Cisco Cisco Email Security Appliance C160 Mode D'Emploi
2-3
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 2 Using Email Security Monitor
Email Security Monitor Pages
You use these pages in the GUI to monitor domains that are connecting to the Cisco IronPort appliance’s
listeners. You can monitor, sort, analyze, and classify the “mail flow” of your appliance and differentiate
between high-volume senders of legitimate mail and potential “spammers” (senders of high-volume,
unsolicited commercial email) or virus senders. These pages can also help you troubleshoot inbound
connections to the system (including important information such as SBRS score and most recent sender
group match for domains).
listeners. You can monitor, sort, analyze, and classify the “mail flow” of your appliance and differentiate
between high-volume senders of legitimate mail and potential “spammers” (senders of high-volume,
unsolicited commercial email) or virus senders. These pages can also help you troubleshoot inbound
connections to the system (including important information such as SBRS score and most recent sender
group match for domains).
These pages help you classify mail relative to the appliance, and also relative to the services that exist
beyond the scope of the gateway: the Cisco IronPort SenderBase Reputation Service, the Cisco IronPort
Anti-Spam scanning service, the Anti-Virus scanning security services, content filters, and Outbreak
Filters.
beyond the scope of the gateway: the Cisco IronPort SenderBase Reputation Service, the Cisco IronPort
Anti-Spam scanning service, the Anti-Virus scanning security services, content filters, and Outbreak
Filters.
You can generate a printer-friendly formatted .PDF version of any of the Email Security Monitor pages
by clicking on the Printable PDF link at the top-right of the page. For information about generating PDFs
in languages other than English, see the
by clicking on the Printable PDF link at the top-right of the page. For information about generating PDFs
in languages other than English, see the
.
You can export graphs and other data to CSV (comma separated values) format via the Export link.
The exported CSV data will display all message tracking and reporting data in GMT regardless of what
is set on the Email Security appliance. The purpose of the GMT time conversion is to allow data to be
used independently from the appliance or when referencing data from appliances in multiple time zones.
is set on the Email Security appliance. The purpose of the GMT time conversion is to allow data to be
used independently from the appliance or when referencing data from appliances in multiple time zones.
Note
If you export localized CSV data, the headings may not render properly in some browsers. This occurs
because some browsers may not use the correct character set for the localized text. To work around this
problem, you can save the file to disk, and open the file using File > Open. When you open the file, select
the character set to display the localized text.
because some browsers may not use the correct character set for the localized text. To work around this
problem, you can save the file to disk, and open the file using File > Open. When you open the file, select
the character set to display the localized text.
For more information about automating the export of report data, see
Searching and Email Security Monitor
Many of the Email Security Monitor pages include a search form. You can search for four different types
of items:
of items:
•
IP Address (IPv4 and IPv6)
•
domain
•
network owner
•
internal users
•
destination domain
•
internal sender domain
•
internal sender IP address
•
outgoing domain deliver status
For domain, network owner, and internal user searches, choose whether to exactly match the search text
or look for items starting with the entered text (for instance, starts with “ex” will match “example.com”).
or look for items starting with the entered text (for instance, starts with “ex” will match “example.com”).
For IPv4 address searches, the entered text is always interpreted as the beginning of up to four IP octets
in dotted decimal format. For instance, “17” will search in the range 17.0.0.0 through 17.255.255.255,
so it will match 17.0.0.1 but not 172.0.0.1. For an exact match search, simply enter all four octets. IP
address searches also support CIDR format (17.16.0.0/12).
in dotted decimal format. For instance, “17” will search in the range 17.0.0.0 through 17.255.255.255,
so it will match 17.0.0.1 but not 172.0.0.1. For an exact match search, simply enter all four octets. IP
address searches also support CIDR format (17.16.0.0/12).
For IPv6 address searches, AsyncOS supports the following formats: