IM Audit POC Guideline

From SangforWiki
Jump to: navigation, search

Description

QQ,Skype,TM,msn shield and msn shell chat content are encrypted, if you want to audit the chat content ,you should enable and install Ingress.

Preparation

1. Update the device to IAM4.0 and to get the Ingress patch from r&d yyj or TSC IAM can be deployed as route/bridge/。

2. To make sure IAM have enabled the IM audit Multi-Function License

RTENOTITLE

Expected result

IAM can audit the QQ,Skype,msn shield and msn shell chat content.

Configure Steps

RTENOTITLE

RTENOTITLE

RTENOTITLE

RTENOTITLE

RTENOTITLE

RTENOTITLE

RTENOTITLE

Attention

1. Make sure there are no any other device between IAM and client PC block below port: TCP port 886 : Client PC sent chat content to IAM TCP port 82:Client PC to find IAM ip address and get the IM audit policy UDP port 667:Heart beat communication TCP port 817: To auto install the Ingress software。

2. If client PC access the internet by ISA proxy sever and install ISA client software,IAM can not audit the chat content.

3. IAM can support audit the lastest version of QQ is QQ2013beta6,but IAM can not audit the QQ file transfer.

4. IAM can support audit the lastest version of Skype,but cant audit the Skype file transfer.

5. IAM can support audit the lastest version of TM is Tm 2013 preview 1.

6. Ingress can install on windows xp, win7(x86+x64), chinese,english,korean,chinese Tranditional

Troubleshooting

1. Ingress log store at:

  • x86:C:\Windows\System32\config\igslog
  • x64: C:\Windows\SysWOW64\config\igslog

2. IM chat content log store at:

  • win7: C:\ProgramData\
  • xp:C:\Documents and settings\all users.windows\application data\
  • alcon.log
  • falconadapter.log
  • falconadapteringress.log;