With the information security issues caused by the abuse of enterprise network resources, the objectives and functions of content auditing system are analyzed. According to the principle of content audit, the two-stage classification mechanism and open software architecture have been proposed to support the renewal and extension of application protocols. The hash algorithm for multi-pattern string matching is adopted to improve the auditing efficiency, and related system performance has been verified according to packet loss rate and accuracy.