JP2015046060A - Log management device, log management system, control method therefor, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a log management device, a log management system, its control method and a program for allowing a user to easily confirm a log whose audit has been interrupted.SOLUTION: An audit log to be audited which is coincident with an audit rule is extracted. The extracted audit log is transmitted so as to be displayed on the display screen of a client device. The information of an audit interruption log whose audit has been interrupted is received, and an interruption log audit rule as a new audit rule for extracting, from the extracted audit logs, a log stored in association with the audit interruption log as the audit interruption log by using the received information of the received audit interruption log is generated. The audit interruption log is stored, and whether or not the stored audit interruption log has been audited is determined, and in the case that the audit interruption log has been audited, the interruption log audit rule is invalidated.

Description

  The present invention relates to a log management device, a log management system, a control method thereof, and a program.

  In recent years, with the spread of printing apparatuses such as multifunction peripherals, the number and types of documents to be printed are increasing. In companies and the like, logs are audited from the viewpoints of preventing leakage of confidential information from printed materials, scanned data, etc., and confirming subsequent trails. For example, a list of logs is displayed on the display screen of the terminal, and the user is checked whether there is a problem with the logs.

  In the technique described in Patent Document 1, in order to prevent a complicated search for a desired log from a large amount of print logs and automatic deletion of necessary print logs due to a log storage upper limit, the user who instructs printing sets the print data. There is a description for preventing accumulation of unnecessary logs on the basis of information on whether or not to save the recorded logs.

  In some cases, the auditor performs not only the audit work but also the normal work that is a child of the auditor's tag in parallel. Therefore, the efficiency of the audit work process is required. On the other hand, a technique is disclosed in which priority is given to auditing and information is presented to the user (for example, Patent Document 1).

JP 2012-208944 A

  While there is a need to increase audit efficiency within a limited time, for example, when it becomes necessary to deal with other high-priority tasks, or when detailed audits of specific logs occur due to lack of time. There are cases where priority is given to auditing logs that can be easily processed later. In other words, there may be a situation where the audit work for a specific log must be postponed.

  When auditing is resumed, for example, if it takes time to identify and confirm the log for which the previous audit was interrupted, the efficiency of the entire auditing work will be reduced.

  It is an object of the present invention to provide a log management device, a log management system, a control method thereof, and a program that allow a user to easily check a log for which auditing has been interrupted later.

  The log management apparatus according to the present invention includes an audit rule storage unit that stores an audit rule that extracts a log to be audited from a stored log and that can communicate with a client device that includes a display screen that displays the log to audit the log. An audit log extracting unit for extracting an audit log that is a log that matches an audit rule stored in the audit rule storage unit and is to be audited from the stored log; Transmitting means for transmitting the log extracted by the audit log extracting means to be displayed on the display screen of the client device, Audit interruption information receiving means for receiving information on the audit interruption log where the audit has been interrupted from the client device, Using the audit interruption log information received by the audit interruption information receiving means, from the audit log extracted by the audit log extraction means, the audit Interrupt log audit rule generating means for generating an interrupt log audit rule that is a new audit rule for extracting a log stored in association with the interrupt log as the audit interrupt log, and an audit interrupt log storage for storing the audit interrupt log Means for determining whether the audit interruption log stored in the audit interruption log storage means has been audited, and in the determination means, the audit interruption log stored in the audit interruption log storage means is audited And an invalid control means for invalidating the interruption log audit rule when determined.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to provide the log management apparatus, log management system, its control method, and program which can make a user easily confirm the log which interrupted auditing later.

It is a figure which shows an example of the system configuration | structure of a log management system in embodiment of this invention. It is a figure which shows an example of the hardware constitutions of client PC and a server in embodiment of this invention. FIG. 2 is a diagram illustrating an example of a hardware configuration of a multifunction machine according to an embodiment of the present invention. It is a figure which shows an example of a function structure of each apparatus in embodiment of this invention. 6 is a flowchart illustrating a flow of print data storage processing in the embodiment of the present invention. 6 is a flowchart illustrating a flow from a printing process to a log storing process in the embodiment of the present invention. It is a flowchart which shows the outline | summary of the audit process in embodiment of this invention. It is a flowchart which shows the flow of a storage process of an audit interruption log in embodiment of this invention. It is a flowchart which shows the flow of the audit process of an audit interruption log in embodiment of this invention. It is a figure which shows an example of a structure of log information in embodiment of this invention. It is a figure which shows an example of a structure of user information in embodiment of this invention. It is a figure which shows an example of a structure of various rules in embodiment of this invention. It is a figure which shows an example of a structure of the log storage table in embodiment of this invention. It is a figure which shows an example of a structure of the bibliographic information of print data in embodiment of this invention. It is a figure which shows an example of a structure of the log list screen in embodiment of this invention. It is a figure which shows an example of a structure of the audit | amendment interruption log list screen in embodiment of this invention. It is a figure which shows an example of a structure of the audit rule setting screen in embodiment of this invention. It is a figure which shows an example of a structure of the menu screen in embodiment of this invention. It is a figure which shows an example of a structure of the detailed display screen of a log in embodiment of this invention. It is a figure which shows an example of a structure of the audit interruption log user list screen in embodiment of this invention.

  Hereinafter, a first embodiment of the present invention will be described in detail with reference to the drawings.

  With reference to FIG. 1, an example of the system configuration of the log management system in the embodiment of the present invention will be described. FIG. 1 is a diagram illustrating an example of a system configuration of a log management system according to an embodiment of the present invention.

  The log management server 100 is a server that receives log information (information such as a print log, a copy log, a FAX log, and a scan log) from the multi-function apparatus 300 and stores and manages it. The log management server 100 stores a filtering rule for specifying a log to be audited from the log, applies the rule to the received log, and logs to be audited (audit log / audit log). ) Is extracted and stored.

  Also, an audit interruption log (KEEP log) that has been designated via the client PC 200 is stored separately from the audit target log so as to be presented to the user. The audit interruption log is a log (KEEP) that is separately stored (KEEP) as an unaudited log so that an auditor (user) performs an audit later due to lack of time for audit work, for example. Stored as a log group different from the audit target log.

  For example, when there is no time to confirm the details of the log, the log is designated by the user (instructed to suspend auditing) to confirm details over time.

The client PC 200 and the client PC 250 generate print data and send it to the print server. In addition, a log management server is connected to display and audit logs stored in the log management server.
In the following description, it is assumed that the client PC 200 is a device used by a user who is an inspector, and the client PC 250 is a device used by a user who performs printing.

  The print server 150 receives print data from the client PC and stores it in the storage area in association with the user information. Further, bibliographic information (shown in FIG. 14) is generated from the print data and transmitted to the bibliographic information server 170.

  The bibliographic information server 170 stores the received bibliographic information in the storage area. The multifunction device 300 makes an authentication request to an authentication server (not shown) using the user information that has received the input (for example, an IC card is inserted into a card reader included in the multifunction device 300 and the IC card is detected. Accordingly, the card ID of the IC card is transmitted to the authentication server, and an authentication request is made using the user information registered in the authentication server in association with the card ID). A login process to the MFP 300 is performed.

  In order to display a list of print data of the logged-in user, the bibliographic information server 170 is requested and received bibliographic information of the print data of the user, and a print data list display screen is displayed.

  When a scan instruction, FAX transmission instruction, or copy instruction is accepted, processing is performed according to each instruction from the user, log information (operation log, image log, etc.) of each process is generated and transmitted to the log management server. .

  When the print instruction is received, the print data information for which the print instruction is accepted is transmitted to the bibliographic information server 170, and the bibliographic information server 170 stores the print data from the bibliographic information of the print data for which the print instruction is accepted. The destination print server (here, the print server 150) is specified, and the print server 150 is instructed to transmit print data to the multifunction device 300.

