Advanced search allows you to search for virtually any data in
the NetResident database, simplifying the analysis of captured
network events. The search engine is capable of searching for
specific data types, such as Web page contents, URL text, e-mail
message headers, etc. The search fields are specific for every
NetResident plugin. You can search and create alarms
for the data that has been already captured or for the data that
will be captured in the future. Two data types are used in this
search: Search Target and
A Search Target is simply a search criterion that is used by
NetResident when processing the database. It may be a keyword in
the HTML text, e-mail message, URL address, etc. Search Target
options vary for every NetResident plugin. A Search Set consists of
one or many Search Targets that makes it possible to combine
several search criteria.
Click Search => New Search
Set to create a new Search Set. The Search Set wizard will
help you create a new search filter with a few mouse clicks. Click
Next on the welcome screen
and proceed to the Search Set options screen.
To create a set, you need to specify a unique name, select
Search Set logic, and then
select Search Targets that will be included in a set. Note that you
have to first enter a Search Set name for all other options to
become available. Click New Search
Target to create a Search Target, and then click
Next on the welcome screen.
When creating a new Search Target, you must specify a unique name,
select a desired plugin, the plugin field that will be used when
searching, and its value. For example, if you want to search Web
pages for the word "bomb," you should give the Search Target a
unique name (e.g. "Bomb"), select the "Web" plugin, select the
"Text" field, and enter the keyword (or several keywords) you're
interested in (e.g. "bomb" or "bomb, explosive").
Hint: It's possible to specify
several values at a time by separating them with commas.
The following additional options are also available:
Match Case – when this
option is selected, the case of the letters entered as the search
word must match the case of the letters in the events to be
Whole Word – if this
option is selected, substrings will be ignored e.g. "sensitive"
won't match "insensitive."
Apply to future events
only – if this option is selected, a search will be
performed for new records only. Otherwise, all records in the
database, including previous ones, will be processed.
Note: Every Search Target requires
additional database processing, so try to minimize the number of
Search Targets to reduce the consumption of computer resources. In
other words, delete the Search Targets that you don't need anymore,
as a large number of Search Targets increases computer resource
Now click Next and then
Finish to close the Search
Select the desired Search Targets by moving them from the
Available search targets
list to the Selected search
targets list. Click on the Next button to select the desired
The Search Set notification
selection window allows you to select the actions to be
performed when the Search Set contents match your search criteria.
The following actions are available:
||Beep: The computer
||Play file: Plays the
specified WAV file.
||Send e-mail to: Sends
e-mail to the specified e-mail address. You MUST configure
NetResident to use your SMTP server prior to sending e-mail. Use
the E-mail Setup button to
enter your SMTP server settings. Usually, an e-mail message can
also be used to send alerts to your instant messaging application,
cell phone, or pager. For example, to send a message to an ICQ
user, you should enter the e-mail address as
ICQ_USER_UIN@pager.icq.com, where ICQ_USER_UIN is the user's unique
ICQ identification number, and allow EmailExpress messages in the
ICQ options. Please refer to your instant messenger documentation
or cell phone operator for more information. The E-mail message text field can be used
to add an arbitrary message to the e-mail notification.
||Show message: Shows a
notification with the specified text.
||Set a priority: Sets
the event priority.
||Add a comment: Adds a
comment for the event.
Makes Windows speak the specified text using the text-to-speech
engine. By default, Windows only comes with English computer
voices, so Windows may not be able to pronounce messages correctly
if the text is entered in a language other than English.
||Write to syslog: Sends
the message to the specified IP address using the syslog
||Send SNMP trap: Sends
the message to the specified IP address using the SNMP protocol.
The MIB file containing OID descriptions is available upon
Launches the specified application (additional command line
parameters are supported).
Note: The Beep, Play File,
Pronounce message, Launch application, and Show Message options
work only if the NetResident console is active.
Select the desired notification actions and click Next. The Search Set that you've just
created will be registered in the database and the corresponding
tab with its name will be available in the main program window. All
records that match your Search Target(s) will be displayed on this
If you would like to modify or delete a Search Set, use the
corresponding items located in the Search menu.