JP2011188327A - Message collection system, and message collection program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a message collection system, capable of attaining integrated monitoring/managing of various messages to be exchanged in a plurality of message services, by utilizing an existing message monitoring system. <P>SOLUTION: The message collection system 100 for collecting messages 201 exchanged in message services 200 for an existing message monitoring system 300 to be transferred to the message monitoring system 300 includes an import unit 110 for acquiring the message 201 from the message service 200; a format conversion unit 120 for converting the format of the message 201; an address conversion unit 130 for converting an address of a user in an organization set in the message 201; and an export unit 140 for transferring, to the message monitoring system 300, the message 301, after the conversion having passed through processing by the format conversion unit 120 and the address conversion unit 130. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a security technique in an information system, and more particularly to a technique that is effective when applied to a message collection system and a message collection program for supporting auditing and management of a message for a plurality of message services having a possibility of information leakage. It is.

  In recent years, with the advancement of IT technology, e-mail, mobile mail such as SMS (Short Message Service) and MMS (Multimedia Messaging Service) using mobile phones, various chat services and blogs, ASP (Application Service Provider) and SaaS (Software) many types of message services are available as tools for exchanging information, such as Web mail and file transmission / reception services using as a Service), and these are used effectively in corporate activities. Is also increasing.

  On the other hand, these message services have the potential to lead to leakage of important information such as personal information and confidential information held by companies. As a company, messages exchanged through these message services can be monitored and Need to manage. There are various methods for monitoring and managing messages. One of them is, for example, that all messages exchanged by employees of a company, logs, etc. are recorded, and the contents are audited. Etc. are monitored and audited for the presence or absence of information leakage and illegal behavior.

  In the case of e-mails that are widely used in general, for example, in Japanese Patent Application Laid-Open No. 2008-276389 (Patent Document 1), e-mails are stored and stored, and an e-mail audit request is received from an administrator. From the stored and stored e-mails, the e-mails audited by the administrator of the group to which the e-mail sender belonged to the group who belonged at the time of transmission are audited An e-mail auditing device is described.

JP 2008-276389 A

  For e-mails, including those described in Patent Document 1, e-mails are stored and accumulated from a mail server to a mail storage server (mail archiver), etc., and an auditor or the like checks and audits them. Many companies have e-mail auditing systems that can do this.

  On the other hand, an increasing number of companies are allowing the use of various message services other than e-mail for efficient and effective corporate activities, and these companies exchange these message services. It has become necessary to monitor and manage information leaks, etc.

  However, these message services have different message formats (formats), exchange protocols, addresses used, etc., and exchanges do not go through in-house mail servers. I can't respond. On the other hand, it is difficult to implement a monitoring / management mechanism similar to that for e-mail for each message service because of high load in terms of operation and cost.

  Therefore, an object of the present invention is to utilize an existing message auditing system possessed by an organization such as a company, and to realize centralized monitoring and management of various messages exchanged in a plurality of message services used in the organization. To provide a message collecting system and a message collecting program. The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  A message collection system according to an exemplary embodiment of the present invention provides for an existing message auditing system for auditing a first message exchanged in a specific first message service utilized in an organization. A message collection system that collects a second message exchanged in one or more other second message services that does not go through a first server that processes the first message service and forwards it to the message monitoring system. Therefore, it has the following characteristics.

  That is, the message collection system includes: an import unit that acquires the second message exchanged with the outside of the organization from a second server that processes each of the second message services; and the import unit A format converter that converts the acquired second message into the format of the first message, and a second address of the user in the organization set in the second message, An address conversion unit that converts the first message used in the message service, and an export unit that transfers the converted third message that has been processed by the format conversion unit and the address conversion unit to the message auditing system. It is characterized by having.

  The present invention can also be applied to a message collection program that causes a computer system to function as the above message collection system.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  According to the exemplary embodiment of the present invention, various messages exchanged in other message services are collected, converted in form and address, and transferred to an existing message auditing system of an organization. This makes it possible to centrally monitor various messages exchanged in multiple message services that may lead to information leakage, etc. while minimizing the increase in operational load and cost by utilizing the existing message audit system.・ Management can be realized.