  In response to the instruction, the print server 150 transmits print data to the multifunction device 300, and the multifunction device 300 performs print processing using the print data. Then, the multifunction peripheral 300 generates a print log (operation log, image log of print data) and transmits it to the log management server 100. The LAN 101 is a network that connects the devices of the present system so that they can communicate with each other. The above is an explanation of an example of the system configuration of the log management system in the embodiment of the present invention shown in FIG.

  Next, an example of the hardware configuration of the client PC and the server in the embodiment of the present invention will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of a hardware configuration of the client PC and the server.

  In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS), which is a control program of the CPU 201, or a function executed by each server or each PC. Various programs to be described later are stored.

  A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

  An input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display device such as a CRT display (CRT) 210. In FIG. 2, although described as CRT 210, the display device is not limited to the CRT, but may be another display device such as a liquid crystal display. These are used by the administrator as needed.

  A memory controller 207 is connected to the hard disk (HD), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, etc. via an adapter. The access to the external memory 211 such as a compact flash (registered trademark) memory is controlled.

  A communication I / F controller 208 is connected to and communicates with an external device via a network (for example, the LAN 101 shown in FIG. 1), and executes communication control processing on the network. For example, communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. In addition, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 211, and a detailed description thereof will be described later. The above is an explanation of an example of the hardware configuration of the client PC and server in the embodiment of the present invention shown in FIG.

  Next, with reference to FIG. 3, an example of the hardware configuration of the multifunction peripheral according to the embodiment of the present invention will be described. FIG. 3 is a diagram illustrating an example of a hardware configuration of the multifunction peripheral according to the embodiment of the present invention.

  In FIG. 3, reference numeral 316 denotes a controller unit which is connected to a scanner 314 functioning as an image input device and a printer unit 312 functioning as an image output device, while being connected to a LAN (for example, the LAN 101 shown in FIG. 1) or a public line (WAN). ) (For example, PSTN or ISDN) to input / output image data and device information.

  In the controller unit 316, reference numeral 301 denotes a CPU, which is a processor that controls the entire system. A RAM 302 is a system work memory for the CPU 301 to operate, and is also a program memory for recording a program and an image memory for temporarily recording image data.

  A ROM 303 stores a system boot program and various control programs. A hard disk drive (HDD) 304 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 307 is an interface unit with the operation unit (keyboard) 308. Further, the operation unit I / F 307 serves to transmit the key information (for example, pressing of the start button) input from the operation unit 308 to the CPU 301.

  A network interface (Network I / F) 305 is connected to the network (LAN) 101. In addition, wireless communication is also possible, and connection is made with other devices by communication using infrared rays, Bluetooth (registered trademark), or Wi-Fi (registered trademark). Input and output data. A modem (MODEM) 306 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  Reference numeral 318 denotes an external interface (external I / F), which is an I / F unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In this embodiment, an IC card for a portable terminal required for authentication A card reader 319 for reading (storage medium) is connected to the external I / F unit 318. The CPU 301 can control reading of information from the IC card of the mobile terminal by the card reader 319 via the external I / F 318, and can acquire information read from the IC card of the mobile terminal. The above devices are arranged on the system bus 309.

Reference numeral 320 denotes an image bus interface (IMAGE BUS I / F), which is a bus bridge that connects the system bus 309 and an image bus 315 that transfers image data at high speed and converts the data structure.
The image bus 315 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 315.

  A raster image processor (RIP) 310 develops vector data such as a PDL code into a bitmap image. A printer interface (printer I / F) 311 connects the printer unit 312 and the controller unit 316 and performs synchronous / asynchronous conversion of image data. A scanner interface (scanner I / F) 313 connects the scanner 314 and the controller unit 316 and performs synchronous / asynchronous conversion of image data.

  An image processing unit 317 performs correction, processing, and editing on input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 317 performs image data rotation and compression / decompression processing such as JPEG for multi-valued image data and JBIG, MMR, MH for binary image data.

  The scanner unit 314 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 308, the CPU 301 gives an instruction to the scanner 314, and the feeder feeds the original paper one by one to read the original image. I do.

  The printer unit 312 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is ejected from a micro nozzle array directly on the paper. There is an inkjet method for printing an image, but any method may be used. The activation of the printing operation is started by an instruction from the CPU 301. The printer unit 312 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  The operation unit 308 has an LCD display unit, and a touch panel sheet is pasted on the LCD. The operation unit 308 displays an operation screen of the system. When a displayed key is pressed, the position information is displayed on the operation unit I / F 307. To the CPU 301 via The operation unit 308 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Note that the display unit has different display performance depending on the printer, and a printer that can be operated via a touch panel, a printer that simply has a liquid crystal screen and displays a character string (displays the print status and the name of the document being printed). Is structured.

  Here, the start key of the operation unit 308 is used when starting a document image reading operation. At the center of the start key, there are two color LEDs, green and red, which indicate whether or not the start key can be used. Further, the stop key of the operation unit 308 functions to stop the operation in operation. The ID key of the operation unit 308 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit.

  The card reader 319 reads information stored in an IC card (which may be provided in the portable terminal as an IC chip) under the control of the CPU 301, and reads the read information via the external I / F 318. To notify. Further, the card reader 319 corresponds to the NFC communication standard, and is configured to be able to read and write to an IC card or an IC chip of a portable terminal. In addition, when an NFC standard-compliant portable terminal is held over an NFC standard-compliant card reader, authentication is performed and the portable terminal is paired with a printer (multifunction device). Then, communication (P2P) can be established between the held portable terminal and the printer (multifunction machine) to perform data communication. In addition, it is also possible to take over communication (handover) to Bluetooth (registered trademark) or Wi-Fi (registered trademark), which are high-speed communication standards, and to perform communication between the portable terminal and the printer (multifunction device). For example, by holding the portable terminal over a card reader, an image stored in the portable terminal can be transmitted to a printer (multifunction machine). The details of the NFC communication standard are conventional techniques, and thus the description thereof will be omitted.

  In the above-described multifunction device 300, a platform for controlling the multifunction device 300 exists, and an authentication application for communicating with the authentication server is operating on the platform. The authentication application is stored in the HDD 304. An area on the HDD 304 is secured for a login context that is managed by the platform and stores user information at the time of login, and various setting information.

On the platform, an application in which the main body function of the MFP 300 is extended is installed and operating. These applications are executed using the platform API.
Through this platform, it is possible to control each function of the printer.

  In addition, the MFP 300 also stores a Web browser, and can also cooperate with the Web system. In this case, the screen received from the web application server is displayed using a web browser. A command instructed on the Web browser is requested to the Web application server, and the MFP 300 can execute an operation (scanning or print processing) by receiving the command from the Web application server.

  With the configuration as described above, the multifunction peripheral 300 can transmit the image data read from the scanner 314 to the LAN 101 and print out the print data received from the LAN 101 by the printer unit 312.

  Further, the image data read from the scanner 314 can be faxed to the public line by the modem 306, and the image data received by fax from the public line can be output by the printer unit 312. The above is an explanation of an example of the hardware configuration of the multifunction peripheral in the embodiment of the present invention shown in FIG.

  Next, an example of a functional configuration of each device in the embodiment of the present invention will be described with reference to FIG. FIG. 4 is a diagram illustrating an example of a functional configuration of each device in the embodiment of the present invention.

  The multifunction device 300 includes a print execution unit 431, a log information generation unit 432, a log information transmission unit 433, and the like. The print execution unit 431 is a processing unit that executes print processing in response to an operation instruction from the user.

  The log information generation unit 432 is a processing unit that generates a log of printing executed by the print execution unit 431 and a log of processing executed by, for example, a scan processing unit (not shown), a FAX transmission / reception unit, a copy processing unit, and the like. is there. The log information transmission unit 433 is a processing unit that transmits the log generated by the log information generation unit 432 to the log management server 100.

  The log management server 100 includes a log information receiving unit 411, a log information storage unit 412, a log extraction rule storage unit 413, an audit log extraction unit 414, an audit interruption log extraction unit 415, a post-interruption log extraction rule storage unit 416, and a post-interruption log It includes a temporary storage unit 417, a post-interruption log extraction cancellation processing unit 418, an audit screen transmission unit 419, an audit interruption log audited determination unit 420, and the like.

