Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
5-5
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 5 Tracking Email Messages
Messages appear in the results only after they have been logged on the Email
Security appliance and retrieved by the Security Management appliance.
Depending on the size of logs and the frequency of polling, there could be a
small gap between the time when an email message was sent and when it
actually appears in tracking and reporting results.
Security appliance and retrieved by the Security Management appliance.
Depending on the size of logs and the frequency of polling, there could be a
small gap between the time when an email message was sent and when it
actually appears in tracking and reporting results.
•
Sender IP Address: Enter a sender IP address, and select whether to search
messages or to search rejected connections only.
messages or to search rejected connections only.
•
Message Event: Select the events to track. Options are Virus Positive, Spam
Positive, Suspect Spam, Delivered, DLP Violations (you can enter the name
of a DLP policy and select violation severities), Hard Bounced, Soft
Bounced, Currently in Outbreak Quarantine, and Quarantined as Spam.
Unlike most conditions that you add to a tracking query, events are added
with an “OR” operator. Selecting multiple events expands the search.
Positive, Suspect Spam, Delivered, DLP Violations (you can enter the name
of a DLP policy and select violation severities), Hard Bounced, Soft
Bounced, Currently in Outbreak Quarantine, and Quarantined as Spam.
Unlike most conditions that you add to a tracking query, events are added
with an “OR” operator. Selecting multiple events expands the search.
•
Message ID Header and Cisco IronPort MID: Enter a text string for the
message ID header, the Cisco IronPort message ID (MID), or both.
message ID header, the Cisco IronPort message ID (MID), or both.
•
Query Settings: From the drop-down menu, select how long you want the
query to run before it times out. Options are “1 minute,” “2 minutes,” “5
minutes,” “10 minutes,” and “No time limit.” Also, select the maximum
number of results you want the query to return (up to 1000).
query to run before it times out. Options are “1 minute,” “2 minutes,” “5
minutes,” “10 minutes,” and “No time limit.” Also, select the maximum
number of results you want the query to return (up to 1000).
Step 3
Click Search.
Running a Search Query
To search for messages by running a query, perform the following:
Step 1
On the Security Management appliance window, choose Email > Message
Tracking > Message Tracking.
Tracking > Message Tracking.
Step 2
Complete the desired search fields.
For more information about the available search fields, see the