It is the figure which showed the outline | summary of the structural example of the message collection system which is one embodiment of this invention. It is the figure which showed the outline | summary of operation | movement of the processing engine in one embodiment of this invention. It is the figure which showed the outline | summary about the example of a process in case the original service in an organization is made into object as another type of message service in one embodiment of this invention. It is the figure which showed the outline | summary about the example of the process at the time of targeting the service provided by the server outside an organization as another type of message service in one embodiment of this invention. It is the figure which showed the outline | summary about the example of the process at the time of targeting the message service provided by the external vendor etc. as another type of message service in one embodiment of this invention. It is the figure which showed the outline | summary about the example at the time of targeting mail service by a mobile telephone etc. as another type of message service in one embodiment of this invention. It is the figure which showed the outline | summary about the example of the general electronic mail auditing system.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted. In the following, in order to make the features of the present invention easier to understand, the description will be made in comparison with the prior art.

<Overview>
Currently, e-mail is used as an information exchange tool in many organizations such as companies. Therefore, in the following, an example of an e-mail audit system that monitors and manages e-mail will be described as an existing message audit system possessed by many organizations.

  FIG. 7 is a diagram showing an outline of an example of a general electronic mail audit system. Here, the message service 210 as an information exchange tool is an e-mail. A user 212 (mail sender) who is an employee of an organization transmits a mail 211 as a message using a client terminal such as a PC (Personal Computer). The sent mail 211 is sent to the mail server 213 in the organization, and further sent to the mail filtering server 214. In the mail filtering server 214, for example, based on a predetermined rule or the like, it is possible to refuse transmission of an email including an inappropriate wording outside the organization, or to eliminate spam mail received from outside the organization. Perform filtering processing. In addition, outgoing mail sent outside the organization is sent to the mail storage server (mail archiver) 310 and stored in accordance with the rules.

  The mail 211 is further sent to the mail relay server 215 via the mail filtering server 214, sent to a network outside the organization such as the Internet via the firewall 216, and sent to a destination mail server (not shown). When the mail 211 is received, the same process is performed in the reverse direction. On the other hand, the inspector 302 in the organization accesses the mail storage server 310 using a terminal such as a PC, for example, and checks the stored mail by various methods such as keyword search, thereby auditing the email. Do.

  A message collection system according to an embodiment of the present invention is an existing message audit system (for example, an email audit system) that monitors and manages messages exchanged in a specific message service (for example, an email) as described above. Utilizing and collecting various messages exchanged in other message services that do not go through the server (for example, the mail server 213) that processes the specific message service, the message format is changed to the format in the specific message service (for example, (E-mail format), the address is converted into an address in the specific message service (e.g., an e-mail address in the organization), and transferred to an existing message auditing system (e.g., mail storage server 310).

  This enables the auditor 302 to centrally monitor and manage various messages using the same interface as the existing message auditing system without building a unique monitoring and management system for each message service. It is.

  In the following embodiment, an email audit system that is considered to be most widely used as an existing message audit system of an organization is adopted, but the present invention is not limited to this. For example, Other types of messages may be monitored and managed, such as an integrated log management system that centrally manages logs of various services including original services in the organization.

<System configuration>
FIG. 1 is a diagram showing an outline of a configuration example of a message collection system according to an embodiment of the present invention. The message collection system 100 is configured by a computer system such as a PC or a server, and includes, for example, each of an import unit 110, a format conversion unit 120, an address conversion unit 130, and an export unit 140 as processing engines implemented by software programs. .

  The import unit 110 performs processing for acquiring various messages 201 (including logs and the like) exchanged with the outside of the organization from a plurality of message services 200 (servers thereof). The protocol for obtaining the message 201 from the server may be different for each message service 200 (for example, POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), FTP (File Transfer Protocol), etc.). In the present embodiment, for example, the processing method to cope with a module includes a module (plug-in 111) that performs an acquisition process corresponding to each protocol in a plug-in format.

  The format conversion unit 120 stores various messages 201 acquired by the import unit 110 in the message format in the specific message service, that is, the message auditing system 300, and the inspector 302 checks the contents. It performs processing to convert to a message format that can be. There are cases where the format of the message 201 is different for each message service 200 (for example, XML (eXtensible Markup Language), e-mail, Exchange journal format, etc.). Assume that each module 201 has a module (plug-in 121) that performs conversion processing corresponding to each plug-in format.

  The address conversion unit 130 performs processing for converting the addresses of users (employees, etc.) in the organization set in each message 201 into addresses used in the message service supported by the message auditing system 300. In other words, in the present embodiment, processing for converting the address in the message 201 in the message service 200 other than the electronic mail into the electronic mail address in the organization is performed. For this purpose, the address conversion unit 130 has, for example, an address conversion table (not shown), and converts the address in the message 201 according to the contents of the table. Note that the address conversion unit 130 may include a module (plug-in 131) that performs conversion processing in the form of a plug-in, as with the other units.

  In addition, when the conversion destination is an e-mail address in the organization, the address conversion table manages the user information and personnel information in the organization by, for example, Active Directory (registered trademark) and holds the e-mail address. It is also possible to use an existing user management database and to store an address associated with the corresponding message service 200 as extension or option data and refer to it.

  The export unit 140 performs processing for transferring the post-conversion message 301 that has undergone the conversion processing by the format conversion unit 120 and the address conversion unit 130 to the message auditing system 300. Depending on the type of the message auditing system 300, the protocol for transferring and importing the converted message 301 may be different (for example, output in RFC 5322 format, transmission by SendMail, output by Exchange journal format, database by SQL) In this embodiment, for example, it is assumed that the message auditing system 300 includes a module (plug-in 141) that performs a corresponding transfer process in the form of a plug-in for each protocol supported by the message auditing system 300.

  The inspector 302 accesses the stored message audit system 300 (in this embodiment, the mail storage server 310) that has captured the post-conversion message 301 transferred from the export unit 140 of the message collection system 100, and stores the stored electronic Check your email in various ways. At this time, the message 201 in the various message services 200 is converted into an e-mail format by the message collection system 100, and becomes a post-conversion message 301 in which the address of the user in the organization is also converted into the e-mail address in the organization. Yes. As a result, the inspector 302 can monitor and manage the message 201 in the various message services 200 in a centralized manner by using the existing message auditing system 300 as in the case of normal e-mail.

  Further, in the present embodiment, the parts that perform different processing depending on the types of various message services 200 and message auditing systems 300 are provided in the form of plug-ins as described above, so that high flexibility and expandability are provided. However, the implementation is not limited to the plug-in format, and any other implementation method may be used as long as it is compatible with the types of the plurality of message services 200 and the message auditing system 300. .

<Operation of processing engine>
FIG. 2 is a diagram showing an outline of the operation of the processing engine of the message collection system 100. In the present embodiment, in order to efficiently perform processing on a plurality of messages 201, each unit of the processing engine operates in a multi-thread and performs processing by sequentially passing messages 201 between threads. As a basic process, the thread of each part acquires the message 201 from the preceding message queue, calls the corresponding plug-in according to the type of the message 201, requests the process, and the message 201 after processing by the plug-in. Is sent to the message queue at the subsequent stage.

  Specifically, first, the thread 112 of the import unit 110 receives a processing request with information specifying the type of the message service 200 for which the message 201 is collected as an input. This processing request may be based on an instruction from an administrator or the like, or may be performed by the processing engine of the message collection system 100 at a predetermined cycle or timing.

  The thread 112 of the import unit 110 calls the corresponding plug-in 111 for acquiring the message 201 according to the type of the message service 200. The plug-in 111 acquires the message 201 from the server of the message service 200 according to a predetermined protocol for each plug-in 111, generates an entity to send to the message queue, and responds to the thread 112. The thread 112 sends the entity passed from the plug-in 111 to the queue 113, and returns to the beginning to repeat the processing from where it receives the processing request.

  The thread 122 of the format conversion unit 120 takes out the entity from the queue 113 and calls the corresponding plug-in 121 for converting the format of the message 201 according to the type (format) of the message 201 in the entity. The plug-in 121 converts the format (format) of the message 201 into a predetermined format (for example, a mail format conforming to RFC5322 in this embodiment) according to a predetermined conversion rule for each plug-in 121, and sends it to the message queue. And respond to the thread 122. The thread 122 sends the entity passed from the plug-in 121 to the queue 123 and returns to the beginning to repeat the process from where the entity is taken out from the queue 113.

  Depending on the type of the message 201, the entity acquired from the queue 113 includes only the file name of the file that holds the content of the message 201, and the content of the file itself may not be included in the entity. In this case, the plug-in 121 identifies and reads a file holding the content of the message 201 based on the file name included in the entity passed from the thread 122, and converts the file into a mail format.

  In addition, when the format of the message 201 is converted, it is desirable to add information that can identify the message 201 exchanged by which message service 200 to the message 201. For example, in this embodiment, the message 201 is converted into an electronic mail format, but identification information such as the name of the message service 200 is added to the subject of the converted mail, the mail header, and the like.

  The thread 132 of the address conversion unit 130 takes out the entity from the queue 123 and calls the plug-in 131 for converting the address of the user in the organization included in the message 201 in the entity. The plug-in 131 converts the address in the message service 200 of the user in the organization included in the message 201 in the entity into an email address in the organization based on an address conversion table or the like, and responds to the thread 132 with the entity. The thread 132 sends the entity passed from the plug-in 131 to the queue 133, returns to the beginning, and repeats the process from where the entity is taken out from the queue 123.

  In the present embodiment, the address conversion table uses, for example, an existing Active Directory that manages user information and personnel information in an organization and holds an e-mail address, and uses extended data for each user. The address of the corresponding message service 200 is held and referred to.

  The thread 142 of the export unit 140 takes out the entity from the queue 133 and adds a plug-in 141 for transferring the message 201 in the entity according to the type of the message auditing system 300 (the mail storage server 310 in this embodiment). Call, and return to the beginning to repeat the process from where the entity is retrieved from the queue 133.

  The plug-in 141 extracts the message 201 from the entity, specifies and reads the attached file based on the file name of the attached file included in the entity, if necessary, and converts them into a message 301 after conversion as a message audit system. It is transferred to 300 by a predetermined protocol for each plug-in 141 (in this embodiment, it is transferred to the mail storage server 310 as an e-mail format).

  As described above, in the message collection system 100 of the present embodiment, each part of the processing engine is operated in multi-threads, and the messages 201 are sequentially transferred between the threads for processing, thereby optimizing the overall processing efficiency. Make it possible to do. It should be noted that the processing in each part of the processing engine is not limited to such multi-threaded implementation, and other methods may be used.

<Processing overview for each type of message service>
Hereinafter, as an existing message auditing system in an organization such as a company, for example, when the electronic mail auditing system as shown in FIG. An overview of processing when monitoring and managing messages exchanged in the message service 200 will be described.

  FIG. 3 is a diagram showing an outline of an example of processing in a case where an independent service in an organization using a server in the organization is targeted as another type of message service 220. In this case, as shown in FIG. 3, the message 221 transmitted by the user 222 is transmitted to the in-organization service server 223 and transmitted to a network outside the organization such as the Internet via the firewall 224. When the message 221 is received, the same processing is performed in the reverse direction.

  At this time, the message collection system 100 arranged in the organization acquires the message 221 (or message group 221) from the organization service server 223 by the import unit 110 at any time or at a predetermined timing such as at regular intervals. Depending on the protocol at the time of acquisition, the message collection system 100 takes the lead in acquiring the message 221 from the in-organization service server 223, and the in-organization service server 223 exchanges the message 221 with outside the organization through the firewall 224. It is possible to cope with any of the cases where the message collection system 100 is set to transmit the message 221 at the same time.

  After that, the message collection system 100 converts the message 221 into an electronic mail format by the processing in the processing engine as shown in FIG. At this time, for example, in the format conversion unit 120, a mail header starting with “X-” indicating that the message collection system 100 has generated is added to the email converted from the message 221, and the mail filtering server 214 is further added. In addition, a rule is added in which a mail having the above mail header is not delivered to the mail relay server 215 but only stored in the mail storage server 310. Thereby, the e-mail (post-conversion message 301) transferred from the message collection system 100 can be stored / stored in the mail storage server 310 via the mail filtering server 214.

  FIG. 4 is a diagram showing an outline of an example of processing in a case where a service using ASP, SaaS, or the like provided by a server outside the organization is targeted as another type of message service 230. Examples of such services include a file transmission / reception service on the Internet and Web mail. When such a service is used from within the organization, a Web proxy server 233 as shown in FIG. 4 is arranged inside the firewall 234, and the user 232 communicates with a server outside the organization via the Web proxy server 233. In some cases, the message 231 (for example, a file) is exchanged.

