Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
3-51
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 3 Using Centralized Email Reporting
Creating a Domain-Based Executive Summary Report
The Domain-Based Executive Summary report provides a synopsis of the
incoming and outgoing message activity for one or more domains in your
network. It is similar to the Executive Summary report, but it limits the report data
to the messages sent to and from the domains that you specify. If multiple domains
are specified, the appliance aggregates the data for all those domains into a single
report. Unlike other scheduled reports, Domain-Based Executive Summary
reports are not archived.
incoming and outgoing message activity for one or more domains in your
network. It is similar to the Executive Summary report, but it limits the report data
to the messages sent to and from the domains that you specify. If multiple domains
are specified, the appliance aggregates the data for all those domains into a single
report. Unlike other scheduled reports, Domain-Based Executive Summary
reports are not archived.
Because messages blocked by reputation filtering do not enter the work queue,
AsyncOS does not process these messages to determine the domain destination.
An algorithm estimates the number of rejected messages per domain. To
determine the exact number of blocked messages per domain, you can delay HAT
rejections on the Cisco IronPort Security Management appliance until the
messages reach the recipient level (RCPT TO). This allows AsyncOS to collect
recipient data from the incoming messages. You can delay rejections using
listenerconfig -> setup command on the Cisco IronPort Email Security
appliance. However, this option can impact system performance. For more
information about delayed HAT rejections, see the Cisco IronPort AsyncOS for
Email User Guide.
AsyncOS does not process these messages to determine the domain destination.
An algorithm estimates the number of rejected messages per domain. To
determine the exact number of blocked messages per domain, you can delay HAT
rejections on the Cisco IronPort Security Management appliance until the
messages reach the recipient level (RCPT TO). This allows AsyncOS to collect
recipient data from the incoming messages. You can delay rejections using
listenerconfig -> setup command on the Cisco IronPort Email Security
appliance. However, this option can impact system performance. For more
information about delayed HAT rejections, see the Cisco IronPort AsyncOS for
Email User Guide.
Note
To see Stopped by Reputation Filtering results in your Domain-Based Executive
Summary report on the Security Management appliance, you must have
hat_reject_info enabled on both the Email Security appliance and the Security
Management appliance.
Summary report on the Security Management appliance, you must have
hat_reject_info enabled on both the Email Security appliance and the Security
Management appliance.
To enable the hat_reject_info on the Security Management appliance, run the
reportingconfig > setup > hat_reject_info command.
To generate reports for a subdomain, you must add its parent domain as a
second-level domain in the reporting system of the Email Security appliance and
the Security Management appliance. For example, if you add example.com as a
second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, run the reportingconfig ->
mailsetup -> tld
second-level domain in the reporting system of the Email Security appliance and
the Security Management appliance. For example, if you add example.com as a
second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, run the reportingconfig ->
mailsetup -> tld
command on the Email Security appliance, and reportingconfig
-> domain -> tld command on the Security Management appliance CLI.
To create a Domain-Based Executive Summary report: