Cisco Cisco Email Security Appliance C390 사용자 가이드

Subject: Select “Begins With,” “Is,” “Contains,” or “Is Empty,” and enter a 
text string to search for in the message subject line. 

International character sets are not supported in the subject header.

Dates and Times: Specify a date and time range for the query. If you do not 
specify a date, the query returns data for all dates. If you specify a time range 
only, the query returns data for that time range across all available dates.

Dates and times are converted to GMT format when they are stored in the 
database. When you view dates and times on an appliance, they are converted 
to the local time of the appliance.

Messages appear in the results only after they have been logged. Depending 
on the size of logs and the frequency of polling, there could be a small gap 
between the time when an email was sent and when it actually appears in 
tracking and reporting results. See 

 for more details.

Message Event: Select the events to track. Options are “Virus Positive,” 
“Spam Positive,” “Suspect Spam,” “Delivered,” “Hard Bounced,” “Soft 
Bounced,” “Currently in Outbreak Quarantine,” “DLP Violations,” and 
“Quarantined as Spam.” Unlike most conditions that you add to a tracking 
query, events are added with an “OR” operator. Selecting multiple events 
expands the search. 

If you select “DLP Violations,” AsyncOS displays additional DLP-related 
options are displayed. Options are the DLP policy that the messages violated 
and the severity of the violation (“Critical,” “High,” “Medium,” and “Low”).

Message-ID Header and MID: Enter a text string for the “Message-ID:” 
header, the IronPort message ID (MID), or both.

To search for messages by running a query:

On the Monitor > Message Tracking page, complete the desired search fields. 

For more information about the available search fields, see