Filter
Top Products
Content Archive Viewing content archives
FortiAnalyzer Version 3.0 MR7 Administration Guide
05-30007-0082-20080908 107
Content Archive
Content archiving provides a method of simultaneously logging and archiving
copies of content transmitted over your network, such as email and web pages.
FortiGate units can log metadata for common user content-oriented protocols.
Content logs include information such as the senders, recipients, and the content
of messages and files. If full content archiving is enabled, FortiGate units can also
archive a copy of the associated file or message with the content log message.
Both FortiGate content archive logs and their associated copies of files or
messages can be stored and viewed remotely on a FortiAnalyzer unit, leveraging
its large storage capacity for large media files that can be common with
multimedia content. When content archives are received by the FortiAnalyzer unit,
you can use data filtering similar to other log files to track and locate specific email
or instant messages, or to examine the contents of archived files.
For more information about how to configure the FortiGate unit to send content
archives to the FortiAnalyzer unit, see the FortiGate Administration Guide.
This section includes the following topics:
• Viewing content archives
• Customizing the content archive view
• Searching full email content archives
Viewing content archives
The content viewer displays content archives of these types:
• HTTP web browsing (in Web Archive)
• email (in Email Archive)
• FTP transfer (in File Transfer)
• instant messaging (IM) conversations (in IM Chat)
• VoIP (in VoIP Archive)
• multi-media messages (in MMS Archive)
The content archive viewer can display full and/or summary content archives.
Summary content archives are those which contain only a log message consisting
of summary metadata. Full content archives are those which contain both the
summary and a hyperlink to the associated archived file or message. For
example, if the FortiAnalyzer unit has a full content archive for an email message,
the Subject log field of email content archives contains a link that enables you to
view that email message. If the FortiAnalyzer unit has only a content archive
summary, the Subject field does not contain a link.
Whether or not each content archive will be full or summary varies by:
• whether the device is configured to send full content archives
• whether the content satisfies content archiving requirements