AirLive IAR-5000 v2 User Manual

12. Content Auditing

155

AirLive IAR-5000 User’s Manual

|

Matches either the expression before or the expression after the operator. E.g.,
abc|def matches "abc" or "def".

( )

Allows the regular expression in the parentheses to be treated as a single unit.
E.g., severity:(1|2) matches the pattern severity:1 or severity:2.

Example:

Creating the Audit Rules for Services of SMTP, POP3, HTTP, IM, Web SMTP, Web
POP3, FTP and TELNET

Prior to creating audit rules, please enable “Enable report hyperlinks” and configure its
related settings under Record

Æ Settings Æ Settings.

Step1. Under Content Auditing

Æ Settings, create an audit rule for SMTP service:

(Figure 12-1)

„ Click

on

New Entry.

„ Type “SMTP_Audit” in the Name field.
„ Select “SMTP” for Service.
„ Type

“[0-9a-zA-Z_.-]+@[a-zA-Z_0-9.-]+\.[a-zA-Z_0-9.-]+” in the Content

field. (In the search of any email address)

More example for the content, “([0-9]{4}.){3}[0-9]{4}” indicates with
using RE to match the content of 1234-5678-9012-3456, 1234 5678
9012 3456, 4585-4566-3792-5616, 4585 4566 3792 5616, …

„ Select “No” for Attachment.
„ Select “All” for Department / Group.
„ Specify a recipient in the Send Audit Report to field.
„ Click

on

OK to complete the audit rule. (Figure 12-2)

„ The device automatically searches for logs according to the criteria and

generates a corresponding report. Designated recipient will be receiving
the report once it is generated. (Figure 12-3, 4)

Figure 12-1 Creating an Audit Rule for SMTP Service