The Logs tab displays the actions taken against individual incidents, whether automatic and manual, in date order. By default only the last five actions are displayed, but this can be increased to all actions taken in the last 30 days. From the log list you can:
- Search for a specific log.
- Export the logs.
- Filter the display (e.g. by message status).
To view Logs:
- Log on to the Administration Console.
- Click on the Administration menu item. A menu drop down is displayed.
- Click on the Services | Threat Remediation menu item. The Threat Remediation home page is displayed.
- Click on the Logs tab. Alternatively, click on the View all Logs link on the bottom right corner. Logs are displayed in date order, and display the following information:
|Incident ID||The unique code assigned to the incident. View the "Incident IDs" section of the Targeted Threat Protection: Remediation Overview page for more information.|
|To||Displays the email address of the message's recipients.|
|From||Displays the email address of the message's sender.|
|Action||Indicates the type of action taken on an incident:|
|Action Date||The date and time an action was taken on an incident|
|Message Status||The message's status at the time of the "Action Date".|
Viewing a Log File's Associated Incident
To search for an incident from the Logs queue, or to narrow the results:
- Click on the down arrow next to All and select one of the following options:
- Incident ID: Search for an incident by the known ID number.
- To: Search for the incident by the recipient's email address.
- From: Search for the incident by the sender's email address.
- Enter any known message / data identifiers in the Search field.
- Click on the magnifying glass icon or press the Enter key. The search results display.
- Click on the three dot icon to the right of the log, and click on the View Incident menu item. The corresponding incident is displayed.
Filtering Log Files
- Date Range: Select a time period from the drop down menu. Optionally click on Custom Range to display a date / time picker. Click on the Done button to update your results.
- Filters: All incident types display by default. Select one of the following:
- Notify Only: Displays incidents where the Administrator is notified but no action has been taken.
- Automatic: Displays incidents that have been automatically removed, with the administrator notified.
- Manual: Displays incidents that the administrator has manually performed an action on.
- Restore: Displays incidents confirmed as safe and restored to the user's mailbox.
- Show: By default, 50 incidents display in the queue per page. Select between 50 to 300 incidents per page.
- Custom Settings: Click on the Settings icon in the top right corner to display a pop out panel. Select the boxes of any columns you want to view and click the Apply button. Your custom selections display.
Exporting Log Data
To export the Logs queue to a .CSV file:
- Click on the Export Data button. An Export Logs Data panel slides into view.
- Select the boxes of any data columns you want to include in the download file.
- Click on the Download button. The file is downloaded to your machine's desktop.