Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
3-5
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 3 Tracking Email Messages
Running a Search Query
•
Message Event: Select the events to track. Options are “Virus Positive,” “Spam Positive,” “Suspect
Spam,” “Delivered,” “Hard Bounced,” “Soft Bounced,” “Currently in Outbreak Quarantine,” “DLP
Violations,” and “Quarantined as Spam.” Unlike most conditions that you add to a tracking query,
events are added with an “OR” operator. Selecting multiple events expands the search.
Spam,” “Delivered,” “Hard Bounced,” “Soft Bounced,” “Currently in Outbreak Quarantine,” “DLP
Violations,” and “Quarantined as Spam.” Unlike most conditions that you add to a tracking query,
events are added with an “OR” operator. Selecting multiple events expands the search.
If you select “DLP Violations,” AsyncOS displays additional DLP-related options are displayed.
Options are the DLP policy that the messages violated and the severity of the violation (“Critical,”
“High,” “Medium,” and “Low”).
Options are the DLP policy that the messages violated and the severity of the violation (“Critical,”
“High,” “Medium,” and “Low”).
By default, only administrators can view matched content when running searches for DLP
violations. To allow other users, including delegated administrators, to view this content, enable the
DLP Tracking Privileges through the System Administration > Users page. See
violations. To allow other users, including delegated administrators, to view this content, enable the
DLP Tracking Privileges through the System Administration > Users page. See
for more information.
•
Message-ID Header and MID: Enter a text string for the “Message-ID:” header, the IronPort
message ID (MID), or both.
message ID (MID), or both.
•
Attachment Name: Select Begins With, Is, or Contains, and enter an ASCII or Unicode text string
for one Attachment Name to find. Leading and trailing spaces are not stripped from the text you
enter.
for one Attachment Name to find. Leading and trailing spaces are not stripped from the text you
enter.
Running a Search Query
To search for messages by running a query:
Step 1
On the Monitor > Message Tracking page, complete the desired search fields.
For more information about the available search fields, see
.
You do not need to complete every field. Except for the Message Event options, the query is an
“AND” search. The query returns messages that match the “AND” conditions specified in the search
fields. For example, if you specify text strings for the envelope recipient and the subject line
parameters, the query returns only messages that match both the specified envelope recipient and
the subject line.
“AND” search. The query returns messages that match the “AND” conditions specified in the search
fields. For example, if you specify text strings for the envelope recipient and the subject line
parameters, the query returns only messages that match both the specified envelope recipient and
the subject line.
Step 2
Click Search to submit the query. The query results are displayed at the bottom of the page. Each row
corresponds to an email message.
corresponds to an email message.
Figure 3-4
Message Tracking Query Results
Step 3
If the number of returned rows is greater than the value specified in “Items per page” field, the results
are displayed on multiple pages. To navigate through the pages, click the page numbers at the top or
bottom of the list.
are displayed on multiple pages. To navigate through the pages, click the page numbers at the top or
bottom of the list.