies the period. When printing action history information is selected and a period is designated, printing action history information for the designated period is displayed on the display 20, as shown in FIG. In FIG. 24, as printing action history information, the computer name (the name of the computer on which printing action was performed) in the computer name display area, the work group / domain, the user in the work group / domain display area, the period specified in the period display area. The user name (the name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C where the printing action was performed) is displayed in the name display area, and the number of printing actions is displayed in the printing action number display area.

  When the computer name displayed in the underlined portion in the screen of FIG. 24 is selected, the details of the printing activity history information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20 as shown in FIG. Is done. FIG. 25 shows the details of the printing action history information as the month and day of printing action in the month and day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area The IP address is displayed in the MAC address display area and the MAC address is displayed in the MAC address display area. Furthermore, the employee name in the user name display area, the date and time of printing in the printing action date and time display area, the document name (name of the document to be printed) in the document name display area, and the printer name (the printing action was performed in the printer name display area) Printer name) is displayed. The monitor of the system 10 can output the printing action history shown in FIGS. 24 and 25 from the printer.

  When a printing action is performed on a computer that is prohibited from printing among the business computers 11A to 11C, 12A to 12C, and 13A to 13C, the system 10 acquires printing action history information, and the acquired printing is performed. Since the action history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or the computers 11A to 11C, 12A to 12C, 13A to It is possible to grasp printing action history information for each 13C. This system 10 can monitor the status of printing actions on computers where printing actions are prohibited, and can regulate unauthorized actions such as unauthorized removal of information, falsification of information, and destruction of information.

  FIGS. 26 and 27 are diagrams illustrating an example of a take-out action history (take-out action history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C. The week of the computers 11A to 11C, 12A to 12C, and 13A to 13C The take-out action history of is shown. In FIGS. 26 and 27, the display of specific names, numerical values, etc. of each item of the carry-out action history information is omitted. When the computer prohibited from taking out information among the business computers 11A to 11C, 12A to 12C, and 13A to 13C performs the information takeout action, the monitoring server 14 stores the takeout action history in the computers 11A to 11C and 12A. Collected from -12C, 13A-13C, and monitors the carry-out behavior of each computer 11A-11C, 12A-12C, 13A-13C. In addition to a method for specifying a computer and prohibiting information from being taken out of the computer, a method for prohibiting copying information stored in a drive mounted on the computer (drive Prohibiting copying to the drive mounted on the computer.

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C have their computers 11A to 11C, 12A to 12C, and 13A to 13C when the information taking action is performed on the computers that are prohibited from taking information. Acquire take-out action history information (including computer name, global IP address, private IP address, MAC address) (take-out action history information acquisition means among operation log information acquisition means), and text the acquired take-out action history information as text Convert to a file (text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store take-out action history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the take-out action history information stored in the hard disk to the monitoring server 14 at predetermined time intervals (the take-out action history information transfer means among the operation log information transfer means). . The computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C transfer the computer name, the global IP address, the private IP address, and the MAC address to the monitoring server 14 together with the carry-out action history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the carry-out action history information, the information is deleted from the hard disk.

  The monitoring server 14 collects text files of take-out action history information transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C in time series, and stores the collected take-out action history information in the hard disk (operation log information). The collecting action history information collecting means). The monitoring server 14 stores the take-out action history information for each of the networks 11, 12, 13 based on the global IP address, the private IP address, and the MAC address, and stores the take-out action history information in the computers 11A to 11C, 12A. 12C and 13A to 13C are stored separately.

  When there is a request to output take-out action history information from the management computer 21, the monitoring server 14 displays the take-out action history information stored in the hard disk on the display 20 of the management computer 21 and connects the take-out action history information to the computer 21. Output from the selected printer (the take-out action history information output means of the operation log information output means). The monitoring server 14 classifies and outputs the take-out action history information for each of the networks 11, 12, and 13, and outputs the take-out action history information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C.

  The supervisor of the system 10 logs the management computer 21 into the system 10, then selects take-out action history information from the report items on the report display screen displayed on the display 20 of the computer 21 and designates the period. When the take-out action history information is selected and the period is designated, the take-out action history information in the designated period is displayed on the display 20 as shown in FIG. In FIG. 26, as the take-out action history information, the computer name (the name of the computer where the take-out action was performed) is displayed in the computer name display area, the work group / domain is displayed in the work group / domain display area, and the user is specified in the period display area. The user name (name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C where the take-out action was performed) is displayed in the name display area, and the number of take-out actions is displayed in the take-out action number display area.

  When the computer name displayed in the underlined portion on the screen of FIG. 26 is selected, the details of the carry-out history information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20, as shown in FIG. Is done. In FIG. 27, as the details of the bring-out action history information, the month and date of the take-out action in the month and day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area The IP address is displayed in the MAC address display area and the MAC address is displayed in the MAC address display area. In addition, the employee name in the user name display area, the date and time of the take-out action in the display area of the take-out action, the contents of the take-out operation in the display area of the take-out operation (data search, copy, cut, paste, write, etc.), and take out in the file name display area The file name where the action was performed and the file name before the change (the file name before being changed by the take-out action) are displayed in the file name display area before the change. The monitor of the system 10 can output the carry-out action history shown in FIGS. 26 and 27 from the printer.

  The system 10 acquires and acquires take-out history information when an information take-out action is performed on a computer prohibited from taking out information among the business computers 11A to 11C, 12A to 12C, and 13A to 13C. Since the taken-out history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, 13 </ b> A. Bringing-out history information for every ~ 13C can be grasped. The system 10 can monitor the status of the act of taking out information on a computer where the act of taking out information is prohibited, and can regulate illegal acts such as unauthorized take-out of information, falsification of information, and destruction of information.

  FIGS. 28 and 29 are diagrams illustrating examples of the movable prohibition application access history (movable prohibition application access history information) in the computers 11A to 11C, 12A to 12C, and 13A to 13C, and the computers 11A to 11C, 12A to 12C, and 13A are illustrated. The movement prohibition application access history of the week of -13C is shown. In FIGS. 28 and 29, the display of specific names, numerical values, and the like of each item of the movement prohibited application access history information is omitted. When the business computers 11A to 11C, 12A to 12C, and 13A to 13C access the movable prohibited application, the monitoring server 14 collects the movable prohibited application access history from the computers 11A to 11C, 12A to 12C, and 13A to 13C. The operation prohibition application access status of each of the computers 11A to 11C, 12A to 12C, and 13A to 13C is monitored. Among the applications, the movable prohibition application is individually set for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C.

  When the business computers 11A to 11C, 12A to 12C, and 13A to 13C perform an access act to the movable prohibited application, the movable prohibited application access history information of the computers 11A to 11C, 12A to 12C, and 13A to 13C (computers) Name, global IP address, private IP address, and MAC address) (movable prohibition application access history information acquisition means in the operation log information acquisition means), and the acquired movable prohibition application access history information is a text file ( To text format).

  The business computers 11A to 11C, 12A to 12C, and 13A to 13C temporarily store the movement prohibited application access history information converted into text files on the hard disk. The computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the movable prohibited application access history information stored in the hard disk to the monitoring server 14 at a predetermined time interval (movable prohibited application access history in the operation log information transfer means). Information transfer means). The computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C transfer the computer name, global IP address, private IP address, and MAC address to the monitoring server 14 together with the movement prohibited application access history information. When the computers 11A to 11C, 12A to 12C, and 13A to 13C transfer the movement-inhibited application access history information, the information is deleted from the hard disk.

  The monitoring server 14 collects, in a time series, the text files of the prohibited application access history information transferred from the computers 11A to 11C, 12A to 12C, and 13A to 13C, and stores the collected prohibited action application access history information on the hard disk. (Movement prohibition application access history information collecting means among operation log information collecting means). The monitoring server 14 stores the movement prohibited application access history information for each of the networks 11, 12, and 13 based on the global IP address, private IP address, and MAC address, and stores the movement prohibited application access history information on the computers 11 </ b> A to 11 </ b> A. 11C, 12A to 12C, and 13A to 13C are stored separately.

  When the monitoring computer 14 receives an output request for the movement-prohibited application access history information from the management computer 21, the monitoring server 14 displays the movement-prohibited application access history information stored in the hard disk on the display 20 of the management computer 21, and the movement-prohibited application access history is displayed. Information is output from a printer connected to the computer 21 (movable prohibition application access history information output means in the operation log information output means). The monitoring server 14 classifies and outputs the movement prohibition application access history information for each of the networks 11, 12, and 13, and classifies the movement prohibition application access history information for each of the computers 11 </ b> A to 11 </ b> C, 12 </ b> A to 12 </ b> C, and 13 </ b> A to 13 </ b> C. Output.

  The supervisor of the system 10 logs the management computer 21 into the system 10 and then selects the immobilization application access history information from the report item on the report display screen displayed on the display 20 of the computer 21 and designates the period. To do. When the movement-prohibited application access history information is selected and the period is designated, the movement-prohibited application access history information in the designated period is displayed on the display 20 as shown in FIG. In FIG. 28, as the movement prohibition application access history information, the computer name (computer name that accessed the movement prohibition application) is displayed in the computer name display area and the workgroup / domain display area is the workgroup / domain for the period specified in the period display area. , The user name in the user name display area (the name of the employee who manages the computers 11A to 11C, 12A to 12C, and 13A to 13C that accessed the prohibited application), and the number of accesses in the access number display area (the number of accesses to the prohibited application) Is displayed.

  When the computer name displayed in the underlined portion in the screen of FIG. 28 is selected, as shown in FIG. 29, the details of the movement prohibited application access history information of the selected computers 11A to 11C, 12A to 12C, and 13A to 13C are displayed on the display 20. Is displayed. In FIG. 29, as the details of the operation prohibition application access history information, the date of access in the month / day display area, the computer name in the computer name display area, the work group / domain, IP address in the work group / domain display area are displayed. The IP address is displayed in the area, and the MAC address is displayed in the MAC address display area. Furthermore, the employee name is displayed in the user name display area, the access date and time (access date and time to the immobilized application) is displayed in the access date and time display area, and the application name (accessed improper application name) is displayed in the application name display area. The monitor of the system 10 can output the movement prohibition application access history shown in FIGS. 28 and 29 from the printer.

  When the business computer 11A to 11C, 12A to 12C, or 13A to 13C accesses the movable prohibited application, the system 10 acquires the movable prohibited application access history information, and the acquired movable prohibited application access Since the history information is converted into a text format and transferred to the monitoring server 14, the monitor of the system 10 uses the monitoring server 14 for each of the networks 11, 12, 13 or computers 11A to 11C, 12A to 12C, 13A to 13C. It is possible to grasp the movement prohibition application access history information for each. This system 10 can monitor the movement prohibition application access status in the computers 11A to 11C, 12A to 12C, and 13A to 13C, and can regulate the access action to the movement prohibition application by the employee.

  The terminal device monitoring system 10 is a monitoring server in which the business computers 11A to 11C, 12A to 12C, and 13A to 13C acquire various types of network information that have passed through the communication ports, and convert the acquired network information into a text format. 14 is different from the case where the network information is transferred to the monitoring server 14 through the mirror port of the router, the private IP addresses and MAC addresses of the business computers 11A to 11C, 12A to 12C, and 13A to 13C. The monitoring server 14 identifies the business computers 11A to 11C, 12A to 12C, and 13A to 13C based on the address information of the business computers 11A to 11C, 12A to 12C, and 13A to 13C. You can The work information they business computer 11 A- 11 C, 12A - 12C, can be collected in a state of being associated to each 13A - 13C.

  In the terminal device monitoring system 10, since the monitoring server 14 outputs a plurality of pieces of network information separately for each of the network units 11, 12, and 13 in units of segments, the monitor can connect the networks 11, 12, 13 via the monitoring server 14. The network access status of the business computers 11A to 11C, 12A to 12C, and 13A to 13C can be grasped for each network, and the network access can be monitored for each of the networks 11, 12, and 13. This system 10 outputs the network information separately for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C that form the networks 11, 12, and 13, so that the supervisor can perform the business via the monitoring server 14. The network access status for each of the computers 11A to 11C, 12A to 12C, and 13A to 13C can be grasped, and the network access can be monitored for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C.

  In the terminal device monitoring system 10, the business computers 11A to 11C, 12A to 12C, and 13A to 13C convert a plurality of pieces of operation log information within the operation permission time and outside the operation permission time into a text format and send it to the monitoring server 14. The monitoring server 14 collects the operation log information from the business computers 11A to 11C, 12A to 12C, and 13A to 13C, and outputs the operation log information. Therefore, the operation log within the operation permission time or outside the operation permission time. Information is centrally managed in the monitoring server 14, and through the monitoring server 14, the operation status within the operation permission time and outside the operation permission time of the business computers 11A to 11C, 12A to 12C, and 13A to 13C can be grasped. it can. The system 10 includes not only the operation log information of the business computers 11A to 11C, 12A to 12C, and 13A to 13C within the operation permission time, but also the business computers 11A to 11C, 12A to 12C, and 13A to 13C outside the operation permission time. Operation log information can be acquired, and unauthorized actions such as unauthorized removal, falsification and destruction of various information by employees can be reliably regulated.

  In the terminal device monitoring system 10, since the monitoring server 14 outputs the operation log information by segmenting the networks 11, 12, and 13 in segment units, the monitoring person in each of the networks 11, 12, and 13 via the monitoring server 14 The operation status of the business computers 11A to 11C, 12A to 12C, and 13A to 13C can be grasped, and the operation status can be monitored for each of the networks 11, 12, and 13. Since this system 10 outputs the operation log information separately for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C that form the networks 11, 12, and 13, the monitor passes through the monitoring server 14. The operation status for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C can be grasped, and the operation status can be monitored for each of the business computers 11A to 11C, 12A to 12C, and 13A to 13C.

10 Terminal Device Monitoring System 11A to 11C Business Computer (User Terminal Device)
12A-12C Business computer (user terminal device)
13A-13C Business computer (user terminal device)
14 Monitoring server 15 Wired LAN port (communication port)
16 Wireless LAN port (communication port)
17 Modem port (communication port)
18 PC card interface port (communication port)

Claims (10)

A plurality of user terminal devices that form a plurality of networks in segment units, and a monitoring server that monitors these user terminal devices,
The user terminal device acquires network information acquisition means for acquiring various types of network information that has passed through the communication port of the user terminal device, and converts the acquired network information into a text format while transferring the network information to the monitoring server. Network information transfer means for transferring, and the monitoring server includes network information collection means for collecting the network information transferred from the user terminal device, and network information output means for outputting the collected network information. A terminal device monitoring system comprising:   The network information collecting means divides and collects the network information for each network of the segment unit based on the address information of the networks, and collects the network information based on the address information of the user terminal devices. A user terminal device that divides and collects for each user terminal device to be formed, and the network information output means divides and outputs the network information for each network of the segment unit, and forms the network information in the network information The terminal device monitoring system according to claim 1, wherein the terminal device monitoring system outputs the data separately for each.   The network information includes website access information when the user terminal device accesses a predetermined website, external network access information when the user terminal device accesses an external network, and predetermined information from the user terminal device. The terminal device monitoring system according to claim 1, further comprising: e-mail transmission information when the e-mail is transmitted.   4. The terminal device monitoring system according to claim 1, wherein the communication port includes a wired LAN port, a wireless LAN port, a modem port, and a PC card interface port.   The user terminal device is an operation log information acquisition means for acquiring operation log information of the user terminal device within the operation permission time and outside the operation permission time, and the operation while converting the acquired operation log information into a text format. Operation log information transfer means for transferring log information to the monitoring server, the monitoring server collecting operation log information collection means for collecting the operation log information transferred from the user terminal device, and the collected operation The terminal device monitoring system according to claim 1, further comprising operation log information output means for outputting log information.   The operation log information collecting means divides and collects the operation log information for each network of the segment unit based on the address information of the networks, and the operation log information based on the address information of the user terminal devices. The operation log information output means divides and collects the operation log information for each network of the segment unit, and outputs the operation log information to the networks of the user terminal devices forming the networks. The terminal device monitoring system according to claim 5, wherein the terminal device monitoring system outputs the data separately for each user terminal device that forms a network.   The operation log information includes terminal usage information within the operation permission time of the user terminal device, terminal usage information outside the operation permission time of the user terminal device, and a terminal of the user terminal device in an external environment other than the network. The terminal device monitoring system according to claim 5 or 6, wherein usage information is included.   6. The operation log information includes application usage information of permitted applications in the user terminal device, installation information of various applications in the user terminal device, and uninstallation information of various applications in the user terminal device. The terminal device monitoring system according to claim 7.   6. The operation log information includes start / end information of the user terminal device, print operation information in the user terminal device, and access operation information for a file used in the user terminal device. Item 9. The terminal device monitoring system according to any one of Items 8 to 10.   The operation log information includes print operation information in a terminal device that is prohibited from printing in the user terminal device, take-out operation information in a terminal device that is prohibited from taking out information in the user terminal device, and The terminal device monitoring system according to any one of claims 5 to 9, further comprising start operation information of a movable prohibited application in a user terminal device.

Images