Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
1
Helpful
7
Replies

Reading logs from Outgoing Content Filter rules

Zach Rocha
Level 1
Level 1

‎01-09-2024 11:44 AM

I'm trying to figure out if there are any logs created from Outgoing Content Filters. For example:

We have a filter to send all emails with anything SSN (XXX-XX-XXXX) in the subject and it works, but is there a way to see everything that has been caught by that filter? I'll write below the way we have it set up

Condition: Subject Header - subject == "\\b[0-9]{3}-[0-9]{2}-[0-9]{4}\\b"

Action: Notify - notify ("email_distro@company.com")

Thank you for any help you can provide in advance!!

Labels:
0 Helpful
7 Replies 7

Ken Stieers
VIP
VIP

‎01-09-2024 12:06 PM

In the new gui, you can search by content filter name. There's a checkbox and then a text field for the filter name

We also add a Log Action to any filters that we want to keep a better eye on.

Zach Rocha
Level 1
Level 1
In response to Ken Stieers

‎01-09-2024 12:19 PM

Thank you for the response Ken! I did see somewhere that you can add the Log Action to the Content Filter, but if I don't have that set am I able to see any logs from that specific filter? Also I'm sorry, but I'm not seeing a search area. Is that in Mail Policies - Outgoing Content Filters?

Thank you again!

0 Helpful

Ken Stieers
VIP
VIP
In response to Zach Rocha

‎01-09-2024 12:34 PM

In a mail tracking search, click on Advanced.

The bottom half has a bunch of checkboxes, one should be for outgoing content filter and checking it shows a text box.
0 Helpful

Zach Rocha
Level 1
Level 1
In response to Ken Stieers

‎01-10-2024 10:00 AM

I'm not seeing that as an option. I see "Message Tracking" but it's followed by "The Message Tracking service is currently enabled for centralized tracking. Please log into your Security Management Appliance to see tracking data."

I then log into the Security appliance and see ""Enabled".

I guess to be safe, We are currently using Cisco Secure Email Gateway C600V, if that helps?

0 Helpful

Ken Stieers
VIP
VIP
In response to Zach Rocha

‎01-10-2024 01:22 PM

Sounds like you have a SMA and you'll need to go to the SMA to do the tracking.

(SMA is the Security Management Appliance, its where logs and quarantines are centralized)
0 Helpful

Ruben Cocheno
Spotlight
Spotlight
In response to Zach Rocha

‎01-09-2024 12:42 PM

 

Create the content filter on the ESA:

  1. Navigate to Mail Policies > Incoming/Outgoing content filters
  2. Click  Add Filter
  3. Name the filter
  4. Add condition desired and
  5. Click Add Action
  6. ChooseNotification
  7. Use the email you want and subject  on value box
  8. Submit andCommit

As shown in the image (example)

RubenCocheno_1-1704832728024.png

To finish, apply this filter to the desired Incoming/Outgoing Mail Policy.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

Zach Rocha
Level 1
Level 1
In response to Ruben Cocheno

‎01-10-2024 12:53 PM

Thank you for your response! I have that set up properly, but do you know if you can see a log of everything that has been caught by the rule?

0 Helpful
Customers Also Viewed These Support Documents