| Previous | Contents | Index |
The purge/archive selection criteria is displayed on the screen. The following example shows that incident and recording records with a date of 01-Jan-1996 thru 31-Jan-1996 for users TESTER1 and TESTER2 with alert names of MGMT, PAYROLL and URGENT are to be selected for purging and archiving.
INTOUCH INSA Purge and Archive Records 23-Jan-1997
+------------------------------------------------------------------------------+
|Records : Incidents,Recordings |
|Option : Purge and Archive |
|Archive name: JANUARY96 |
+------------------------------------------------------------------------------+
+----------------------------- Selection Criteria -----------------------------+
|Thru date : |
|Date range : 01-Jan-1996 thru 31-Jan-1996 |
|User names : TESTER1,TESTER2 |
|Locations : |
|Alert names : MGMT,PAYROLL,URGENT |
+------------------------------------------------------------------------------+
+-Proceed-+
| Yes |
| No |
|---------|
| Exit |
+---------+
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
You are asked if you want to proceed.
| Select Yes to start the procedure. | |
| Select No to return to the alert names prompt. | |
| Select Exit to abandon the procedure and return to the Maintenance menu. |
If you elect to proceed, the appropriate records are purged and/or archived and other INTOUCH INSA files are updated accordingly.
During the purge/archive procedure, processing information is displayed. After the purge/archive is completed, you can press [Return] to exit the procedure and return to the Maintenance menu.
| Example 9-1 Security Procedures |
|---|
+-----------------INTOUCH INSA - Network Security Agent V1.5-------------------+ | Security Status Reports Maintenance General Advanced Exit | ++------Security-------+-------------------------------------------------------+ | Sessions | | Playback | | Archive Playback | +---------------------+ |
The Security menu options are:
9.1 Sessions Option
The Sessions menu option is used to display lists of
active sessions. Additional information can be displayed for any active
sessions and active sessions can be watched.
When you select Sessions from the Security menu,
+------Security-------+
| Sessions |
| Playback |
| Archive Playback |
+---------------------+
|
the following screen is displayed:
+------Select Sessions-------+
| All |
| Sessions with incidents |
| User names |
| Locations |
|----------------------------|
| Exit |
+----------------------------+
|
You are asked to select which session information you want to display. The options are:
| All | display all sessions | |
| Sessions with incidents | display only sessions which have had incidents | |
| User names | display sessions for specific user names | |
| Locations | display sessions for specific locations or domains | |
| Exit | exit back to the Security menu |
If you select one of the "Select Sessions" menu items and the message:
No active sessions found
is displayed, wait for 3-4 minutes to elapse and repeat your selection. This message is displayed if INTOUCH INSA has started but it did not have enough time to gather all of the information about the current processes running on your network.
+------Select Sessions-------+
| All |
| Sessions with incidents |
| User names |
| Locations |
|----------------------------|
| Exit |
+----------------------------+
|
If All is selected from the Select Sessions menu, INSA Manager displays a list of the active sessions. The date and time the list was created are also displayed. For example:
| Example 9-2 Active Sessions List |
|---|
+-----------------------------------Security-----------------------------------+
| Sessions Clear Exit |
+------------------------------------------------------------------------------+
+----------------28 active sessions as of 23-Jan-1997 09:32:55-----------------+
| Refresh |
| |
| Source Location Destination Loc Type User Last Cnct Ins Status |
| LAT 2.22:17 LAT 17.3 INTER ALLEN 09:29 1:24 4 |
| TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 |
| LAT 2.22:97 LAT 97.1 INTER DEBBIE 09:23 1:30 1 (w) |
| IP 204.212.151.105:1634 CAST.TTINET.COM INTER SYSTEM 09:31 15:55 |
| LAT 31.144:7 LAT 7.2 INTER HENRY 09:31 1:28 |
| LAT 1.182:1 LAT 1.1 INTER JEANNIE 09:31 0:40 |
| ASA.COMNET.COM TR.TTINET.COM INTER JODI 09:31 1:04 |
| LAT 2.22:49 LAT 49.4 INTER MSR 09:31 1:13 |
| . . . |
+------------------------------------------------------------------------------+
Sessions watched: 1
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
If there are more active sessions than can be shown on the screen, select Next... to display the next screen. Previous... displays the previous screen.
Each line of session information includes:
To get an updated sessions menu list, click on the Refresh option. The screen will clear and an updated sessions list will be displayed. The list date and time are also updated.
Menu Options
Several menu options are displayed across the top of the screen. The menu options are:
If you want to get more detailed information about any of the sessions on the list or watch a session, see Section 9.1.2, Selecting Sessions to Review and Watch.
+------Select Sessions-------+
| All |
| Sessions with incidents |
| User names |
| Locations |
|----------------------------|
| Exit |
+----------------------------+
|
If Sessions with incidents is selected, only active sessions where incidents have occurred are displayed. For example:
+-----------------------------------Security-----------------------------------+
| Sessions Clear Exit |
+------------------------------------------------------------------------------+
+-----------------3 active sessions as of 23-Jan-1997 09:32:55-----------------+
| Refresh |
| |
| Source Location Destination Loc Type User Last Cnct Ins Status |
| LAT 2.22:17 LAT 17.3 INTER ALLEN 09:29 1:24 4 |
| TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 |
| LAT 2.22:97 LAT 97.1 INTER DEBBIE 09:23 1:30 1 (w) |
+------------------------------------------------------------------------------+
Sessions watched: 1
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
If you want to get more detailed information about any of the sessions on the list or watch a session, see Section 9.1.2, Selecting Sessions to Review and Watch.
