JP4625412B2 - Log management system and log management method - Google Patents

Description

The present invention also relates to the log management system and log management how relates especially log management system and log management how to accumulate the log information generated in the device.

  It is common practice to collect log information regarding the processing performed by the system in order to investigate the cause of the occurrence of any abnormality in the computer system. The same applies to network devices in offices. For example, log information is collected for jobs executed in an image forming apparatus such as a printer, a copier, or a multifunction peripheral.

By the way, since there are a plurality of network devices in the office, if log information such as jobs generated in each device is stored in the device, each device must be accessed when analyzing the log information. The work becomes complicated. Therefore, conventionally, for example, a computer referred to as a log management server is installed, and each device transmits log information to the log management server, thereby centrally managing log information.
Japanese Patent Laying-Open No. 2005-166023

  However, it is not preferable from the viewpoint of security to permit unlimited transmission of log information to the log management server. For example, if there is a situation in which log information with incorrect contents can be accumulated in the log management server by a malicious user or the like, the reliability of the log information is reduced, and failure analysis or billing processing based on the log information is performed. It may be possible to cause problems.

  The present invention has been made in view of the above points, and includes a log information management device, a log information management method, a log information management program information program, and a recording medium that can appropriately manage log information from a device. For the purpose of provision.

In order to solve the above problem, the present invention provides a log management system including a log collection device that collects log information generated in a device, and a log management device that accumulates the log information, the log collection device Receives the authentication information set in the device from the device, transmits a request for confirmation of the validity of the authentication information to the authentication unit, and when the validity is confirmed by the authentication unit or with the authentication unit When communication is not possible, log information is acquired from the device, and at least log information acquired from the device when communication with the authentication unit is not possible is stored in association with the authentication information received from the device. It has a log collection means, the log management apparatus, and the authentication unit to confirm the validity of the authentication information, acquired by the log collecting unit, the log The log information transferred from the collecting means is registered in the log accumulating means, and at least the unauthenticated log information acquired by the log collecting means when the log collecting means cannot communicate with the authenticating means Log management means for registering in the log storage means in association with the authentication information transferred from the log collection means in association with information, the log management means being associated with the unauthenticated log information A request for confirming the validity of the authentication information registered in the log storage unit is periodically transmitted to the authentication unit .

Such a log management system can appropriately manage log information from the device.

  In order to solve the above problems, the present invention records a log information management method in the log information management apparatus, a log information management program for causing a computer to execute the log information management method, or the log information management program. A recording medium may be used.

According to the present invention, it is possible to provide a log management system and log management how can appropriately manage the log information from the device.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating a configuration example of a log management system according to an embodiment of the present invention.

  In FIG. 1, a log management system 1 includes a log management server 10, a log collection server 20, and a network 40 connected to each other via a network 40 such as a LAN (Local Area Network) or the Internet (whether wired or wireless). It is comprised from the apparatus 30 grade | etc.,.

  The device 30 is, for example, a network device such as a printer, a copier, or a multifunction device. The device 30 transmits log information to a preset log collection server 20 in response to the occurrence of a job.

  The log collection server 20 is configured by a general-purpose computer such as a PC, receives log information directly from one or more devices 30, and temporarily holds the log information.

  The log management server 10 is configured by a general-purpose computer such as a PC, and collects, stores, and manages log information from one or more log collection servers 20.

  The communication between the nodes is performed by, for example, SOAP (Simple Object Access Protocol) using HTTP (HyperText Transfer Protocol) as a transport layer.

  FIG. 2 is a diagram illustrating a functional configuration example of the log management system according to the embodiment of the present invention.

  The log collection server 20 has a log collection service 21. The log management server 10 includes a device management service 11, a log management service 12, an authentication service 13, and the like. In the present embodiment, “XXX service” refers to software for providing a function (service) in a certain unit.

  The log collection service 21 receives log information from one or more devices 30 and temporarily holds it. The device management service 11 manages device information (machine number and the like) of each device and notifies each device of information related to a log transfer method (hereinafter referred to as “log transfer information”). The device 30 identifies a log transfer destination based on the log transfer information. The log management service 12 manages information of one or more log collection services 21. The log management service 12 also collects, stores, and manages log information temporarily stored in the log collection service 21 from each log collection service 21 under management. The authentication service 13 manages authentication information of each device 30 and authenticates the device 30 in response to a request from the log collection service 21 or the log management service 12.

  By the way, in FIG. 2, the multiplicity of the node is shown at both ends of a straight line connecting the nodes. According to this, one log collection server 20 can receive log information from one or more (1... *) Devices 30. Further, one log management server 10 can collect log information from one or more log collection servers 20. That is, the relationship is log management server 10 ≦ log collection server 20 ≦ device 30. By providing such a hierarchical structure (that is, by interposing the log collection server 20 between the log management server 10 and the device 30), it is possible to avoid load concentration on the log management server 10. . In this sense, when the number of devices 30 to be managed is small, the log collection server 20 (or log collection service 21) and the log management server 10 (or log management service 12) do not necessarily have to be separated. However, as described above, the configuration as shown in FIG. 2 is desirable from the viewpoint of reducing the load on the log management server 10.

  Next, hardware will be described. FIG. 3 is a diagram illustrating a hardware configuration example of the log management server according to the embodiment of the present invention. The log management server 10 shown in FIG. 3 includes a drive device 100, an auxiliary storage device 102, a memory device 103, an arithmetic processing device 104, and an interface device 105 that are connected to each other via a bus B. Is done.

  A program for realizing processing in the log management server 10 is provided by a recording medium 101 such as a CD-ROM. When the recording medium 101 on which the program is recorded is set in the drive device 100, the program is installed from the recording medium 101 to the auxiliary storage device 102 via the drive device 100.

  The auxiliary storage device 102 stores the installed program and also stores necessary files and data. The memory device 103 reads the program from the auxiliary storage device 102 and stores it when there is an instruction to start the program. The arithmetic processing unit 104 executes functions related to the log management server 10 in accordance with a program stored in the memory device 103. The interface device 105 is used as an interface for connecting to the network 40 of FIG.

  The log collection server 20 may have the same hardware configuration as the log management server 10.

  Hereinafter, the processing procedure of the log management system 1 will be described. FIG. 4 is a flowchart for explaining the processing outline of the log management system according to the first embodiment.

  In step S11, address information and the like of the log collection service 21 are registered in the log management service 12 (log collection service registration process). As a result, the log management service 12 recognizes the log collection service 21 that is the collection destination of the log information.

  Progressing to step S12 following step S11, information (device number, etc.) of the device 30 is registered in the device management service 11 (device registration processing). Thereby, the device management service 11 recognizes the device 30 to be managed.

  In step S13 following step S12, the device management service 11 notifies the device 30 of log transfer information (log transfer information setting processing). The log transfer information includes information for identifying the log collection service 21 of the log information transfer destination.

  Progressing to step S14 following step S13, in response to the generation of a job (for example, a print job), each device 30 logs the log information related to the job as a transfer destination indicated in the log transfer information as a transfer destination. (Log information transfer process). Accordingly, log information from each device 30 is temporarily held in the log collection service 21.

  Progressing to step S15 following step S14, the log management service 12 periodically acquires and accumulates log information temporarily stored in each log collection service 21 (log information batch transfer process).

  Hereinafter, the processing content will be described in detail for each step of S11 to S15. First, the log collection service registration process in step S11 will be described. FIG. 5 is a diagram for explaining a log collection service registration process according to the first embodiment.

  First, the user installs the log collection service 21 in the log collection server 20 (S111). At this time, identification information (such as the IP address of the log management server 10) of the log management service 12 is set in the log collection service 21. Based on the identification information, the log collection service 21 notifies the log management service 12 of its own address information (IP address, etc.) (S112). In response to the notification from the log collection service 21, the log management service 12 generates an ID (hereinafter referred to as “collection service ID”) for uniquely identifying the log collection service 21 (S113), and the log collection service 21 The address information and the collection service ID are stored in association with each other (S114). Subsequently, the log management service 12 returns the generated collection service ID to the log collection service 21 (S115). The log collection service 21 stores the returned collection service ID (S116). This completes the log collection service registration process.

  Next, the device registration process in step S12 will be described. FIG. 6 is a diagram for explaining a device registration process according to the first embodiment.

  First, the user registers the address information of the device 30 to be managed in the device management service 11 (S121). This operation is performed every time a new device 30 is connected to the network 40. The device management service 11 accesses the device 30 based on the registered address information, and requests transmission of various information related to the device 30 (for example, a device number, etc., hereinafter referred to as “device information”) (S122). . In response to the request from the device management service 11, the device 30 returns device information of the device 30 (S123). The device management service 11 stores the returned device information in a management table or the like (S124). This completes the device registration process.

  In addition, although the example in which processing is started based on registration from the user has been described in FIG. 6, the device management service 11 automatically detects the connection of the device 30 to the network 40 and starts the processing accordingly. You may be made to do.

  Next, the log transfer information setting process in step S13 will be described. FIG. 7 is a diagram for explaining log transfer information setting processing according to the first embodiment.

  First, the user sets log transfer information for the device 30 to be managed in the device management service 11 with respect to the device management service 11 (S131). Specifically, for example, the address information of the log collection service 21 that is the transfer destination of log information by the device 30 is set. The device management service 11 inquires of the log management service 12 about the collection service ID of the log collection service 21 related to the address information based on the address information set by the user (S132, S133). Subsequently, the device management service 11 transmits a collection service ID to the authentication service 13 and requests generation of an authentication ticket (S134). The authentication service 13 generates an authentication ticket based on the collection service ID, stores the authentication ticket in association with the collection service ID (S135), and returns it to the device management service 11 (S136).

  Here, the authentication ticket is data as a certificate issued to the device 30 that is permitted to transfer the log, and, as will be described later, when the device 30 transfers the log information, It is used as authentication information for proving.

  Subsequently, the device management service 11 transmits the address information (collection service address) of the log collection service 21 to which the log information is transferred and the authentication ticket to the device 30 that is the target for setting the log transfer information. (S137). As a result, an authentication ticket is issued to the device 30. The device 30 stores the collection service address and the authentication ticket (S138). The authentication ticket is also stored in the device management service 11 in association with the device 30 (S139). This completes the log transfer information setting process.

  Next, the log information transfer process in step S14 will be described. FIG. 8 is a diagram for explaining log information transfer processing according to the first embodiment.

  For example, when the user instructs the device 30 to execute a job such as printing (S141), the device 30 executes the job. In response to the execution of the job, the device 30 generates log information indicating the execution history of the job. Subsequently, the device 30 transmits an authentication ticket issued to the device 30 to the log collection service 21 in order to show its validity before transferring the log information (S142).

  FIG. 9 is a diagram illustrating an example of a message for transmitting an authentication ticket. That is, FIG. 9 shows an example of a SOAP message transmitted from the device 30 to the log collection service 21 in step S142. In the SOAP message 142 of FIG. 9, the description 1421 enclosed in the <authTicket> tag corresponds to the encrypted authentication ticket.

  Subsequently, the log collection service 21 that has received the authentication ticket requests the authentication service 13 to confirm the validity of the authentication ticket by transmitting the authentication ticket to the authentication service 13 (S143). The authentication service 13 confirms the validity of the received authentication ticket by collating with the authentication ticket and sends back the result (S144). In FIG. 8, it is assumed that the validity of the authentication ticket has been confirmed (that is, the device 30 has been authenticated). Subsequently, when the log collection service 21 notifies the device 30 that it has been authenticated (S145), the device 30 transfers log information to the log collection service 21 (S146).

