Cisco Cisco Email Security Appliance C170 사용자 가이드

Both RSA Email DLP and RSA Enterprise Manager deployments offer the option to log the content that 
violates your DLP policies, along with the surrounding content, which can then be viewed in Message 
Tracking. This content may include sensitive data such as credit card numbers and social security 
numbers. 

Enable Message Tracking. See 

 

Select Security Services > RSA Email DLP. 

Click Edit Settings. 

Select the Enable Matched Content Logging check box.

Replaced by the message headers.

Replaced by the Envelope Sender (Envelope From, <MAIL 
FROM>) of the message.

Replaced by the hostname of the Cisco appliance.

Replaced by the size, in bytes, of the message.

$header[‘string’]

Replaced by the value of the quoted header, if the original 
message contains a matching header. Note that double quotes 
may also be used.

Replaced by the IP address of the system that sent the message to 
the Cisco appliance.

Replaced by the nickname of the listener that received the 
message.

Same as 

$filenames

, but displays list of dropped files.

Returns only the most recently dropped filename.

Replaced by the nickname of the interface that received the 
message.

Replaced by the current time and date, as would be found in the 
Received: line of an email message, in the local time zone.

Replaced by the current time, in the local time zone.

Replaced by the SenderBase Organization ID (an integer value).

Replaced by all Envelope Recipients (Envelope To, <RCPT TO>) 
of the message.

Same as 

$filetypes

, but displays list of dropped file types.

Returns only the file type of the most recently dropped file.