cancel
Showing results for 
Search instead for 
Did you mean: 

E-Mail Missing from Logs

Running MEG 7.5.  I had a user ask about finding a daily E-Mail he had expected but not arrived - it wasn't there.  I also noticed there were several days where the E-Mail had not arrived.  I asked him to verify it was indeed coming daily.

He provided an E-Mail from one of the missing days - it had arrived, the header indicates it came in the normal route from Internet, to MEG, to Exchange.  But it's not in the E-Mail search at all.

Called support - they generously provided us with root access to allow us to query the POSTGRES database directly.  It is not in there at all.

Anyone else see anything like this?  I have high hopes for the upcoming service packs - little things like this and the ongoing spam failures are making this a fulltime job.

Thanks in advance!

Kevin

3 Replies
ijahnke
Level 11
Report Inappropriate Content
Message 2 of 4

Re: E-Mail Missing from Logs

The meg device uses the 821 address in the reports. If the message is missing in the reports, but the headers indicate that the message went through the device, then its most likely that the sending address you see in the "From:" field is different than the actual 821 email address used. You might want to try searching by subject.

Re: E-Mail Missing from Logs

Thanks.  Searched by subject, sender, recipient, IP.  It's a daily E-Mail.  I see most, but not all and not this specific one.  Interestingly, we do have a SYSLOG collector turned on and the SYSLOG did see it.  Just not in the MEG database. 

Appreciate the heads up!

apoling
Level 14
Report Inappropriate Content
Message 4 of 4

Re: E-Mail Missing from Logs

Another possibility could be that this mail has not been subject to any filtering and went straight thru the appliance as legitimate mail AND at the same time a certain logging event type was not enabled (which is not enabled by default) and thus this email did not count among the number of Delivered emails in the PostGres database.

If you cannot query the Legitimate emails - which is the case when you do not have a scanner type LG recorded in PostGres reporting database then this could be the cause.

Attila

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community