  The log information receiving unit 411 is a receiving unit that receives a log from the multifunction device 300. The log information storage unit 412 is a storage unit that stores logs. The log extraction rule storage unit 413 is a storage unit that stores a rule for extracting an audit target log (audit log) from the log stored in the log information reception unit 411.

  The audit log extraction unit 414 is an extraction unit that extracts a log to be audited. The audit interruption log extraction unit 415 is an extraction unit that extracts an audit log (audit interruption log) that is temporarily saved to be audited later when the audit is interrupted according to an instruction from the client PC 200.

  The post-interruption log extraction rule storage unit 416 responds to the audit interruption log extraction instruction from the client PC 200, and logs similar to the audit interruption log from the logs extracted by the audit log extraction unit (for example, the audit interruption log and the audit interruption log). Generate and store a post-interruption log extraction rule for extracting the log corresponding to the same user as the audit suspension log, which is stored in the log storage unit and extracted by the audit log extraction unit after designation of the suspension log It is a storage unit.

  Here, it is assumed that “a narrow audit suspension log = a log that has received an audit suspension instruction from the client PC 200”, and “a broad audit suspension log = the narrow audit suspension log and the audit suspension log after the designation. It is assumed that the log is stored in the log storage unit and extracted by the audit log extraction unit and is extracted by the post-interruption log extraction rule.

  The post-interruption log temporary storage unit 417 is a log similar to the audit suspension log (for example, the audit suspension log stored in the log storage unit after the audit suspension log and the audit suspension log are specified and extracted by the audit log extraction unit) And a log corresponding to the same user as the log).

  For example, the post-interruption log extraction cancellation processing unit 418 invalidates the post-interruption log extraction rule corresponding to the audit interruption log determined to be audited by the audit interruption log audit completion determination unit 420, and thereafter This is a processing unit that controls not to store the user log corresponding to the interruption log in the temporary log storage unit 417 after interruption. The audit screen transmission unit 419 is a transmission unit that transmits an audit screen to the client PC.

  The client PC includes a print data transmission unit 421, an audit screen request unit 422, a normal audit screen display unit 423, an audit interruption log audit screen display unit 424, and the like. The print data transmission unit 421 is a transmission unit that transmits the generated print data to an external device such as a print server so that the multifunction device 300 can print the print data.

  The audit screen requesting unit 422 is a requesting unit that requests a log auditing screen to be audited by the user of the client PC by transmitting information such as user information to the log management server 100.

  The audit screen display unit 423 is a display unit that displays an audit screen for auditing the audit log received from the log management server 100. The audit interruption log audit screen display unit 424 is a display unit that displays a screen for confirming and auditing the audit interruption log. The above is an explanation of an example of the functional configuration of each device in the embodiment of the present invention shown in FIG.

  Next, a flow of print data storage processing in the embodiment of the present invention will be described with reference to FIG. FIG. 5 is a flowchart showing the flow of print data storage processing in the embodiment of the present invention.

  The CPU 201 of the client PC 250 generates print data in accordance with a user instruction (step S501) and transmits it to the print server 150 (step S502). It is assumed that the CPU 201 of the client PC 250 transmits user information such as the user ID of the user who is logged in to the client PC 250 together with the print data.

  The CPU 201 of the print server 150 receives the print data (step S503), and stores the print data in a storage area such as an external memory in association with the user information received together with the print data (step S504). Then, bibliographic information of the print data is generated from the print data (step S505) and transmitted to the bibliographic information server 170 (step S506).

  The bibliographic information is information including print data identification information, information on a location where the print data is stored (for example, an IP address of the print server), and user information corresponding to the print data. Information as shown in FIG. The above is the description of the flow of print data storage processing in the embodiment of the present invention in FIG.

  Next, with reference to FIG. 6, the flow from the printing process to the log storing process in the embodiment of the present invention will be described. FIG. 6 is a flowchart showing the flow from the printing process to the log storing process in the embodiment of the present invention.

  For example, the CPU 301 of the multifunction device 300 performs a login process to the multifunction device 300 using user information such as a user ID acquired by detecting an IC card by a card reader (step S601). For example, the card ID is acquired from the detected IC card, transmitted to an authentication server (not shown) that stores the card ID and the user ID in association with each other, and corresponds to the card ID according to the authentication result in the authentication server. Login processing to the multifunction device 300 using the user ID to be performed.

  The CPU 301 of the multifunction device 300 requests the bibliographic information server 170 for a list of bibliographic information corresponding to the user ID (step S602), and the CPU 201 of the bibliographic information server 170 accepts the request (step S603), and the target bibliography. An information list is returned to the multi-function device 300 (step S604).

  The CPU 301 of the MFP 300 receives the bibliographic information list (step S605), and displays a print data list screen (not shown) using the bibliographic information (step S606).

  Then, it is determined whether selection of print data has been accepted (step S607). If selection of print data has been accepted (YES in step S607), the print data on the list screen is selected (step S619), and the process is performed. Return to before S507.

  If it is determined that selection of print data has not been received (NO in step S607), it is determined whether a print instruction (for example, pressing of a “print execution” button (not shown)) has been received (step S608).

  If it is determined that a print instruction has not been received (NO in step S608), for example, it is determined that an instruction to press the “logout” button has been received, logout processing is executed, and the process ends. If it is determined that the print instruction has been received (YES in step S608), the print data acquisition request that is being selected is transmitted to the print server 150 that is the storage destination of the print data specified using the bibliographic information (step S609). ).

  The CPU 201 of the print server 150 receives the request (step S610), and transmits the print data that has received the request to the multifunction machine 300 (step S611). The CPU 301 of the MFP 300 receives the print data (step S612) and executes printing (step S613).

  Then, a print log is generated (step S614), and the generated log is transmitted to the log management server 100 (step S615). The log is, for example, information such as log information 1000 in FIG. 13 and printed image data (not shown).

  The CPU 201 of the log management server 100 receives the print log from the multifunction machine 300 (step S616) and stores it in a storage area such as an external memory (step S617). Then, for example, OCR processing is performed on the image data included in the print log, text is extracted and stored as a separate file in association with the log (step S618 / log information 1050 / log storage in FIG. 10). means). Further, the image data is converted into PDF data and stored in association with the log (log information 1060 in FIG. 10).

  Hereinafter, when describing as a log, the log information 1000, the log information 1050, and the log information 1060 in FIG.

  Then, an audit rule is applied to the log (log information 1000, log information 1050, log information 1060), and log filtering processing is executed (step S620).

  For example, a log to be audited is extracted from the log stored in the log management server 100 using a filtering rule such as the audit log filtering rule 1200 shown in FIG. 12, and the audit log storage table 1300 shown in FIG. To store and store in a simple table. The audit log filtering rule 1200 and the audit log storage table 1300 will be described later with reference to FIGS. The above is the description of the flow from the printing process to the log storing process in the embodiment of the present invention in FIG.

  Hereinafter, an example of audit log filtering processing will be described.

  The log management server 100 acquires the log stored in step S617 in FIG. 6, specifies and acquires the audit rule to be applied to the log, and determines whether the log matches the audit rule. .

  Here, using the department ID included in the log, a rule having a department ID 1202 corresponding to the department ID is specified as a rule to be applied to the log.

  Here, with reference to FIG. 12, an example of the audit log filtering rule in the embodiment of the present invention will be described. FIG. 12 is a diagram showing an example of the configuration of various rules in the embodiment of the present invention. Note that each rule shown in FIG. 12 is stored in a storage area such as an external memory of the log management server 100. (Applicable to audit rule storage means)

  The audit log filtering rule 1200 is a rule for extracting a log to be audited. The audit log filtering rule 1200 includes a rule ID 1201, a department ID 1202, a setting 1203, a condition A 1204, a condition B 1205, and the like.

  The rule ID 1201 is identification information that uniquely identifies a rule. Each condition with the same rule ID is specified as one rule. The department ID 1202 is information on the department to which the user of the log to which the rule is applied belongs. A setting 1203 indicates log information to be referred to.

  The condition A 1204 and the condition B 1205 are conditions for filtering the log. When the condition A 1204 and the condition B 1205 match the information referred to in the setting 1203, the log is set as an audit target log in the storage area of the log management server 100. Remember.

  For example, in the rule of rule ID 1201 = A111 shown in the audit log filtering rule 1200, the job name includes “confidential”, “secret”, or “customer”, the number of copies is two or more, and the print processing start time Is filtered after 22:00. The above is an explanation of an example of the audit log filtering rule in the embodiment of the present invention shown in FIG. The KEEP log filtering rule 1210 (post-interrupt log extraction rule / interrupt log audit rule for extracting the audit interruption log from the audit log) will be described later.

  The CPU 201 of the log management server 100 acquires one audit log filtering rule 1200 having a department ID 1402 that matches the department ID included in the log acquired in step S701, and determines whether the log matches the rule. When the log matches the rule, the log is stored as an audit target log in the external memory of the log management server 100 in association with the rule ID of the rule determined to match. That is, information indicating which rule the log hits (matches) is stored.

  The audit target log is stored in a format such as an audit log storage table 1300 shown in FIG. Here, an example of the configuration of the audit log storage table in the embodiment of the present invention will be described with reference to FIG. FIG. 13 is a diagram showing an example of the configuration of various log storage tables in the embodiment of the present invention.

  The audit rule ID 1301 indicates the rule ID 1201 of the audit log filtering rule 1200 that matches the log indicated by the document ID 1302 (document ID 1302). The Document ID 1302 is a document ID (ID described in the Document ID List of the log information 1000) of the log stored in the audit log storage table 1300 as an audit log that matches the audit log filtering rule.

  The match date and time 1303 is the date and time when the log is determined to match the audit log filtering rule and stored in the audit log storage table 1300. The audited flag 1304 is a flag given to identify an audited log. Here, it is assumed that a value of audited = 1 and unaudited = 0 is inserted. The above is the description of an example of the configuration of the audit log storage table in the embodiment of the present invention shown in FIG. The KEEP log storage table 1310 (table for temporarily storing the audit interruption log) will be described later.

  When the log does not match the rule, the CPU 201 of the log management server 100 applies all the audit log filtering rules of the audit log filtering rule 1200 having the department ID 1202 that matches the department ID included in the log to the log. If it has not been applied yet, an unapplied rule application process is performed. When the log has been applied, the log is stored in the external memory of the log management server 100 as a normal log that does not apply to the audit log filtering rule. The above is an example of the audit log filtering process.

  Next, with reference to FIG. 7, an outline of the audit process in the embodiment of the present invention will be described. FIG. 7 is a flowchart showing an outline of the audit process in the embodiment of the present invention.

  For example, the CPU 201 of the client PC 200 activates browser software in response to an operation instruction from the user, inputs user information (here, a user ID and password) via a login screen (not shown), and “login” (not shown). By accepting the button press, a log-in request to the log management server 100 including the user information is transmitted to the log management server 100 (step S701).

  The CPU 201 of the log management server 100 receives the request (step S702), performs authentication processing with reference to user information 1100 as shown in FIG. 11 stored in advance in the external memory, and when the authentication is successful. A screen such as the menu screen 1800 in FIG. 18 is returned to the client PC 200 (step S703).

  Here, with reference to FIG. 11, an example of the configuration of the user information in the embodiment of the present invention will be described. FIG. 11 is a diagram showing an example of the configuration of user information in the embodiment of the present invention.

  The user information 1100 includes a user ID 1101, a password 1102, a department ID 1103, an audit department ID 1104, and the like. The user ID 1101 is an ID for uniquely identifying the user, and is used for login (authentication) to the log management server together with the password 1102.

  The department ID 1103 (department information) is the ID of the department to which the user belongs. The audit department ID 1104 is an ID of a department audited by the user. That is, a user with user ID = AXD111 belongs to department AAA, and logs of users belonging to department AAA, department CCC, department DDD (log information 1000 having department ID = AAA, CCC, DDD, and log information 1000). It has the authority to audit the corresponding log information 1050, log information 1060). The above is an explanation of an example of the configuration of user information in the embodiment of the present invention in FIG. 11 (department information storage means).

  Next, with reference to FIG. 18, an example of the configuration of the menu screen in the embodiment of the present invention will be described. FIG. 18 is a diagram showing an example of the configuration of a menu screen in the embodiment of the present invention. The menu screen 1800 is displayed on the display screen of the client PC 200 when the client PC 200 has successfully logged in to the log management server 100.

  The user name 1801 is a user name (not shown) corresponding to the user ID used for logging in to the log management server 100. The user name is assumed to be stored in the external memory of the log management server 100 in association with the user ID.

  The “audit log” button 1802 is a log that matches the audit log filtering rule 1200 and is stored in the external memory of the log management server 100, and is the same department as the audit department ID 1104 corresponding to the logged-in user ID 1101. This is a button for referring to an audit target log having an ID. For example, this is a screen for displaying the audit log list screen 1500 of FIG. The audit log list screen 1500 will be described later with reference to FIG.

  A “KEEP log” (“audit interruption log”) button 1803 is a button for referring to the list of audit interruption logs described above. For example, it is a button for displaying the KEEP log list screen 1600 (audit interruption log list screen) of FIG. The KEEP log list screen 1600 will be described later with reference to FIG.

  An “audit rule setting” button 1804 is a button for changing the display screen to the audit rule setting screen 1700 for setting the audit log filtering rule 1200. The audit rule setting screen 1700 will be described later with reference to FIG.

  An “audit log” button 1805 is a button for displaying an audit log display screen (not shown) that displays a list of logs for which audit processing has been completed among the audit log and the audit suspension log on the display screen. . In addition, since unaudited logs are displayed on the audit log list screen 1500 and the KEEP log list screen 1600, the logs displayed on the audited log display screen are displayed on the audit log list screen 1500 and the KEEP log list screen 1600. Is not displayed. The audited log is a log whose audited flag 1304 of the audit log storage table 1300 is 1, for example.

  A “logout” button 1806 is a button for logging out from the log management server and ending the menu screen 1800. The above is the description of an example of the configuration of the menu screen in the embodiment of the present invention shown in FIG.

  Returning to the description of FIG. The CPU 201 of the client PC 200 receives the information on the menu screen 1800 (step S704) and displays it on the display screen (step S705). Then, the process waits until an instruction is accepted. When the instruction is accepted, it is determined whether the instruction is an instruction to press the “audit target log” button 1802 (step S706). That is, it is determined whether an inspection target log browsing instruction (audit target log list request instruction) has been received.

  If it is determined that the instruction is to press the “audit target log” button 1802 (YES in step S706), an audit log list display and KEEP log extraction (audit interruption processing) from the audit log are executed (step S708). Details of step S708 will be described later with reference to FIG.

  If it is determined that the received instruction is not an instruction to press the “audit target log” button 1802 (NO in step S706), it is determined whether it is an instruction to press the “KEEP log” button 1803 (step S707). That is, it is determined whether an inspection interruption log browsing instruction (audit interruption log list request instruction) has been received.

  If it is determined that the received instruction is an instruction to press the “KEEP log” button 1803 (YES in step S707), the KEEP log (audit interruption log) list display and audit processing are executed (step S709). Details of step S709 will be described later with reference to FIG.

  If it is determined that the received instruction is not an instruction to press the “KEEP log” button 1803 (NO in step S707), other processing corresponding to the operation instruction from the user is executed (step S710), and the processing ends. . The other processes include, for example, an audit rule setting screen 1700 display and rule setting process according to an instruction to press an “audit rule setting” button 1804, and an instruction to press an “audit log” button 1805. This includes audited log display processing.

  Thereafter, it is determined whether an instruction to end the menu screen has been received (step S711). If no end instruction has been received (NO in step S711), the process returns to step S705, and if it is determined that an end instruction has been received (step S711). The processing is terminated. The end instruction is, for example, an instruction to press a “logout” button 1806.

  The information on the screen is requested by the CPU 201 of the client PC 200 to the log management server 100 in response to each button pressed on the menu screen 1800, and the log management server 100 receives the request (screen request reception means). It is assumed that the CPU 201 generates screen information and returns it to the client PC 200, and the CPU 201 of the client PC 200 displays it on the display screen. The above is the description of the outline of the audit processing in the embodiment of the present invention shown in FIG.

  Here, an example of the configuration of the audit rule setting screen in the embodiment of the present invention will be described with reference to FIG. FIG. 17 is a diagram showing an example of the configuration of an audit rule setting screen in the embodiment of the present invention.

  The department selection receiving unit 1701 is the department name indicated by the audit department ID 1104 corresponding to the logged-in user ID 1101 and is stored in the external memory of the log management server 100 in association with the audit department ID 1104. When logged in with a user ID 1101 having a plurality of audit department IDs 1104, the plurality of departments can be displayed and selected from a pull-down menu.

  In the department ID 1202 of the audit rule (audit log filtering rule 1200) set / created on the audit rule setting screen, when the pressing of the “OK” button 1704 which is a button for creating / storing the rule is detected, The department ID of the department selected by the department selection receiving unit 1701 is inserted.

  The condition setting reception unit 1702 is a reception unit that receives the settings 1203, condition A 1204, and condition B 1205 set in the audit log filtering rule 1200.

  When the add button is pressed, setting information 1703 being selected is added. When the delete button is pressed, the lowest setting / condition is deleted. When print type = print, conditions for applying the print log are set. When print type = scan, conditions for applying the scan log are set. When print type = FAX, the FAX log is set. When the condition to be applied is set, and the print type = copy, the condition for applying the copy log is set.

  The “OK” button 1704 registers the conditions set by the condition setting reception unit 1702 as an audit log filtering rule 1200 having the same rule ID and the department ID of the department currently selected by the department selection reception unit 1701. It is a button to do. A “Cancel” button 1705 is a button for discarding the condition set by the condition setting receiving unit 1702 and returning the screen to the menu screen 1800. The above is an example of the configuration of the audit rule setting screen in the embodiment of the present invention shown in FIG.

  Next, with reference to FIG. 8, the flow of the storage process of the audit interruption log in the embodiment of the present invention will be described. FIG. 8 is a flowchart showing the flow of the audit interruption log storage process in the embodiment of the present invention.

  The CPU 201 of the client PC 200 requests the log management server 100 for a list of audit target logs including user information of the user who is logged in to the log management server in the client PC 200 (User ID / UserName as log information 1000) ( In step S801), the CPU 201 of the log management server 100 receives the audit target log list request (step S802), and returns a list of audit target logs corresponding to the request (step S803).

For example, it is an unaudited log in the audit log storage table 1300, and based on the user ID received in step S802, a log to be audited by the user indicated by the user ID (for example, user ID 1101 = AXD 222 (FIG. 11)). If the audit department ID 1104 = BBB, the log should be rule ID 1201 = A444 in FIG. 12), extracted from the audit log storage table 1300, and the audit target log is displayed. An audit log list screen 1500 is generated and transmitted to the client PC 200.
The CPU 201 of the client PC 200 displays the received list of audit target logs (audit log list screen 1500) on the display screen (step S804).

  Here, with reference to FIG. 15, an example of the configuration of the audit log list screen in the embodiment of the present invention will be described. FIG. 15 is a diagram showing an example of the configuration of an audit log list screen in the embodiment of the present invention.

  The URL display unit 1501 is a display unit that displays address information of the audit log list screen 1500. The current date and time display unit 1502 is a display unit that displays information on the date (date and time) when the page of the audit log list screen 1500 is displayed.

  The audit log display unit 1512 is a display unit that displays a list of logs filtered in accordance with the audit log filtering rule 1200 of the department selected by the department selection receiving unit 1511. The audit log displayed in the audit log display unit acquires and displays audit logs that can be acquired from the audit log storage table 1300 in FIG. 13 every time there is a request for the audit log list screen 1500. .

  The department selection reception unit 1511 is a reception unit that receives selection of an audit department with an audit department ID 1104 corresponding to the user ID 1101 that is logged in to the log management server 100. If there are a plurality of audit departments corresponding to the logged-in user ID 1101, the plurality of departments can be selected by pull-down or the like, and the audit log of the selected department is displayed on the audit log display unit 1512.

  The processing date and time 1503 is information on the date and time when the log is filtered as an audit log. The date and time information is assumed to be stored in the external memory of the log management server 100 in association with the log when the log is stored as an audit log.

  The user name 1504 is information of a user corresponding to each audit log (for example, information on the owner of data of the log generation source described in UserName of the log information 1000). For example, the audit log is printed In the case of a log, it is the user name of the user who has generated the print data of the print log creation source and instructed printing.

  The job name 1505 is the job name of each audit log (for example, information described in JobName of the log information 1000). The text information 1506 is text information for a predetermined number of characters written at the head of the text information (log information 1050 in FIG. 10) created in step S618 in FIG. 6 among the audit logs.

  A thumbnail 1507 is a thumbnail image of the PDF file (log information 1060 in FIG. 10) created in step S618 in FIG. 6 among the audit logs. Assume that the thumbnail image is stored in association with the PDF file when the PDF file is created in step S618.

  A “Previous” button 1508 and a “Next” button 1509 are buttons for switching the display of the audit log display unit 1512 in order to display an audit log not displayed on the audit log display unit 1512, respectively.

  For example, when the “Previous” button 1508 is pressed, a predetermined number of audit logs from the log before 23:51 on April 24, 2013 are displayed on the audit log display unit 1512. When the “Next” button 1509 is pressed, a predetermined number of audit logs from the log after 22:20 on April 25, 2013 are displayed on the audit log display unit 1512.

  The “KEEP log list” button 1510 is a button for transitioning the display screen display to the KEEP log list screen 1600 (audit interruption log list screen). The KEEP log list screen 1600 (audit interruption log list screen) will be described later with reference to FIG. The above is an example of the configuration of the audit log list screen in the embodiment of the present invention shown in FIG.

  Returning to the description of FIG. The CPU 201 of the client PC 200 receives an instruction (step S805), and determines whether the received instruction is an audit log selection instruction (step S806). That is, it is determined whether a pressing instruction for the log displayed on the audit log display unit 1512 has been received.

  If it is determined that the received instruction is not an audit log selection instruction (NO in step S806), it is determined whether the received instruction is a KEEP log display instruction (step S807). That is, it is determined whether an instruction to press the “KEEP log list” button 1510 is received.

  If it is determined that the received instruction is a KEEP log display instruction (YES in step S807), the process proceeds to step S808, and the process proceeds to a KEEP log (audit interruption log) audit process. The audit process of the KEEP log (audit interruption log) will be described later with reference to FIG.

  If it is determined that the received instruction is not a KEEP log display instruction (NO in step S807), it is assumed here that the received instruction is the end of the audit log list screen 1500, and the audit log list screen 1500 is returned to the menu screen. The process is terminated.

  On the other hand, if it is determined in step S806 that the received instruction is an audit log selection instruction (YES in step S806), the CPU 201 of the client PC 200 displays the detailed information display screen (detail display screen) of the log that has been selected. Is requested to the log management server 100 (step S809). The request includes an ID for specifying the selected log, and the log management server 100 specifies a log to be displayed in detail using the ID.

  Here, with reference to FIG. 19, an example of the configuration of a log detail display screen in the embodiment of the present invention will be described. FIG. 19 is a diagram showing an example of the configuration of a log detail display screen in the embodiment of the present invention.

  The log detail display screen 1900 is a screen for presenting and confirming the details of the audit log or the audit interruption log to the user.

