This article details how to access and read the Search Logs and View Logs in the Mimecast Administration Console. It is intended for Administrators.
Search Logs
The Search Logs are used to review all archive searches performed by Administrators.
You can view the Search Logs, by using the following steps:
- Log on to the Mimecast Administration Console.
- Navigate to Archive | Search Logs.
- The Search Logs screen is displayed:
| Field / Option | Description |
|---|---|
| Run Time | The date and time the search was run. |
| User | Email address of the Administrator performing the search. |
| Description | Description of the search, either Message Tracking Search, or the description of a Saved Search. |
| Search Filter | Details of the search criteria that were entered. |
| From Date | From Date of the search. |
| To Date | To Date of the search. |
| Message Subject | Subject line of the email on the email viewed. |
- From the Search Logs screen, you can:
-
- Use the Search functionality, to search by User, Description, or Search Filter.
- Use the Export Data button, to export the data in either CSV or XLS format.
- Click on a Message Tracking Search row, to view Message Tracking Details for a message.
| Field / Option | Description |
|---|---|
| User | Email address of the Administrator performing the search. |
| Search Reason | Reason for the search. See Archive Search Audit Alerts for further information. |
| From | Email address of the message sender. |
| To | Email address of the message recipient. |
| Date Range | Date range of the search. |
| Subject | Subject of the message. |
| Message ID | Message ID for the message. |
| IP Address | IP Address the message was sent from. |
| Status | Message status. |
| Route | Route the message has taken. |
| Attachments | Checkbox displaying whether there were attachments. |
From this screen, you can click on Back to return to Search Logs.
- Click on a row corresponding to a Saved Search, to view details of the Saved Search.
| Field / Option | Description |
|---|---|
| Saved Search Description | Description of the Saved Search. |
| Search Text | Details of the search criteria that were entered. |
| Search Subject Line | Checkbox displaying whether Search Subject Line was selected. |
| Search Message Headers | Checkbox displaying whether Search Message Headers was selected. |
| Search Message Body | Checkbox displaying whether Search Message Body was selected. |
| Search Attachments | Checkbox displaying whether Search Attachments was selected. |
| Search Attachment Name | Checkbox displaying whether Search Attachment Name was selected. |
| Include Litigation Hold Messages | Checkbox displaying whether Include Litigation Hold Messages was selected. |
| Search Within Smart Tag | Displays if Smart Tag was selected, and which Smart Tag. |
| From Address (or Domain) / To Address (or Domain) | Displays the From Address / Domain or To Address / Domain. |
| Date Range | Date range of the search. |
| Show Total Count | Checkbox displaying whether Show Total Count was selected. |
| Route Filter | Displays which route was filtered by. |
| Result sort order | Displays which order the search results were shown in. |
From this screen, you can:
-
-
- Amend the search details, then click on Save and Exit.
- Click on Search to run the search.
- Click on Back to return to Search Logs.
-
View Logs
The View Logs are used to review every email that has been viewed by an Administrator.
Mimecast Administrators who have been granted access to the Archive will have access to view the metadata of the email. Those who have been given Content Viewing permissions additionally will be able to view both the content and the metadata of all emails. Message View logs provide a full audit trail of all Administrator views of both the metadata and content of emails in the Archive.
For those Administrators with Content Viewing rights, the logs will always show that the content of the email has been viewed, so it is recommended to use a normal Administrator account when performing general searches on emails. The logs are immutable and will be available indefinitely for the Mimecast account, regardless of the retention period.
You can view the View Logs, by using the following steps:
- Log on to the Mimecast Administration Console.
- Navigate to Archive | View Logs.
| Field / Option | Description |
|---|---|
| Viewer | Identifies which Administrator performed the search. |
| Source | Identifies the source of the logged data. |
| Indicates that the Administrator accessed the metadata of the messages. | |
| Indicates that the Administrator accessed the content of the emails. | |
| Viewed | When the message was viewed. |
| Message From | Sender address on the email viewed. |
| Message To | Recipient address on the email viewed. |
| Message Subject | Subject line of the email on the email viewed. |
- From the View Logs screen, you can:
-
- Use the Search functionality, to search by Viewer, Message From, Message To, or Message Subject.
- Use the Export Data button, to export the data in either CSV or XLS format.
- Click on a row to view details of the Event Properties.
| Field / Option | Description |
|---|---|
| Viewer | Identifies which Administrator performed the search. |
| View Time | When the message was viewed. |
| Message From | Sender address on the email viewed. |
| Message To | Recipient address on the email viewed. |
| Message Subject | Subject line of the email on the email viewed. |
| Email Date | The date and time the email was sent. |
| Source | Identifies the source of the logged data. |
| Content Viewed | Checkbox displaying whether the email content was viewed. |
| Discovery Case | Checkbox displaying whether this was a Discovery Case. |
From this screen, you can:
- Click on View the email message to view the email.
You will only be able to access the content of the email with the appropriate permissions.
Accessing the message in this way, a new Message View log entry will be created.
- Click to Report as Spam.
- Click to Report as Malware.
- Click to Report as Phishing.
- Click on Back to return to View Logs.
Comments
Please sign in to leave a comment.