You can replace one or more occurrences of buffer text with different text. Here are the steps to replace "computer" with "BIG COMPUTER".

1. Press Ctrl/Z to get to the "Command:" prompt.
2. At the "Command:" prompt, enter replace.
3. At the "Old String:" prompt, enter computer.
4. At the "New String:" prompt, enter BIG COMPUTER.
5. The editor will find and highlight "computer" and ask:
   Replace? Type Yes, No, All, Last, or Quit:
   You can:
   • Press [Return] or enter Y or Yes to replace this occurrence. The editor will then search for more occurrences of the old text.
   • Enter N or No to skip this occurrence and search for more occurrences.
   • Enter All to replace all occurrences in the current direction. If more occurrences are found in the opposite direction, the editor will ask:
     Found in reverse direction. Go there [Y]?
     You can enter Y or N.
   • Enter Last to replace this occurrence and stop searching for more.
   • Enter Quit if you do not want to replace any occurrences or if you want to stop replacing text.
6. The editor displays a message that tells you how many occurrences were replaced.

You can enter help replace at the "Command:" prompt to get more information on replacing text.

This appendix contains a summary of the menus that INSA Manager uses. Short descriptions tell what procedures the menu items execute.

A.1 Main Menu Options

+-----------------INTOUCH INSA - Network Security Agent V1.5-------------------+ 
|  Security    Status    Reports    Maintenance    General    Advanced    Exit | 
+------------------------------------------------------------------------------+ 

Security	perform session procedures
Status	status displays
Reports	create reports
Maintenance	maintain procedures
General	miscellaneous procedures
Advanced	system procedures
Exit	Exit INSA Manager

A.1.1 Security Menu Options

+-----------------INTOUCH INSA - Network Security Agent V1.5-------------------+ 
|  Security    Status    Reports    Maintenance    General    Advanced    Exit | 
++------Security-------+-------------------------------------------------------+ 
 |  Sessions           | 
 |  Playback           | 
 |  Archive Playback   | 
 +---------------------+ 

Sessions

Select which active sessions to display and work with.

+------Select Sessions-------+ | All | | Sessions with incidents | | User names | | Locations | +----------------------------+

All	display all sessions
Sessions with incidents	display only sessions which have had incidents
User names	display sessions for specific user names
Locations	display sessions for specific locations or domains

There are several menu options on the active sessions list.

+-----------------------------------Security-----------------------------------+ | Sessions Clear Exit | +------------------------------------------------------------------------------+ +----------------28 active sessions as of 23-Jan-1997 09:32:55-----------------+ | Refresh | | | | Source Location Destination Loc Type User Last Cnct Ins Status | | LAT 2.22:17 LAT 17.3 INTER ALLEN 09:29 1:24 4 | | TTITEST.COM TTITEST.COM INTER DAN 09:31 11:13 2 | | LAT 2.22:97 LAT 97.1 INTER JEANNIE 09:23 1:30 1 (w) | | IP 204.212.151.105:1634 CAST.TTINET.COM INTER CLR 09:31 15:55 | | . . . | +------------------------------------------------------------------------------+

Sessions	displays a list of the active sessions
Clear	clears ALL watched sessions, if there are any
Exit	returns to the "Select Sessions" menu
Refresh	display an updated active sessions list

After a session is selected from the active sessions list, information about the session is displayed and session procedures (watch, etc.) can be performed.

+-------------------------------Session Security-------------------------------+ | Refresh Actions Incidents Exit | +-----------+------Actions------+----------------------------------------------+ | Watch | | Unwatch | | Snapshot | | Playback | | Start Recording | | Stop Recording | | Disconnect | +-------------------+

Refresh	refresh the session information in the box
Watch	open a window and watch the session keystroke activity
Unwatch	stop watching the session activity if currently watching the session
Snapshot	open a window and display a snapshot of current activity
Playback	play back the session recording
Start Recording	start recording the session
Stop Recording	stop recording the session if it is being recorded
Disconnect	disconnect the session if it is an IP session
Incidents	list current session incidents and display incident text
Exit	exit back to the active sessions list

Playback

You can play back previously recorded sessions. Select which recordings you want to play back.

+Select Recordings+ | All | | User names | | Locations | | Alert names | +-----------------+

All	all of the recordings
User names	recordings for specific user names
Locations	recordings for specific locations or domains
Alert names	recordings for specific alert names

After a recordings list is displayed, selection a recording to play back.

+-----------------------------------Playback-----------------------------------+ | Recordings Exit | +------------------------------------------------------------------------------+ +-----------------------------Recorded Sessions------------------------------+ | Source Location User Alert K bytes Recording Date | | RAY.UTW.COM GRS URGENT 24 14-Jan-1997 07:39:13 | | LAT 1.36:3 TONY URGENT 6 22-Jan-1997 07:39:08 | | TTITEST.COM DAN URGENT 10 23-Jan-1997 10:02:52 | | LAT 9.214:8 JEANNIE PRIV 139 13-Jan-1997 09:08:15 | | LAT 9.214:7 ALLEN PRIV 76 22-Jan-1997 09:01:02 | | TTITEST.COM DAN URGENT 14 21-Jan-1997 10:12:40 | | LAT 1.10:1 ALLEN URGENT 474 21-Jan-1997 10:08:16 | +----------------------------------------------------------------------------+

The playback procedure allows you to control the actual playback process and also search for text in the recording.

Archive Playback

You can play back archived recorded sessions. This option works basically the same as the Playback option. The difference is that you play back recorded sessions from an archive file instead of from the current file. A list of archive files is displayed and you select the file you want to play back recordings from.

A.1.2 Status Menu Options

+-----------------INTOUCH INSA - Network Security Agent V1.5-------------------+ 
|  Security    Status    Reports    Maintenance    General    Advanced    Exit | 
+------------+-----Status------+-----------------------------------------------+ 
             |  Network        | 
             |  INTOUCH INSA   | 
             |  Security       | 
             +-----------------+ 

Network	Creates a report of Ethernet statistics and TCP/IP statistics.
INTOUCH INSA	Displays information about the status of INTOUCH INSA. The display shows information about the following: handler, scanner, resolver, sessions, configuration, system. The status data is updated as it changes.
Security	Displays information about the most recent alert incidents. The display shows the total number of incidents, and the top five alert names, number of incidents per alert, date and time of the last alert incident.

A.1.3 Reports Menu Options

+-----------------INTOUCH INSA - Network Security Agent V1.5-------------------+ | Security Status Reports Maintenance General Advanced Exit | +----------------------+-------Reports-------+---------------------------------+ | Incident | | Alert | | Recordings | | Browser Accesses | +---------------Top----------------+ | URL Accesses | | IP Address (volume) | | Active Browsers | | IP Connection (volume) | | Audit | | Browser Accesses | | Page | | URL Accesses | | Top [>| | URL Connection | | Archive [>| | Email | +---------------------+ | Email (volume) | | Email Correspondence | | Email Correspondence (volume) | +----------------------------------+ +----Archive----+ | Incident | | Recordings | | Audit | +---------------+

When creating the incident, alert, recordings, audit, and archive reports, you select various report criteria options such as how to sort the data, what data to include, etc.

Incident	Creates reports on detected incidents. These reports can be created: Summary Report Shows the count of incidents and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line per incident. The detail report level breaks on the first sort field specified. The report shows incident date, incident time, user name, alert priority, alert name, location and count. Session Text Prints the actual text of the session that caused the incident. The report displays one incident per page.
Alert	Creates reports which contain information found in the alert records. The information includes: alert name alert description priority code (1-9) actions to take when incidents occur total count of incidents date and time of the last incident
Recordings	If you specify record as one of the alert actions, INTOUCH INSA records the session from the time an incident was detected until log off. This menu option creates reports of recorded sessions. These reports can be created: Summary Report Shows the count of recordings and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line per recording. The detail report level breaks on the first sort field specified. The report shows user name, alert name, date, time, location, size in K bytes and count.
Browser Accesses	Creates Browser Accesses Report. This is a report of browser activity (URLs the browser accessed) since a specified date. The information includes:   URL the accessed URL   Count number of times the URL was accessed since the specified access date   Last Access date and time of the last access
URL Accesses	Creates URL Accesses Report. This is a report of browsers who have accessed a selected URL since a specified date. The information includes:   Browser's Domain/IP the domain name if available, or IP address of the browser   Count number of times the browser has accessed this URL since the specified access date   Last Access date and time of the last access
Active Browsers	The Active Browsers Report shows the browsers that have been active within the last thirty (30) minutes (approximately). The information includes:   URL Accessed last item that was accessed   Browser IP Address browser's IP address   Last Access time of the last access
Audit	Creates audit reports. These reports can be created: Summary Report Shows the count of items and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line for each source item. The detail report level breaks on the first sort field specified. The report shows date, time, source, activity item, item data and count.
Page	Creates reports which contain information found in the page records. The information includes: page name page description pager phone number PIN script file name total count of pages date and time of the last page
Top IP Address	The Top IP Address Report shows, in descending order, the most active IP addressed systems on the network. Activity is measured by volume of activity (in K bytes). The report information includes:   K bytes total K bytes accessed by the IP   IP address of the system   Last Access date and time of the last access   Percent percentage of total K bytes
Top IP Connection	The Top IP Connection Report shows, in descending order, the most active connections between two systems on the network. Activity is measured by volume of activity (in K bytes). The report information includes:   K bytes total number of K bytes accessed   Source IP address of the user   Destination IP last IP address that was accessed   Last Access date and time of the last access   Percent percentage of total K bytes
Top Browser Accesses	The Top Browser Accesses Report shows, in descending order, the most active World Wide Web (WWW) browsing users. Activity is measured by number of WWW pages accessed. The report information includes:   Count total number of pages accessed   Browser's IP address of the user   HTTP Server's IP last item that was accessed   Last Access date and time of the last access   Percent percentage of total accesses
Top URL Accesses	The Top URL Accesses Report shows, in descending order, the most accessed URLs. The report information includes:   Count number of times the URL has been accessed   URL name of the URL   Last Access date and time of the last access   Percent percentage of the total count of all URLs
Top URL Connection	The Top URL Connection Report shows, in descending order, the most active network connections between IP addresses and URLs. The report information includes:   Count number of times the IP address accessed the URL   Browser's IP IP address of the browser   URL name of the URL   Last Access date and time of the last access   Percent percentage of the total count
Top E-mail	The Top E-mail Report shows, in descending order, the most active E-mail addresses by count. The report information includes:   Count number of E-mail messages sent and/or received   Address E-mail address   Last Access date and time of the last message   Percent percentage of the total count of all E-mail
Top E-mail by Volume	The Top E-mail by Volume Report shows, in descending order, the most active E-mail addresses by K bytes. The report information includes:   K bytes number of K bytes for E-mail messages sent and/or received   Address E-mail address   Last Access date and time of the last message   Percent percentage of the total K bytes of all E-mail
Top E-mail Correspondence	The Top E-mail Correspondence Report shows, in descending order, the most active sources and destinations by count. The report information includes:   Count number of E-mail messages sent and received   Source E-mail address of sender   Destination E-mail address of receiver   Last Access date and time of the last message   Percent percentage of the total count of all E-mail
Top E-mail Correspondence by Volume	The Top E-mail Correspondence by Volume Report shows, in descending order, the most active sources and destinations by K bytes. The report information includes:   K bytes number of K bytes for E-mail messages sent and received   Source E-mail address of sender   Destination E-mail address of receiver   Last Access date and time of the last message   Percent percentage of the total count of all E-mail
Archive Incident	Creates reports from incident archive files. These reports can be created: Summary Report Shows the count of incidents and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line per incident. The detail report level breaks on the first sort field specified. The report shows incident date, incident time, user name, alert priority, alert name, location and count. Session Text Prints the actual text of the session that caused the incident. The report displays one incident per page.
Archive Recordings	Creates reports from recordings archive files. These reports can be created: Summary Report Shows the count of recordings and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line per recording. The detail report level breaks on the first sort field specified. The report shows user name, alert name, date, time, location, size in K bytes and count.
Archive Audit	Creates reports from archived audit data. These reports can be created: Summary Report Shows the count of items and percent of the total count, within your selection criteria, for the first sort field specified. Detail Report Prints one line for each source item. The detail report level breaks on the first sort field specified. The report shows date, time, source, activity item, item data and count.