  The text information display unit 1901 is a display unit for log text information. In other words, this is the information display section of the log information 1050 of the log being displayed in detail. The image data display unit 1903 is a display unit that displays an image of PDF data (log information 1060) of the log.

  A “KEEP” button 1905 (“temporary save” button) uses the log that is being displayed in detail and an unaudited log that corresponds to the same user ID as the log that is being displayed in detail as an audit interruption log. It is a button for temporarily saving and storing in the memory.

  A “warning mail” button 1906 is a button for transmitting a warning mail to the user of the log. The text of the warning mail is assumed to be set in advance in the external memory of the log management server 100, and the CPU 201 of the client PC 200 that detects the pressing of the “warning mail” button 1906 notifies the log management server 100 of the warning. It is assumed that a mail generation / transmission instruction is transmitted, and the CPU 201 of the log management server 100 generates the warning mail and transmits it to a transmission destination.

  It is assumed that the transmission destination of the mail (user mail address corresponding to the non-audit log) is stored in advance in the external memory of the log management server 100 in association with the user ID.

  A “report submission request” button 1907 is a button for attaching report data to the warning mail and transmitting it to the user of the log. It is assumed that the report data is stored in advance in the external memory of the log management server 100.

  The “Previous” button 1908 displays the log displayed on the log detail display screen 1900 as the previous log (for example, the log in the order before the log determined to have been selected in step S806 on the audit log display unit 1512, Alternatively, the button is for switching to a log in the order before the log determined to be selected in step S906 in FIG. 9 on the audit interruption log display unit 1612 in FIG.

  The “next” button 1909 displays the log displayed on the log detail display screen 1900 as the next log (for example, the log in the next order of the log determined to have been selected in step S806 on the audit log display unit 1512, Or a button for switching to a log in the next order of the log determined to have been selected in step S906 in FIG. 9 on the audit interruption log display unit 1612 in FIG. The above is an example of the configuration of the detailed log display screen in the embodiment of the present invention shown in FIG.

  Returning to the description of FIG. The CPU 201 of the log management server 100 receives a request for detailed display of the audit log from the client PC 200 (corresponding to step S810 / detailed request receiving means), and from the information of the log ID (document ID) included in the request for detailed display. The log information (1000, 1050, 1060) is specified, a detailed display screen 1900 for displaying the log information is generated (step S811), and the response is returned to the client PC 200 (step S812). The CPU 201 of the client PC 200 receives the information on the detailed display screen and displays it on the display screen (step S813).

  The CPU 201 of the client PC 200 receives an instruction from the user (step S814), and determines whether the received instruction is an instruction to interrupt auditing (step S815). That is, it is determined whether an instruction to press the “KEEP” button 1905 is received.

  If it is determined that the received instruction is an audit suspension instruction (YES in step S815), the audit log displayed on the log detail display screen 1900 at the time when the audit suspension instruction is accepted (audit suspended log / narrow sense) The audit interruption log) is sent to the log management server 100 (corresponding to the step S816 / audit interruption information transmission means), and the CPU 201 of the log management server 100 that has received the document ID receives the user ID (for example, the audit interruption log). (UserName value of log information 1000) is specified (step S817), and the KEEP log filtering rule 1210 (audit interruption log extraction condition) is generated using the user ID (step S818). (Applicable to audit interruption information receiving means / interrupt log audit rule generating means)

  The KEEP log filtering rule 1210 generated here includes the audit interruption log that has been interrupted from the audit log stored in the audit log storage table 1300 and the audit log that is stored in the audit log storage table 1300 thereafter. This is a filtering rule for extracting a log of the same user as that of the user and storing it in the KEEP log storage table 1310 (audit interruption log storage table).

  That is, the CPU 201 of the log management server 100 generates a rule having the user ID specified in step S817 as the user name 1213 and the department ID 1212 and the department ID of the user, and adds the rule to the KEEP log filtering rule 1210. The contents of each item (rule ID 1211, department ID 1212, setting 1213, condition A1214, condition B1215) of the KEEP log filtering rule 1210 are the same as those of the above-described audit log filtering rule 1200, and thus the description thereof is omitted here. Here, it is assumed that no conditions are set in the conditions A1214 and B1215.

The CPU 201 of the log management server 100 extracts a log that matches the KEEP log filtering rule 1210 generated and stored in step S818 from the audit log storage table 1300 and has an audited flag 1304 = 0 (unaudited). (Step S819), a KEEP log storage table 1310 (audit interruption log storage table) is generated (Step S820), and stored together with the log for which the audit was interrupted in Step S815 (Step S821).
Thereafter, if there is another audit log, the process returns to step S809, and if there is no other audit log, the process ends.

  The KEEP log storage table 1310 is added to the audit log storage table 1300 by the audit log filtering rule 1200 after the log that matches the unaudited KEEP log filtering rule 1210 stored in the audit log storage table 1300. This is a table for storing unaudited logs that match the KEEP log filtering rule 1210 among the audit logs. In other words, this is a table that stores a log in which auditing is interrupted and a log of a user whose auditing has been interrupted and that is to be filtered by the KEEP log filtering rule 1210 in association with each other. The KEEP log storage table 1310 is generated and stored for each user corresponding to the log.

  The log stored in the KEEP log storage table 1310 is an audit suspension log (in a broad sense, an audit suspension log) and is deleted from the audit log storage table 1300. When the audit interruption log stored in the KEEP log storage table 1310 is audited, it is moved to the audit log storage table 1300 and deleted from the KEEP log storage table 1310.

  Each item (audit rule ID 1311, DocuID 1312 (document ID 1302), matching date 1313) of the KEEP log storage table 1310 is the same as the contents of each item of the audit log storage table 1300, and thus description thereof is omitted here. The user ID 1314 is UserName information of the log information 1000 indicated by the document ID 1302.

  If the CPU 201 of the log management server 100 determines in step S815 that the received instruction is not an instruction to interrupt audit (NO in step S815), the CPU 201 determines whether the received instruction is a page switching instruction (step S822). That is, it is determined whether the “Previous” button 1308 or the “Next” button 1309 has been pressed.

  If it is determined that the received instruction is a page switching instruction (YES in step S822), the process proceeds to step S809, and a request for a log detail display screen to be displayed next is transmitted to the log management server 100.

  If it is determined that the received instruction is not a page switching instruction (NO in step S822), it is determined whether the received instruction is an audit completion instruction (step S823). That is, it is determined whether an instruction to press the “OK” button 1904 is received.

  If it is determined that the received instruction is not an audit completion instruction (NO in step S823), processing according to the received instruction is executed, and the process returns to step S805. If it is determined that the received instruction is an audit completion instruction (YES in step S823), information indicating that the audit completion instruction has been received (and the ID (document ID) of the log for which the audit has been completed) is stored in the log management server 100. (Step S824 / corresponding to audited information transmitting means), the CPU 201 of the log management server 100 receives the information and changes the value of the audited flag 1304 of the document ID 1302 of the received log to 1 ( Step S825). The above is the description of the flow of the storage process of the audit interruption log in the embodiment of the present invention of FIG.

  Next, with reference to FIG. 9, the flow of the audit processing of the audit interruption log in the embodiment of the present invention will be described. FIG. 9 is a flowchart showing a flow of audit processing of the audit interruption log in the embodiment of the present invention.

  The CPU 201 of the client PC 200 makes a list of KEEP logs (audit interruption log) including user information (user ID / UserName as log information 1000) of the user who is logged in to the log management server in the client PC 200 with respect to the log management server 100. (Step S901), the CPU 201 of the log management server 100 receives the KEEP log (audit interruption log) list request (Step S902), and returns a list of logs corresponding to the request (Step S903). .

For example, the log of the KEEP log storage table 1310 that identifies and extracts the log of the user ID belonging to the audited department of the login user included in the received list request, and extracts the KEEP log list screen 1600 (audit interruption log list screen ) And transmitted to the client PC 200.
The CPU 201 of the client PC 200 displays the received KEEP log list screen 1600 on the display screen (step S904).

  Here, with reference to FIG. 16, an example of the configuration of the audit interruption log list screen in the embodiment of the present invention will be described. FIG. 16 is a diagram showing an example of the configuration of the audit interruption log list screen in the embodiment of the present invention.

  The URL display unit 1601 is a display unit that displays address information of the KEEP log list screen 1600.

  The KEEP log display unit 1612 (audit interruption log display unit) is a display unit that displays a list of KEEP logs (audit interruption log) of the user selected by the user selection receiving unit 1611. Note that the user information displayed on the user selection receiving unit 1611 may be a user ID (UserName of the log information 1000). For example, as shown in FIG. 16, a log management server corresponding to the user ID The user name (not shown) stored in the external memory 100 may be used.

  The processing date 1603 is information on the date and time when the KEEP log is filtered as the audit log. The user name 1604 is user information corresponding to each KEEP log (for example, a user name corresponding to information described in UserName of the log information 1000). For example, if the KEEP log is a print log, the print name This is the user name of the user who generated the print data of the log creation source and instructed printing.

  The job name 1605 is the job name of each KEEP log (for example, information described in JobName of the log information 1000). The text information 1506 is text information for a predetermined number of characters described at the head of the text information (log information 1050 in FIG. 10) created in step S618 in FIG. 6 in each KEEP log.

  A thumbnail 1607 is a thumbnail image of the PDF file (log information 1060 in FIG. 10) created in step S618 in FIG. 6 among the non-audit logs. Assume that the thumbnail image is stored in association with the PDF file when the PDF file is created in step S618.

  A “Previous” button 1608 and a “Next” button 1609 are buttons for switching the display of the KEEP log display unit 1612 in order to display KEEP logs that are not displayed on the KEEP log display unit 1612, respectively.

  For example, when the “Previous” button 1608 is pressed, the KEEP log filtered as the audit log is displayed in the period before the currently displayed log from April 24, 2013 to May 3, 2013. To do.

  When the “next” button 1609 is pressed, the KEEP log filtered as the audit log is displayed in the period after the group currently displayed from April 24, 2013 to May 3, 2013.

  The “normal audit” button 1610 is a button for transitioning the display screen display to the audit log list screen 1500. A selection frame 1602 is a selection frame indicating a focused KEEP log. The above is an example of the configuration of the audit interruption log list screen in the embodiment of the present invention shown in FIG.

  Returning to the description of FIG. The CPU 201 of the client PC 200 receives an instruction (step S905), and determines whether the received instruction is a selection instruction for a KEEP log (audit interruption log) (step S906). That is, it is determined whether an instruction to press the log displayed on the KEEP log display unit 1612 has been received.

  If it is determined that the received instruction is not a KEEP log selection instruction (NO in step S906), it is determined whether the received instruction is an audit log display instruction (step S929). That is, it is determined whether an instruction to press the “normal audit” button 1610 is received.

  If it is determined that the received instruction is an instruction to display an audit log (YES in step S929), the process proceeds to step S930 and the audit log audit process (FIG. 9) is performed.

  If it is determined that the received instruction is not an audit log display instruction (NO in step S929), it is assumed here that the received instruction is the end of the KEEP log list screen 1600, and the KEEP log list screen 1600 is returned to the menu screen. The process is terminated.

  On the other hand, when it is determined in step S906 that the received instruction is a KEEP log selection instruction (YES in step S906), the CPU 201 of the client PC 200 requests the log management server 100 to display a log detail display screen for which the selection has been received. (Step S907). The request includes an ID for specifying the selected log, and the log management server 100 specifies a log to be displayed in detail using the ID.

  The CPU 201 of the log management server 100 receives a request for detailed display of the audit log from the client PC 200 (corresponding to step S908 / detailed request receiving means), and from the information of the log ID (document ID) included in the detailed display request. The log information (1000, 1050, 1060) is specified, and a detailed display screen 1900 for displaying the log information is generated (step S909), and returned to the client PC 200 (step S910). The CPU 201 of the client PC 200 receives the information on the detail display screen (step S911) and displays it on the display screen (step S912).

  The CPU 201 of the client PC 200 receives an instruction from the user (step S913), and determines whether the received instruction is a page switching instruction (step S914). That is, it is determined whether the “Previous” button 1908 or the “Next” button 1909 has been pressed.

  When it is determined that the received instruction is a page switching instruction (YES in step S914), the process proceeds to step S907, and a request for a log detail display screen to be displayed next is transmitted to the log management server 100.

  If it is determined that the received instruction is not a page switching instruction (NO in step S914), a warning mail transmission instruction to the user corresponding to the KEEP log being displayed in detail (for example, a “warning mail” button 1906 or “report” If it is determined to be an instruction to send a warning mail to the user (YES in step S915), a warning mail is transmitted to the user. Therefore, a mail transmission request is transmitted to the log management server 100 (step S916).

  The CPU 201 of the log management server 100 receives the mail transmission instruction, and specifies the mail transmission destination from a correspondence table between user information (user ID) (not shown) and the user's mail address (step S917). Then, a warning mail in which the fixed sentence is inserted is generated (step S918) and transmitted to the transmission destination (step S919). It is assumed that the mail address and the fixed phrase information are stored in advance in the external memory of the log management server 100.

  If it is determined that the received instruction is not a warning mail transmission instruction to the user (NO in step S915), it is determined whether the received instruction is an audit completion instruction (step S920). That is, it is determined whether an instruction to press the “OK” button 1904 is received.

  If it is determined that the received instruction is not an audit completion instruction (NO in step S920), processing according to the received instruction is executed, and the process returns to step S905. When it is determined that the received instruction is an audit completion instruction (YES in step S920), information indicating that the audit completion instruction has been received (and the ID (document ID) of the log that has completed the audit) is stored in the log management server 100. (Step S921 / corresponds to audited information transmitting means).

  The CPU 201 of the log management server 100 receives the information (step S922), moves the log information from the KEEP log storage table 1310 to the audit log storage table, and deletes the information from the KEEP log storage table 1310 (step S923). ), The value of the audited flag 1304 of the moved log is changed to 1 (step S924).

Whether the CPU 201 of the client PC 200 is the KEEP log of the user who is displaying the details, and all the KEEP logs to be audited by the user who is logging in to the log management server 100 from the client PC 200 are all deleted from the KEEP log storage table 1310. Determination is made (step S925). That is, it is determined whether all the KEEP logs of the audit target users have been audited.
If it is determined that all have not been audited (NO in step S925), the process returns to step S907 to display details of the remaining KEEP log.

  If it is determined that all have been audited (YES in step S925), the log of the user corresponding to the log displayed on the detail display screen 1900 until immediately before, and all the KEEP logs are audited as audited logs An invalidation instruction for invalidating the filtering rule for extracting the log moved to the storage table 1300 is transmitted to the log management server 100 (step S926 / invalid control).

  The CPU 201 of the log management server 100 receives the invalid instruction (step S927), and logs the KEEP log filtering rule 1210 that is the target of the invalid instruction (that is, the log of the user who is all audited in step S925). In order to extract, the audit interruption log extraction condition created and stored in step S817 of FIG. 8 is invalidated (step S928).

  Further, the KEEP log storage table 1310 for storing the KEEP log of the user is deleted. The above is the description of the audit processing flow of the audit interruption log in the embodiment of the present invention of FIG.

  In the embodiment of the present invention, the KEEP log list screen 1600 is displayed in step S904 of FIG. 9. For example, a screen such as the KEEP log user list screen 2000 of FIG. Display (generated by the log management server 100 and returned to the client PC 200 to display on the display screen), and accepting the user's selection on the KEEP log user list screen 2000, the user (user ID / A KEEP log list screen 1600 corresponding to (UserName) may be displayed, and the process may proceed to step S905.

  As described above, according to the present invention, it is possible to provide a log management device, a log management system, a control method thereof, and a program that allow a user to easily check a log for which auditing has been interrupted later. Become.

