We often receive emails with questions like “Why ORF blocked this email?” and “Why this was allowed through?” and “Did ORF blocked this one or something else?”. Of course, it is easy to check using the Log Viewer tool shipped with ORF, but it often turns out ORF users are not aware of the existence of this tool. So I decided to show them what they miss :)
What is it good for?
ORF logs everything (what it does to emails, errors, warnings, etc.) to its text log files. These files are stored in the ORF directory by default (Program Files \ ORF Enterprise Edition) with .log extension. The Log Viewer can be used to review these text logs, so you can find out what it did to incoming emails and why. Let’s start the Log Viewer and see what information can be retrieved from these logs and how:
Loading the log files
You can load the log files from their default location from the last 24 hours by pressing F5. The time period and the directory from which the log files are loaded can be changed anytime by selecting File | Settings… in the main menu. You can also configure the Log Viewer to load the specified log entries on startup immediately, or drag and drop any .log file to the Log Viewer window to load it.
Once the logs are loaded, the data is represented in a table view: each row represents an event or action (not an email!), and by clicking the columns you can re-order the log records by date, source IP, sender and recipient addresses and so on.
Interpreting the log records
There could be several entries for a single email. For example if you have both Before and On Arrival tests enabled, ORF will log what happened to each recipient at Before Arrival, what happened at On Arrival, and if there were any errors or problems during the testing of the email, etc. These are all logged in separate records. The message column indicates detailed information about each record, it is pretty straightforward.
Searching and filtering the log records
Any entries can be quickly located by using the Search option (Ctrl+F). If want to review multiple entries based on certain criterias, there is an excellent Filter builder in the Log Viewer (Shift + Ctrl + F). Just like the manual lists of the Administration Tool, it supports wildcards and regular expressions. For example you can setup a filter to list all blacklisted emails sent from sender@senderdomain.com to any recipient in mydomain.com where the subject does not contain the word “meeting”:
You can also filter for log record types like warnings and errors. Moreover, you can save your filters for future usage.
Next time, we will check out the ORF Reporting Tool, so stay tuned.
Pingback: Vamsoft Insider » Tales From Tech Support – Part 17: Searching in Huge Log Files