background

SpamExperts KnowledgebaseFeature Preview

Log Search (Preview)

The Log Search Preview will replace the current log search, and also the Spam Quarantine, Delivery Queue and Archive Search pages. 

Once the Preview features is enabled, when you go to the Quarantine or Delivery Queue pages you will be redirected to the Log Search Preview with the query rules prefilled and the search executed. These return the same results as the old Quarantine or Delivery Queue pages do.

The new page looks a little bit different than the old log search, as it was simplified, but it still has the same functionality. It’s already far more powerful and flexible than the old log search page. 

To create a custom search in the Log Search Preview, you can adjust the query rules. The timestamp rule is present by default. To add new rules, you simply need to click on the ‘New rule’ button and select one from the list. You can also remove all rules to see all connections.

These rules generally have three parts: 

  • What part of the message / metadata you are matching against (e.g. sender, subject)

  • What sort of match you are doing (e.g. is, contains, does not start with)

  • The content you are trying to match against.

The Rules list contain a wide variety of options, some of which are not included in the old log search page. Some examples are: To / From / CC / sender location / message size, etc.

The status of a message tells you how far through the filtering process the message is - rejected, queued for delivery, delivered, quarantined, etc. To search for messages with a specific status, you can use the Rule: Status, and tick only the checkboxes for the statuses that you need.

Once you have added all the query rules, you can use the ‘Customise’ drop down list to select the fields that should be returned. 

You will notice that this also provides quite a few options. The most commonly useful ones, besides the default fields, are: Main Class / Sub Class / Delivery Data / Status.

Main Class shows how the message was classified, which will determine what happened to the message (e.g. was it temporarily or permanently rejected). For example: Spam. Sub Class shows why the message was classified as Spam. For example: DNSBL. 

You can click on the classifications word in the header of the page, to open the Classifications sidebar, that provides additional information on classifications.

Once you click this, you will see the SideBar pop-up on the right hand side of the screen. You have the ability to search for a specific sub class, or scroll through the list until you get to the intended one. The green, yellow, and red labels indicate which main classes the sub class is used with. To learn more about a specific classification, simply use the “Show details” button.

Delivery Data is useful as this shows the most recent response of the destination mail server when the filtering server tried to deliver the message there. So, for example, if a message is accepted by the filter but cannot be found in the Inbox of the recipient, this field will show if the message was actually delivered onto the destination mail server or not. To see all delivery attempts that have been made for a message, the “Delivery Details” page may be used.

The Status will show you what is the current status of the message. For example: Delivered / Rejected / Quarantined / Queued. Note that “Rejected” includes both temporary rejections (where the sender will most likely automatically retry delivery later) and permanent rejections (where the sender will not automatically retry)

You can also get the results grouped by a certain category. This is available in all the pages that have the search function. For this, you need to use the ‘Group results by’ drop down list, and select a field from the list. 

For example, you can group the results by Sender, and this will ensure that the results are displayed grouped per sender: 

Once you have selected the search you wish to perform, click show results. This will run the search display the results.

After the results are being returned, you also have the option to Export them to CSV. All you need to do is to click on the Export as CSV button and this will result in those entries being downloaded in a CSV file on your local machine. 


Was this article helpful?

Related articles

Search result for :