  At this time, as in the case of FIG. 3, the message collection system 100 acquires the message 231 (or message group 231) from the Web proxy server 233 by the import unit 110 at any time or at a predetermined timing such as at regular intervals. . Depending on the protocol at the time of acquisition, the message collection system 100 takes the lead in acquiring the message 231 from the Web proxy server 233, or the Web proxy server 233 exchanges the message 231 with the outside of the organization via the firewall 234. In addition, it is possible to cope with both cases where the message collection system 100 is set to transmit the message 231. The subsequent processing is the same as that shown in FIGS.

  FIG. 5 is a diagram showing an outline of an example of processing when a message service provided by an external vendor or the like is targeted as another type of message service 240. Examples of such services include messaging services and chat services provided by financial information vendors and the like for exchanging market-related information.

  In such a message service 240, the message 241 transmitted and received by the user 242 does not pass through the server in the organization, and the message service server 243 that relays the message 241 is operated in a black box. For this reason, the message collection system 100 in the organization cannot directly access the message service server 243 and acquire the message 241.

  In these vendors, the contents of the message 241 exchanged via the message service server 243 etc. are changed to XML or the like as a response to the monitoring / management request by the company etc. for the message 241 exchanged by the message service 240. There are cases where a service that can be obtained from a user or the like in a generally referable format is provided.

  For example, the vendor uploads the message 241 stored in the message service server 243 and the like to the log download server 244 at a regular timing such as once a day, which is converted into the XML format. The use organization of the message service 240 can acquire the contents of the messages 241 exchanged by the message service 240 by downloading these from the log download server 244 using FTP or the like. The subsequent processing is the same as that shown in FIGS.

  FIG. 6 is a diagram showing an outline of an example in which a mail service by a mobile phone or the like provided by a communication carrier such as a mobile phone company is targeted as another type of message service 250. Examples of such services include mobile mail such as SMS and MMS.

  In these message services 250 as well, as shown in FIG. 5, the message 251 transmitted and received by the user 252 does not pass through the server in the organization, and the portable mail server 253 that relays the message 251 Operated as a black box. For this reason, the message collection system 100 in the organization cannot directly access the mobile mail server 243 and acquire the message 241. Further, in these message services 250 provided by a mobile phone company or the like, it is considered that there are many cases where a service such as the log download server 244 in FIG. .

  In this case, for example, when the portable mail server 253 exchanges the message 251, the message collection system can be easily changed by changing the setting so that the portable mail server 253 also transmits a copy of the message 251 to the message collection system 100. 100 can obtain the message 251. The subsequent processing is the same as that shown in FIGS.

  In addition, with respect to such a message service 250, a configuration in which the message collection system 100 is arranged in the organization as shown in FIGS. 3 to 5, that is, a configuration in which each organization has the message collection system 100, respectively. , There will be a large number of message collection systems 100 as destinations to which a copy of the message 251 is transmitted from the mobile mail server 253, and the load on the mobile mail server 253 increases.

  Therefore, for example, a third party or the like installs and operates a message collection system 100 that is a representative for receiving a copy of the message 251 from the mobile mail server 253, and the message collection system 100 represents the message 251. After obtaining and converting, it is desirable that the converted e-mail is distributed and transferred to the mail storage server 310 via the mail filtering server 214 in each organization.

  Further, the converted e-mail is not transferred to the mail storage server 310 in each organization but, for example, is transferred to a mail storage server installed and operated by the third party or the like together with the message collection system 100, and a general user establishes a network. It is also possible to access the mail storage server via the server and confirm the accumulated message. Thereby, for example, it is possible to realize a service in which the parents check the contents of the child's mobile mail to check whether the child is involved in the crime or to perform parental control. .

  As described above, according to the message collection system 100 according to an embodiment of the present invention, an existing message auditing system (for example, a system that monitors and manages messages exchanged in a specific message service (for example, e-mail)) Collects various messages exchanged in other message services that do not go through the server that processes the specific message service, and converts the message format to the format in the specific message service. At the same time, the address is converted into an address in the specific message service and transferred to the existing message auditing system. As a result, the inspector can monitor and manage various messages in an integrated manner using an interface similar to that of the existing message auditing system without constructing a unique monitoring and managing system for each message service.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say. For example, in the present embodiment, the message collection system targets a message exchange service in which text and image data are exchanged. However, the present invention is not limited to this. Targeting services that are recorded on a server as data, obtaining voice data from the server, and storing it in an e-mail auditing system, for example, in the form of an e-mail attachment file, for auditing It is also possible.

