Start a conversation

Viewing logged messages

Situation You need to confirm message delivery and search through large amounts of delivered messages for specific emails.

Solution
Steps on how to view the message Logs and refine your searching, and:
  • Types of Users
  • How to View All User Logs
  • Search Criteria
  • Refine Searching

Types Of Users

It should be highlighted here that the different roles have fundamental differences.

  • Silent-Users: have no access into the Proofpoint Essentials interface.
  • End-Users: by default, are automatically shown the logs upon log-in.
  • Admins: Need to navigate to the specific email address or go to the logs page.

How To View All User Logs

The logs will allow you to view what has been sent from or received into the system.

Log Search Limits

  • Logs are only available for the last 30 days.
  • Log searching is limited to 1000 results.
  1. Log into your appropriate stack. Please check this KB if you are unsure where to log-in.
  2. To review all users, click the Log Search tab on the left.
    .UI_LOG.PNG
    1. You are taken to the All Users tab to search.
  3. The below search parameters are available:  UI_SEARCH.PNG
  4. Use the search parameters as desired.
    1. The default date range is set to search the last 7 days.
  5. Click Search.

The log output is a line by line output compared to the parameters you are searching for. Per the limits mentioned, please see the following tips for refining your search.

Info: Search Results

By design, the search results always show the first 100 emails. You can change the parameter, but this resets every time you search.

LOG DETAILS

For a more in depth review of an actual message, please review the Log Details. The details will allow you to also provide support with a Permalink when requested.

Search Criteria

  • Type
    • Inbound Mail - email received by the customer
    • Outbound Mail - email sent from customer (if set-up to use Outbound)
  • Status
    • ANY - All mail
    • Quarantined - Any messages that Proofpoint services stopped; either by standard spam or custom filtering
    • Reported - Messages that were reported using the 'Classify as...' option
    • Blocked - Messages that were classified as a [possible] virus
    • Cleared - Messages that did not get stopped by spam or were allowed via a filter
    • Cleared (but queued for delivery) - Deferred email that is waiting delivery to mail server
    • Cleared (but bounced by destination) - Bounced email that we could not deliver to the destination
    • Cleared (released from quarantine) - Messages previously quarantined that have been released.
  • Date - See the next section on refining search
  • FROM - Email sender
  • TO - Email recipient
  • SUBJECT - Content found in the message subject

INFO: Hide Log/Deleted Log

If a user/admin performs the action to hide the email from log, or a filter designates to hide the message from log, this will not be found in the search criteria, as they have been permanently hidden from the search.

INFO: Recover hidden entry

Once the hide log is done, admins may not be able to see this. The only exception is if a filter rule stated that admins can see. Please contact Proofpoint Essentials support for a recovery. Please provide these details where possible:

  • Sender Address
  • Recipient Address
  • Date of original message received

Refine Searching

The log searching in general can provide too much data. You may want to refine your search based on separate items.

Specific Account Searching

As part of the searching, you are defaulted to see All Users. At the top of the search, you can choose to limit searching by specific users, groups, or functional accounts. If you know it is to a specific email address, you may want to limit searching to the address.


UI_SEARCH_specificaccount.PNG

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Carlos Rios

  2. Posted
  3. Updated

Comments