Examples of regular expressions

Block any word in a phrase

/block|any|word/

Block purposely misspelled words

Spammers often insert other characters between the letters of a word to fool spam blocking software.

/^.*v.*i.*a.*g.*r.*o.*$/i

/cr[eéèêë][\+\-\*=<>\.\,;!\?%&§@\^°\$£€\{\}()\[\]\|\\_01]dit/i

Block common spam phrases

The following phrases are some examples of common phrases found in spam messages.

/try it for free/i

/student loans/i

/you’re already approved/i

/special[\+\-\*=<>\.\,;!\?%&~#§@\^°\$£€\{\}()\[\]\|\\_1]offer/i

Monitor interface reference

The Monitor submenus allow you to view the Security Profiles activity occurring on your network. You must have Security Profiles and sensors applied to firewall policies, as well as logging enabled for the profiles and sensors, for the monitors to display any information regarding this activity.

This topic contains the following:

• AV Monitor
• Intrusion Monitor
• Web Monitor
• Email Monitor
• Archive & Data Leak Monitor
• Application Monitor

AV Monitor

The AV Monitor submenu allows you to view statistical information regarding viruses that were detected on your unit from Security Profiles > Monitor > AV Monitor. The information displays in a bar chart as well as in a table below the bar chart. The table contains detailed information.

AV Monitor page

Displays monitored information about viruses that were detected by the unit.

Tip: To view information about a specific virus, select a bar within the chart; the virus FortiGuard definition displays.

Refresh	Select to refresh the information on the page.
Reset	Select to reset the information to clear the current information from the page. New information is included on the page.
Top Viruses (all policies) since <yyyy-mm-dd hh:mm:ss>	The top viruses detected by the unit using all firewall policies.
#	The order that the viruses are listed in the table.
Virus Name	The name of the virus.
Last Detected	The last time that the virus was detected.
Count	The number of times the virus has been detected.

Intrusion Monitor

The Intrusion Monitor submenu allows you to view statistical information regarding attacks that were detected on your unit from Security Profiles > Monitor > Intrusion Monitor. The information displays in a bar chart as well as in a table below the bar chart. The table contains detailed information.

Intrusion Monitor page

Displays monitored information about attacks that were detected by the unit.

Tip: To view information about a specific attack, select a bar within the chart; the attack FortiGuard definition displays.

Refresh	Select to refresh the information on the page.
Reset	Select to reset the information to clear the current information from the page. New information is included on the page.
Top Attacks (all policies) since <yyyy-mm-dd hh:mm:ss>	A bar chart displaying the top attacks detected by the unit.
#	The order that the attacks are listed in the table.
Attack Name	The name of the attack.
Last Detected	The last time that the attack was detected.
Count	The number of times the attack has been detected.

Web Monitor

The Web Monitor submenu allows you to view statistical information regarding the web activity from Security Profiles > Monitor > Web Monitor. The information displays in both a pie chart and a bar chart .

Web Monitor page

Displays monitored information about web activity detected by the unit.

Refresh	Select to refresh the information on the page.
Reset	Select to reset the information to clear the current information from the page. New information is included on the page.
Report By	Select whether to view the web filter monitored information by web filter technique or by FortiGuard web filter category. If you choose FortiGuard web filter category, you are viewing the information that was gathered from the category settings for FortiGuard web filter from the web filter profile.

Web Monitor since <yyyy-mm-dd hh:mm:ss>

Total Requests         A pie chart representing the total requests detected.

(HTTP)

Blocked Requests A bar chart representing the total blocked requests detected. The

(HTTP) information is broken down to spam, banned words, file filter, viruses, archives, FortiGuard, URL filter, and fragmented.

Total Web       The total number of web requests over HTTP that occurred. Requests (HTTP): <number>

Email Monitor

The Email Monitor submenu allows you to view statistical information regarding email filtering from Security Profiles > Monitor > Email Monitor. The information displays in both a pie chart and bar chart.

Email Monitor page

Displays monitored information about email filter activity detected by the unit.

Refresh	Select to refresh the information on the page.
Reset	Select to reset the information to clear the current information from the page. New information is included on the page.
Total Emails	A pie chart representing the total number of emails scanned by the unit.
Blocked Emails	A bar chart representing the total number of blocked emails, broken down by protocol. The colors indicate the type of scanning that occurred.
Total Emails: <number>	The total number of email messages detected by the unit.

Archive & Data Leak Monitor

The Archive & Data Leak Monitor submenu allows you to view statistical information regarding log archives, as well as DLP usage. This page displays the information in a bar chart in Security Profiles > Monitor > Archive & Data Leak Monitor.

Archive & Data Leak Monitor page

Displays monitored information about archive and DLP activity detected by the unit.

Refresh                    Select to refresh the information on the page.

Reset                       Select to reset the information to clear the current information from the page. New information is included on the page.

Report By: Select what type of DLP information you want to view. You can view DLP usage by DLP sensor, firewall policy usage, or by protocol.

Top DLP Usage by The bar chart that displays DLP usage monitored using DLP sensor DLP Sensor         information.

<yyyy-mm-dd hh:mm:ss>

Top DLP Usage by Policy <yyyy-mm-dd hh:mm:ss>	The bar chart that displays DLP usage monitored using firewall policy traffic information.
Top DLP Usage by Protocol <yyyy-mm-dd hh:mm:ss>	The bar chart that displays DLP usage monitored using protocol information.
Total Dropped Archives: <number>	The total number of dropped DLP archives.

Application Monitor

The Application Monitor submenu allows you to view statistical information regarding application usage in Security Profiles > Monitor > Application Monitor.

Application Monitor page

Displays monitored information about the application usage detected by the unit.

Tip: To view top source IP addresses for a specific application, select a bar in the chart to view that application’s source IP addresses.

Refresh	Select to refresh the information on the page.
Reset	Select to reset the information to clear the current information from the page. New information is included on the page.
Top Application Usage by <yyyy-mm-dd hh:mm:ss>	The bar chart that displays the top applications being used detected by the unit.
Resolve Host Name	Appears after selecting a bar for a specific application, for example SSL. Select to resolve the host name. Tip: Hover your mouse over the bar to view the address and total MB (or KB) used for that application.
Report By:	Appears after selecting a bar for a specific application, for example, SSL. Select to view the detailed information by destination address, or source address.

Display User Name Appears after selecting Source Address from the drop-down list beside Report By.

Select to display user names.

FortiGuard Quota

The FortiGuard Quota submenu allows you to view statistical information regarding quota usage by users in Security Profiles > Monitor > FortiGuard Quota.

FortiGuard Quota page

Lists the users and the amount of quota that they have used.

Page Controls	Use to navigate through the list.
User Name	The user name of the user that has FortiGuard quota enabled for them.
Webfilter Profile	The web filter profile that was used for detecting users’ FortiGuard quota usage.
Used Quota	The amount of used quota by a user.

Endpoint Monitor

You can view monitored endpoints in  Security Profiles > Monitor > Endpoint Monitor. An endpoint is added to the list when it uses a security policy that has Endpoint Security enabled.

Endpoint Monitor page

Provides information about endpoints, such as endpoint traffic.

Note: The pie chart displays information in percent and indicates which is non-compliant and which is compliant.

Refresh	Updates the list, providing current endpoints that are being monitored.
Report By	Select to view endpoint information by traffic, status or application usage. When you select Status, a pie chart appears along with information about the total endpoints (Total Endpoints). When you select Traffic or Application usage, a bar chart appears; select a bar to view detailed information.