Topics Topics

Building Sophisticated Criteria

For the Mail Monitor and the Database Monitor, there is a "Criteria to Match" section, which allows administrators to select what documents they want to log. In addition to the Notes Fields and Notes Formulas, administrators can also use the SecurTrac Reserved Fields for advanced selection criteria.
Show details for Reserved FieldsReserved Fields
Hide details for Reserved FieldsReserved Fields

Reserved FieldsDescription
$SCTInitiatorThis field stores the initiator name, i.e. the person who made the change. The name is stored in Notes canonical name format. (e.g. CN=John Doe/O=Extracomm).

Having this field, you can avoid logging of Server Updates or Updates made by a special Notes ID (say, a trusted developer ID).

Example: How to prevent logging if the action was initiated by the server ID

<your existing conditions> & $SCTInitiator != "CN=Domino Server/O=Extracomm"

In this example, SecurTrac will only log the action, if it was not initiated by, "CN=Domino Server/O=Extracomm".

Example: How to prevent logging if the action was initiated by a Notes Background Agent

<your existing conditions> & $SCTInitiator != "CN=Developer/O=Extracomm"

In this example, SecurTrac will only log the action, if it was not initiated by the special Notes ID, "CN=Developer/O=Extracomm".

Note: If the Update is made by Notes Background Agent, the Initiator will be the one who signed the Notes background Agent.
$SCTTaskNameThis field stores the task name that made the change.

Normally, if the change is made by a Notes client, the task name will be "nserver". If the change is made by a Notes background Agent, it will be "namgr".

Example: How to prevent logging if the action was initiated by the Domino Server Agent Manager

<your existing conditions> & $SCTTaskName != "namgr"

In this example, SecurTrac will only log the action, if it was not initiated by Agent Manager.

Example: A more restrictive example about how to prevent logging if the action was initiated by the Domino Server Agent Manager.

You can combine both reserved fields to construct a more strict condition.

<your existing conditions> & !($SCTInitiator = "CN=Developer/O=Extracomm" & $SCTTaskName = "namgr")

In this example, SecurTrac will only log the action, if it was not initiated by user Developer/Extracomm and the Agent Manager task.



Show details for More ExamplesMore Examples
Hide details for More ExamplesMore Examples

Database Monitor

Example: Log the action if the user(initiator) is in the "AppAdmin" group.

@IsMember("AppAdmin";@UserNamesList)

Example: Log the action if the document was created from either "FormA", "FormB", or "FormC"

Form="FormA":"FormB":"FormC"

Example: Log the action if the document contains an attachment

@Attachments > 0


Domino Directory Monitor

Example: Log Group updates if the document GroupType is "Multi-purpose" or "Access Control List only"

GroupType="0":"2"

Example: Log Group updates if the Group name starts with/ends with/contains "Admin".

@Begins(ListName;"Admin")
@Ends(ListName;"Admin")
@Contains(ListName;"Admin")

Example: Sometimes, you want to mark which group or entries you want to monitor, you can make use of the Description field. Add the text "!" at the beginning to indicate the group you want to log.

@Begins(ListDescription;"!")


Mail Monitor

Example: Log the e-mail if the mail subject has the word "Important".

@Contains(Subject;"Important")

Example: Log the e-mail if the mail body has the word "stocks".

@Contains(@LowerCase(@Text(Body));"stocks")

Example: Log the e-mail if it contains an attachment with ".EXE" extension.

@Ends(@UpperCase(@AttachmentNames);".EXE")

Example: How to prevent logging of SecurTrac generated messages and subject lines that begin with SecurTrac

! (@IsMember("LocalDomainServers";@UserNamesList) & @Begins(Subject;"SecurTrac"))



-------------------------------------------------------------------------------------------------------------------------------------------