Log-based anomaly detection is crucial for ensuring the stability and reliability of software systems. However, the scarcity of labeled logs severely constrains the rapid deployment of existing methods to new systems. To address this issue, cross-system transfer has been recognized as an important research direction. State-of-the-art cross-system approaches can achieve strong performance when a small amount of labeled target logs is available, but several limitations remain: methods based on small models focus solely on transferring general knowledge and thus overlook the discrepancies and potential mismatches between general knowledge and the target system’s proprietary knowledge; methods based on LLMs can capture proprietary patterns but often rely on guidance from a few positive examples and are constrained by high inference cost and low inference efficiency. Existing LLM–small model collaboration strategies typically quantify sample complexity via the small model’s output uncertainty, assigning “simple logs” to the small model and “complex logs” to the LLM. However, in the cross-system setting without target labels, sample complexity cannot be measured in a supervised manner, and such routing mechanisms are not designed from the perspective of knowledge separation. Therefore, they are not directly applicable to zero-label cross-system log-based anomaly detection. To address these issues, we propose GeneralLog, a novel LLM–small model collaborative method for zero-label cross-system log-based anomaly detection. GeneralLog performs knowledge-level dynamic routing of unlabeled target logs, allowing the LLM to process “proprietary logs” while the small model handles “general logs,” thereby achieving cross-system generalization without requiring labeled target logs. Experiments on three public log datasets from different systems show that, under a fully zero-label setting, GeneralLog achieves an F1-score over 90%, significantly outperforming existing state-of-the-art cross-system methods.