Incoming Log Search

The Incoming Log Search is a comprehensive search tool which allows you to filter on all incoming messages over the past 32 days. In this page you can also access Quarantined messages, those that are in the Incoming Delivery Queue as well as those that are Archived.

Quarantined messages are stored for 60 days, but for messages older than 32 days these will not be visible on the log search page. They can be found using one of the prions from SIEM Logging Integrations or using IMAP.

To access the Incoming Log Search, in the Admin, Domain or Email level Control Panel, select Incoming > Logs.

Using the Log Search you can:

Click on the classification link in the page description at the top of the log search to display the Classifications side-bar which shows more information on the classifications available:

Actions Available on Log Search Results

In the Search Results listed you can carry out a variety of actions.

Actions Available for Message Statuses

Key

The following icons indicate the action's availability per message status:

Key Status Description
Available The action is available for all messages with this status
Available if additional criteria met The action is available for any message with this status, so long as an additional criteria is met (see * for additional information)
Not Available The action is not available for any message with this status
Incoming

Some actions may not be available for Email Level Users.

Outgoing

Some actions may not be available for Email Level Users.

Regenerate Archive Message Content Index

This is only to search within the Archived message body content. This is not needed for searching message metadata.

This process may take some time to complete.

If you want to be able to search all Incoming or Outgoing archived message content in your domain, click on the Regenerate Content Index button at the top of the Domain Level Log Search page. This is controlled by the Indexing Options section in the Archive Settings page at Domain Level only.

The index is regenerated and any messages archived since the last time the index was generated are added to the index - allowing you to search all archived message content for that domain.

Add Customised Action Using Log Search

  1. Once you have run your log search and the search results are listed, select the dropdown to the left of the message and select Change action for messages like this
  2. The Add a new custom action for emails dialog is displayed with the fields pre-populated according to the message
  3. Click Save
  4. The new custom action is listed in the Incoming - Protection settings > Customise actions page accessible from the Admin and Domain Level Control Panels.

    You can now use the dropdown to the left of the new action and select Find similar messages to redirect you to the Log Search where the query based on your rule is automatically run and matching results are listed.

    Alternatively, you can set up custom actions manually on the Customise Actions page. However, using the log search, as described here, is quicker, easier and more versatile.

The custom action configuration requires the inclusion of a Sub class and Extra class to match message deliveries. The sub and extra classes can also be added in the query rules of the search prior to opening the custom actions window.