It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Gateway Defense
formerly Email Security

Filtering the Message Log

  • Last updated on

Use simple search to run a fast search based on a word, search pattern, or phrase.

Use advanced search to further filter or search for specific messages.

Simple Search

messageLogFilter1.png

  1. In the Message Log, next to Message Filter, select either Inbound or Outbound.

  2. From the drop-down menu, select AllAllowedUI DeliveredNot AllowedBlockedEmail ContinuityQuarantined, or Deferred messages.

  3. Enter a whole (not partial) word, search pattern, or phrase in the Search box in the form described below. Using the field name is not necessary, but narrows the search. So, for example, if you search on myaddress@example.com, the From, To, and Subject fields of the message are all searched.

    • IP_address
      Example: ip:10.1.1.1

    • Message_id
      Click on the message, and click Show Details to find the message_id. Use this format in the Search box: message_id:
      Example: message_id:1374102064-320627-22657-10347-7

    • Attachment filename
      Use this format in the Search box: attachment:
      If the attachment filename contains spaces, you can represent the space with %20 or enclose the filename in single or double quotation marks.
      Example: To search for an attachment titled Blue Skies.txt, type any of the following:

      • attachment:Blue%20Skies.txt or

      • attachment:"Blue Skies.txt" or

      • attachment:'Blue Skies.txt'

    • Spam
      This filter operates on messages determined by Email Gateway Defense to be Spam. To display messages identified as Spam, enter this in the Search box: filter:spam

    • Envelope_from
      Example: envelope_from:myaddress@example.com or myaddress@example.com

    • Header_to
      Example: header_to:myaddress@example.com or myaddress@example.com

    • Subject
      Example: subject:Tomorrow or Tomorrow

    • Score_lt(e)
      Example: score_lt:5.2 lists all messages where the score is less than 5.2.
      Example: score_lte:3.0 lists all messages where the score is less than or equal to 3.0.

    • Score_gt(e)
      Example: score_gt:6.8 lists all messages where the score is greater than 6.8.
      Example: score_gte:2.5 lists all messages where the score is greater than or equal to 2.5.

    • Size_lt
      Example: size_lt:500 lists all messages where the size, including attachments, is less than 500 bytes.

    • Size_gt
      Example: size_gt:1000 lists all messages where the size, including attachments, is greater than 1000 bytes.

    • Delivery status
      DeliveredDeferredNot_DeliveredSpooled. Use this format in the Search box: delivery_status:<delivery status>
      Example: delivery_status:deferred

    • Reason_extra
      Example: reason_extra:machine lists all messages tagged with "machine learning".
      Example: reason_extra:domain identify policies that have been configured at the domain level.
      Example: reason:extra:origin<country> lists all messages blocked by GeoIP settings. For countries with 2 names, connect with a dash.

      • reason_extra:origin:russia

      • reason_extra:origin:north-korea

      • reason_extra:origin:the-netherlands

  4. Select the Domain and Time Range, and click Search. All fields are searched based on your criteria, so you may get a larger set of messages returned than you wanted.
    Note that the display time zone is based on the Barracuda Cloud Control administrator account settings.

    • Use the My Profile > Time Zone Details in Barracuda Cloud Control to set the time zone for an individual user’s account.

    • Use the Admin > Options > Time Zone Details in Barracuda Cloud Control to set the time zone for all administrators and end users in this account.


Advanced Search

messageLogFilter2.png

To further filter or search for specific messages, click Advanced Search to display the Advanced Search options. To hide these options, click Advanced Search again. To remove a search value, click Clear. Select or enter a word or phrase to search on in one or more of the following fields, then click Search.

  • From
    Sender email address (this may not match the address in the headers that mail clients display to an end-user).

  • To
    Recipient email address(es).

  • Envelope From
    This is the (sender) email address to which bounce messages are delivered. This field is also sometimes known as envelope fromenvelope senderMAIL FROMreturn address, and other names. All of these names refer to the email address found by the SMTP MAIL FROM command. The Envelope From field contents are generally not seen by the email user.

  • Envelope To
    The real destination email address.

  • Subject
    Messages where any portion of the "Subject:" field contains the specified text.

  • Action
    Limit to AnyAllowedBlockedQuarantinedEncrypted or Deferred messages.

  • Reason
    Messages with Actions taken for the selected Reason. For a description of reasons, see Message Actions. Example:

  • Delivery Status
    Limit to AnyDeliveredNot DeliveredDeferredRejected, or Spooled.

  • Start Date, End Date
    Use to limit date/time range of message search results. Examples:

    • To view 10 minutes of results
      Start Date: 2016-10-01 12:00am    End Date: 2016-10-01-12:10am    Returns messages from 12:00 AM through 12:09 AM, not including 12:10 AM.

    • To view a 7 day range
      Start Date: 2016-09-24 12:00am    End Date: 2016-10-01 12:00am

    • To view yesterday's messages through today
      Start Date: Yesterday   End Date: blank   (leave the End Date field blank)

  • Attachment
    Attachment file name.

  • Results
    Limit result set to a maximum of 25, 50, 100, 150, or 200 messages.