JP2025118182A - Log policy management device, log policy management method, and log policy management program - Google Patents

Abstract

To simplify and facilitate management of information processing formats of log information.SOLUTION: A storage unit in which a determination target that is a provider of a service, a log policy application target to which policy information for controlling acquisition of log information is applied, a log setting classification indicating types of log information to be collected for each log policy application target, a policy level indicating an information processing format of acquired log information, and policy information to be set are associated with each other is referred by a policy detection unit on the basis of the determination target, the log policy application target, the log setting classification, and the policy level to detect policy information corresponding to the determination target, the log policy application target, the log setting classification, and the policy level. A policy setting unit sets the detected policy information to the corresponding log policy application target.SELECTED DRAWING: Figure 1

Description

The present invention relates to a log policy management device, a log policy management method, and a log policy management program.

Patent Document 1 (JP 2016-130997 A) discloses an information processing device that can provide an MFP that can reliably execute port opening and closing control that reflects security policies, even when an extended AP is installed.

When installing an extended AP, this information processing device edits policy setting items, including existing ones, based on the results of analyzing port control information related to the specific ports used by the extended AP. It then accepts setting input via the edited policy setting items and generates setting information. This makes it possible to maintain security when an extended AP is installed by applying filtering rules to the firewall in accordance with the setting information.

JP 2016-130997 A

Here, in systems equipped with multiple terminal devices, such as so-called cloud systems or data centers, the types and patterns of log information acquired by each terminal device vary depending on the level of system control required by the customer operating the system or the customer's system implementation process.

This has led to the problem that managing the information processing format of log information for each terminal device becomes complicated and tedious. This problem becomes more pronounced the more terminal devices are managed.

The present invention was made in consideration of the above-mentioned problems, and aims to provide a log policy management device, a log policy management method, and a log policy management program that simplify and facilitate management of the information processing format of log information for each terminal device.

To solve the above-mentioned problems and achieve the objectives, the log policy management device of the present invention has a policy detection unit that references a storage unit that associates the following: a determination target that is the entity providing the service; a log policy target to which policy information that controls the acquisition of log information is applied; a log setting classification that indicates the type of log information collected for each log policy target; a policy level that indicates the information processing format of the acquired log information; and the policy information to be set, based on the determination target, log policy target, log setting classification, and policy level, and detects policy information that corresponds to the determination target, log policy target, log setting classification, and policy level; and a policy setting unit that sets the detected policy information to the corresponding log policy target.

In order to solve the above-mentioned problems and achieve the objectives, the log policy management method of the present invention includes a policy detection step in which a policy detection unit references a storage unit that associates a determination target that is the service provider, a log policy target to which policy information that controls the acquisition of log information is applied, a log setting classification that indicates the type of log information collected for each log policy target, a policy level that indicates the information processing format of the acquired log information, and the policy information to be set, based on the determination target, log policy target, log setting classification, and policy level, and detects policy information corresponding to the determination target, log policy target, log setting classification, and policy level; and a policy setting step in which a policy setting unit sets the detected policy information to the corresponding log policy target.

In addition, to solve the above-mentioned problems and achieve the objectives, the log policy management program of the present invention causes a computer to function as a policy detection unit that references a storage unit that associates the following: a determination target that is the entity providing the service; a log policy target to which policy information that controls the acquisition of log information is applied; a log setting classification that indicates the type of log information collected for each log policy target; a policy level that indicates the information processing format of the acquired log information; and the policy information to be set, based on the determination target, log policy target, log setting classification, and policy level; and detects policy information corresponding to the determination target, log policy target, log setting classification, and policy level; and a policy setting unit that sets the detected policy information to the corresponding log policy target.

This invention simplifies and facilitates management of the information processing format of log information for each terminal device.

FIG. 1 is a diagram illustrating a system configuration of a log policy management system according to a first embodiment. FIG. 2 is a diagram showing an outline of the configuration of the configuration information management master provided in the log policy management device according to the first and second embodiments. FIG. 3 is a diagram showing an outline of the configuration of the policy master provided in the log policy management device according to the first and second embodiments. FIG. 4 is a diagram showing an outline of the configuration of the setting master provided in the log policy management device according to the first and second embodiments. FIG. 5 is a block diagram showing the hardware configuration of a log policy management device provided in the log policy management system of the first embodiment. FIG. 6 is a diagram illustrating an example of a configuration information management master provided in the log policy management device of the log policy management system according to the first embodiment. FIG. 7 is a diagram illustrating an example of a policy master provided in the log policy management device of the log policy management system according to the first embodiment. FIG. 8 illustrates an example of a setting master provided in the log policy management device of the log policy management system according to the first embodiment. FIG. 9 is a diagram showing a configuration information management master table in which update flag information is set for each server function that sets policy information in the log policy management device of the log policy management system according to the first embodiment. FIG. 10 is a diagram showing how policy information corresponding to the operating status is set for each server function for which update flag information is set by the log policy management device of the log policy management system of the first embodiment. Figure 11 shows a configuration information management master table in which the update flag information for each server function for which policy information has been set has been erased and the master change history for the server function for which the policy information has been changed has been incremented in the log policy management device of the first embodiment of the log policy management system. FIG. 12 is a diagram showing an example in which the operating status of each server device in the configuration information management master table is changed to another operating status. FIG. 13 is a diagram showing how new policy information is set for a server device whose operating status has been changed to another operating status. FIG. 14 is a diagram showing an example in which the server role of each server device in the configuration information management master table has been changed. FIG. 15 is a diagram showing an example in which new policy information is set for a server device whose server role has been changed. FIG. 16 is a diagram showing a state in which various information about a newly added server device has been added to the configuration information management master table. FIG. 17 is a diagram showing an example in which policy information corresponding to the operating status is set for a newly added server device. FIG. 18 illustrates a system configuration of a log policy management system according to the second embodiment. FIG. 19 is a block diagram showing the hardware configuration of a log policy management device in the log policy management system according to the second embodiment. FIG. 20 illustrates an example of a configuration information management master table provided in the log policy management device of the log policy management system according to the second embodiment. FIG. 21 illustrates an example of a policy master table provided in the log policy management device of the log policy management system according to the second embodiment. FIG. 22 illustrates an example of a setting master table provided in the log policy management device of the log policy management system according to the second embodiment. FIG. 23 is a diagram showing how policy information according to employee rank is set in each server device by the log policy management device of the log policy management system according to the second embodiment. Figure 24 is a diagram showing a configuration information management master table in which the update flag information of each server device for which policy information is set is erased and the master change history of the server device for which the policy information has been changed is incremented in the log policy management device of the second embodiment of the log policy management system. FIG. 25 is a diagram showing an example of changing the worker rank in the configuration information management master table. FIG. 26 is a diagram showing how new policy information is set for a server device of a worker whose worker rank has changed. FIG. 27 is a diagram showing an example of a change in the operation content of a server device in the configuration information management master table. FIG. 28 shows how new policy information is set for a server device whose work content has changed. FIG. 29 is a diagram showing a state in which the work content and worker rank of the worker of the newly added server device have been added to the configuration information management master table. FIG. 30 is a diagram showing how policy information corresponding to worker ranks is set for a newly added server device.

The following describes in detail a log policy management system, an embodiment of the present invention, with reference to the accompanying drawings. Note that the present invention is not limited to the following embodiment.

[System Overview]
1 is a diagram illustrating an overview of a log policy management system according to an embodiment. As shown in Fig. 1, the log policy management system includes a log policy management device 1 that centrally manages policy information that controls the acquisition of log information, a setting terminal device 51 that sets policy information for the log policy management device 1, and a log policy target to which the policy information is applied.

Figure 1 shows an example in which a log policy is applied to server function 53, a virtual server function built within the log policy management device 1. Server function 53 loads file (OS image, disk image) data prepared for each virtual server on the host OS (Operating System) server device, and provides a programmatic service with a specified role to each company.

In addition to this virtual server function, the log policy can also be applied to other devices for which policy information can be set, such as physical server devices, client terminal devices, mobile devices, or IoT (Internet of Things) devices.

The log policy management device 1 is provided with a configuration information management master table 11 (or a configuration information management master table 81, described later). As shown in FIG. 2, this configuration information management master table 11 stores the policy judgment target, environment unit name, log setting classification, policy level, update flag, and other information. The policy judgment target is the entity that provides the service, and in the first embodiment, this will be explained as the "company name," and in the second embodiment, described later, this will be explained as the "worker."

In the first embodiment, the environment unit name is the "server name" assigned to each company's server function that sets policy information. In the second embodiment, it is the "server name" of the server device operated by the operator.

The log setting classification indicates the type of log information to be collected for each target to which the log policy is applied. In the first embodiment, this log setting classification indicates the type of log information to be collected based on the role (server role) provided by each server function 53. That is, in the first embodiment, the following roles are set as log setting classifications: "DB: Database function," "AP: Application server function," "WEB: Web server function," "AD (Active Directory (registered trademark)): Active Directory (registered trademark) server function," and "Other (roles)."

As will be described later using Figure 8, if server function 53 is a "DB: database server function," database log information is collected. If server function 53 is an "AP: application server function," specific log information corresponding to a specific application program is collected. If server function 53 is a "WEB: web server function," IIS (Internet Information Services) log information is collected. If server function 53 is an "other (role)" server function, optional log information is collected.

In contrast, in the second embodiment, the log setting classifications are set to log information collected according to the type of work performed on the server device 63, such as "data modification," "file import," "file export," "system shutdown," and "investigation."

As will be described later using Figure 22, if the work performed on the server device 63 is "data modification," database log information is collected. Furthermore, if the work performed on the server device 63 is "file import" or "file export," file access log information is collected. Furthermore, if the server device 63 is placed in "system shutdown," fault monitoring log information is collected. Furthermore, if the work performed on the server device 63 is "investigation," performance log information is collected.

The policy level is information that indicates the information processing format of the acquired log information. In the first embodiment, it indicates the information processing format of the log information corresponding to the "operational status" of each server function 53, and in the second embodiment, it indicates the information processing format of the log information corresponding to the "operator rank" of the operator operating each server device 63.

The "update flag" is information that is set for the server function 53 or server device 63 that sets policy information, and is erased after the policy information is set. Details will be provided later.

As shown in FIG. 3, the policy master table 12 (and the policy master table 82 described below) has a policy number set for each policy level that indicates the information processing format of the policy information. Specifically, in the first embodiment, policy numbers such as "Policy 01" and "Policy 02" are associated with operation statuses (policy levels) such as "Before and After Operation," "Preparation for Operation," or "Failure." In addition, in the second embodiment, policy numbers such as "Policy 01" and "Policy 02" are associated with worker ranks (policy levels) such as "A" and "B."

As shown in Figure 4, the setting master table 13 (and the setting master table 83 described below) associates and sets the log setting classification, the log information to be acquired, the setting items, and the information processing format of the acquired log information (how the acquired log information is processed = policy information) corresponding to each policy number.

In the first embodiment, the "log setting classification" is the function (role: DB, AP, etc.) of each server function 53 described above. The "log information" is information indicating the type of log information acquired by that server function 53. The "setting item" indicates the maximum amount of log information to be acquired (maximum log size (MB)). Furthermore, the policy information indicates the information processing mode, such as whether to "overwrite" or "archive (store in the memory unit 2)" the existing log information when the amount of acquired log information reaches the maximum log size (MB).

In contrast, in the second embodiment, the "log setting classification" is the work content (data modification, file import, etc.) of each server device 63 described above. "Log information" is information indicating the type of log information acquired by that server device 63. "Setting item" indicates the maximum amount of log information to be acquired (maximum log size (MB)). Furthermore, the policy information indicates the information processing mode, such as whether, when the amount of acquired log information reaches the maximum log size (MB), the log information acquired thereafter will be "overwritten" over the existing log information or "archived (stored in the memory unit 2)."

Such a log policy management system pre-registers the configuration information to which the log policy applies and the log information management policy in a master group (configuration information management master tables 11 and 81 in Figure 2, policy master tables 12 and 82 in Figure 3, and setting master tables 13 and 83 in Figure 4).

Next, the server function 53 (or server device 63) reads the master group described above and applies the policy information to each environment unit. At this time, the log policy is applied to environment units whose update flag is set to "1", and the policy information application process is performed on the environment units detected using the policy judgment target and environment unit name as keys. In addition, the policy information change process for acquiring log information is similarly performed on environment units whose policy level or log setting classification has been changed or which have been added.

This allows you to centrally manage the policy information you set according to policy levels such as operating status or worker rank, and reflect it all at once for each environment unit.

[First embodiment]
A specific embodiment of such a log policy management system will be described below.

First, the log policy management system described as the first embodiment is an example of centrally managing policy information by company name (by policy judgment target) and by server name (by environment unit).

(System Configuration of First Embodiment)
5 is a block diagram showing the hardware configuration of the log policy management device 1 provided in the log policy management system of the first embodiment. As shown in Fig. 5, the log policy management device 1 includes a storage unit 2, a control unit 3, a communication interface unit 4, and an input/output interface unit 5. An input device 6 and an output device 7 are connected to the input/output interface unit 5.

The log policy management device 1 also has a server function 53, which is a virtual server function, and a firewall function 54.

The memory unit 2 can be, for example, a memory device such as a ROM (Read Only Memory), a RAM (Random Access Memory), a HDD (Hard Disk Drive), or an SSD (Solid State Drive).

A setting terminal device 51 is connected to the communication interface unit 4 via a private network 50 such as a LAN (Local Area Network).

The output device 7 may be a display unit such as a monitor (including a home television), a printer, or a speaker. The input device 6 may be a keyboard, a mouse, a microphone, or a monitor that functions as a pointing device in conjunction with a mouse.

The memory unit 2 stores a log policy management program that simplifies and facilitates the acquisition and management of log information for each server function 53. The memory unit 2 also contains a configuration information management master table 11, a policy master table 12, and a setting master table 13, each of which is a storage area.

The server function 53 operates as a virtual server device based on the host OS and specified application programs stored in the storage unit 2, loading file data (OS images, disk images, etc.) prepared for each virtual server and providing programs with specified services to each company.

As shown in Figure 6, the configuration information management master table 11 provided in the storage unit 2 stores company names, server names, server roles, operating status, update flags, etc. The "company names" are the targets of the policy determination described above, and in this example are "Company A," "Company B," and "Company C." Furthermore, the server names, which are the environmental unit names described above, are "XXX101" and "XXX102" for "Company A," "XXX201," "XXX202," and "XXX203" for "Company B," and "XXX301" for "Company C."

Furthermore, the server role of server function 53 of "XXX101" of "Company A" is "DB: database server device," and the server role of server function 53 of "XXX102" is "AP: application server device."

The server role of server function 53 of "XXX201" of "Company B" is "WEB: Web server device." The server roles of server function 53 of "XXX202" of "Company B" are "DB: Database server device," "AP: Application server device," "Web: Web server device," and "AD (Active Directory (registered trademark)): Active Directory (registered trademark) server device." The server role of server function 53 of "XXX203" of "Company B" is "Other."

Furthermore, the server roles of server function 53 of "XXX301" of "Company C" are "DB: database server device," "WEB: web server device," and "AD (Active Directory (registered trademark)): Active Directory (registered trademark) server device."

For the operational status, which is the policy level mentioned above, "Pre- and Post-Operation" is set for each of the server functions 53, "XXX101" and "XXX102" of "Company A." Furthermore, "Preparation for Operation" is set for each of the server functions 53, "XXX201," "XXX202," and "XXX203" of "Company B." Furthermore, "Failure" is set for the server function 53, "XXX301" of "Company C."

The operating status of each company's server function 53 is set in the log policy management device 1 from the setting terminal device 51. The policy level "operating status" is a status that indicates the state of the service installation and operation process for each company. This operating status is changed collectively for each "company name" that is the customer to which the system is installed. Furthermore, if a failure has occurred in a specific server function of a specific company, the "operating status" is updated to an operating status of "failure." Furthermore, if the server function causing the failure has not been identified when the failure occurs, the policy levels of all server functions are changed in order to investigate the issue. This changes the log information that is acquired, making it possible to identify the server function causing the failure.

Update flag information is information that is assigned to the server function 53 that sets policy information. The example in Figure 6 shows an example in which update flag information of "1" is assigned to all server functions 53 from "Company A" to "Company C" (an example in which policy information is set for all server functions 53).

As shown in Figure 7, the policy master table 12 has a policy number set for each operating status. The policy number is a number used to identify the policy information set in the server function 53. Specifically, the policy number "Policy01" is set for the operating status "operation preparation," and the policy number "Policy02" is set for the operating status "test process." The policy number "Policy03" is set for the operating status "before and after operation," and the policy number "Policy04" is set for the operating status "stable operation." The policy number "Policy05" is set for the operating status "failure."

As shown in Figure 8, the configuration master table 13 stores, for each role of each server function 53, the type of log information to be acquired, the maximum amount of log information to be acquired (maximum log size (MB)), and policy information, which is the information processing format indicated by a policy number to be performed according to each operating status when the acquired log information reaches the maximum log size (MB).

Specifically, when the operating status is "preparing for operation," server function 53 of "DB: database server device" performs information processing to overwrite the database log information acquired up to that point when the acquired database log information exceeds, for example, "100 MB" (information processing mode of Policy 01). Also, when the operating status is "test process," server function 53 of "DB: database server device" performs information processing to overwrite the database log information acquired up to that point when the acquired database log information exceeds, for example, "500 MB" (information processing mode of Policy 02).

Furthermore, when the operating status is "before and after operation," server function 53 of "DB: database server device" performs information processing (archiving) to store the database log information acquired up to that point in memory unit 2 if the acquired database log information exceeds, for example, "1,000 MB" (information processing mode of Policy 03). Furthermore, when the operating status is "stable operation," server function 53 of "DB: database server device" performs information processing (archiving) to store the database log information acquired up to that point in memory unit 2 if the acquired database log information exceeds, for example, "500 MB" (information processing mode of Policy 04).

Furthermore, when the operating status is "failed," the server function 53 of the "DB: database server device" performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 if the acquired database log information exceeds, for example, 2,000 MB (information processing mode of Policy 05).

Similarly, server function 53 of "WEB: web server device" acquires "IIS log information (IIS: Internet Information Services)." Then, when the operation status is "preparing for operation," if the acquired IIS log information exceeds, for example, "100 MB," it performs information processing to overwrite the IIS log information acquired up to that point (information processing mode of Policy 01). Furthermore, when the operation status is "testing process," server function 53 of "WEB: web server device" acquires, for example, if the acquired IIS log information exceeds "500 MB," it performs information processing to overwrite the IIS log information acquired up to that point (information processing mode of Policy 02).

Furthermore, when the operation status is "before and after operation," server function 53 of "WEB: web server device" performs information processing (archiving) to store the IIS log information acquired up to that point in memory unit 2 if the acquired IIS log information exceeds, for example, "1,000 MB" (information processing mode of Policy 03). Furthermore, when the operation status is "stable operation," server function 53 of "WEB: web server device" performs information processing (archiving) to store the IIS log information acquired up to that point in memory unit 2 if the acquired IIS log information exceeds, for example, "500 MB" (information processing mode of Policy 04).

Furthermore, when the operating status of the "WEB: web server device" is "failed," if the acquired IIS log information exceeds, for example, "2,000 MB," the server function 53 performs information processing (archiving) to store the IIS log information acquired up to that point in the storage unit 2 (information processing mode of Policy 05).

The information processing (policy) for such log information is set based on the importance of the log information, which changes depending on the operating status. For example, log information generated during the preparation period for server function 53's operation is of low importance and is therefore managed by overwriting. However, once server function 53 is operational, log information becomes more important as it becomes necessary to verify any errors that have occurred, and so log information generated in the past is saved using an archive process.

In addition, a particularly large amount of log information is required for analysis before and after operation and when a failure occurs. For this reason, a large maximum log size is set, and once operation has stabilized, a smaller maximum log size is set. Note that the relationship between the server role or type of log information of server function 53 and the setting items is an example, and can be set as desired depending on the configuration.

(Functional configuration of the log policy management device)
Next, the control unit 3 executes the log policy management program stored in the memory unit 2, and functions as a policy detection unit 22, a policy setting unit 23, an update flag control unit 24, and a change history storage control unit 25, as shown in Figure 5.

In the following description, the policy detection unit 22 through the change history storage control unit 25 are implemented as software programs based on a log policy management program. However, all or part of the policy detection unit 22 through the change history storage control unit 25 may also be implemented as hardware. In either case, the same effects described below can be achieved.

The policy detection unit 22 references the following storage units (configuration information management master table 11 to setting master table 13) based on the determination target (policy determination target such as company name or worker) that will be the service provider, the log policy target (server name) to which policy information that controls the acquisition of log information will be applied, the log setting classification (server role or work content) that indicates the type of log information collected for each log policy target, the policy level (operation status or worker rank) that indicates the information processing format of the acquired log information, and the associated policy information to be set. The policy detection unit 22 then detects policy information that corresponds to the determination target, log policy target, log setting classification, and policy level.

The policy setting unit 23 sets the detected policy information as the applicable target for all corresponding log policies.

The update flag control unit 24 stores update flag information indicating a change in log setting classification (server role or work content), a change in policy level, or the addition of a new log policy target (server function 53 or server device 63) in the storage unit (configuration information management master table 11) in association with the log policy target whose log setting classification or policy level has been changed, or the added log policy target.

In this case, the policy detection unit 22 detects policy information for the log policy target for which update flag information is set from the storage unit (configuration information management master table 11). The policy setting unit 23 also sets the policy information detected from the storage unit (configuration information management master table 11 to setting master table 13) for the log policy target for which update flag information is set.

In the first embodiment, the log setting classification is the role (server role) of the target to which the log policy is applied, and the policy level is the operating status of the target to which the log policy is applied (see Figure 6). In this case, the policy detection unit 22 detects policy information corresponding to the role and operating status of the target to which the log policy is applied from the storage unit (configuration information management master table 11 to setting master table 13).

In addition, when the role of any log policy target is changed, or when the operating status of any log policy target is changed to another operating status, the update flag control unit 24 sets update flag information for the corresponding log policy target and stores it in the storage unit (configuration information management master table 11).

In addition, after the policy information is set, the update flag control unit 24 erases the update flag information for the log policy application target from the storage unit (configuration information management master table 11).

The change history storage control unit 25 increments the master change history, which indicates that the policy information in the storage unit (configuration information management master table 11) has been changed, each time a change is made to the policy information.

In addition, policy information is set in the storage unit (configuration information management master table 11 to setting master table 13) via the setting terminal device 51.

The policy setting unit 23 communicates with each log policy target via a firewall (firewall function 54) that allows only one-way communication from the policy setting unit 23 to each log policy target.

(Policy information setting operation)
Next, the operation of setting policy information for each server function 53 in the log policy management device 1 according to the first embodiment will be described.

First, for the server functions 53 that set policy information as described above, the update flag control unit 24 adds update flag information of "1" to the configuration information management master table 11 shown in Figure 9. The example in Figure 9 shows an example in which update flag information of "1" has been added to all server functions 53 of companies A to C.

Based on the operating status of each server function 53, the policy detection unit 22 references the policy master table 12 shown in Figure 7 and detects the policy number (Policy01 to Policy05) for each server function 53 for which update flag information is set.

The policy detection unit 22 also references the setting master table 13 shown in FIG. 8 based on the server role and policy number of the server function 53 for which the update flag information is set. The policy detection unit 22 then detects policy information indicating the information processing format of the acquired log information that corresponds to the server role and policy number of the server function 53 for which the update flag information is set.

The policy setting unit 23 sets the policy information detected by the policy detection unit 22 for the server functions 53 for which update flag information has been set, as shown in FIG. 10. In this example, as described above, update flag information of "1" has been added to all server functions 53. Therefore, the policy setting unit 23 sets policy information for all server functions 53, as shown in FIG. 10, that indicates the information processing format for log information according to the operating status and server role of each server function 53.

Once the policy information is set in this manner, the update flag control unit 24 erases the update flag information for the server function 53 for which the policy information has been set from the configuration information management master table 11, as shown in Figure 11. The example in Figure 11 shows that the policy information setting for all server functions 53 of companies A to C has been completed, and the update flag information attached to each of the server functions 53 of companies A to C has been erased.

The update flag control unit 24 re-adds update flag information to the server function 53 for which policy information is being changed. Then, the policy setting unit 23 sets policy information corresponding to the current operating status and role for the server function 53 to which the update flag information has been added.

In addition, as shown in FIG. 11, the change history storage control unit 25 increments the master change history in the configuration information management master table 11, which indicates that the policy information has been changed, each time the policy information is changed. In this example, since this is the first time that policy information is set for each server function 53, a master change history of "1 (time)" is set for each server function 53. When the policy information is changed, the master change history for that server function 53 is incremented by one by the change history storage control unit 25 to "2 (times)."

(When the operating status changes to another operating status)
Next, as shown in Figure 12(a), the initial operating status of server function 53 of "xxx101" of Company A was "before and after operation," but this operating status is changed to the operating status of "failure" as shown in Figure 12(b) via the setting terminal device 51. Also, as shown in Figure 12(a), the initial operating status of server function 53 of "xxx301" of Company C was "failure," but this operating status is changed to the operating status of "stable operation" as shown in Figure 12(b) via the setting terminal device 51.

As shown in Figure 12 (b), the update flag control unit 24 adds an update flag of "1" to the server function 53 "xxx101" of Company A and the server function 53 "xxx301" of Company C, whose operating status has changed.

The policy detection unit 22 references the policy master table 12 shown in Figure 7 and the setting master table 13 shown in Figure 8 under the conditions that the server role of server function 53 of Company A's "xxx101" is "DB" and the operating status has changed to "failure." In this case, the policy detection unit 22 detects "Policy05," which is the policy number for "failure," from the policy master table 12.

The policy detection unit 22 also detects from the setting master table 13 shown in Figure 8 that the policy information for "Policy05" in the role of "DB" is "The maximum log size of the database log is set to 2000 MB, and when the amount of acquired database log (log size) reaches this maximum log size of 2000 MB, this 2000 MB database log is stored (archived) in the storage unit 2." The policy setting unit 23 then sets the detected policy information in the server function 53 of "xxx101" of Company A, as shown in Figure 13.

As a result, server function 53 of Company A's "xxx101" processes database log information in the information processing format of the configured policy information "Policy05."

In this way, when the previous policy information is changed to other policy information and set, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company A's "xxx101" by one. In this case, the master change history for the server function 53 of Company A's "xxx101" is incremented from "1 (time)" to "2 (times)."

Similarly, as shown in Figure 12 (b), the server roles of server function 53 of "xxx301" of Company C are "DB," "WEB," and "AD," and the operation status has changed to "stable operation." Therefore, under these conditions, the policy detection unit 22 references the policy master table 12 shown in Figure 7 and the setting master table 13 shown in Figure 8. In this case, the policy detection unit 22 detects "Policy04," which is the policy number for "stable operation," from the policy master table 12.

The policy detection unit 22 also detects policy information for "Policy04" for the roles of "DB," "WEB," and "AD" from the setting master table 13 shown in Figure 8. In this example, the log information corresponding to the roles of "DB," "WEB," and "AP" is database log information, IIS log information, and product A's own log information.

In addition, regardless of the role, the policy information for "Policy04" is policy information that "the maximum log size of log information is 500 MB, and when the amount of acquired log information (log size) reaches this maximum log size of 500 MB, this 500 MB of log information is stored (archived) in the storage unit 2." The policy setting unit 23 sets this policy information in the server function 53 of "xxx301" at Company C, as shown in Figure 13.

As a result, in server function 53 of Company C's "xxx301," database log information, IIS log information, and product A's unique log information are processed in the information processing format of the configured policy information for "Policy04."

In this way, when the previous policy information is changed to other policy information and set, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company C's "XXX301" by one. In this case, the master change history for the server function 53 of Company C's "XXX301" is incremented from "1 (time)" to "2 (times)."

(When a server role is added to a server device)
Next, assume that "AP" is set as the server role of server function 53 of "xxx102" of Company A as shown in Figure 14(a), but in addition to this "AP" role, a server role of "WEB" is set as shown in Figure 14(b). This setting is performed by an administrator or the like via setting terminal device 51 shown in Figure 1.

As shown in Figure 14(b), the update flag control unit 24 adds an update flag of "1" to the server function 53 of "xxx102" of Company A, to which the server role of "WEB" has been newly added.

If the server roles of server function 53 of Company A's "xxx102" are "AP" and "WEB" and the operating status is "pre- and post-operation," the policy detection unit 22 references the policy master table 12 shown in FIG. 7 and the setting master table 13 shown in FIG. 8 under these conditions. In this case, the policy detection unit 22 detects "Policy03," which is the policy number for "pre- and post-operation," from the policy master table 12. The policy detection unit 22 also detects the policy information for "Policy03" for the roles of "AP" and "WEB." In this example, the log information corresponding to the roles of "AP" and "WEB" is product A's own log information and IIS log information.

In addition, regardless of the role, the policy information for "Policy03" is policy information that states, "The maximum log size of log information is 1000 MB, and when the amount of acquired log information (log size) reaches this maximum log size of 1000 MB, this 1000 MB of log information is stored (archived) in the storage unit 2." The policy setting unit 23 sets this policy information in the server function 53 of "xxx102" of Company A, as shown in Figure 15.

As a result, in server function 53 of Company A's "xxx102," product A's unique log information and IIS log information are processed in the information processing format of the configured policy information "Policy03."

In this way, when the previous policy information is changed to other policy information and set, the change history storage control unit 25 increments the master change history shown in Figure 11 for the server function 53 of Company A's "xxx102" by one. In this case, the master change history for the server function 53 of Company A's "xxx102" is incremented from "1 (time)" to "2 (times)."

(When the number of managed server devices is increased)
Next, as shown in FIG. 16(a), the number of server functions 53 managed by the log policy management device 1 in the first embodiment was "6 units", but as shown in FIG. 16(b), one server function 53 of "xxx401" of Company D is added.

When a server function 53 is added, the administrator registers (stores) the company name (Company D), server name (XXX401), server role (DB and AP), and operation status (preparation for operation) of the added server function 53 in the configuration information management master table 11 via the setting terminal device 51 shown in Figure 1, as shown in Figure 16 (b).

Furthermore, as shown in FIG. 16(b), the update flag control unit 24 adds an update flag of "1" to the added server function 53 of Company D's "xxx401." This update flag may be set by the administrator via the setting terminal device 51.

Next, the server roles of the added server function 53 of "xxx401" of Company D are "DB" and "AP," and the operating status is "preparation for operation." Therefore, under these conditions, the policy detection unit 22 references the policy master table 12 shown in FIG. 7 and the setting master table 13 shown in FIG. 8. In this case, the policy detection unit 22 detects "Policy01," which is the policy number for "preparation for operation," from the policy master table 12. The policy detection unit 22 also detects the policy information for "Policy01" in the roles of "DB" and "AP."

In this example, the log information corresponding to the roles of "DB" and "AP" is database log information and product A's own log information. Furthermore, the policy information for "Policy01" is policy information that, regardless of the role, "the maximum log size of each log information is 100 MB, and each time the amount of acquired log information (log size) reaches the maximum log size of 100 MB, new 100 MB of log information is overwritten over the acquired log information." The policy setting unit 23 sets this policy information in the server function 53 of "xxx401" of Company D, which was added as shown in Figure 17.

As a result, in the added server function 53 of Company D's "xxx401," database log information and product A's unique log information will be processed in the information processing format of the configured policy information for "Policy01."

In this example, the policy information settings are the initial settings, so the change history storage control unit 25 sets the master change history shown in Figure 11 for the added server function 53 of Company D's "xxx401" to "1 (time)" (does not increment).

(Effects of the first embodiment)
In a cloud system or a data center or the like that includes multiple terminal devices, the type of log information acquired by each server function 53 and the information processing format differ depending on the system control level desired by the client who operates the system or the client's system implementation process, etc. This has led to a problem that acquiring and managing the log information of each server function 53 becomes complicated and tedious. This problem becomes more pronounced as the number of server functions 53 to be managed increases.

For this reason, the log policy management device 1 of the first embodiment centrally manages policy information that indicates the information processing format for log information and is set for each server function 53 according to the server role provided by the server function 53 and the operating status of the server function 53. This policy information is then reflected in each corresponding server function 53 in a lump sum in accordance with changes in the operating status, etc.

This allows for simple and easy centralized management of the information processing format of log information in each server function 53.

Second Embodiment
Next, a log policy management system according to a second embodiment of the present invention will be described. The first embodiment described above is an example in which a virtual server function 53 for each policy judgment target (each company) is constructed within the log policy management device 1, and policy information is set for this server function 53. In contrast, the log policy management system according to the second embodiment is an example in which the log policy management device is connected to a setting terminal device and server devices that serve as environmental units for each policy judgment target via the same or multiple different networks, such as the Internet or a LAN (Local Area Network), for example.

Note that the configuration of the log policy management device in the log policy management system of this second embodiment may also be configured with virtual server functions, as in the first embodiment described above. Even in this case, the same effects as those described below can be obtained.

Furthermore, in the description of this second embodiment, parts that show the same operations as those in the first embodiment described above will be designated by the same reference numerals as those in the first embodiment described above, and redundant description will be omitted.

As shown in Figures 18 and 19, this second embodiment of the log policy management system is configured by interconnecting a configuration terminal device 61, each server device 63, and a log policy management device 70 via the same network 60, such as a LAN. Furthermore, a router device 64, which functions as a firewall as described above, is provided between each server device 63 and the log policy management device 70.

As shown in FIG. 20, the configuration information management master table 81 has the work content and worker rank set for each server device 63 for employees A through E. Specifically, the work content "data correction" is set for employee A's server device 63 with the server name "xxx101." Employee A's worker rank is set to "A." Employee B's work content "file import" is set for employee B's server device 63 with the server name "xxx102." Employee B's worker rank is set to "B."

Furthermore, the task "File export" has been set for employee C's server device 63 with the server name "xxx201". Employee C's worker rank has been set to "C". Employee D's server device 63 with the server name "xxx202" has been set to "System shutdown". Employee D's worker rank has been set to "A". Employee E's server device 63 with the server name "xxx203" has been set to "File import", "File export", and "Investigation". Employee E's worker rank has been set to "C".

In the policy master table 82, a policy number for policy information is set for each worker rank, as shown in Figure 21. Specifically, the policy number "Policy01" is set for worker rank "A." The policy number "Policy02" is set for worker rank "B." The policy number "Policy03" is set for worker rank "C."

As shown in Figure 22, the setting master table 83 stores the type of log information acquired for each task, the upper limit on the amount of log information acquired (maximum log size (MB)), and the information processing format (policy information) indicated by the policy number to be performed according to each worker rank when the amount of log information acquired reaches the maximum log size (MB).

Specifically, when the server device 63 for which the work content is "data correction" has a worker's work rank of "A," if the acquired database log information exceeds, for example, "100 MB," it performs information processing to overwrite the database log information acquired up to that point (Policy 01). Furthermore, when the server device 63 for which the work content is "data correction" has a worker's work rank of "B," if the acquired database log information exceeds, for example, "500 MB," it performs information processing to overwrite the database log information acquired up to that point (Policy 02).

Furthermore, when the server device 63 for which the work content is "data correction" has a worker's work rank of "C," if the acquired database log information exceeds, for example, "1,000 MB," it performs information processing (archiving) to store the database log information acquired up to that point in the storage unit 2 (Policy 03).

Similarly, a server device 63 whose work content is "file import" acquires "file access log information." If the worker's work rank is "A," and the acquired file access log information exceeds, for example, "100 MB," it performs information processing to overwrite the file access log information acquired up to that point (Policy 01). Furthermore, if the worker's work rank is "B," a server device 63 whose work content is "file import" acquires information processing to overwrite the file access log information acquired up to that point when the acquired file access log information exceeds, for example, "500 MB" (Policy 02).

Furthermore, when the worker's task rank is "C," the "file import" server device 63 performs information processing (archive) to store the file access log information acquired up to that point in the storage unit 2 when the acquired file access log information exceeds, for example, 1,000 MB (Policy 03).

(Functional configuration of the log policy management device)
Next, the control unit 3 executes the log policy management program stored in the memory unit 2, and functions as a policy detection unit 42, a policy setting unit 43, an update flag control unit 44, and a change history storage control unit 45, as shown in FIG. 19.

The following explanation assumes that the policy detection unit 42 through the change history storage control unit 45 are implemented as software programs based on a log policy management program. However, all or part of the policy detection unit 42 through the change history storage control unit 45 may also be implemented as hardware. In either case, the same effects described below can be achieved.

In this second embodiment, the log setting classification is the work content of the log policy target (server device 63), and the policy level is the worker rank of the worker performing work on the log policy target (see Figure 20).

The policy detection unit 42 detects policy information corresponding to the work content and worker rank of the log policy application target (server device 63) from the storage unit (configuration information management master table 81 in Figure 20, policy master table 82 in Figure 21, and setting master table 83 in Figure 22).

When the work content of any log policy target (server device 63) is changed, or when the worker rank of any log policy target is changed, the update flag control unit 44 sets update flag information for the corresponding log policy target and stores it in the memory unit (configuration information management master table 81 in Figure 20).

In addition, after the policy information is set, the update flag control unit 44 erases the update flag information for the log policy application target from the storage unit (configuration information management master table 81 in Figure 20).

The change history storage control unit 45 increments the master change history indicating that the policy information in the storage unit (configuration information management master table 81 in Figure 20) has been changed each time the policy information is changed.

In addition, policy information is set in the storage unit (configuration information management master table 81 to setting master table 83) via the setting terminal device 61 (see Figure 19).

In addition, when a log policy application target (server device 63) is added, the policy setting unit 43 sets policy information corresponding to the work content and worker rank of the added log policy application target, detected by the policy detection unit 42, to the added log policy application target.

In addition, the policy setting unit 43 communicates with each log policy target via a firewall (router device 64) that is located between each log policy target and the log policy management device 70 and allows only one-way communication from the log policy management device 70 to each log policy target (server device 63).

(Policy information setting operation)
Next, the operation of setting policy information for each server device 63 in the log policy management device 70 according to the second embodiment will be described.

First, for the server device 63 that sets policy information as described above, the update flag information of "1" is added by the update flag control unit 44 in the configuration information management master table 81 shown in Figure 20. The example in Figure 20 shows an example in which update flag information of "1" is added to all server devices 63 for employees A through E.

The policy detection unit 42 references the configuration information management master table 81 shown in FIG. 20 based on the work content of the server device 63 for which update flag information is set, and detects the worker rank of each employee of each server device 63.

The policy detection unit 42 also detects the policy number corresponding to each task rank by referencing the policy master table 82 based on the detected worker rank. The policy detection unit 22 then detects the task content of the server device 63 for which update flag information is set and the policy information corresponding to the detected policy number from the setting master table 83 shown in FIG. 22.

The policy setting unit 43 sets the policy information detected by the policy detection unit 42 for the server devices 63 for which update flag information has been set, as shown in FIG. 23. In the example above, update flag information of "1" was added to all server devices 63. Therefore, the policy setting unit 43 sets policy information for all server devices 63, as shown in FIG. 23, that indicates the information processing format for log information according to the work content and worker rank of each server device 63.

Once the policy information is set in this manner, the update flag control unit 44 erases the update flag information for the server device 63 for which the policy information was set from the configuration information management master table 81, as shown in FIG. 24. The example in FIG. 24 shows that the policy information setting for all server devices 63 for employees A through E has been completed, and the update flag information attached to each of the server devices 63 for employees A through E has been erased.

When it becomes necessary to change the policy information, the update flag information is added again by the update flag control unit 44. Then, the policy setting unit 43 sets policy information for the server device 63 to which the update flag information has been added, corresponding to the work content of that server device 63 and the worker rank of the worker.

In addition, as shown in FIG. 24, the change history storage control unit 45 increments the master change history in the configuration information management master table 81, which indicates that the policy information has been changed, each time the policy information is changed. In this example, since this is the first time that policy information has been set for each server device 63, the master change history for each server device 63 is set to "1 (time)." In addition, the change history storage control unit 45 increments the master change history by one to "2 (times)" for the server device 63 for which the policy information has been changed the next time.

(When the worker rank is changed)
Next, as shown in Figure 25(a), it is assumed that the worker rank of employee A on the server device 63 of "xxx101" was "A," but this worker rank was changed to "B" as shown in Figure 25(b) by an administrator or the like via the setting terminal device 61. Also, as shown in Figure 25(a), it is assumed that the worker rank of employee C on the server device 63 of "xxx201" was "C," but this worker rank was changed to "B" as shown in Figure 25(b) by an administrator or the like via the setting terminal device 61.

As shown in FIG. 25(b), the update flag control unit 24 adds an update flag of "1" to the server device 63 for employee A's "XXX101" and the server device 63 for employee C's "XXX201," whose worker rank has been changed.

As shown in Figure 25(b), the worker rank of employee A on server device 63 "xxx101" has changed from "A" to "B," so the policy detection unit 42 references the policy master table 82 shown in Figure 21 and the setting master table 83 shown in Figure 22 under this condition. In this case, the policy detection unit 42 detects "Policy02," which is the policy number for worker rank "B," from the policy master table 82.

The policy detection unit 42 also detects from the setting master table 83 shown in FIG. 22 the policy information for "Policy02" in the "Data Modification" task content, which states that "The maximum log size of the database log is 500 MB, and when the amount of acquired database log information (log size) reaches the maximum log size of 500 MB, this 500 MB of database log information is overwritten over previous database log information." The policy setting unit 23 then sets the detected policy information in the server device 63 for employee A's "XXX101," as shown in FIG. 26.

As a result, on employee A's server device 63 at "xxx101," database log information is processed in the information processing format of the configured policy information "Policy02."

In this way, when the previous policy information is changed to other policy information, the change history storage control unit 25 increments the master change history shown in FIG. 24 for employee A's server device 63 "xxx101" by one. In this case, the master change history for employee A's server device 63 "xxx101" is incremented from "1 (time)" to "2 (times)."

