Chapter 5: Using the Incidents Log
Applies to: Forefront Security for Office Communications Server
Forefront Security for Office Communications Server provides a variety of reports designed to help administrators analyze its state and performance. These include the Incidents Log, a database (Incidents.mdb) that stores a record of all viruses, keywords, files, or file types caught either by a scan job or a filter.
Note
For more information about the Incidents Log and maintaining the database, refer to the Reporting and statistics section in the Forefront Security for Office Communications Server User Guide.
In this chapter
- Using the Incidents Log
- To view the Incidents Log
- To sort the Incidents Log
- To filter the Incidents Log
- To export Incidents Log data to a file
- To manage the size of the Incidents Log
Using the Incidents Log
The Incidents Log stores the following information for each incident:
| Field | Description |
|---|---|
Time |
Date and time of the incident. |
State |
Action taken by Forefront Security for Office Communications Server. |
Folder |
Name of the folder where the file was found. |
File |
Name of the virus, message, or file attachment that triggered the incident. |
Incident |
The type and name of the incident detected, such as a virus or filter match. |
Sender Address |
The e-mail address of the person who sent the infected or filtered message. |
Recipient Addresses |
The e-mail addresses of the recipients of the infected or filtered message. |
To view the Incidents Log
To view the Incidents Log:
Under REPORT, click Incidents.
.gif "6ddd3aa6-acc0-4949-abe8-801ffa242afd")
Scroll right to see all the data for each incident.
To sort the Incidents Log
- In the Incidents work pane, click a column heading (Time, State, and so on) to sort data based on that column.
Forefront Security for Office Communications Server automatically sorts the data.
To filter the Incidents Log
A filter affects only what you view on the screen; it does not modify the contents of the database.
To filter the Incidents Log:
In the Incidents work pane, check the Filtering box.
.gif "d230ead8-14e7-4a41-a26a-02d315486aaa")
Select a value for Field from the list.
Choose the filter criteria to the right.
For example, you may want to show only those incidents whose Time is today between 9am and 12pm.
Click Save to apply the filter.
Note
To remove the filter and restore the full Incidents Log, clear the Filtering box, and then click Save.
To export Incidents Log data to a file
You can export Incidents data to a formatted text file or a delimited text file (for use in a spreadsheet). If you are using a filter on the Incidents Log, Forefront Security for Office Communications Server exports only the data set you have filtered.
To export Incidents Log data to a file:
In the Incidents work pane, click Export.
In the Save box, select a destination, and either the Formatted Text or Delimited Text format.
Type a different name for the file if you wish, and click Save.
To manage the size of the Incidents Log
The Incidents Log can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for Office Communications Server will purge from the database all records older than the number of days you have specified.
To manage the size of the Incidents Log:
In the Incidents work pane, check the Purge box.
Select how many days you want to keep Incidents Log data.
Click Save for the new setting to take effect.
When the time comes for Forefront Security for Office Communications Server to clear the Incident database, you will be asked to confirm the deletion. If the Incidents Log is very large, the deletion process can take a long time.
Note
To stop clearing the database, clear the Purge Box, and click Save.