Viewing Policy Event Logs

Policy event logs provide details on the policy rules that were triggered (based on the queried scanning condition), the actions taken and the message details.

To view policy event logs:

  1. Choose Logs > Query from the menu.

  2. Next to Type, select Policy events. The query screen for policy event logs appears.

  3. In the second drop down box next to Type, select the scanning condition which you would like to query.   

  4. Type any of the following additional information:
     

  • Sender

  • Subject

  • Recipient

  • Attachment

  • Rule

  • Message ID

If you leave any text box blank, all results for that item will be displayed.

  1. Click Display Log.

A timestamp, action, rule, and message ID appear for each event that matches the selected scanning condition.

  1. Click the timestamp link to see the following information: (click here to expand)

    • Timestamp

    • Sender

    • Recipient

    • Subject

    • Message size in MB

    • Violating attachments

    • Rule type

    • Rule(s)

    • Final action that IMSA took on the message

    • Message ID

    • Internal ID

    • Scanner that detected the message

  2. Perform any of the additional actions:

 

You may use the asterisk (*) wildcard character when performing a query. For example, typing *A*;*B* will produce results that contain A or B. Typing A*;*B in the query produces results containing strings that start with A or end with B. The semicolon (;) represents the OR operation.

 

See also: