Procedure

1. Navigate to Logs → Query.
   The Log Query screen appears.
2. Next to Type, select Message tracking.
   The query screen for message event logs appears.
3. In the second drop-down box next to Type, select one of the following:
   • IMSVA data only: Displays all messages which are directed through IMSVA
   • Cloud Pre-Filter + IMSVA data: Displays all messages which are directed through Cloud Pre-Filter and IMSVA. This includes messages which are deleted by Cloud Pre-Filter.
4. Next to Dates, select a date and time range.
5. Specify any of the following additional information:
   • Subject
   • Message ID
   • Sender
   • Recipient

   Note Use the asterisk wildcard for partial searches on any field. The Subject and Message ID fields only display when IMSVA data only is selected.

6. Click Display Log.
   A timestamp, sender, recipient, subject, and last known action appear for each event.
7. Click the timestamp link to see the following information:
   • Timestamp
   • Sender
   • Recipient
   • Subject
   • Source IP address
   • Message size
   • Message ID
   • Internal ID
   • Delivery IP address
   • Delivery feedback
   • Scanner that detected the message
   • Rule that detected the violation
   • Action details
8. Perform any of the additional actions:
   • To change the number of items that appears in the list at a time, select a new display value from the drop-down box on the top of the table.
   • To print the query results, click Print current page.
   • To save the query result to a comma-separated value file, click Export to CSV.
   • Click the action link to view detailed information about the action.