Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
4-35
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
About Scheduled and On-Demand Email Reports
Storage of Archived Reports
For information on how long reports are stored for, and when archived reports are deleted from the
system, see
system, see
.
Additional Report Types
Two special reports that can be generated in the Email > Reporting section on the Security Management
appliance are:
appliance are:
•
•
Domain-Based Executive Summary Report
The Domain-Based Executive Summary report provides a synopsis of the incoming and outgoing
message activity for one or more domains in your network. It is similar to the Executive Summary report,
but it limits the report data to the messages sent to and from the domains that you specify. The outgoing
mail summary shows data only when the domain in the PTR (pointer record) of the sending server
matches a domain you specify. If multiple domains are specified, the appliance aggregates the data for
all those domains into a single report.
message activity for one or more domains in your network. It is similar to the Executive Summary report,
but it limits the report data to the messages sent to and from the domains that you specify. The outgoing
mail summary shows data only when the domain in the PTR (pointer record) of the sending server
matches a domain you specify. If multiple domains are specified, the appliance aggregates the data for
all those domains into a single report.
To generate reports for a subdomain, you must add its parent domain as a second-level domain in the
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
in the
Email Security appliance CLI, and reportingconfig -> domain -> tld in the Security Management
appliance CLI.
appliance CLI.
Unlike other scheduled reports, Domain-Based Executive Summary reports are not archived.
Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering
Because messages blocked by sender reputation filtering do not enter the work queue, AsyncOS does
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
Note
To see Stopped by Reputation Filtering results in your Domain-Based Executive Summary report on the
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
To enable the hat_reject_info on the Security Management appliance, run the reportingconfig >
domain > hat_reject_info command.
domain > hat_reject_info command.