Viewing Policy Event Logs

Procedure

Navigate to Logs → Query.
Next to Type, select Policy events.

The query screen for policy event logs appears.
In the second drop-down box next to Type, select one of the following items related to the policy and the rules you configured for the policy:
- All
- Virus or malicious code
- Probable advanced threats
- Spyware/grayware
- Spam/phish
- Web Reputation
- DKIM enforcement
- Attachment
- Size
- Content
- Compliance
- Others
- Scanning exceptions
- Spam Tagged by Cloud Pre-Filter
Specify any of the following additional information:
- Sender
- Recipient(s)
- Rule
- Subject
- Attachment(s)
- Message ID
If you leave any text box blank, all results for that item appear.
Click Display Log. A timestamp, action, rule, and message ID appear for each event.
Click the timestamp link to see the following information:
- Timestamp
- Sender
- Recipient
- Subject
- Original size
- URL
- Risk level
- Rule type
- Rule(s)
- Action
- Message ID
- Internal ID
- Scanner
If ATSE is enabled, IMSVA also displays the following information:
- Rule type: Probable advanced threat
If both ATSE and Deep Discovery Advisor are enabled, IMSVA also displays the following information:
- Rule type: Probable advanced threat or Analyzed advanced threat
- Action: Status of Deep Discovery Advisor analysis
- Risk rating: Rating for the entire message (if analysis result is received from Deep Discovery Advisor)

Perform any of the additional actions:

To change the number of items that appears in the list at a time, select a new display value from the drop-down box on the top of the table.
To sort the table, click the column title.
To print the query results, click Print current page.
To save the query result to a comma-separated value file, click Export to CSV.

Note

"*A*;*B*" means a string that has A or B.
"A*;*B" means a string that starts with A or ends with B.
";" represents the OR operation.

$('#title').html($('meta[name=description]').attr('content'));

Viewing Policy Event Logs

Procedure

Note