Showing results for 
Search instead for 
Did you mean: 

Logging for URL filtering

Level 1
Level 1

We've enabled URL filtering, working great, but I want to log more information for the exceptions that I know are coming.  I'm not getting the results I expect with my Add log entry action. 

My action step is:

log-entry("$MatchedContent triggered $FilterName")

All I'm getting with that log entry is:
Message 455 Custom Log Entry: triggered Mailicious_URL
Message 255 dropped by content filter 'Mailicious_URL' in the inbound table.

I want to see the URL that is getting caught but the $matchedcontent variable is not pulling it.  

What do I need to log the URL that is getting caught?

2 Replies 2

Mathew Huynh
Cisco Employee
Cisco Employee

Hello The-Messenger,

To see the URL information in your mail_logs only (at the moment).

You will need to enable URL logging to be done via the outbreakfilterconfig via the command line.


myesa.local> outbreakconfig

Outbreak Filters: Enabled

Choose the operation you want to perform:
- SETUP - Change Outbreak Filters settings.
- CLUSTERSET - Set how the Outbreak Filters are configured in a cluster.
- CLUSTERSHOW - Display how the Outbreak Filters are configured in a cluster.
[]> setup

Outbreak Filters: Enabled
Would you like to use Outbreak Filters? [Y]>

Outbreak Filters enabled.

Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or
back down below), meaning that new messages of certain types could be quarantined
or will no longer be quarantined, respectively.

Would you like to receive Outbreak Filter alerts? [N]>

What is the largest size message Outbreak Filters should scan?

Do you want to use adaptive rules to compute the threat level of messages? [Y]>

Logging of URLs is currently disabled.

Do you wish to enable logging of URL's? [N]> y

Logging of URLs has been enabled.

The Outbreak Filters feature is now globally enabled on the system. You must use the
'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable
Outbreak Filters for the desired Incoming and Outgoing Mail Policies.

Note: Ensure that you commit any and all changes to your configuration before you proceed from either the GUI or the CLI on your ESA.


You can see the steps to enable it in this article: 



M. Miller
Level 1
Level 1

Dear Mathew Huynh,


thank you very much for this solution. It really took me a while to find this post. It just works like a charm. Now we are able to see all URLs within an e-mail, as well as matched category and URL defang action, logged in the mail_logs - Great!