Using Symantec Mail Security data - Symantec Mail Security for Microsoft Exchange Implementatio

Using Symantec Mail

Security data

This chapter includes the following topics:

■ Viewing server status

■ Working with event data

■ Working with report data

■ Viewing events in the Windows Event Log

Viewing server status

Symantec Mail Security provides server status information on the Home screen and on the Monitors page. The Monitors page provides detailed information on a selected server.

To view server status

1 On the primary navigation bar, click Monitors.

2 On the sidebar, under Views, click Server Status.

3 To view detailed data for a server, on the upper pane, click the server’s entry. In group view, if the table remains blank, press F5 to populate it. This is because in a very large group, the process can take several minutes. You must also press F5 to refresh the display with the latest events.

158 Using Symantec Mail Security data Working with event data

Working with event data

The Symantec Mail Security event log records all virus, configuration, rule violation, and server events. The log lists entries in chronological order with the most current event at the top. The event log displays information, warning, and error events.

You can filter event data by categories such as rule violation, virus, LiveUpdate, and quarantine. You can also select a start date from which to begin displaying event data.

The event log does not refresh automatically. You must press F5 to refresh the display with the most recent list of events.

The event log displays the most recent 5000 Symantec Mail Security events from the Windows Event Log per server. For example, if your group contains five servers, the event log can display up to 25,000 events.

Viewing event data

The Symantec Mail Security event log lets you view and sort event data that is generated by Symantec Mail Security and written to the Windows Application Event Log.

You can also filter the Symantec Mail Security event log to view only the events in which you are interested.

To view the Symantec Mail Security event log 1 On the primary navigation bar, click Monitors.

2 On the sidebar, under Views, click Event Log.

3 To sort the list data by different criteria, click the column headers.

In group view, if the Event Log remains blank, press F5 to populate it. This is because in a very large group, the process can take several minutes.

You must also press F5 to refresh the display.

To filter the Symantec Mail Security event log 1 On the primary navigation bar, click Monitors.

2 On the sidebar, under Views, click Event Log.

3 In the Number of items per page box, accept the default or select a number from the menu.

159 Using Symantec Mail Security data

Working with report data

5 In the entries since box, select a start date from which to begin displaying event data.

6 Click Display to show the filtered data.

Working with report data

Symantec Mail Security collects extensive report data on threats, security risks, content violation, spam, and server information. You can use this data to generate summary or detailed reports based on different subsets of the data. When you define a report, you specify criteria such as the time span of the collected data, whether to show specific violations or all violations, and the format of the report itself.

The email client that you use to view reports sent by symantec Mail Security must support/allow HTML-based attachments.

If you use Outlook Express, you need to make the following settings:

■ On the Security Tab, deselect the option titled “Do not allow attachments to be saved or opened that could potentially be a virus.”

■ On the Read Tab, deselect the option titled “Read all messages in plain text.”

About report templates

Report templates let you define a subset of the raw report data that is collected by Symantec Mail Security for a single server. The goal of creating a template is to describe a set of data that summarizes threats, security risks, content violation, spam, and server information, which can be saved and used to generate on-demand or scheduled reports. Report templates can include different categories or combinations of security-related statistics. They are useful for summarizing virus, rule violation, and scanning information on a regular basis.

You can create different report templates to describe different subsets of the raw report data. Once a report template is created, the template is saved in the single-server user interface, which you can access to generate reports.

The two main categories of report templates are as follows:

■ Executive summary report template

160 Using Symantec Mail Security data Working with report data

Creating an on-demand executive summary report template

An on demand executive summary report will provide summary information when you request it.

Note: Reports cannot be generated with a new or updated report template until it is deployed to the server.

To identify the template and distribution

1 On the primary navigation bar, click Reports.

2 On the sidebar, under Views, click Report Templates.

3 On the sidebar, under Tasks, click Addnew template.

4 Under Report Template Options, in the Template Name box, type a name for the report template.

5 If desired, type a description of the template in the Description box.

6 Under Report Type, click Executive Summary.

7 Under Report Format, click Integrated, CSV, or HTML.

8 If desired, check Email report to following participants and type one or more addresses (separated by semicolons) to which the report will be delivered.

9 Click Next.

To configure the report time range

1 Under Report Time Range, in the Time Range box, select a time range from the menu: ■ Past Day ■ Past Week ■ Past Month ■ Past Year ■ Customized

If Customized is selected, under Customize Time Range, in the Start Time and End Time boxes, modify the dates and times for the start and end of the report time range.

2 Under Report Generation Options, click On Demand.

161 Using Symantec Mail Security data

Working with report data

To configure the report chart options

1 Under Report Chart Options, check the charts that you want to include in the report. You can leave the selections unchecked if you do not want to include any charts. Chart selections are as follows:

■ Violations pie chart ■ Virus line chart

■ Content line chart ■ Spam pie chart

2 If you selected Virus line chart or Content line chart, accept the granularity default (Week) or select a granularity from the menu. Granularity selections are as follows: ■ Day ■ Week ■ Month ■ Year 3 Click Next.

To configure report content

1 Under Executive Summary Template Options, accept the defaults (all selected) or uncheck the data that you do not want to appear in the Executive Summary report. Data selections are as follows:

Scan Summary Options

■ Show Scan Summary Summary of messages processed during the current reporting period

■ Messages Scanned by SMTP Total number of messages processed by SMTP during the current reporting period

■ Files Scanned by VSAPI Total number of files processed by VSAPI during the current reporting period

■ Files Scanned by SMTP Total number of files processed by SMTP during the current reporting period

162 Using Symantec Mail Security data Working with report data

2 Click Next.

Threats and Security Risks

■ Total Threats Total number of threats detected during the current reporting period

■ Top Threats Table Table of top threats during the current reporting period

■ Number to include Number of threats to include in the Top Threats Table

■ Unrepairable Threats Total number of unrepairable threats detected during the current reporting period

■ Unscannable Files Total number of unscannable files detected during the current reporting period

■ Mass Mailer Threats Number of messages in which mass-mailer threats were detected during the current reporting period

■ Total Security Risks Number of security risks detected during the current reporting period

■ Threats Repaired Number of threats repaired during the current reporting period

■ Threats Deleted Number of threats deleted during the current reporting period

■ Threats Quarantined Number of threats quarantined during the current reporting period

163 Using Symantec Mail Security data

Working with report data

3 Under Executive Summary Template Options, accept the defaults (all selected) or uncheck the data that you do not want to appear in the Executive Summary report. Data selections are as follows:

Content Violations

■ Total Content Violations

Total number of messages containing inappropriate content during the current reporting period

■ Total Attachments Blocked

Total number of attachments blocked during the current reporting period

■ Total Multimedia/EXE Attachments Blocked

Total Multimedia/Executable attachment blocked during the current reporting period

■ Total Encrypted Attachments Blocked

Total encrypted attachment blocked during the current reporting period

■ Total Encrypted Attachment Rule Violations

Total number of messages containing encrypted files during the current reporting period

■ Table of Top Content Violations

Table of top Content Violations detected during the current reporting period

■ Number to include Number of items to include in the Table of Top Content Violations

■ Table of Top Attachments Blocked

Table of top attachments blocked during the current reporting period

■ Number to include Number of items to include in the Table of Top Attachments Blocked

Spam Options

■ Table of Top Spammers Table of top spam sources identified during the current reporting period

■ Number to include Number of items to include in the Table of Top Spammers

■ Spam by Category Total number of spam categories identified during the current reporting period

■ Spam by Domain Total number of spam domains identified during the current reporting period

■ Number to include Number of domains to include in the Spam by Domain list

164 Using Symantec Mail Security data Working with report data

4 Click Next.

5 Under Server Information, accept the defaults (all selected) or uncheck the data that you do not want to appear in the Executive Summary report. Data selections are as follows:

6 Click Finish.

7 Click Deploy changes/Deploy all or proceed to your next task.

■ RBL Total Checks Total number of messages checked against Realtime Black Lists

■ RBL Rejected Total number of messages rejected by Realtime Black Lists

Show Server Information

Check to enable the server information option

Machine Name Name of the server Server Status Started or stopped Auto-Protect

Status

Started or stopped

Virus Definitions Date

Date of virus definitions in use during the reporting period

Product version Installed version of Symantec Mail Security Service Start Time Date and time Symantec Mail Security was started Symantec Premium AntiSpam Status Enabled or Disabled Virus Definition Version

165 Using Symantec Mail Security data

Working with report data

Creating a scheduled executive summary report template

A scheduled executive summary report will provide summary information on a regular schedule.

Note: Reports cannot be generated with a new or updated report template until it is deployed to the server.

To identify the template and distribution

1 On the primary navigation bar, click Reports.

2 On the sidebar, under Views, click Report Templates.

3 On the sidebar, under Tasks, click Addnew template.

4 Under Report Template Options, in the Template Name box, type a name for the report template.

5 If desired, type a description of the template in the Description box.

6 Under Report Type, click Executive Summary.

7 Under Report Format, click Integrated, CSV, or HTML.

8 If desired, check Email report to following participants and type one or more addresses (separated by semicolons) to which the report will be delivered.

9 Click Next.

To configure the report time range

1 Under Report Time Range, in the Time Range box, select a time range from the menu: ■ Past Day ■ Past Week ■ Past Month ■ Past Year ■ Customized

If Customized is selected, under Customize Time Range, in the Start Time and End Time boxes, modify the dates and times for the start and end of the report time range.

2 Under Report Generation Options, click Scheduled.

3 Under Scheduling Options, in the Generate report at box, select the time of day to generate the report.

166 Using Symantec Mail Security data Working with report data

4 Click Daily, Weekly, or Monthly.

If Weekly or Monthly, select the day of the week or month to generate the report.

5 Click Next.

To configure the report chart options

1 Under Report Chart Options, check the charts that you want to include in the report. You can leave the selections unchecked if you do not want any charts. Chart selections are as follows:

■ Violations pie chart

■ Virus line chart ■ Content line chart

■ Spam pie chart

To configure report content

1 Under Executive Summary Template Options, accept the defaults (all selected) or uncheck the data that you do not want to appear in the Executive Summary report. Data selections are as follows:

Scan Summary Options

■ Show Scan Summary Summary of messages processed during the current reporting period

■ Messages Scanned by SMTP Total number of messages processed by SMTP during the current reporting period

■ Files Scanned by VSAPI Total number of files processed by VSAPI during the current reporting period

■ Files Scanned by SMTP Total number of files processed by SMTP during the current reporting period

167 Using Symantec Mail Security data