advertisement
▼
Scroll to page 2
of
458
Monitor your WatchGuard XCS
HTTP history search
Web requests and sessions can be searched using the following fields:
There is no message details for successful web sessions. However, the browse time for successful sessions is indicated in the status column of the search results.
Client IP — Searches web requests and sessions based on the IP address of the web client, such as
10.0.1.100
.
Request ID — Searches on the Request ID that is the unique identifier added to the request by the system, such as
8290352619373D0
. This field can also be used to search web sessions.
URL — Searches on the URL of the HTTP request, such as www.example.com
. This field can also be used to search web sessions.
Request From — Searches on the user name of the originating client request if authentication is enabled for the Web Proxy. If authentication is not enabled, use the Client IP option to search requests for specific client IP addresses. This field can also be used to search web sessions.
Virus — Searches for messages that contain the specified virus.
Spyware — Searches for messages that contain the specified spyware name.
Attachment Type — Searches on the attachment type of any attachments filtered by the Attachment
Control and Content Scanning features. The specified search term must match the Content-type for the attachment, as displayed in the HTTP log. For example, to match a .exe attachment, you must enter a partial or exact search on the Content-Type name of application/x-msdos-program
.
Advanced search
Click the Advanced Search link to expand the number of options to use for searching the database. The advanced search includes additional parameters such as advanced date ranges, message direction, TLS status, and the final action taken on messages.
User Guide 423
advertisement
Related manuals
advertisement
Table of contents
- 13 About the WatchGuard XCS
- 13 WatchGuard XCS Overview
- 13 Firewall-level network and system security
- 13 Message delivery security
- 14 Web security
- 14 Content controls
- 14 Virus and spyware scanning
- 14 Outbreak control
- 14 Malformed message protection
- 15 Intercept Anti-Spam
- 15 ReputationAuthority
- 16 Image spam analysis
- 16 Threat prevention
- 16 Trusted and blocked senders list
- 16 Spam quarantine
- 16 Secure WebMail
- 17 Integrated and external message encryption
- 17 Mail delivery encryption
- 17 Policy controls
- 18 System management
- 18 Clustering
- 19 Reporting
- 19 Security Connection
- 19 Internationalization
- 20 WatchGuard XCS on the DMZ of a network firewall
- 21 WatchGuard XCS on the internal network
- 22 Network firewall configuration
- 23 DNS configuration for mail routing
- 23 Outbound mail routing
- 24 Trusted messages
- 24 Inbound and outbound scanning
- 24 SMTP connection
- 25 Virus and spyware checking
- 25 Malformed message checking
- 25 Attachment size limits
- 25 Attachment control
- 25 Outbreak control
- 25 OCF (Objectionable Content Filter)
- 26 Pattern Filters and Specific Access Patterns
- 26 Trusted and Blocked Senders List
- 26 Content Scanning
- 26 Document Fingerprinting
- 26 Content Rules
- 26 Encryption
- 26 Anti-Spam processing
- 26 Mail mappings
- 26 Virtual mappings
- 27 Relocated Users
- 27 Mail Aliases
- 27 Mail routing
- 27 Message delivery
- 27 Message Processing Order Summary
- 27 SMTP Connection Checks
- 28 Message Checks
- 28 Intercept Anti-Spam processing
- 31 System Administration
- 31 Connect to the WatchGuard XCS
- 32 Navigate the Main Menu
- 32 Activity
- 33 Security
- 34 Configuration
- 35 Administration
- 36 Support
- 37 Console activity screen
- 37 Admin Menu
- 38 Repair Menu
- 38 Misc Menu
- 39 Configure the Admin User
- 40 Add additional administrative users
- 42 Admin automatic logout
- 42 Admin login lockout
- 44 External Proxy Server
- 46 Feature Display
- 47 Mail Delivery Settings
- 47 Network Configuration
- 49 Network interface configuration
- 50 Advanced parameters
- 51 Transparent mode and bridging
- 52 Support Access
- 53 Network Routing of Virtual Interfaces
- 54 Virtual interfaces and trusts
- 56 Subdomain routing via MX lookup
- 56 Subdomain routing and DNS caching
- 56 LDAP routing
- 57 Add rules for relays
- 58 Delivery settings
- 59 Gateway features
- 59 Default mail relay
- 59 Failback mail relay