Similarly, as shown in Figure 25(b), employee C's worker rank has changed from "C" to "B." Therefore, the policy detection unit 42 references the policy master table 82 shown in Figure 21 and detects the policy number of "Policy02" corresponding to worker rank "B."

The policy detection unit 42 also detects policy information for "Policy02" for the "File Export" task from the setting master table 83 shown in FIG. 22. In this example, the policy information for "Policy02" is policy information that states, "The maximum log size of file access log information is 500 MB, and when the amount of acquired file access log information (log size) reaches this maximum log size of 500 MB, the previous file access log information is overwritten with this 500 MB file access log information." The policy setting unit 23 sets this policy information in the server device 63 for employee C's "xxx201," as shown in FIG. 26.

As a result, on employee C's server device 63 at "xxx201," file access log information is processed in the format specified by the policy information in "Policy02."

In this way, when the previous policy information is changed to other policy information and set, the change history storage control unit 25 increments the master change history shown in FIG. 24 for employee C's server device 63 "xxx201" by one. In this case, the master change history for employee C's server device 63 "xxx201" is incremented from "1 (time)" to "2 (times)."

(If additional work is required for the server equipment)
Next, as shown in Fig. 27(a), "file import" was set as the work content for employee B's server device 63 at "xxx102," but as shown in Fig. 27(b), the work content of "system shutdown" is additionally set. This setting is made by an administrator or the like via the setting terminal device 61 shown in Fig. 18.

As shown in Figure 27 (b), the update flag control unit 24 adds an update flag of "1" to the server device 63 for employee B's "XXX102," to which the work content "System shutdown" has been added.

The policy detection unit 42 references the policy master table 82 shown in FIG. 21 and the setting master table 83 shown in FIG. 22 under the conditions that the work content of employee B's server device 63 at "xxx102" is "file import" and "system shutdown," and the worker rank is "B." In this case, the policy detection unit 42 detects "Policy02," which is the policy number for worker rank B, from the policy master table 82. The policy detection unit 42 also references the setting master table 83 to detect the policy information for "Policy02," which corresponds to the work content of "file import" and "system shutdown."

For both "File Import" and "System Shutdown" tasks, the policy information for "Policy02" states that "the maximum log size for log information is 500 MB, and when the amount of acquired log information (log size) reaches this maximum log size of 500 MB, the previous log information is overwritten with this 500 MB of log information." The policy setting unit 23 sets this policy information in employee B's server device 63 at "xxx102," as shown in Figure 28.

As a result, on employee B's server device 63 at "xxx102," file access log information and fault monitoring log information are processed in the information processing format of the policy information "Policy02."

In this way, when the previous policy information is changed to other policy information, the change history storage control unit 25 increments the master change history shown in FIG. 24 for employee B's server device 63 "xxx102" by one. In this case, the master change history for employee B's server device 63 "xxx102" is incremented from "1 (time)" to "2 (times)."

(When the number of managed server devices is increased)
Next, suppose that the number of server devices 63 managed by the log policy management device 1 of the embodiment was "five" as shown in FIG. 29(a), but that one server device 63 for employee F's "XXX301" is added as shown in FIG. 29(b).

When a server device 63 is added, the administrator registers (stores) the operator (employee F), server name (XXX301), work content (data correction), and operator rank (A) of the added server device 63 in the configuration information management master table 81 via the setting terminal device 61 shown in Figure 18, as shown in Figure 29 (b).

In addition, as shown in Figure 29 (b), the update flag control unit 24 adds an update flag of "1" to the server device 63 for the added employee F's "XXX301." This update flag may be set by the administrator via the setting terminal device 61.

Next, the work content of the server device 63 for the added employee "xxx301" of Company F is "data modification," and the worker rank is "A." Therefore, based on the worker rank of "A," the policy detection unit 42 references the policy master table 82 shown in FIG. 21 and detects the policy number of "Policy01." The policy detection unit 42 also references the setting master table 83 shown in FIG. 22 based on the work content of "data modification" and the policy number of "Policy01." The policy detection unit 42 detects policy information that states, "The maximum log size of each piece of database log information is 100 MB, and each time the amount of acquired database log information (log size) reaches the maximum log size of 100 MB, new 100 MB of database log information is overwritten over the acquired database log information." The policy setting unit 23 sets this policy information in the server device 63 for employee F's "xxx301," as shown in FIG. 30.

As a result, on the server device 63 for "XXX301" of the added employee F, the database log information will be processed in the information processing format of the configured policy information "Policy01."

In this example, the policy information settings are the initial settings, so the change history storage control unit 25 will set the master change history shown in Figure 24 for the server device 63 "xxx301" for the added employee F to "1 (time)" (not incremented).

(Effects of the second embodiment)
As is clear from the above description, the log policy management system of the second embodiment centrally manages, in the log policy management device 70, policy information for setting the information processing mode of log information according to the worker rank, etc., of the worker operating each server device 63. Then, this policy information is collectively reflected in server devices 63 whose worker rank, etc. has changed.

This allows for simple and easy centralized management of the information processing format of log information for each server device 63.

[Contribution to the United Nations-led Sustainable Development Goals (SDGs)]
The present invention can contribute to improving business efficiency and promoting appropriate management decisions by companies, thereby contributing to the achievement of SDGs goals "8" and "9."

Furthermore, this invention can contribute to reducing waste and promoting paperless and electronic systems, thereby contributing to SDGs goals 12, 13, and 15.

Furthermore, this invention can contribute to strengthening control and governance, thereby contributing to the achievement of Goal 16 of the SDGs.

Other Embodiments
The present invention can be implemented in various different forms other than the above-described embodiments within the scope of the technical concept described in the claims.

For example, of the processes described in the embodiments, all or part of the processes described as being performed automatically may be performed manually. Alternatively, all or part of the processes described as being performed manually may be performed automatically using a known method, etc.

In addition, the processing procedures, control procedures, specific names, registered data for each process, information including parameters such as search conditions, screen examples, and database configurations shown in the specification or drawings may be changed as desired unless otherwise specified.

Furthermore, with regard to the log policy management device 1, 70, etc., the components shown in the figures are conceptual functional elements and do not necessarily have to have the physical configuration shown. For example, all or any part of the processing functions provided by the log policy management device 1, 70, particularly the processing functions performed by the control unit 3, may be implemented by a program interpreted and executed by the control unit 3 (CPU: Central Processing Unit), or may be implemented by hardware using wired logic.

The program is recorded on a non-transitory computer-readable recording medium containing programmed instructions for causing the log policy management device 1, 70, etc. to execute the processes described in the embodiments, and is mechanically read by the log policy management device 1, 70 as needed. That is, the storage unit 2, such as a ROM or HDD, stores a computer program that works in conjunction with the OS (Operating System) to issue instructions to the control unit 3 (CPU) and perform various processes. This computer program is loaded into RAM, expanded, and executed appropriately by the control unit 3.

In addition, the log policy management program of this log policy management device 1, 70 may be stored on another server device connected to the log policy management device 1, 70 via any network, and all or part of it may be downloaded and executed as needed.

In addition, the log policy management program for executing the processing described in the embodiments may be stored on a non-transitory computer-readable recording medium, or may be configured as a program product.

Here, "recording media" includes memory cards, USB (Universal Serial Bus) memory, SD (Secure Digital) cards, flexible disks, magneto-optical disks, ROMs, EPROMs (Erasable Programmable Read Only Memory), EEPROMs (registered trademark) (Electrically Erasable and Programmable Read Only Memory), CD-ROMs (Compact Disk Read Only Memory), MOs (Magneto-Optical Disks), DVDs (Digital Versatile Disks), etc. Any "portable physical media" such as a Blu-ray Disc (registered trademark) or a Blu-ray Disc can be used.

Furthermore, a "program" is a data processing method written in any language or writing method, regardless of the format, such as source code or binary code.

Note that a "program" is not necessarily limited to a single structure, but also includes a structure that is distributed as multiple modules or libraries, and a structure that achieves its function by working together with other programs, such as an OS.

In addition, the specific configuration, reading procedure, and installation procedure after reading for reading the recording medium in the log policy management device 1, 70 of the embodiment can use well-known configurations or procedures.

The memory unit 2 is a storage means such as a memory device such as RAM or ROM, a fixed disk device such as a hard disk, a flexible disk, or an optical disk, and stores various programs, tables, databases, web page files, etc. used for various processes or to provide websites.

The log policy management device 1, 70 may be configured as an information processing device such as a known personal computer device or workstation, or may be configured as an information processing device to which any peripheral device is connected. The information processing device may also be implemented with software (including programs, data, etc.) that realizes the processing described in the embodiments.

Furthermore, the specific forms of distribution and integration of devices are not limited to those shown in the drawings, and all or part of them can be functionally or physically distributed or integrated in any unit depending on various additions or functional loads. In other words, the above-described embodiments may be selectively implemented by combining them in any way.

The present invention is suitable for use in industries that manage many terminal devices, such as cloud service businesses and in-house systems for companies.

REFERENCE SIGNS LIST 1 Log policy management device 2 Storage unit 3 Control unit 4 Communication interface unit 5 Input/output interface unit 6 Input device 7 Output device 11 Configuration information management master table 12 Policy master table 13 Setting master table 22 Policy detection unit 23 Policy setting unit 24 Update flag control unit 25 Change history storage control unit 42 Policy detection unit 43 Policy setting unit 44 Update flag control unit 45 Change history storage control unit 50 Network (LAN)
51 Setting terminal device 53 Virtual server function 54 Firewall function 60 Network (LAN)
61 Setting terminal device 63 Server device 64 Router device 70 Log policy management device 81 Configuration information management master table 82 Policy master table 83 Setting master table

Claims (17)

a policy detection unit that references a storage unit in which a determination target that is a service provider, a log policy target to which policy information that controls the acquisition of log information is applied, a log setting classification that indicates the type of log information to be collected for each of the log policy target, a policy level that indicates the information processing mode of the acquired log information, and policy information to be set are associated, based on the determination target, the log policy target, the log setting classification, and the policy level, and detects the policy information corresponding to the determination target, the log policy target, the log setting classification, and the policy level;
a policy setting unit that sets the detected policy information as a target for applying the corresponding log policy;
A log policy management device having: an update flag control unit that stores update flag information indicating a change in the log setting classification, a change in the policy level, or an addition of a new log policy application target in the storage unit in association with the log policy application target whose log setting classification or policy level has been changed or the added log policy application target,
the policy detection unit detects, from the storage unit, the policy information for the log policy application target for which the update flag information is set,
the policy setting unit sets the policy information detected from the storage unit to the log policy application target for which the update flag information is set;
2. The log policy management device according to claim 1, wherein: The log setting classification is a role to which the log policy is applied;
the policy level is an operating status of an object to which the log policy is applied,
the policy detection unit detects, from the storage unit, the policy information corresponding to the role and the operating status of the target to which the log policy is applied;
3. The log policy management device according to claim 2, wherein: when the role of any of the log policy target objects is changed, or when the operating status of any of the log policy target objects is changed to another operating status, the update flag control unit sets the update flag information for the corresponding log policy target object and stores the update flag information in the storage unit;
4. The log policy management device according to claim 3, wherein: the update flag control unit erases the update flag information to which the log policy is applied from the storage unit after the policy information is set;
5. The log policy management device according to claim 4, wherein: a change history storage control unit that increments a master change history indicating that the policy information in the storage unit has been changed each time the policy information is changed;
6. The log policy management device according to claim 5, the policy information is set in the storage unit via a setting terminal device;
7. The log policy management device according to claim 6, wherein: the policy setting unit communicates with each of the log policy application targets via a firewall that allows only one-way communication from the policy setting unit to each of the log policy application targets;
8. The log policy management device according to claim 1, wherein: The log setting classification is the work content to which the log policy is applied,
the policy level is a worker rank of a worker who performs work on a target to which the log policy is applied,
the policy detection unit detects, from the storage unit, the policy information corresponding to the work content and the worker rank to which the log policy is to be applied;
3. The log policy management device according to claim 2, wherein: the update flag control unit, when the work content is changed in any of the log policy application targets or when the worker rank of the worker in any of the log policy application targets is changed, sets the update flag information for the corresponding log policy application target and stores it in the storage unit;
10. The log policy management device according to claim 9, wherein: the update flag control unit erases the update flag information to which the log policy is applied from the storage unit after the policy information is set;
11. The log policy management device according to claim 10, a change history storage control unit that increments a master change history indicating that the policy information in the storage unit has been changed each time the policy information is changed;
The log policy management device according to claim 11, the policy information is set in the storage unit via a setting terminal device;
13. The log policy management device according to claim 12, wherein: when the log policy application target is increased, the policy setting unit sets the policy information corresponding to the work content and the worker rank of the increased log policy application target detected by the policy detection unit to the increased log policy application target;
The log policy management device according to claim 13, the policy setting unit communicates with each of the log policy target objects via a firewall that is provided between each of the log policy target objects and the log policy management device and that allows only one-way communication from the log policy management device to each of the log policy target objects;
15. The log policy management device according to claim 9, wherein: a policy detection step in which a policy detection unit refers to a storage unit in which a determination target that is a service provider, a log policy target to which policy information that controls the acquisition of log information is applied, a log setting classification that indicates the type of log information to be collected for each of the log policy target, a policy level that indicates the information processing mode of the acquired log information, and policy information to be set are associated, based on the determination target, the log policy target, the log setting classification, and the policy level, and detects the policy information corresponding to the determination target, the log policy target, the log setting classification, and the policy level;
a policy setting step in which a policy setting unit sets the detected policy information as a target for application of the corresponding log policy;
A log policy management method comprising: Computer,
a policy detection unit that references a storage unit in which a determination target that is a service provider, a log policy target to which policy information that controls the acquisition of log information is applied, a log setting classification that indicates the type of log information to be collected for each of the log policy target, a policy level that indicates the information processing mode of the acquired log information, and policy information to be set are associated, based on the determination target, the log policy target, the log setting classification, and the policy level, and detects the policy information corresponding to the determination target, the log policy target, the log setting classification, and the policy level;
a policy setting unit that sets the detected policy information as a target for application of the corresponding log policy;
A log policy management program that features: