user manual
Contents
1. 22 4 2 SEAPCB ae etd saa E P ML A Le 25 4 3 See ae ea 25 4 4 EXPORTS tuae TR OTE Na M 27 Table of Figures FIGURE T USER LOG DN cri ahaa eee er SEU E EE 5 FIGURE 2 USER C 6 ADD a vi FIGURE 4 SHOW USER INFORMA TION tue dau 8 EDU USER eee ele ede 9 FIGURE 0 SET NEW PASSWORD 10 WHOLE LOG L Tierce 12 S RESULT FILTER OF WHOLE OG LIST cil dahon Sechaba o le du I uidet 12 FIGURE ATE TIME FILTER 13 FIGURE TO PROTOCOLE DBR tel sak A ieee ste oec uot tuba 13 FIGURE TDI TARGET PELI tid s 13 FIGURE TOS 14 I 14 FIGURE I4 ICMP LOG LIST aea M 15 PIGURE 52 RESULT FIC RORICMP LOG2. 2 3 System Requirement OS Cent OS 5 3 recommended The system s components run on Intel based GNU Linux com patible server machines equipped with at least one network card a CD DVD drive enough hard disk space and RAM If all the system s components are deployed on a single server Dual Core 2 4GHz Pentium CPU 4GB RAM system memory 80GB available disk space or more 100Mbit s Network card or more 3 User Management 31 User Log In User with user account enters Username and Password to log in NG TRACE Enterprise Security System Username Remember me Figure 1 User Log In 3 2 User Management User management section provides functionalities such as adding and deleting of user displaying and modifying user s information NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT List Users ADD Show All Roles Roles Login ID Email Receive Rpt Host Groups Full Name Login ngadmin Administrator NGTrace ngadmin example com logon Administer NGTrace false 2008 2009 NGTraceManager All Rights Reserved NG Trace v1 0 6100 Rails 2 3 2 Env production Figure 2 User Management Tab User information contains user login ID user name e mail address phone nu mber registered date modified date option whether or not to receive notify 1 nformation from notifier login status login date
3. 15 FIGURE TO EXPORT a ES N 16 PIGURE 16 FIGURE DIST odo 17 FIGURE 19 RESULT 1811 9118 OF E MAIL 17 FIGURE 20 EXPORT MESSAGE inia cuc ue pe td Etat 18 18 FIORE TOG 19 FIGURE 29 RESULT FIETBR OD IM V 20 FIGURE 24 BXPORT IMBSSAGE arrugas atu a col tue bue din ec 20 PIGUBE 2 WP OG EIS Tee tt ht et ae ied 21 FIGURE 26 RESULT PILTER OP HTTP D 0G ien a eee be uaa Sees 2 FIGURE 2T EXPORT M 22 FIGURE 22 29 E TP EOG DIS d intct ere len oco parci iU ed uid 23 FIGURE 30 RESULT FELTER OPE LP ee 23 FIGURE 3T EXPORT MESSAGE 24 PEIGURE 32 24 POORE ARCH ner cL
4. 7Bz amp BDVWSfdGF y Z2 OMDoMb19Sjcml aT 46021 v bmlOb3JfavvGvvOgxvX3Byb3RvMDsIMDoLb19u s n Content Type text html charset utf 8 URL http 492 168 1 202 networkadrnin exe components Information HTTPANebdav iOther The client host lt 192 1681 88 gt was tried to connect to or get Result code http 1 0 1 1 200 OK Response Exported Tables NG Trace v1 0 b100 Rails 2 3 2 Env production Figure 28 HTTP Detail 4 1 0 FTP Display list of stored FTP Communication Logs in selected DB ngadmin Logout NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS FTP Log List Of STOREDDB ICMP EXPORT 1902 01 08 00 00 E Enter host ip name 10 Per Page Source Destination Protocol URL Command Arguments HTTP SEARCH DATABASE Select Database EXPORT Exported Tables 2009 11 19 18216841277 19216581103 NFS nfs 4192 166 1 103 ACCESS fosi utils c 18 53 58 2009 11 19 182168177 192 168 1 103 NFS nfa 92 168 1 103 ACCESS 18 53 37 2009 11 19 192 168 1 77 192 168 1 103 NFS MI5 M1 92 168 1 103 ACCESS fcentos5 1 server 18 53 37 setup 2009 11 19 192 158 1 77 NFS nfs 92 158 1 103 18 52 04 fsystem config bind 403 4 el 2009 11 19 182 158 1 77 192 168 1 103 NFS 192 168 1 103 ACCESS 18 52 02 2009 11 19 192 1584
5. SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS E mail Detail BACK Date Time 2009 11 18 16 26 40 M Source Address 192 168 1 77 Destination Address 192 168 1 88 HTTP From root lt ri mail kec com File Transfer To pak mail kec com Subject welcome test mail 2 files test soap server rb install log DATABASE Select Database EXPORT Exported Tables 2008 2009 NGTraceManager All Rights Reserved NG Trace v1 0 6100 Rails 2 3 2 Env production Figure 21 E mail Detail 18 414 Display list of stored IM Communication Logs in selected DB NG TRACE Enterprise Security System LOGS AND AUDITS SEARCH DATABASE Select Database EXPORT Exported Tables g ngadmin SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT IM Log List Of STOREDDB EXPORT Date Time 2009 06 09 00 00 00 2009 08 12 11 15 03 2008 09 03 00 00 8 All Hosts Source 192 168 1 103 192 168 1 107 JABBER hahaha 3 2008 2009 NGTraceManager All Rights Reserved Figure 22 IM Log List The following information indicates contents of recorded IM log Date Time Captured time Source IP Address of Source Destination IP Address of Destination Type Sub type of IM protocol Server Name of Server Up Down Upload Download Contents Message text file name Filter IM Log List by Date Time Host and Page 19 2009 11 13 00 00 J Enter hostip or
6. name 10 Per Page Figure 23 Result Filter of IM Log EXPORT Export the IM Log as CSV file When receiving the following message click OK then ICMP Log is exported as CSV file Microsoft Internet Explorer i Are you sure you want to export the filtered result Figure 24 Export message 4 1 55 HTTP Display list of stored HTTP Communication Logs in selected DB 20 B ngadmin Logout NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT 00 00 10 gt Enter host ip or name Method URL Date Time Source Destination 2009 11 20 192 168 1 88 192 168 1 144 GET http 492 168 1 144 f s file index php img favicon 15 06 47 2009 11 20 1921658188 18216581144 GET http 492 168 1 144 fs file view path 27ngt_lelxKk_ filePh 15 06 37 2009 11 20 192 168 1 88 192 168 1 202 GET http 492 168 1 202 report Report contents 4314 9745 15 06 22 2009 11 20 192 168 1 88 192 168 1 34 http 492 168 1 34 mysois 15 04 40 2009 11 20 192 168 1 88 192 168 1 202 GET http 192 168 1 202 report report proto 4 15 03 51 2003 11 20 192 168 1 88 192 158 1 34 GET http 492 168 1 34 mysois 15 03 38 2009 11 20 182168 1 88 182168 1 34 4 192 168 1 341 5 03 38 2003 11 20 1821658188 192 168 1 202 GET http 192 168 1 202 networkadrnin
7. time user role manageable host groups description and etc ADD Register new user Enter user information of new user Login ID and e mail address should not be same as the ones of already registered users ees Symbol indicates mandatory fields If mandatory field is left blank user registration is not processed If user role Administer NG Trace is selected other user role options become disabled Groups item becomes activated only if user role Group Part Admin or Group Part Viewer 15 selected ngaamin Logour NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT New User LIST ALL USERS First me Last me Phone lumber Report Receiver Adm rister Aralyas Ad m niztistor Viewer Syste m Ad mi System Viewer 1 Ad Vere wer Group Pert Admin LI LI LI Group Part Viewer Groups This user can manage host groups as below gro up gioup2 save Figure 3 Add User SHOW We can view selected User s information User s Information includes the Login ID Name Email Addre ss phone number creation date time update date time Logon Status Roles Host Groups and Description Create at indicates created time and Update at represents pdated time Logon Status shows l
