Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1380
Views
0
Helpful
2
Replies

Determine which word the filter caught

The-Messenger
Level 1
Level 1

‎06-21-2013 01:49 PM

Is there a log on the ironport system that will report the affending word in an email caught in the profanity filter?                  

Labels:
0 Helpful
2 Replies 2

exMSW4319
Level 3
Level 3

‎08-09-2013 03:35 PM

I haven't used the technology myself, but it looks as if you want the Add Log Entry action with the $MatchedContent variable.

If you are routinely running the logs through a utility like grep*, it might be an idea to add a few more variables like $MID and a token word "SPECIALRULE" to allow you to easily extract and process the hits.

Depending on your throughput, this may have some impact on your log file cycle rate.

* this assumes an external device; whilst far from useless, the CLI grep is quite tame compared to what's possible with a less limited shell.

0 Helpful

Andreas Mueller
Level 4
Level 4

‎08-19-2013 05:36 AM

In case you are using a filter to move the offending message to a Policy Quarantine, you can also simply check that message in the quarantine, above the content there will also be a line showing which part was matching.

Hope that helps,

Andreas

0 Helpful
Customers Also Viewed These Support Documents