- 60 BCC (Blind carbon copy) all mail
- 60 Annotations and delivery warnings
- 63 Advanced mail delivery options
- 63 Advanced SMTP settings
- 64 SMTP notification
- 64 Received header
- 65 Mail Aliases
- 65 Uploading Alias Lists
- 65 LDAP aliases
- 66 Mail Mappings
- 67 Mail mapping as access control
- 69 LDAP virtual mappings
- 75 Configure message archiving
- 76 Configure content control filters for archiving
- 76 Configure pattern filters for use with archiving
- 76 Configure OCF for archiving
- 77 Customizing archive headers using policies
- 79 LDAP Configuration
- 79 LDAP Overview
- 79 Naming conventions
- 80 LDAP schema
- 80 LDAP components
- 80 Clients
- 81 Protocol
- 81 Operations
- 81 Client session operations
- 81 Query operations
- 82 Modification operations
- 82 Extended operations
- 82 Security
- 83 Directory Servers
- 84 Testing LDAP servers
- 85 Searching the LDAP tree
- 89 Import settings
- 90 Mirror LDAP accounts as local users
- 90 Testing directory users
- 100 Cannot contact the LDAP server
- 100 LDAP user and group imports are failing
- 100 Mirror accounts are not created
- 101 LDAP authentication failures
- 103 Message Security
- 103 SMTP Mail Access
- 107 Anti-Virus
- 109 Updating pattern files
- 110 Spyware Detection
- 111 Configuring spyware detection in a policy
- 117 How message encryption works
- 118 Encryption configuration on the WatchGuard XCS
- 119 About Token files
- 120 Encryption with Pattern Filters
- 120 Encryption with the Objectionable Content Filter (OCF)
- 122 Manage accounts
- 123 Managing images
- 123 Managing users
- 124 Generate message activity reports
- 124 Manage secure messages
- 125 Read encrypted messages
- 126 Track encrypted messages
- 127 External Email Message Encryption
- 127 Configure the encryption server
- 128 Define mail routes for encryption and decryption
- 128 Enable encryption and decryption on the WatchGuard XCS
- 129 Define filter rules for encryption
- 132 TLS and message history
- 135 Content Control
- 135 Attachment Control
- 135 Attachment stripping
- 136 Attachment stripping and DomainKeys signatures
- 136 Configuring attachment control
- 137 Editing attachment types
- 138 Attachment size limits
- 139 Attachment size reports
- 140 Unopenable attachments
- 140 Configuring content scanning
- 141 Using pattern filters for content scanning
- 141 Using a policy compliance dictionary for content scanning
- 145 Uploading training documents
- 147 Configuring Document Fingerprinting
- 148 Document Fingerprinting and policies
- 148 Reports
- 148 Message history
- 149 Email message structure
- 150 Message envelope
- 150 Message header
- 150 Message body
- 150 Message attachment
- 151 Credit card pattern filters
- 152 Configuring pattern filters
- 156 Pattern filter preferences
- 157 Rerouting mail using pattern filters
- 158 Configuring content rules
- 161 Rule ordering
- 161 Downloading and uploading content rules
- 163 Reporting
- 163 Message history
- 164 Connection rules
- 166 Rule ordering
- 166 Reporting
- 167 Character set support
- 169 Adding a dictionary
- 170 Financial and medical dictionaries
- 171 Weighted dictionaries
- 172 Negative dictionary weights
- 172 Using weighted dictionaries
- 175 Intercept Anti-Spam
- 175 Intercept Anti-Spam Overview
- 176 Trusted and Untrusted Mail Sources
- 177 Trusted subnet
- 177 Trusting via specific access patterns
- 178 Intercept connection control aggressiveness
- 179 Intercept Anti-Spam aggressiveness
- 179 Intercept Anti-Virus aggressiveness
- 180 Intercept Connection Control
- 181 ReputationAuthority, DNSBL, and Backscatter rejects
- 182 Intercept actions
- 183 Anti-Spam header
- 184 ReputationAuthority/DNSBL/UBL timeout setting
- 187 Adding a spam words dictionary
- 188 Mail Anomalies
- 192 DNSBL servers
- 192 Timeout mode
- 194 UBL whitelist
- 195 ReputationAuthority
- 195 Domain and sender reputation
- 196 ReputationAuthority statistics sharing
- 197 Trusted clients and known mail servers
- 198 Configuring ReputationAuthority checks
- 202 How Token Analysis works
- 202 Token Analysis training
- 203 Configuring Token Analysis
- 203 Database and Training
- 204 Token Analysis advanced options
- 204 Neutral words
- 204 Token Analysis and languages
- 205 Japanese, Chinese, and Korean languages
- 205 Image analysis