  INDUSTRIAL APPLICABILITY The present invention can be used for a message collection system and a message collection program that support auditing and management of messages for a plurality of message services having the possibility of information leakage.

100: Message collection system,
110 ... import unit, 111 ... plug-in, 112 ... thread, 113 ... queue,
120 ... format conversion unit, 121 ... plug-in, 122 ... thread, 123 ... queue,
130: Address converter 131: Plug-in 132: Thread 133: Queue
140 ... export unit, 141 ... plug-in, 142 ... thread,
200 ... Message service, 201 ... Message,
210 ... Message service, 211 ... Mail, 212 ... User, 213 ... Mail server, 214 ... Mail filtering server, 215 ... Mail relay server, 216 ... Firewall,
220 ... Message service, 221 ... Message, 222 ... User, 223 ... In-house service server, 224 ... Firewall,
230 ... Message service, 231 ... Message, 232 ... User, 233 ... Web proxy server, 234 ... Firewall,
240 ... Message service, 241 ... Message, 242 ... User, 243 ... Message service server, 244 ... Log download server,
250 ... Message service, 251 ... Message, 252 ... User, 253 ... Mobile mail server,
300: Message audit system 301: Post-conversion message 302: Auditor 310: Mail storage server

Claims (11)

With respect to an existing message auditing system for auditing a first message exchanged in a specific first message service used in an organization, the first server that processes the first message service is not routed. A message collection system for collecting a second message exchanged in one or more other second message services and forwarding it to the message monitoring system,
An import unit for acquiring the second message exchanged with the outside of the organization from a second server that processes each of the second message services;
A format conversion unit for converting the second message acquired by the import unit into the format of the first message;
An address conversion unit that converts a second address of a user in the organization set in the second message into a first address used in the first message service;
A message collection system comprising: an export unit configured to transfer a third message after the conversion performed by the format conversion unit and the address conversion unit to the message audit system. The message collection system according to claim 1.
The import unit includes a module that performs acquisition processing of the second message corresponding to each protocol for acquiring the second message from each of the second servers. system. The message collection system according to claim 1 or 2,
The message conversion system, wherein the format conversion unit includes a module that performs conversion processing of the second message format corresponding to each format of the second message. In the message collection system according to any one of claims 1 to 3,
The address conversion unit includes a module that performs conversion processing of the second address corresponding to each conversion method for converting the second address into the first address. . In the message collection system according to any one of claims 1 to 4,
The export unit includes a module that performs a transfer process of the third message corresponding to each protocol for transferring and fetching the third message to the message auditing system. Collection system. In the message collection system according to any one of claims 1 to 5,
The address conversion unit stores the second address for each user in association with an existing user management database that manages user information including the first address for each user in the organization. A message collection system that performs a process of converting the second address into the first address using the address conversion table as a conversion table. The message collection system according to any one of claims 1 to 6,
The message collection system, wherein the first message service is an electronic mail service. In the message collection system of any one of Claims 1-7,
The message collection system, wherein the import unit acquires the second message from the second server arranged in the organization. In the message collection system of any one of Claims 1-7,
The import unit is configured to download the second message processed by the second server arranged outside the organization from a download server for providing the second message service user with the second message. The message collection system characterized by acquiring the message. In the message collection system of any one of Claims 1-7,
The message collection system, wherein the import unit receives a copy of the second message processed by the second server arranged outside the organization from the second server. With respect to an existing message auditing system for auditing a first message exchanged in a specific first message service used in an organization, the first server that processes the first message service is not routed. A message collection program for causing a computer to function as a message collection system that collects a second message exchanged in one or more other second message services and forwards it to the message monitoring system,
An import process for obtaining the second message exchanged with the outside of the organization from a second server that processes each of the second message services;
A format conversion process for converting the second message acquired by the import unit into the format of the first message;
An address conversion process for converting a second address of a user in the organization set in the second message into a first address used in the first message service;
A message collection program that executes an export process for transferring a third message after the conversion by the format conversion unit and the address conversion unit to the message auditing system.