  FIG. 10 is a diagram illustrating an example of a message for transmitting log information. That is, FIG. 10 shows an example of a SOAP message transmitted from the device 30 to the log collection service 21 in step S146. A description 1461 surrounded by <logSourceID> tags in the SOAP message 146 of FIG. 10 indicates the device number of the device 30. A description 1462 surrounded by <logType> tags indicates the type of log information. Here, “deviceJobLog” indicates log information related to a job executed in the device. A description 1463 surrounded by <logList> tags indicates the substance of log information. The log information is composed of one or more items. Therefore, an item element surrounded by <item> tags is provided for each item constituting the log information, and in the absence of the item element, the name of the item (propNmae) and the value of the item (propVal) are described (for example, , Description 1461-1, description 1461-n, etc.).

  Subsequently, the log collection service 21 temporarily stores the log information transferred from the device 30 (S147). This is the end of the log information transfer process.

  8 describes the case where the device 30 is authenticated. However, if the device 30 is not authenticated, that is, if the authentication service 13 determines that the authentication ticket is invalid, the log collection service 21. Does not accept transfer of log information from the device 30. As a result, transfer of log information from the device 30 whose identity is not clear can be prevented, and reliability of the log information can be ensured.

  Next, the log information batch transfer process in step S15 will be described. FIG. 11 is a diagram for explaining log information batch transfer processing according to the first embodiment.

  The log management service 12 detects the log transfer timing periodically (for example, once an hour) (S151). In response to the detection of the transfer timing, the log management service 12 transmits a log information transfer request to each of the registered log collection services 21 (S152). Upon receiving the request from the log management service 12, the log collection service 21 compresses the log information transferred from the device 30 and temporarily stored (S153), and then forwards the log information to the log management service 12 (S154). By compressing the log information, the communication load can be reduced. The log management service 12 decompresses the received log information and registers the log information in the log DB 122 via the DB engine 121 (S155). Here, the DB engine 121 refers to software that manages a database system. This completes the log information batch transfer process.

  FIG. 12 is a diagram illustrating an example of a schema of the log DB according to the first embodiment. As illustrated in FIG. 12, the log DB 122 manages, for example, a log ID, a log type, and a machine number for each log information.

  Since the log information temporarily stored in the log collection service 21 is transferred from the authenticated device 30, the log information registered in the log DB 122 is also generated only in the authenticated device 30. Limited to things.

  By the way, in the first embodiment, if the validity of the authentication ticket of the device 30 is not confirmed, the device 30 cannot transfer the log information. Thereby, the reliability of the log information in the log DB 122 is secured. However, if communication with the authentication service 13 cannot be performed due to a failure in the authentication service 13 or the like, the following problems may occur.

  FIG. 13 is a diagram for explaining log information transfer processing in the first embodiment when a failure has occurred in the authentication service. That is, FIG. 13 shows a processing procedure when a failure occurs in the authentication service 13 in the log information transfer process shown in FIG. Therefore, in FIG. 13, the same steps as those in FIG.

  In FIG. 13, even if the log collection service 21 requests the authentication service 13 to confirm the validity of the authentication ticket (S143), the authentication service 13 cannot perform authentication processing and cannot respond due to a failure. (S164). Therefore, the log collection service 21 returns a message indicating that the device 30 has not been authenticated (S165). The unauthenticated device 30 cannot transfer log information. Therefore, if the device 30 does not have a recording medium such as an HDD (Hard Disk Drive), the log information that could not be transferred must be deleted (S166-1). On the other hand, if the device 30 has a recording medium such as an HDD, it is possible to temporarily store the log information in the recording medium (S166-2) and try transfer again. However, log information is generated every moment when the capacity of the recording medium is limited. Therefore, there may be log information that must be deleted without being transferred. In particular, it is considered that there is a high possibility that such a situation will occur with respect to a network device that has severe restrictions on the capacity such as an HDD.

  As described above, when a failure occurs in the authentication service 13, even if the device 30 has a valid authentication ticket, the log information cannot be transferred and the log information is lost. It is done. The occurrence of such a situation reduces the reliability of log information. Therefore, hereinafter, a second embodiment will be described as an example of solving such a problem.

  FIG. 14 is a flowchart for explaining the processing outline of the log management system according to the second embodiment. In FIG. 14, the same steps as those in FIG. 4 are denoted by the same reference numerals, and description thereof is omitted.

  As apparent from the difference in the step numbers, in the second embodiment, the contents of the log information transfer process (S24) and the log information batch transfer process (S25) are the same as those in the first embodiment (FIG. 4). Different from S14, S15). In the second embodiment, the log information periodic authentication process (S26) is performed after the log information batch transfer process (S25). Details of these three processes will be described below.

  First, log information transfer processing according to the second embodiment will be described. This process is the same as that of the first embodiment (FIG. 8) in the normal system, but the process (FIG. 13) when a failure has occurred in the authentication service 13 is different from that of the first embodiment. . Therefore, a processing procedure when a failure has occurred in the authentication service 13 will be described.

  FIG. 15 is a diagram for explaining log information transfer processing in the second embodiment when a failure occurs in the authentication service. In FIG. 15, the same steps as those of FIG.

  In FIG. 15, even if the log collection service 21 requests the authentication service 13 to confirm the validity of the authentication ticket (S143), the authentication service 13 cannot perform authentication processing and cannot respond due to a failure. (S164). However, if the log collection service 21 in the second embodiment cannot execute the authentication process due to a failure of the authentication service 13 or the like, the log collection service 21 transmits an authentication message to the device 30 to the device 30. On the other hand, transfer of log information is permitted (S245). The device 30 permitted to transfer the log information transfers the log information to the log collection service 21 (S246). The log collection service 21 temporarily stores the log information transferred from the device 30 (S247). At this time, the log collection service 21 stores at least the log information from the unauthenticated device 30 (hereinafter referred to as “unauthenticated log information”) in association with the authentication ticket. Note that the log information from the authenticated device 30 (hereinafter referred to as “authenticated log information”) may be associated with the authentication ticket, but in this case, based on the presence or absence of the association with the authentication ticket, Unauthenticated log information cannot be distinguished from authenticated log information. Therefore, it is preferable to associate a flag (hereinafter referred to as “authentication flag”) indicating whether or not each log information is authenticated again. This completes the log information transfer process when a failure has occurred in the authentication service 13.

  As described above, in the second embodiment, when a failure or the like occurs in the authentication service 13 and the process cannot be executed due to a reason that communication with the authentication service 13 cannot be performed, the log collection service 21 is a device for the time being. 30 is authenticated and receives log information from the device 30 and temporarily stores it. Therefore, unlike the first embodiment, the log information stored in the log collection service 21 is not necessarily only authenticated.

  Next, the log information batch transfer process in step S25 will be described. FIG. 16 is a diagram for explaining log information batch transfer processing according to the second embodiment. In FIG. 16, the same steps as those in FIG. 11 are denoted by the same step numbers and the description thereof is omitted.

  In FIG. 16, step S254 and step S255 are different from the first embodiment. That is, unauthenticated log information is also temporarily stored in the log collection service 21 in the second embodiment. Therefore, in step S254, not only authenticated log information but also unauthenticated log information is included and transferred to the log management service 12. In step S255, unauthenticated log information is also registered in the log DB 123. At least the unauthenticated log information is also transferred in association with the authentication ticket (S254) and registered in the log DB 123 (S255).

  FIG. 17 is a diagram illustrating an example of a schema of a log DB according to the second embodiment. As illustrated in FIG. 17, the log DB 123 manages, for example, a log ID, a log type, a machine number, an authentication ticket, an authentication flag, and the like for each log information. That is, in the management items of the log DB 123 in the second embodiment, at least an authentication ticket and an authentication flag are added to the management items of the log DB 122 (FIG. 12) in the first embodiment. The authentication flag is a flag indicating whether or not the log information is authenticated. “1” indicates that the log information is authenticated, and “0” indicates that the log information is not authenticated. In FIG. 17, authentication tickets are managed for all log information regardless of whether or not they are authenticated. However, it is not always necessary to manage authentication tickets for authenticated log information.

