Procedure
- Go to .
- Next to Type, select Policy
events. The query screen for policy event logs appears.
- In the second drop-down box next to Type, select one
of the following items related to the policy and the rules you configured for
the policy:
-
All
-
Virus or malicious code
-
Advanced persistent threat
-
Spyware/grayware
-
C&C email
-
Spam/phish
-
Graymail
-
Web Reputation
Note
If you select Web Reputation, IMSS displays two additional drop-down lists that contain website content categories. Select any category name to narrow down your log query. -
DKIM enforcement
-
Attachment
-
Size
-
Content
-
Compliance
-
Scanning exceptions
-
Spam Tagged by Cloud Pre-Filter
-
Suspicious Objects
-
Others
-
- Specify any of the following additional information:
-
Sender
-
Recipient(s)
-
Rule
-
Subject
-
Attachment(s)
-
Message ID
If you leave any text box blank, all results for that item appear. -
- Click Display Log. A timestamp, action, rule, and message ID appear for each event.
- Click the timestamp link to see the following information:
-
Timestamp
-
Sender
-
Recipient
-
Subject
-
Original size
-
Violating attachments
-
Rule type
-
Rule(s)
-
Action
-
Message ID
-
Internal ID
-
Reason
-
Scanner
-
- Perform any of the additional actions:
-
To change the number of items that appears in the list at a time, select a new display value from the drop-down box on the top of the table.
-
To sort the table, click the column title.
-
To print the query results, click Print current page.
-
To save the query result to a comma-separated value file, click Export to CSV.
Note
-
"*A*;*B*" means a string that has A or B.
-
"A*;*B" means a string that starts with A or ends with B.
-
";" represents the OR operation.
-