Filtering email traffic processing events

You can filter events in the event log by one or more criteria.

To filter email traffic processing events in the event log:

  1. In the main window of the application web interface, open the management console tree and select the Events section.
  2. Select the Mail traffic tab.

    Event information is displayed as a table.

  3. Click Filter..

    This opens the add filter window.

  4. Click Add filter.
  5. In the fields that appear, configure the filtering criterion that you want. To do so, populate the filter fields in accordance with the following table.

    a. Select a criterion:

    b. Select a logical operator:

    c. Enter a value:

    Date and time

    • from
    • before

    Message processing period.

    Sender email

    • contains
    • not contains
    • equal
    • not equal

    Text for searching sender email addresses.

    You can enter an email address (for example: example-email@example.com), domain name (for example: example.com) or several symbols from the email address (for example: exa).

    The address is taken from the SMTP session.

    Recipient email

    • contains
    • not contains
    • equal
    • not equal

    Text for searching recipient email addresses.

    The address is taken from the SMTP session.

    Subject

    • contains
    • not contains

    Message header search text

    Rule name

    • contains
    • not contains
    • equal
    • not equal

    Name of the rule that was applied when processing the message.

    Action

    • equal
    • not equal

    Action that was performed on the message.

    Sender IP

    • equal
    • not equal

    Search text for the IP address from which the message was sent.

    You can enter the address in IPv4 or IPv6 format.

    Application message ID

    • equal
    • not equal

    Unique identifier assigned to the message by the application.

    SMTP message ID

    • contains
    • not contains
    • equal
    • not equal

    Message ID on the mail server.

    This ID can be used for finding an event when responding to a user request, if you have configured an ID to be added to notifications about rejected messages.

    Node

    • equal
    • not equal

    Cluster node that processed the message.

    Scan statuses

    In the drop-down list on the right, select one of the following detection technologies:

    • contains
    • not contains

    Click the Select statuses field. In the drop-down list, select the check boxes next to the statuses that you want to use to filter events. Statuses can be combined with the logical "OR" operator.

    The set of displayed statuses depends on the selected technology.

    You can enter multiple filtering criteria. To add another criterion, click Add filter.

  6. Click Search.
  7. Close the add filter window.

The table of events is displayed in accordance with filtering criteria.

The table displays information about the last 5000 events. If more than 5000 events match the filtering criteria, consider refining the search criteria.

Page top