Cisco Cisco Content Security Management Appliance M1070 Guida Utente
4-44
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
About Scheduled and On-Demand Email Reports
mail summary shows data only when the domain in the PTR (pointer record) of the sending server
matches a domain you specify. If multiple domains are specified, the appliance aggregates the data for
all those domains into a single report.
matches a domain you specify. If multiple domains are specified, the appliance aggregates the data for
all those domains into a single report.
To generate reports for a subdomain, you must add its parent domain as a second-level domain in the
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
in the
Email Security appliance CLI, and reportingconfig -> domain -> tld in the Security Management
appliance CLI.
appliance CLI.
Unlike other scheduled reports, Domain-Based Executive Summary reports are not archived.
Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering
Because messages blocked by sender reputation filtering do not enter the work queue, AsyncOS does
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
Note
To see Stopped by Reputation Filtering results in your Domain-Based Executive Summary report on the
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
To enable the hat_reject_info on the Security Management appliance, run the reportingconfig >
domain > hat_reject_info command.
domain > hat_reject_info command.
Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports
You can use a configuration file to manage the domains and recipients for a Domain-Based Executive
Summary report. The configuration file is a text file that is stored in the configuration directory of the
appliance. Each line in the file produces a separate report. This allows you to include a large number of
domains and recipients in a single report, as well as define multiple domain reports in a single
configuration file.
Summary report. The configuration file is a text file that is stored in the configuration directory of the
appliance. Each line in the file produces a separate report. This allows you to include a large number of
domains and recipients in a single report, as well as define multiple domain reports in a single
configuration file.
Each line of the configuration file includes a space-separated list of domain names and a space-separated
list of email addresses for the report recipients. A comma separates the list of domain names from the
list of email addresses. You can include subdomains by appending the subdomain name and a period at
the beginning of the parent domain name, such as subdomain.example.com.
list of email addresses for the report recipients. A comma separates the list of domain names from the
list of email addresses. You can include subdomains by appending the subdomain name and a period at
the beginning of the parent domain name, such as subdomain.example.com.
The following is a Single Report configuration file that generates three reports.
yourdomain.com sampledomain.com, admin@yourdomain.com
sampledomain.com, admin@yourdomain.com user@sampledomain.com
subdomain.example.com mail.example.com, user@example.com
Note
You can use a configuration file and the settings defined for a single named report to generate multiple
reports at the same time. For example, a company named Bigfish purchases two other companies,
Redfish and Bluefish, and continues to maintain their domains. Bigfish creates a single Domain-Based
Executive Summary report using a configuration file containing three lines corresponding to separate
domain reports. When the appliance generates a Domain-Based Executive Summary report, an
reports at the same time. For example, a company named Bigfish purchases two other companies,
Redfish and Bluefish, and continues to maintain their domains. Bigfish creates a single Domain-Based
Executive Summary report using a configuration file containing three lines corresponding to separate
domain reports. When the appliance generates a Domain-Based Executive Summary report, an