  Next, the log information periodic authentication process in step S26 will be described. FIG. 18 is a diagram for describing log information periodic authentication processing according to the second embodiment. Here, the periodic authentication process of log information refers to a process of attempting to authenticate again for unauthenticated log information among the log information registered in the log DB 123.

  The log management service 12 detects the timing of authentication periodically (for example, once per hour) (S261). In response to the detection of the authentication timing, the log management service 12 checks whether or not the authentication service 13 is accessible, that is, whether or not communication is impossible due to the occurrence of a failure or the like (S262, S263).

  When the authentication service 13 is accessible, the log management service 12 searches the unauthenticated log information (that is, log information with the authentication flag “0”) via the DB engine 121 (S264), and stores the log information in the log information. An authentication ticket associated and registered is acquired (S265). Subsequently, the log management service 12 requests the authentication service 13 to confirm the validity of the authentication ticket by transmitting the acquired authentication ticket to the authentication service 13 (S266). The authentication service 13 confirms the validity of the received authentication ticket by checking with the authentication ticket or the like, and returns the result (S267).

  When the authentication service 13 receives a reply from the authentication service 13 that the authentication ticket is valid, the log management service 12 sets the log information associated with the authentication ticket to “1”, thereby obtaining the log information. It is assumed that authentication has been completed (S268). As a result, the periodic authentication is not performed again for the log information. At this time, if there is unauthenticated other log information related to the same machine number as the log information (that is, other log information generated from the same device), the authentication flag of the other log information Should be set to “1”. This is because the authentication ticket is issued for each device 30, and if the validity of a certain authentication ticket is confirmed, all log information transferred from the device 30 having the authentication ticket can be trusted. By doing so, it is possible to avoid repeated inquiries to the authentication service 13 for the same authentication ticket, and to speed up the processing.

  On the other hand, when the authentication service 13 receives a reply that the authentication ticket is invalid, the log management service 12 deletes the log information associated with the authentication ticket from the log DB 123. At this time, other log information related to the same machine number as the log information may be deleted simultaneously (at the same timing).

  If a failure occurs in the authentication service 13 during periodic authentication, the authentication flag of the log information is not changed, and authentication of unauthenticated log information is attempted again at the next timing.

  As described above, according to the log management system 1 in the second embodiment, it is possible to prevent the loss of valid log information due to a failure of the authentication service 13 or the like. Further, illegal log information can be detected and eliminated by periodic authentication of log information. Therefore, the reliability of the log information accumulated in the log DB 123 can be improved.

  In the above description, an example in which an authenticated log and an unauthenticated log are distinguished by an authentication flag has been described. However, the two may be distinguished from each other by managing them in separate tables.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the specific embodiment which concerns, In the range of the summary of this invention described in the claim, various deformation | transformation * It can be changed.

It is a figure which shows the structural example of the log management system in embodiment of this invention. It is a figure which shows the function structural example of the log management system in embodiment of this invention. It is a figure which shows the hardware structural example of the log management server in embodiment of this invention. It is a flowchart for demonstrating the process outline | summary of the log management system in 1st embodiment. It is a figure for demonstrating the registration process of the log collection service in 1st embodiment. It is a figure for demonstrating the registration process of the apparatus in 1st embodiment. It is a figure for demonstrating the setting process of the log transfer information in 1st embodiment. It is a figure for demonstrating the transfer process of the log information in 1st embodiment. It is a figure which shows the example of the message which transmits an authentication ticket. It is a figure which shows the example of the message which transmits log information. It is a figure for demonstrating the batch transfer process of the log information in 1st embodiment. It is a figure which shows the example of the schema of log DB in 1st embodiment. It is a figure for demonstrating the transfer process of the log information in 1st embodiment when a failure has generate | occur | produced in the authentication service. It is a flowchart for demonstrating the process outline | summary of the log management system in 2nd embodiment. It is a figure for demonstrating the transfer process of the log information in 2nd embodiment when a failure has generate | occur | produced in the authentication service. It is a figure for demonstrating the batch transfer process of the log information in 2nd embodiment. It is a figure which shows the example of the schema of log DB in 2nd embodiment. It is a figure for demonstrating the periodic authentication process of the log information in 2nd embodiment.

Explanation of symbols

1 Log Management System 10 Log Management Server 11 Device Management Service 12 Log Management Service 13 Authentication Service 20 Log Collection Server 21 Log Collection Service 30 Device 100 Drive Device 101 Recording Medium 102 Auxiliary Storage Device 103 Memory Device 104 Arithmetic Processing Device 105 Interface Device 121 DB engine 122, 123 Log DB
B bus

Claims (8)

A log management system having a log collection device that collects log information generated in a device, and a log management device that accumulates the log information,
The log collection device includes:
It received from the device authentication information set in the device, and sends the authentication means the validity of the confirmation request for authentication information, communicating with the case or the authentication means the validity is confirmed by the authentication means Log information is acquired from the device when it is not possible, and at least the log information acquired from the device when communication with the authentication means is not possible is stored in association with the authentication information received from the device Having a collection means ,
The log management device includes:
And the authentication unit to confirm the validity of the authentication information,
The log information acquired by the log collecting means and transferred from the log collecting means is registered in the log accumulating means, and at least when the log collecting means cannot communicate with the authentication means, For authentication log information, log management means for registering in the log storage means in association with the authentication information transferred from the log collection means in association with the unauthenticated log information ,
The log manager, the log, characterized in that the validity of the confirmation request for the authentication information registered in said log storage means associated with the unauthenticated log information periodically transmitted to the authentication means Management system. The log manager, the log management according to claim 1, wherein the deleting from said log storage means the unauthenticated log information associated with the authentication information is determined to be invalid by said authentication means System . The log management unit is configured to simultaneously delete the unauthenticated log information related to the same device as the unauthenticated log information associated with the authentication information determined to be unauthorized by the authentication unit. Item 3. The log management system according to item 2. The log management means does not periodically transmit the confirmation request to the authentication means for the unauthenticated log information associated with the authentication information whose validity has been confirmed by the authentication means. The log management system according to any one of claims 1 to 3. A log collection device for collecting log information generated in the device, the accumulated log information to a log management method in the log management system and a log management apparatus having an authentication unit and the log management unit,
If the logging device receives from the device has been authentication information set in the device, and transmits the validity of the confirmation request for authentication information to the authentication unit, wherein the validity is confirmed by the authentication means Or, when communication with the authentication unit is not possible, log information is acquired from the device , and at least for the log information acquired from the device when communication with the authentication unit is not possible, the authentication information received from the device Log collection procedure to store in association with
The log management unit registers the log information acquired in the log collection procedure and transferred from the log collection device in a log storage unit, and at least the log collection unit cannot communicate with the authentication unit for unauthenticated log information acquired in the acquisition procedure, a log registration procedure for registering to the non-authentication log information said log storage means in association with the authentication information that is associated with the transfer from the log collecting apparatus,
The log management means includes a re-authentication procedure for periodically transmitting a request for confirming the validity of the authentication information associated with the unauthenticated log information and registered in the log storage means to the authentication means. log management method characterized by. 6. The log management unit includes a deletion procedure for deleting, from the log storage unit, the unauthenticated log information associated with the authentication information determined to be unauthorized by the authentication unit. log management method as claimed. The deletion procedure is characterized in that the unauthenticated log information related to the same device as the unauthenticated log information associated with the authentication information determined to be unauthorized by the authentication unit is simultaneously deleted. log management method of 6, wherein the. The re-authentication procedure does not periodically transmit the confirmation request to the authentication means for the unauthenticated log information associated with the authentication information whose validity has been confirmed in the authentication process. claims 5 to 7 any one log management method according to.

Images