Improvement and Evaluation of a Method to Manage Multiple Types of Logs

Abstract

In recent years, many accounting scandals have been reported in companies not only in the United States, but also in Japan. The need for internal control is growing steadily. In particular, auditing logs are important for internal control, since internal control without audit evidence is incomplete. Moreover, logs are necessary not only as a defense mechanism, but also since they contain much information that can lead to improvements in the company. Consequently, the correct use of logs can be beneficial to a company. However, the cost of an information system is dependent on the amount of data, which in the case of log data can be very large. There are many different kinds of logs and storing them long term is necessary to realize an internal control system based on logs. Previously, we proposed a low cost system to store logs semi-permanently using a Virtual Large Scale Disk. However, this method has problems with cross-sectional searches of different formats and its overall effectiveness. Therefore, we proposed a log that can cope with changing schema on demand by integrating several kinds of logs into YAML format. We also proposed a log format able to search across several kinds of logs by consolidating the log format and combining the logs into a single file. However, this proposal is not usable in practice, instead an integrated log is needed. Thus, in this paper, we implement a method that ensures consistency when a log is converted into YAML format from a raw log and vice versa and a command to search the integrated log. We also present an evaluation of the proposed method.