TamoSoft: Network Analysis Tools & Security Software

Network Content Monitor - NetResident

NetResident Help Documentation Next Page

The Advanced Search

Advanced search allows you to search for virtually any data in the NetResident database, simplifying the analysis of captured network events. The search engine is capable of searching for specific data types, such as Web page contents, URL text, e-mail message headers, etc. The search fields are specific for every NetResident plugin. You can search and create alarms for the data that has been already captured or for the data that will be captured in the future. Two data types are used in this search: Search Target and Search Set.


A Search Target is simply a search criterion that is used by NetResident when processing the database. It may be a keyword in the HTML text, e-mail message, URL address, etc. Search Target options vary for every NetResident plugin. A Search Set consists of one or many Search Targets that makes it possible to combine several search criteria.


Click Search => New Search Set to create a new Search Set. The Search Set wizard will help you create a new search filter with a few mouse clicks. Click Next on the welcome screen and proceed to the Search Set options screen.




To create a set, you need to specify a unique name, select Search Set logic, and then select Search Targets that will be included in a set. Note that you have to first enter a Search Set name for all other options to become available. Click New Search Target to create a Search Target, and then click Next on the welcome screen. When creating a new Search Target, you must specify a unique name, select a desired plugin, the plugin field that will be used when searching, and its value. For example, if you want to search Web pages for the word "bomb," you should give the Search Target a unique name (e.g. "Bomb"), select the "Web" plugin, select the "Text" field, and enter the keyword (or several keywords) you're interested in (e.g. "bomb" or "bomb, explosive").


Hint: It's possible to specify several values at a time by separating them with commas.




The following additional options are also available:


Match Case – when this option is selected, the case of the letters entered as the search word must match the case of the letters in the events to be searched.

Whole Word – if this option is selected, substrings will be ignored e.g. "sensitive" won't match "insensitive."

Apply to future events only – if this option is selected, a search will be performed for new records only. Otherwise, all records in the database, including previous ones, will be processed.


Note: Every Search Target requires additional database processing, so try to minimize the number of Search Targets to reduce the consumption of computer resources. In other words, delete the Search Targets that you don't need anymore, as a large number of Search Targets increases computer resource utilization.


Now click Next and then Finish to close the Search Target wizard.




Select the desired Search Targets by moving them from the Available search targets list to the Selected search targets list. Click on the Next button to select the desired notification type.




The Search Set notification selection window allows you to select the actions to be performed when the Search Set contents match your search criteria. The following actions are available:


Beep: The computer beeps.
Play file: Plays the specified WAV file.
Send e-mail to: Sends e-mail to the specified e-mail address. You MUST configure NetResident to use your SMTP server prior to sending e-mail. Use the E-mail Setup button to enter your SMTP server settings. Usually, an e-mail message can also be used to send alerts to your instant messaging application, cell phone, or pager. For example, to send a message to an ICQ user, you should enter the e-mail address as ICQ_USER_UIN@pager.icq.com, where ICQ_USER_UIN is the user's unique ICQ identification number, and allow EmailExpress messages in the ICQ options. Please refer to your instant messenger documentation or cell phone operator for more information. The E-mail message text field can be used to add an arbitrary message to the e-mail notification.
Show message: Shows a notification with the specified text.
Set a priority: Sets the event priority.
Add a comment: Adds a comment for the event.
Pronounce message: Makes Windows speak the specified text using the text-to-speech engine. By default, Windows only comes with English computer voices, so Windows may not be able to pronounce messages correctly if the text is entered in a language other than English.
Write to syslog: Sends the message to the specified IP address using the syslog protocol.
Send SNMP trap: Sends the message to the specified IP address using the SNMP protocol. The MIB file containing OID descriptions is available upon request.
Launch application: Launches the specified application (additional command line parameters are supported).


Note: The Beep, Play File, Pronounce message, Launch application, and Show Message options work only if the NetResident console is active.


Select the desired notification actions and click Next. The Search Set that you've just created will be registered in the database and the corresponding tab with its name will be available in the main program window. All records that match your Search Target(s) will be displayed on this tab.




If you would like to modify or delete a Search Set, use the corresponding items located in the Search menu.