Message tracking No results found.

mehedihasan2020 · ‎11-28-2019

Dear all,

In Cisco ESA-C690 we find a problem when we are trying to track the message. It's showing no result found. Also, It's didn't showing any log of the previous times. The problem occurs periodically after a certain time.

Why this happening, what's is the symptoms that are might be!!

marc.luescherFRE · ‎11-29-2019

By default message tracking searches for SMTP from and ENV from when your search for a from address. My current feeling is that you are looking for an entry/email with a friendly from email adress. This will only be possible in V 13.

The only way to overcome this currently is to add a content filter to inject the friendly from like:

CLILogSplunkFieldsv12: if recv-listener == "InboundInterface" {
log-entry("DEBUG ParentMID=$MID MessageID=$Header['Message-ID'] FFROM=$Header['From']
REPLYTO=$Header['Reply-To'] SENTBY=$Header['Sender']

}

This will add for evert message the friendly from, reply-to and sendby headers and will allow you to search the mail logs in CLI for such special cases.

I hope that helps

-Marc

Mathew Huynh · ‎11-29-2019

Hey Mehedihasan,

On your tracking as you shared it's an ESA so i assume it's local tracking; can you double check on the GUI -> Monitor > Message Tracking; on the top right of the search options there is a data availability percentage.

Check to ensure the data you're searching for is available within the percent and not within the missing data intervals.
If the data is indeed supposed to be there but no results come up - can you please look into the mail_logs for an MID and try to search for a specific MID and see if a result comes up.

If there are still no results, i suspect either a process isn't running properly or there may be some issues on the tracking database. If this is the case i strongly recommend consulting Cisco TAC with the remote tunnel access to verify what's happening.

Regards,
Mathew