Abstract: In this paper a novel software is proposed based on querying system logs and correlating the events registered in those logs. The purpose of this approach is to identify the hosts causing violations to predefined security policies in computer networks.