Configuring the Audit Profile

This section describes how the audit profile helps log the Internet access of intranet users by enabling the audit of HTTP, FTP, mail sending and receiving, IM activities.

Context

Select the traffic attributes based on the actual situations you encounter when you configure the audit profile.

To log and audit non-work-related behavior, you can choose to record URL access, titles of the accessed web pages, BBS posts and microblogs, HTTP-based searched keywords, HTTP status code, file uploads through HTTP and FTP, and QQ account and login and logout time.
To log and audit the behavior that leads to data leaks, select the attributes to instruct the device to log BBS posts, microblogs, file uploads through HTTP and FTP, and QQ account and login and logout time.

By default, the FW does not audit any HTTP, FTP, mail sending and receiving or IM activities.

Procedure

Choose Object > Audit Configuration.
Click Add.

Create an audit profile using the following parameters.

Parameter	Subparameter	Description
Name	-	Name of the audit profile. The value is a string of 1 to 32 characters. The name of the new profile cannot be the same as that of any existing profile.
Description	-	Description of the audit profile. The description must clearly indicate the function of the profile to make profiles easy to find and maintain. The value is a case-sensitive string of 1 to 128 characters.
Audit HTTP Behavior	URL Access	Do not record: Does not log the access to all URLs. All: Logs the access to all URLs. Specified categories: Logs the access to the specified URLs. To configure specified categories, do as follows: Click Specified categories and then click the text of the option button. Specify the URL category to be audited. Enter the name of the URL category to be audited, and select the category in the search result. Directly select the URL category to be audited. NOTE: After specifying the URL category to be audited, you can select Exclude Selected URL Categories. If you select Exclude Selected URL Categories, the FW will audit all URLs excluding the specified URL category. Click OK.
	Web Page Title	Keep records: Logs the titles of web pages that are accessed. NOTE: This item is available if All or Specified categories is selected.
	Forum Post	Do not record: Does not log any post form data. Keep records: Logs all post form data. Accurate identification: Logs the content, titles, and replies of the posts on Baidu Post Bar, Mop, Tianya, and Discuz.
	Microblog	Keep records: Logs the content of microblogs.
	Status Code	Keep records: Logs HTTP status codes.
	Search Engine Keyword	Keep records: Logs the content of keywords searched by users.
	HTTP File Upload	Keep records: Logs file uploads through HTTP.
	HTTP File Download	Keep records: Logs file downloads through HTTP.
Audit FTP Behavior	Command Execution	Keep records: Logs command executions.
	FTP File Upload	Keep records: Logs file uploads through FTP.
	FTP File Download	Keep records: Logs file downloads through FTP.
Audit Email Behavior	Sending	Keep records: Logs the information related to sending emails.
Audit Email Behavior	Receiving	Keep records: Logs the information related to receiving emails.
IM Behavior Audit	Login	Keep records: Logs the behavior related to QQ login.
	Logout	Keep records: Logs the behavior related to QQ logout.
	File Transfer	Keep records: Logs the IM file transfer.

Click OK.
Click Commit on the upper-right corner and click OK on the dialog box that is displayed.
When you perform creation, modification, or deletion operations on the audit profile, you need to commit the configurations for them to take effect in the profile as well as the audit policy that references the profile.

Follow-up Procedure

Check or release the reference between the audit policy and profile.

To check for profile that is referenced by audit policies, click View under References in the list of profile.
To release the reference between the audit policy and profile, choose the audit policy and click Release.

Click Release All, and then click OK, you can release all the references.