A query facility is provided to search the log to determine if one or more messages meet the criteria for the message you want to find.
The
page enables you to specify either one or two criteria and related supplementary information as follows:Host | One or more Scanners running the Symantec Messaging Gateway software. In order to find all details about a message, search on all attached Scanners. |
Time range | Period of time for the search to query the audit log. While it is possible to search for longer periods, it is recommended that message searches not exceed one week. |
Mandatory filter | Select the type of information for filtering messages. See Table: Choices for the mandatory search criteria. |
Mandatory filter value | Enter a string that corresponds to the Mandatory filter type you selected. For example, if you chose to filter messages by sender, enter a valid email address here. |
Optional filter | Select from the list of optional filtering criteria. See Table: Choices for the optional search criteria. |
Optional filter value | If appropriate, enter a string or choose a value that corresponds to the Optional filter type you selected. For example, if you chose to filter messages by Connection IP, enter a valid IP address here. Or, if you choose to filter messages by Action taken, select the action for which you want to find messages. |
Clear Filters | Clear the current filtering criteria from memory. |
Display Filtered | Search for and display messages that fit your criteria. |
Table: Choices for the mandatory search criteria describes the items you can choose for your single required filter.
Table: Choices for the mandatory search criteria
Table: Choices for the optional search criteria describes the items you can choose for your single optional filter.
Table: Choices for the optional search criteria
While searching, the following rules are used:
No more than 1,000 messages are allowed per search on each Scanner being searched.
Freeform text fields are non-case-sensitive substring searches.
Note: | The Message Audit Log provides information on each message received by each recipient. For example, if the same message is received by 10 recipients, you see 10 entries in the Message Audit Log. To reach the limit of 1,000 messages returned, Symantec Messaging Gateway counts multiple entries for the different recipients of the same message as one message. |
Email messages that fail delivery are tracked as delivery failures in the Message Audit Log. For example, messages to non-existent users that bounce are considered delivery failures. Delivery failures are indicated with a Delivery Failure heading on the Audit Logs page in the Delivery section. In addition to being indicated on the Audit Logs page, undelivered messages are logged with the new DELIVERY_FAILURE audit log event. DELIVERY_FAILURE events are logged in the following format: utc|uid|DELIVERY_FAILURE|recipient|reason
The Actions column indicates actions taken by the Scanner on messages, but does not indicate actions taken by administrators or users on messages. For example, if an administrator or user releases a message from Spam Quarantine, this activity is listed under Spam Quarantine, not Actions.
To search the message audit log and view message details
In the Control Center, click Status > SMTP > Message Audit Logs.
Select the Scanner whose logs you wish to search from the Hosts drop-down list, or select All Scanners.
Complete the desired search criteria.
Click Display Filtered.
Use the Entries per page drop-down list to specify the number of records to show per page. Use the Display _ of _ drop-down list to choose a range of data to display.
Click a message recipient in the To column to view processing details on that message.
To search the message audit log for content filtering incidents
In the Control Center, click Status > SMTP > Message Audit Logs.
Select the Scanner whose logs you want to search from the Host drop-down list, or select All Scanners.
Choose a selection from the Mandatory filter drop-down list and enter an appropriate value in the Mandatory filter value field.
Choose Action taken from the Optional filter drop-down list.
Choose either Create an informational incident or Create a quarantine incident from the Optional filter value drop-down list.
Click Display Filtered.
Use the Entries per page drop-down list to specify the number of records to show per page. Use the Display _ of _ drop-down list to choose a range of data to display.
Click a message recipient in the To column to view processing details on that message.
To view the TLS encryption delivery status of a message in the message audit log
Locate the message in the message audit log.
Expand Recipient data > Delivery.
Click Details.
See About message audit logging.
See How the Message Audit Log helps to fine-tune and troubleshoot content filtering policies.