+------Select Sessions-------+
| All |
| Sessions with incidents |
| User names |
| Locations |
|----------------------------|
| Exit |
+----------------------------+
|
If User names is selected, you are asked for the session user names you want to display.
User names (AAA,BBB,...)? ____________________________________________________ |
You can enter a single user name or a comma-separated list of user names. You can also use the asterisk (*) character as a wildcard. Here are some examples:
To select user name ALAN, enter:
To select user names, ALAN, SUE and GEORGE, enter:
To select the user names that:
enter:
User names (AAA,BBB,...)? jeannie,dan_________________________________________ |
Only active sessions for the specified user names are displayed. For example:
+-----------------------------------Security-----------------------------------+
| Sessions Clear Exit |
+------------------------------------------------------------------------------+
+-----------------2 active sessions as of 23-Jan-1997 09:32:55-----------------+
| Refresh |
| |
| Source Location Destination Loc Type User Last Cnct Ins Status |
| TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 |
| LAT 1.182:1 LAT 1.1 INTER JEANNIE 09:31 0:40 |
+------------------------------------------------------------------------------+
Sessions watched: 0
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
If you want to get more detailed information about any of the sessions on the list or watch a session, see Section 9.1.2, Selecting Sessions to Review and Watch.
+------Select Sessions-------+
| All |
| Sessions with incidents |
| User names |
| Locations |
|----------------------------|
| Exit |
+----------------------------+
|
If Locations is selected, you are asked for the session locations you want to display.
Locations (AAA,BBB,...)? ____________________________________________________ |
You can enter a single location/address, or a list of locations separated by commas. You can use the asterisk (*) character as a wildcard. Here are some examples:
To select LAT addresses that begin with LAT 1, enter:
To select IP domain names that end in .COM and IP addresses that end in .3, enter:
If "*.COM" was entered,
Locations (AAA,BBB,...)? *.com_______________________________________________ |
the following sessions would be displayed:
+-----------------------------------Security-----------------------------------+
| Sessions Clear Exit |
+------------------------------------------------------------------------------+
+-----------------2 active sessions as of 23-Jan-1997 09:32:55-----------------+
| Refresh |
| |
| Source Location Destination Loc Type User Last Cnct Ins Status |
| TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 |
| ASA.COMNET.COM TR.TTINET.COM INTER JODI 09:31 1:04 |
+------------------------------------------------------------------------------+
Sessions watched: 0
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
If you want to get more detailed information about any of the sessions on the list or watch a session, see Section 9.1.2, Selecting Sessions to Review and Watch.
9.1.2 Selecting Sessions to Review and Watch
To display specific session information and/or watch that session, use
the mouse to select a session from the sessions list. In the following
example, ALLEN is selected:
+-----------------------------------Security-----------------------------------+
| Sessions Clear Exit |
+------------------------------------------------------------------------------+
+----------------28 active sessions as of 23-Jan-1997 09:32:55-----------------+
| Refresh |
| |
| Source Location Destination Loc Type User Last Cnct Ins Status |
| LAT 2.22:17 LAT 17.3 INTER ALLEN 09:29 1:24 4 |
| TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 |
| LAT 2.22:97 LAT 97.1 INTER DEBBIE 09:23 1:30 1 (w) |
| IP 204.212.151.105:1634 CAST.TTINET.COM INTER SYSTEM 09:31 15:55 |
| LAT 31.144:7 LAT 7.2 INTER HENRY 09:31 1:28 |
| LAT 1.182:1 LAT 1.1 INTER JEANNIE 09:31 0:40 |
| ASA.COMNET.COM TR.TTINET.COM INTER JODI 09:31 1:04 |
| LAT 2.22:49 LAT 49.4 INTER MSR 09:31 1:13 |
| . . . |
+------------------------------------------------------------------------------+
Sessions watched: 1
EXIT = Exit INTOUCH INSA \ = Back HELP = Help
|
After a session is selected, a new window is created and information about the session activity is displayed in a box in the new window. The information in the selected session window includes a menu of options and session activity information. For example:
| Example 9-3 Session Display |
|---|
+-------------------------------Session Security-------------------------------+ | Refresh Actions Incidents Exit | +------------------------------------------------------------------------------+ +-------------------Session as of 23-Jan-1997 09:57:54-------------------+ | | | LAT 2.22:17 --> LAT 17.3 | | | | Type : INTER | | User name : probably ALLEN | | Incidents : 4 | | Last login : 23-Jan-1997 08:09:18 | | Last activity : 23-Jan-1997 09:46:49 | | Watch status : none | +------------------------------------------------------------------------+ EXIT = Exit INTOUCH INSA \ = Back HELP = Help |
Depending on the session, additional information might be displayed.
The Session Security menu options are:
+-------------------------------Session Security-------------------------------+
| Refresh Actions Incidents Exit |
+-----------+------Actions------+----------------------------------------------+
| Watch |
| Unwatch |
| Snapshot |
| Playback |
| Start Recording |
| Stop Recording |
| Disconnect |
+-------------------+
|
When you select Refresh from the Session Security menu at the top of the screen, the screen clears and is repainted with updated information.
| Previous | Next | Contents | Index |