The operation of the education and research system, which includes network, server and client services, produces a variety of log output. The effective analysis of these logs makes it is possible to ascertain user trends, and often points to issues that require troubleshooting. However, due to the difference in the type and diversity of format of the log, it takes a considerable amount of effort to organize them in a cross-sectional manner in order to obtain useful information. To resolve this issue, we have constructed a log collecting system by using Splunk to centrally aggregate logs. Most logs are automatically stored on the Splunk database from each system. As a result, the administrator and service support staff can view these logs via a simple interface, and can check the usage of the users across multiple systems in near real time.
In this presentation, we introduce how to approach and construct a system in order to change the logs of the various systems to be able to obtain valuable information. We also show how you can utilize aggregated log for service support and security. Particularly based on the user ID and IP addresses, it is possible to gain a bird's-eye view of logs for analysis, making it a valid tool for understanding user behavior.