- 205 PDF spam analysis
- 206 Diagnostics
- 208 Spam training
- 208 Spam settings
- 209 Dictionary spam count
- 209 Troubleshooting Token Analysis
- 211 Anti-Spam header
- 212 Configuring Backscatter detection
- 213 Sender Policy Framework (SPF)
- 213 SPF records
- 214 Configuring SPF
- 214 DomainKeys
- 215 Configuring DomainKeys
- 215 DomainKeys log messages
- 216 DomainKeys outbound message signing
- 218 DomainKeys DNS record
- 220 Recommended strategy
- 223 Web Scanning
- 223 Web Scanning Overview
- 223 Web Content Inspection
- 224 Web Proxy authentication
- 224 Single sign-on IP address-based authentication
- 224 Single sign-on IP address and portal authentication notes
- 224 TrafficAccelerator
- 225 Web Proxy chaining
- 225 Automatic client web proxy configuration
- 225 Web Proxy best practices
- 226 Deployment
- 226 Full proxy parallel deployment
- 227 Disadvantages
- 227 Internal network deployment
- 227 Advantages
- 227 Disadvantages
- 228 Advantages
- 228 Disadvantages
- 231 Transparent Mode
- 232 Disabling the Web Proxy in Transparent Mode
- 232 Web Proxy network interface settings
- 233 Configuring LDAP Web User authentication
- 234 Enabling web proxy authentication
- 235 Web Proxy authentication logout
- 236 Web Cache
- 237 Web cache disk usage
- 237 Flushing the web cache
- 238 Flush domain web cache
- 238 Web streaming Media Bypass
- 239 Configuring skipped MIME types
- 240 IP authentication browser configuration mode
- 241 PAC file
- 242 Load balancing via URL address
- 243 Bypassing the proxy for specific URLs/domains
- 243 WPAD using DNS
- 243 WPAD using DHCP
- 244 Internet Explorer client configuration
- 245 Client browser notifications
- 247 Create a trusted or blocked sites list
- 247 Configure trusted and blocked sites lists
- 248 Web Proxy URL and IP address blocking
- 253 Default blocked categories
- 253 Categories to block if required by an organization
- 254 Categories to block to enhance productivity
- 254 Configuring URL Categorization
- 255 Control list updates
- 255 Using URL categorization in policies
- 256 URL reject categorization
- 257 User Accounts
- 257 Local User Accounts
- 258 Upload and download user lists
- 258 Tiered Administration
- 260 Tiered Admin and WebMail access
- 260 Log in with Tiered Admin privileges
- 261 Delegated Domain Administration
- 261 Delegated domain administration and clustering
- 262 Creating delegated domains
- 263 Deleting a delegated domain
- 263 Uploading delegated domains
- 264 Uploaded delegated domain admin users
- 265 Delegated domain policies
- 265 Administering delegated domains
- 266 Log in to delegated domain administration
- 266 Managing the delegated domain
- 266 Viewing the delegated domain quarantine
- 267 Mirror Accounts
- 268 CRYPTOCard
- 268 SafeWord
- 268 SecurID
- 269 Remote Accounts and Directory Authentication
- 269 Configuring LDAP authentication
- 270 RADIUS authentication
- 271 POP3 and IMAP Access
- 272 Relocated Users
- 272 Vacation Notification
- 273 User vacation notification profile
- 275 Chapter 10 Spam Quarantine and Trusted/Blocked Senders
- 275 User Spam Quarantine
- 275 Local Spam Quarantine account
- 276 Configure the Spam Quarantine
- 277 Spam summary message
- 278 Accessing quarantined spam
- 278 Accessing the quarantine folder via IMAP
- 281 Trusted Senders List
- 281 Blocked Senders List
- 284 Import list file
- 287 Chapter 11 Secure WebMail
- 287 Secure WebMail Overview
- 288 Configure Secure WebMail
- 291 Enable the Secure WebMail OWA proxy
- 294 Exchange Authentication
- 300 Configuring WebMail client options
- 301 Chapter 12 Policies
- 301 Policy Overview
- 302 Policy hierarchy
- 302 Multiple group policies
- 303 Pattern filter priority
- 304 Define global settings
- 304 Configure the Default policy
- 305 Anti-Spam and Anti-Virus
- 306 Content Control policy settings
- 307 Email policy options
- 308 HTTP policy options
- 309 Add and define domain, group, and user policies
- 311 Uploading and downloading domain policy lists
- 312 Enabling Group Policy
- 313 Importing LDAP group information
- 314 Re-Ordering groups
- 315 Assigning group policies
- 315 Uploading group policy lists
- 315 Orphaned groups
- 317 Policy Diagnostics
- 319 Chapter 13 Threat Prevention
- 319 Threat Prevention Overview
- 319 How Threat Prevention works
- 320 Threat Prevention in a cluster
- 320 Configure Threat Prevention
- 323 Basic rule structure
- 323 Default connection rules
- 323 Blacklisted clients
- 324 Directory harvesters
- 324 Big virus senders
- 324 DNSBL clients (on more than one list)
- 325 Junk senders
- 325 Internal DoS
- 326 Excessive senders
- 326 Create connection rules
- 327 Build condition statements
- 327 General statistics
- 328 Email Statistics
- 330 Connection rules script error checking
- 332 Uploading and downloading addresses
- 333 Integration with F5 and Cisco devices
- 333 Configuring data groups
- 336 Configuring F5 data groups
- 338 WatchGuard XCS and F5 integration notes
- 339 Enabling data transfer to a Cisco device
- 340 Cisco device configuration
- 343 Chapter 14 Clustering
- 343 Clustering Overview
- 343 Cluster architecture
- 344 Load balancing
- 344 Email load balancing via DNS
- 345 Traffic load balancing using a load balancing device
- 345 Configure Clustering
- 345 Hardware and licensing
- 345 Cluster network configuration
- 346 Select a cluster mode
- 347 Cluster Management
- 347 Cluster activity
- 348 HTTP statistics
- 349 Stop and start messaging queues
- 349 Changing cluster run modes
- 350 Cluster system maintenance
- 350 Updating cluster systems
- 350 Cluster reporting and message history
- 350 Cluster system failures
- 351 Backup and restore in a cluster
- 351 Recovering a primary cluster system
- 351 Recovering a Secondary and Client cluster system
- 351 Threat prevention and clustering
- 351 Clustering and centralized management
- 353 Chapter 15 Centralized Management
- 353 About Centralized Management
- 354 Centralized Management and Clustering
- 354 Centralized Management features
- 355 Centralized Management in a Cluster
- 356 Networking ports and addresses
- 357 Create a Centralized Management Federation
- 357 Enable Centralized Management on the Manager system
- 358 Configure Manager Systems in a Cluster
- 360 Enable Centralized Management on Entity systems
- 361 Adding Entities to a Federation via the Manager system
- 363 Configuration Set Features
- 365 Create a configuration set
- 366 Define a configuration set
- 367 Apply a configuration set
- 367 Viewing a configuration set on an Entity
- 368 Purge local settings
- 369 Entity Status
- 370 Centralized Management Reports
- 370 Viewing Centralized Management reports
- 373 Chapter 16 Reports and Logs
- 373 Reports Overview
- 374 Domain reporting
- 374 Inbound and outbound reporting
- 374 Scheduling reports
- 375 Create a new report
- 376 Domain reporting
- 377 View reports
- 383 Configure Reports
- 384 Spam logging
- 386 Searching the mail logs
- 387 Searching the system log
- 388 WatchGuard XCS Logs
- 389 Previous Searches
- 391 Log search configuration
- 393 Chapter 17 System Management
- 393 Backup and Restore
- 393 Restore from backup
- 394 Backup file naming conventions
- 394 Starting a backup
- 395 FTP backup options
- 396 SCP backup options
- 397 Local disk options
- 398 Restoring from backup
- 398 FTP restore options
- 399 Restore from SCP
- 400 Restore from local disk
- 401 Backup and restore errors
- 402 Reset the WatchGuard XCS
- 404 Get a feature key from LiveSecurity
- 405 Adding a feature key to your WatchGuard XCS
- 406 Updating a feature key
- 407 Removing a feature key
- 407 Feature key expiration
- 412 Selecting performance settings
- 417 Chapter 18 Monitor your WatchGuard XCS
- 417 Dashboard
- 418 Mail summary
- 418 Mail resources
- 419 Mail traffic summary
- 421 Web traffic
- 423 Recent web activity
- 424 Status and actions
- 427 System status
- 429 Diagnostics
- 429 Current admin and WebMail users
- 429 Configuration information
- 432 Quarantine expiry options
- 435 Advanced search
- 436 Message history search tips
- 436 System history
- 442 Configure SNMP
- 442 Permitted clients
- 443 MIB files
- 445 Alarms in a cluster
- 445 Configuring alarms
- 446 Alarms list
- 447 Chapter 19 Troubleshoot your WatchGuard XCS
- 447 Troubleshoot Message Delivery
- 448 Troubleshooting Tools
- 448 Monitoring the Dashboard
- 450 Examine Log Files
- 451 Flush mail queue
- 451 Flush DNS cache
- 451 Flush web cache
- 451 Flush domain web cache
- 452 Policy trace
- 452 Flush web single sign-on sessions
- 452 Hostname lookup
- 453 SMTP probe
- 457 Message history