|
Click an activity on the Search pane to view fields
|
By default, when you select an activity type to search with the Search tool, all event fields for the activity are selected. For example, when you select Chat/IM, the Chat Contents, Window Caption, and Local and Remote User fields (the same as you view in a Chat/IM Events Window) will be searched. For greater focus in your search, you can check fields to search and clear fields to ignore.
To select fields for the search:
On the Search Options pane, under "Search In,"
click on an activity name, such as Chat/IM.
The Search
Fields box opens.
Click OK to set the field selections.
The box closes, and the "Search in" activity is marked with
a square instead of a checkmark, indicating that fields have been specially
selected.
|
|
Your Search Field selections last for one time only. If you clear an activity such as Chat/IM and then re-select it, all Search Fields for Chat/IM are once again selected. |
Fields for the activity types are:
Chat/IM - in each chat or IM conversation, find a match in:
Chat Contents: Text from both (all) sides of the conversation
Window Caption: The text in title bar of the Chat or Instant Messaging window
Local User: The chat or IM name of the participating user on this computer
Remote User: Other users outside the network participating (by chat or IM name)
Email - in each sent or received message, match:
From: Name or address email message was from
To: Name or address email message was to
CC: Any names copied on the email to whom the message was sent
Subject: Subject line for the email
Email Contents: Text in the email body
Web Hail Host: Name of the web mail hosting site, such as Yahoo, AOL, BadSiteBusiness, etc.
Web Sites - in each visited site, match:
URL: Text of the address captured for the site viewed, such as https://login.yahoo.com/config/login
Window Caption: Text in the title bar of the browser window when the site was displayed
Online Searches - for each search, match:
Search Phrase: Text the user entered for the search
URL: Address captured for search results after the search was conducted
Window Caption: The text in the title bar of the search results; usually includes the search phrase, the name of the search site, and the browser name
Keystrokes Typed - in each event, match:
Keystrokes: Actual text typed by the user
Window Caption: Text in the title bar of window where the user was typing, usually includes program/document name
Program Activity - in each event, match:
Window Caption: Text in the title bar of window when the program was open
File Transfers - for each transfer event, match:
File Name: Name of the file involved, such as "badprogram.exe"
Domain: Name of the domain involved in the transfer, such as "musicmatch.com"
Host: Name of the host for the transfer. The host is the part of the URL preceding the domain name for the transfer. It might be "www," "ftp," "us.dd2," or "attach.re3.mail."
IP Address: Numbers in actual address of the remote target or source, such as 210.199.244.25
Keyword Alerts - for each alert event, match:
Keyword - The keyword that set off the alert
Keyword URL or Text - The location of the page or the text entered where the keyword was detected.
Network Activity - for each network event, match:
Domain: Name of the domain involved in the transfer, such as "musicmatch.com"
Host: Name of the host for the activity. The host is the part of the URL preceding the domain name for the transfer. It might be "www," "updates," or "downloads."
IP Address: Numbers in actual address of the remote connection
Document Tracking - for each document event, match:
Document Path: Text in the document's location path, such as "Q:\secure\files\etc"
Document Name: Name of the file involved
Device: Network name of the device involved (such as "HPprinter01")
