3 Replies Latest reply: Jul 3, 2013 2:31 AM by Attila Polinger RSS

    E-Mail Missing from Logs


      Running MEG 7.5.  I had a user ask about finding a daily E-Mail he had expected but not arrived - it wasn't there.  I also noticed there were several days where the E-Mail had not arrived.  I asked him to verify it was indeed coming daily.


      He provided an E-Mail from one of the missing days - it had arrived, the header indicates it came in the normal route from Internet, to MEG, to Exchange.  But it's not in the E-Mail search at all.


      Called support - they generously provided us with root access to allow us to query the POSTGRES database directly.  It is not in there at all.


      Anyone else see anything like this?  I have high hopes for the upcoming service packs - little things like this and the ongoing spam failures are making this a fulltime job.


      Thanks in advance!


        • 1. Re: E-Mail Missing from Logs

          The meg device uses the 821 address in the reports. If the message is missing in the reports, but the headers indicate that the message went through the device, then its most likely that the sending address you see in the "From:" field is different than the actual 821 email address used. You might want to try searching by subject.

          • 2. Re: E-Mail Missing from Logs

            Thanks.  Searched by subject, sender, recipient, IP.  It's a daily E-Mail.  I see most, but not all and not this specific one.  Interestingly, we do have a SYSLOG collector turned on and the SYSLOG did see it.  Just not in the MEG database. 


            Appreciate the heads up!

            • 3. Re: E-Mail Missing from Logs
              Attila Polinger

              Another possibility could be that this mail has not been subject to any filtering and went straight thru the appliance as legitimate mail AND at the same time a certain logging event type was not enabled (which is not enabled by default) and thus this email did not count among the number of Delivered emails in the PostGres database.

              If you cannot query the Legitimate emails - which is the case when you do not have a scanner type LG recorded in PostGres reporting database then this could be the cause.