  It should be noted that the present invention can be implemented as, for example, a system, apparatus, method, program, or storage medium, and can be applied to a system composed of a plurality of devices. You may apply to the apparatus which consists of one apparatus.

  Note that the present invention includes a software program that implements the functions of the above-described embodiments directly or remotely from a system or apparatus. The present invention also includes a case where the system or the computer of the apparatus is achieved by reading and executing the supplied program code.

  Accordingly, since the functions of the present invention are implemented by computer, the program code installed in the computer also implements the present invention. In other words, the present invention includes a computer program itself for realizing the functional processing of the present invention.

  Examples of the recording medium for supplying the program include a flexible disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, and CD-RW. In addition, there are magnetic tape, nonvolatile memory card, ROM, DVD (DVD-ROM, DVD-R), and the like.

  As another program supply method, a browser on a client computer is used to connect to an Internet home page. The computer program itself of the present invention or a compressed file including an automatic installation function can be downloaded from the homepage by downloading it to a recording medium such as a hard disk.

  It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer is also included in the present invention.

  In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and key information for decryption is downloaded from a homepage via the Internet to users who have cleared predetermined conditions. Let It is also possible to execute the encrypted program by using the downloaded key information and install the program on a computer.

  Further, the functions of the above-described embodiments are realized by the computer executing the read program. In addition, based on the instructions of the program, an OS or the like running on the computer performs part or all of the actual processing, and the functions of the above-described embodiments can also be realized by the processing.

  Further, the program read from the recording medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. Thereafter, the CPU of the function expansion board or function expansion unit performs part or all of the actual processing based on the instructions of the program, and the functions of the above-described embodiments are realized by the processing.

  The above-described embodiments are merely examples of implementation in carrying out the present invention, and the technical scope of the present invention should not be construed as being limited thereto. That is, the present invention can be implemented in various forms without departing from the technical idea or the main features thereof.

100 Log management server 101 LAN
150 Print Server 170 Bibliographic Information Server 200 Client PC
250 client PC
300 MFP

Claims (7)

A log management device having an audit rule storage means for storing an audit rule for extracting a log to be audited from a stored log, which is communicable with a client device having a display screen for displaying the log to audit the log,
From the stored log, an audit log extracting unit that extracts an audit log that matches the audit rule stored in the audit rule storage unit and is a log to be audited;
Transmitting means for transmitting the log extracted by the audit log extracting means to be displayed on the display screen of the client device;
Audit interruption information receiving means for receiving information on the audit interruption log that interrupted the audit from the client device;
In order to extract, as the audit interruption log, the log stored in association with the audit interruption log from the audit log extracted by the audit log extraction unit, using the information of the audit interruption log received by the audit interruption information receiving unit An interrupt log audit rule generation means for generating an interrupt log audit rule that is a new audit rule of
An audit interruption log storage means for storing the audit interruption log;
Determining means for determining whether the audit interruption log stored in the audit interruption log storage means has been audited;
When the determination means determines that the audit interruption log stored in the audit interruption log storage means has been audited, invalid control means for invalidating the interruption log audit rule;
A log management apparatus comprising: The log is stored in association with user information,
The audit interruption information receiving means receives at least user information corresponding to the audit interruption log,
The interruption log audit rule generation unit generates a rule for extracting a log corresponding to the user information received by the audit interruption information reception unit as the interruption log,
The log management apparatus according to claim 1, wherein the audit interruption log storage unit stores a log corresponding to the user information received by the audit interruption information reception unit as the audit interruption log. Detailed request accepting means for accepting a request for log detailed information using the log information sent by the sending means;
With
When the audit suspend information receiving unit receives the audit suspend log information, the transmission unit displays a new audit log list in which the audit suspend log is deleted from the audit log list extracted by the audit log extract unit. To the client device,
The log management apparatus according to claim 1, wherein the detailed request receiving unit receives a request for detailed information on a log using the list of new audit logs transmitted by the transmitting unit. The determination means determines whether all audit interruption logs stored in the audit interruption log storage means have been audited,
When the determination means determines that all audit interruption logs stored in the audit interruption log storage means have been audited, the interruption log audit rule is deleted so as to be invalidated. The log management apparatus according to any one of claims 1 to 3. A method for controlling a log management apparatus having an audit rule storage means for storing an audit rule for extracting a log to be audited from a stored log, which is communicable with a client apparatus having a display screen for displaying the log for auditing the log. And
An audit log extracting step for extracting an audit log, which is a log that matches the audit rule stored in the audit rule storage unit and is to be audited, from the stored log;
A transmitting step for transmitting the log extracted in the audit log extracting step to be displayed on the display screen of the client device; and
Audit suspension information receiving means receives from the client device the audit suspension information receiving step of receiving information on the audit suspension log that interrupted the audit;
A log to be stored in association with the audit interruption log from the audit log extracted in the audit log extraction step by using the information on the audit interruption log received by the interruption log audit rule generation unit. An interruption log audit rule generation step of generating an interruption log audit rule which is a new audit rule for extraction as the audit interruption log;
An audit interruption log storage means for storing the audit interruption log, the audit interruption log storage means,
A determination step for determining whether the audit interruption log stored in the audit interruption log storage step is audited;
When the invalidation control means determines that the audit interruption log stored in the audit interruption log storage step is audited in the determination step, the invalidation control step of invalidating the interruption log audit rule;
A log management apparatus control method. A program executable by a log management device having an audit rule storage means for storing an audit rule for extracting a log to be audited from a stored log, which can communicate with a client device having a display screen for displaying the log to audit the log Because
The log management device;
From the stored log, an audit log extracting unit that extracts an audit log that matches the audit rule stored in the audit rule storage unit and is a log to be audited;
Transmitting means for transmitting the log extracted by the audit log extracting means to be displayed on the display screen of the client device;
Audit interruption information receiving means for receiving information on the audit interruption log that interrupted the audit from the client device;
In order to extract, as the audit interruption log, the log stored in association with the audit interruption log from the audit log extracted by the audit log extraction unit, using the information of the audit interruption log received by the audit interruption information receiving unit An interrupt log audit rule generation means for generating an interrupt log audit rule that is a new audit rule of
An audit interruption log storage means for storing the audit interruption log;
Determining means for determining whether the audit interruption log stored in the audit interruption log storage means has been audited;
A log that causes the determination unit to function as an invalid control unit that invalidates the interruption log audit rule when it is determined that the audit interruption log stored in the audit interruption log storage unit is audited. Management device program. Log management system comprising a client device having a display screen for displaying a log to audit the log, and a log management device having an audit rule storage means for storing an audit rule for extracting a log to be audited from the stored log Because
The log management device includes:
From the stored log, an audit log extracting unit that extracts an audit log that matches the audit rule stored in the audit rule storage unit and is a log to be audited;
Transmitting means for transmitting the log extracted by the audit log extracting means to be displayed on the display screen of the client device;
Audit interruption information receiving means for receiving information on the audit interruption log that interrupted the audit from the client device;
In order to extract, as the audit interruption log, the log stored in association with the audit interruption log from the audit log extracted by the audit log extraction unit, using the information of the audit interruption log received by the audit interruption information receiving unit An interrupt log audit rule generation means for generating an interrupt log audit rule that is a new audit rule of
An audit interruption log storage means for storing the audit interruption log;
Determining means for determining whether the audit interruption log stored in the audit interruption log storage means has been audited;
When the determination means determines that the audit interruption log stored in the audit interruption log storage means has been audited, invalid control means for invalidating the interruption log audit rule;
With
The client device is
Display means for displaying the log transmitted by the transmission means on a display screen;
An audit interruption information transmitting means for transmitting, to the log management device, information on an audit interruption log, which is a log for which the interruption instruction has been received, when an interruption instruction to interrupt the audit of the log displayed on the display means is received;
An audited information transmission unit that transmits information for making the audit suspension log audited by receiving an instruction to complete the audit suspension log received from the log management device;
A log management system comprising:

Images