Cisco Cisco Email Security Appliance C390 사용자 가이드
Chapter 3 Tracking Email Messages
Running a Search Query
3-84
Cisco IronPort AsyncOS 7.3 for Email Daily Management Guide
OL-23080-01
•
Subject: Select “Begins With,” “Is,” “Contains,” or “Is Empty,” and enter a
text string to search for in the message subject line.
text string to search for in the message subject line.
Note
International character sets are not supported in the subject header.
•
Dates and Times: Specify a date and time range for the query. If you do not
specify a date, the query returns data for all dates. If you specify a time range
only, the query returns data for that time range across all available dates.
specify a date, the query returns data for all dates. If you specify a time range
only, the query returns data for that time range across all available dates.
Dates and times are converted to GMT format when they are stored in the
database. When you view dates and times on an appliance, they are converted
to the local time of the appliance.
database. When you view dates and times on an appliance, they are converted
to the local time of the appliance.
Messages appear in the results only after they have been logged. Depending
on the size of logs and the frequency of polling, there could be a small gap
between the time when an email was sent and when it actually appears in
tracking and reporting results. See
on the size of logs and the frequency of polling, there could be a small gap
between the time when an email was sent and when it actually appears in
tracking and reporting results. See
for more details.
•
Message Event: Select the events to track. Options are “Virus Positive,”
“Spam Positive,” “Suspect Spam,” “Delivered,” “Hard Bounced,” “Soft
Bounced,” “Currently in Outbreak Quarantine,” “DLP Violations,” and
“Quarantined as Spam.” Unlike most conditions that you add to a tracking
query, events are added with an “OR” operator. Selecting multiple events
expands the search.
“Spam Positive,” “Suspect Spam,” “Delivered,” “Hard Bounced,” “Soft
Bounced,” “Currently in Outbreak Quarantine,” “DLP Violations,” and
“Quarantined as Spam.” Unlike most conditions that you add to a tracking
query, events are added with an “OR” operator. Selecting multiple events
expands the search.
If you select “DLP Violations,” AsyncOS displays additional DLP-related
options are displayed. Options are the DLP policy that the messages violated
and the severity of the violation (“Critical,” “High,” “Medium,” and “Low”).
options are displayed. Options are the DLP policy that the messages violated
and the severity of the violation (“Critical,” “High,” “Medium,” and “Low”).
•
Message-ID Header and MID: Enter a text string for the “Message-ID:”
header, the IronPort message ID (MID), or both.
header, the IronPort message ID (MID), or both.
Running a Search Query
To search for messages by running a query:
Step 1
On the Monitor > Message Tracking page, complete the desired search fields.
For more information about the available search fields, see