8. 7 88 ICMP ICMP Aue Echo ping request view more T Exported Tables 2008 11 18 12 06 39 182 168 1 1 88 2003 11 18 12 06 38 192 168 7 88 ICMP ICMP Echo ping request view more Echo ping reply view more 2009 11 18 12 06 38 192 168 7 88 ICMP ICMP Echo ping reply IM view more Displaying 1 10 of 3704 1 of 971 gt gt i 2008 2008 NGTraceManager All Rights Reserved NG Trace v1 0 6100 Rails 2 3 2 Env production Figure 7 Whole Log List The following information displays contents of recorded whole log Date Time Captured time Source IP Address of Source Destination IP Address of Destination Type Type of communication protocol Protocol Type of sub protocol Rule Target information Info Summarize information of carried contents view more Can see detail information of carried contents User can filter Whole Log List by Date Time Protocol Target Host and Page Enter hostip or name 10 Per Page Figure 8 Result Filter of Whole Log List Date Time Filter 12 Figure 9 Date Time Filter Filter whole Log List by date time It shows all logs recorded since specified date time to current date time Type filter Figure 10 Protocol Filter It allows filtering whole Log List by Protocol It shows searched result by selected protocol For example if selected E mail protocol user can see only E ma
9. 77 192 168 1 103 NFS nfs 92 168 1 103 ACCESS fest0 18 51 03 2009 11 19 192 158 1 77 19216581103 NFS nfs 92 158 1 103 READDIRPLUS itest 18 51 03 fest Aest00 Mew Folder saa a 2009 11 19 nfs 1 82 158 1 103 18 50 57 1924168 1 77 2008 11 19 1924584 77 19214681103 NFS nfs 82 168 1 103 ACCESS fest 00 18 50 56 Folder saa esti test00 New Folder aa 2009 11 19 18 50 55 192 168 1 77 192 168 1 103 Displaying 31 40 of 407 K Page 4 gt gt 2008 1902 NGTraceManager All Rights Reserved NG Trace 1 0 6100 Rails 2 3 2 Eny production Figure 29 FTP Log List The following information indicates contents of recorded FTP log Date Time Captured time Source Address of Source Destination IP Address of Destination Protocol Type of file transfer protocol such as FTP and SMB URL URL of visited web site Command Request command Arguments Information of communication file Filter FTP Log List by Date Time Host and Page 2009 11 13 00 00 290M Enter hostip or name Figure 30 Result Filter of FTP Log 23 EXPORT Export the FTP Log as CSV file When receiving the following message click OK then ICMP Log is exported as CSV file Microsoft Internet Explorer 22 you sure you want to export the filtered result Figure 31 Export message DETAIL View detai
10. 8 1 FTP 2 72 2009 06 09 00 00 00 192 168 1 107 192 168 1 2 22772 2009 06 09 00 00 00 192 168 1 107 192 168 1 2 2 777 2009 06 09 00 00 00 192 168 1 107 192 168 1 10 7277777 Displaying 1 10 of 23 lt Page 1 of 3 gt gt I Figure 35 Whole Log List Of RECENTDB 44 EXPORT Display exported file s list 27 B ngadmin NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS Exported Table List DELETE ALL Name Exported Date Filter Condition export ftplogs 20090903213306 1 csv 2009 09 03 21 33 06 Protocol FTP From Time 2008 09 03 00 00 exporti ftplogs 20090903213328 1 csv 2009 09 03 21 33 28 Protocol FTP From Time 2008 09 03 00 00 export ftplogs 20090903213348 1 csv 2009 09 03 21 33 48 Protocol FTP From Time 2008 09 03 00 00 2 2008 2009 NGTraceManager All Rights Reserved Figure 36 Export Table List The following information indicates contents of exported file File Name Name of exported file Exported Date Exported date Filter Condition Filter condition of exported file DOWNLOAD Download selected file DELETE Delete selected file DELETE ALL Delete all file 28
11. 8 11 19 18 10 57 192 168 177 192 168 1 1 amp Echo ping 0 No code DATABASE request Select Database _ _ me 2009 11 19 19 10 57 192 168 1 1 192 168 1 77 0 Echo ping reply 0 No code EXPORT 2009 11 19 19 10 56 192 168 1 1 192168177 0 Echo ping reply 0 No code Exported Tables 2009 11 19 19 10 56 192 168 1 77 19216881 8 Echo ping 0 No code request 2009 11 19 19 10 55 182168177 192 158 1 1 8 Echo ping request 2009 11 19 19 10 55 19216811 192168177 0 Echo ping reply Displaying 1 10 of 9206 K lt Page 1 of 921 gt gt 2008 2009 NGTraceManager All Rights Reserved NG Trace v1 0 8100 Rails 2 3 2 Env productior Figure 14 ICMP Log List The following information indicates contents of recorded ICMP log Date Time Captured time Source IP Address of Source Destination IP Address of Destination Message Type ICMP message type Message Code Message code information Size ICMP packet length Can filter ICMP Log List by Date Time Host Page m 2009 11 13 00 00 24 f Enter hostip or name Figure 15 Result Filter of ICMP Log EXPORT Export the ICMP Log as CSV file 15 When receiving the following message click OK then ICMP Log 15 as CSV file Microsoft Internet Explorer 4 Are you sure you want to export the filtered result Figure 16 Export message DETAIL View detailed information of ICMP Log B5 n
12. NG Trace User Manual December 2009 Table of Contents __ _2 lt 23 232322 2 lt 2 ___ _ _ 4 1 I 3222222222232 __ __ _ __ _ 4 2 SYSTEM OVERVIEW 4 2 1 ABOUT THE SA _ _ 4 22 265656 C 4 2 3 SYSTEM REOUIBEMENT 4 _3322 lt 3322222 lt _ ______ _ _ _ _ _ _ _ _ _ 5 3 1 USER EET er D E Ld Li Eu M O EE 5 3 2 MANAGEMEN 6 3 3 RSE ee ee ae 10 4 REPORT AND ANALYSIS 11 4 1 EOGS AND AUDIT mrantau an On OO AE a ee ut 11 4 1 1 ___ _ _ _ _ _ __ II 4 2 _ __3 _ ____________ ___ _ 14 4 1 3 _ __ _ 2 22222 2 lt _ _ __ _ _ __ _________ _ 16 4 1 4 gt 22222322222222222 2222 _ _ _ _ 19 4 1 5 een T EE RE aN ee eT LCM BERNIE EMOTE Roe 20 4 1 6 P D
13. c com 192 158 1 88 test mail pop3 2009 11 18 192 168 1 77 smtp 16 38 15 2009 11 18 182168177 192 168 1 88 imap welcome test root 2 15 27 09 welcome test paki mail kec com mail 2009 11 18 192 168 1 88 smtp 16 26 40 1233 45 2009 11 18 192 1681 88 imap 16 24 45 ri mail 2008 11 18 smtp 16 24 09 2008 2009 NGTraceManager All Rights Reserved NG Trace 1 0 6100 Rails 2 3 2 production Figure 18 E mail Log List The following information indicates contents of recorded E mail log Date Time Captured time Source IP Address of Source Destination IP Address of Destination Protocol Type of E mail Subject E mail s subject Sender E mail Sender Receiver E mail Receiver Attaches Attached files Filter E mail Log List by Date Time Host and Page 2009 11 1300 00 SM Enter hostip or name Figure 19 Result Filter of E mail Log 17 EXPORT Export the E mail Log as CSV file When receiving the following message click OK then ICMP Log is exported as CSV file Microsoft Internet Explorer 4 Are you sure you want to export the filtered result Figure 20 Export message DETAIL View detailed information of E mail Log ngadmin NG TRACE Enterprise Security System
14. erved NG Trace 1 0 6100 Rails 2 3 2 Env production Figure 33 Search Input the keyword or select the protocol and press 9 43 Database Display Database list that connect to System 20 B ngadmin NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT Select Database RECENTDB ngtracerecent_dev STOREDDB ngtracestored dev 192 168 1 104 ARCHIVEDB ngtracearchive dev 192 168 1 104 Exported Tables Rights gt 2E IG Trace v1 0 b100 Rails 2 3 2 Env development Figure 34 Select Database SELECT From database list select specific database to view stored log in it If you select the RECENTDB and press the SELECT user can see Whole Log List stored in Recent DB 26 B5 ngadmin NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT Whole Log List Of RECENTDB 192 168 1 104 2008 09 03 00 00 8 18 All Protocols gt Target Hosts 2009 03 15 00 00 00 192 168 1 105 192 168 1 1 T view more 2009 03 15 00 00 00 192 168 1 108 192 168 1 10 E mail 2009 04 21 00 00 00 192 168 1 106 192 168 1 10 stacraft exe view more 2009 05 23 00 00 00 192 168 1 107 192 168 1 HTTP Download Flash Player view more 2009 06 09 00 00 00 192 168 1 103 192 168 1 IM 77 2 2009 06 09 00 00 00 192 168 1 107 192 168 1 10 2 222 2009 06 09 00 00 00 192 168 1 107 192 16
15. exe components 15 03 11 2008 2009 NGTraceManager All Rights Reserved Trace v1 0 6100 Rails 2 3 2 Env production Figure 25 HTTP Log List The following information indicates contents of recorded IM log Date Time Captured time Source IP Address of Source Destination IP Address of Destination Method HTTP method URL URL of visit web site Cookie Cookie information Filter HTTP Log List by Date Time Host and Page 2009 11 13 00 00 28 f Enter hostip or name Figure 26 Result Filter of HTTP Log EXPORT Export the HTTP Log as CSV file 21 When receiving the following message click OK then ICMP Log is exported as CSV file Microsoft Internet Explorer 4 Are you sure you want to export the filtered result Figure 27 Export message DETAIL View detailed information of HTTP Log ngadmin Logout NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS HTTP Detail ICMP File Transfer Contents Date Time 2009 11 20 15 03 11 Source Address 192 168 1 88 Destination Address 192 168 1 202 Method GET Cookie source session BAh7DDoPc2Vzc2lvblSpZCIIOTRIOTISZGFjY 2Mx Y 2NiNZYINZRIY TMyMT ZiNZA wNDE6F G1 vbml0b3Jfb3bo 8MM9VIC3511C 1 wZkJicGFnzTS6CxXBhZ2UwOhhoavydox2ZpbHRici9vcHRpb25zex4
16. gadmin NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS ICMP Detail Contents Date Time 2009 11 19 19 10 59 Source Address 192 168 1 1 Destination Address 192 168 177 Message Type 0 Echo ping reply Message Code 0 No code DATABASE Size 56 Select Database Information Echo ping reply code Exported Tables 2008 2008 NGTraceManager All Rights Reserved NG Trace v1 0 b100 Rails 2 3 2 E Figure 17 ICMP Detail 4 1 3 E mail nv production Display list of stored E mail Communication Logs in selected DB 16 ngadmin Logout NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS E mail Log List Of STOREDDB ICMP EXPORT 2009 11 1300 00 Sf Enter hostip or name 10 Per Page Date Time Source Destination Protoco subject gender Attachs 2009 11 18 192158177 192 168 1 88 pop3 LH GALE root pak mail kec com 2 HTTP 16 43 30 File Transfer 2009 11 18 192 168 1 77 192 168 1 88 smtp LI IIIILIII root pak mail kec com 16 43 25 SEARCH DATABASE Select Database Exported Tables 2008 11 18 192168177 192 158 1 88 smtp fikldsfja Iflkajdi root pak mail 3 16 41 28 pak mail ke
17. ies of SYSTEM ADMINISTRATION page System viewer The user with this privilege can only view information of SYSTEM ADMINISTRATION page User Administrator The user with this privilege has access to all functionalities of USER MANAGEMENT page e User Viewer The user with this privilege can only view information of USER MANAGEMENT page e Group Part Admin e Group Part Viewer 4 Report and Analysis 41 Logs and Audits 411 Whole Show list of stored Logs and audits in selected DB 11 LJ ngadmin Logout NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT Whole Log List Of STOREDDB All Types Enter hostip 10 Per Page Date Time Source Destination Type Protocol Rule into 2009 11 17 09 21 24 186 172 11 24 224 0 0 2 ICMP ICMP Audit Router solicitation view more 2009 11 18 12 06 40 192 188 1 1 192 168 7 88 ICMP ICMP Audit File Transfer Echo ping request view more 2009 11 18 12 06 40 1921658177 192 158 1 1 ICMP ICMP 20 81 77 SEARCH Redirect Redirect 1 view more Seach 00 2009 11 18 12 06 40 192 168 1 1 192 168 7 88 ICMP ICMP Audi Echo ping request view more 2008 11 18 12 06 38 192 168 7 88 192 168 1 1 ICMP ICMP DATABASE Echo ping reply view more Select Database 2009 11 18 192 168 7 88 19216814 Echo ping reply view more EXPORT 2009 11 18 12 06 39 182 158 1 1 192 168
18. iewer 1 Ad m ristator Group Part Adin Group Part Viewer Groups This user can manage host groups as below gro up gio up 2 NG Trace v1 Ob100 232 Ew prediction Figure 5 Edit User To change the Password input new Password and Confirm Pas sword press SAVE B ngadmin NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT Set New Password LIST ALL USERS EDIT USER Password Confirm Password 2009 NGTraceManaaer All Rights Reserve Figure 6 Set New Password e DELETE You can delete selected User from user list 3 3 User Privilege NG Trace Management Console provides several user privileges such as Adm inister NGTrace Analysis Administrator Analysis Viewer System Administrat or System Viewer User Administrator User Viewer Group Part Admin and Group Part Viewer e Administer NG Trace The user of an account with Administer NG Trace privilege has all privilege of NG Trace System That 15 can manage all information within SYSTEM ADMINISTRATION page and REPORT AND ANALYSIS page and USER MANAGEMENT e Analysis Administrator 10 The user with this privilege has access to all functionalities of REPORT AND ANALYSIS page Analysis Viewer The user with this privilege can only view information of REPORT AND ANALYSIS page System Administrator The user with this privilege has access to all functionalit
19. il communication log Target Filter Figure 11 Target Filter It allows filtering Whole Log List by Target It shows searched result by selected target For example if Log is selected user can see only logs Host Filter 13 4 1 2 Figure 12 Host Filter Allow filtering Whole Log List by name or address of host It shows searched result by selected host For example if you enter 192 168 1 103 logs and audits containing 192 168 1 103 as its source or target IP address are filtered Or you can specify host name powercom instead of its IP address Page Filter Figure 13 Page Filter Filter Whole Log List by Page User can see only log as much as selected number For example if selected 10 per Page you can see 10 logs in one page ICMP Show list of stored ICMP Communication Logs selected DB 14 ngadmin Logout NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT ICMP 0 EXPORT 2009 11 1300 00 S gi Enter hostip name wate Time douce Destination Message 2009 11 19 19 10 59 192 168 1 1 192 168 1 77 0 Echo ping reply 0 No code HTTP 2009 11 19 19 10 59 192 1681 77 19216811 8 Echo ping 0 No code File Transfer request 2009 11 19 19 10 58 192 168 1 1 192 168 1 77 0 Echo ping reply 0 No code 2009 11 19 19 10 58 182168177 192 168 1 1 8 Echo ping 0 No code request 200
20. led information of FTP Log B ngadmin NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS FTP Detail Protocol Date Time 2009 11 20 15 44 54 Source Address 1921658188 Destination Address 192 158 1 33 Search URL smb 1 932 168 1 33 Test Planest file txt DATABASE Command File Read Copy Select Database Arguments Kest file txt Information File Read FID 4000 Exported Tables 2008 1902 NGTraceManager All Rights Reserved NG Trace v1 0 6100 Rails 2 3 2 Env production Figure 32 FTP Detail 24 Console log could be shown slowly about large file 4 20 Search Search the audit data stored in stored Database by keyword and prot ocol ngadmin Logout NG TRACE Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT LOGS AND AUDITS Search Audits All Types 10 Per Page Source Destination Protocol 2009 11 18 16 24 09 182168177 192 158 1 88 send to ri mail kec com HTTP view more File Transfer 2009 11 18 16 24 45 192168177 192 168 1 88 E mail ELE send a mail to ricomail Kcc com view more 2009 11 18 16 26 40 192168177 E mail root send a mail to pak mail kcc com view more 2009 11 18 16 27 09 182168177 92168188 E mail DATABASE send a mail to view more Select Database EXPORT Exported Tables 2008 1802 NGTraceManager All Rights Res
21. ogin state if user is login Roles field shows privilege of user ngadmin Logout NG Enterprise Security System SYSTEM ADMINISTRATION REPORT AND ANALYSIS Show User Information Of Ngadmin Login ID neadmin Mame Administrator NGTrace Email Address ngadmin example com 0415235634433 2009 08 15 02 42 38 UTC Phone Number Created at Updated at 2009 11 20 18 00 50 UTC Report Receiver true Logon Status Logon Logon Time 2009 11 20 18 00 50 LITC Roles Administer NGTrace Description default admininstrator NG Trace v1 0 b100 Rails 2 3 2 Env production Figure 4 Show User Information e EDIT You can edit information and password of registered user here If user role Administer NG Trace 1s selected other user role options become disabled Groups item becomes activated only if user role Group Part Admin or Group Part Viewer is selected B ngadm n Logout NG M SYSTEM ADMINISTRATION REPORT AND ANALYSIS USER MANAGEMENT 0 LIST ALL USERS CHANGE PASSWORD naadmin Email ngadmin example com First lo me Administrator Last me NGTrace Phone Humber 0415235634433 Report Receiver YES Desonption default admininstrator Ad nmi rister Aralyas Ad m niztistor Aralyas Viewer Syste m Ad Syste m V
22. um EMI ee 25 FIGURE 34 SELECT FIGURE 35 WHOLE LOG LIST OF RECENTDB FIGURE 36 EXPORT TABLE LIST 1 Introduction 1 1 Overview This document describes information on the usage of the system from the user point of view It explains about the different user account and their privileges t he options for exporting the result as CSV file using the different reports and analysis pages searching and filtering the results 2 System Overview 21 About the System NG Trace 15 a corporate security which is capable of monitoring the network traffic and taking action on the occurrence of suspi cious or potentially dangerous events NG Trace as any modern security system is with flexible multil ayered and easily configurable architecture and software design It has intuitive user friendly interface and lots of functionalities It can apply both set of predefined rules following suspicious us ers behavior and it can accept new targets of interest defined by newly inserted rule sets 2 2 Feature lt Capturing network traffic transferring it to readable look and connecting of communication sessions Saving the decoded traffic into database Indexing of the decoded traffic into database Exporting the data of database Archiving of the database on hardware device Sending e mails in case of the emerging of difference event
Download Pdf Manuals
Related Search