Summary:

Message didn't get delivered or returned - where did it go?
Message took 3 hours to get delivered - was it stuck in EMF?
What is the easiest way to 'track' an e-mail through EMF?
How do I view all events for a particular message?

Resolution:

If the message you wish to trace is currently in one of the queues (i.e. Retry, Dead Letter, Quarantine), you can track it easily by bringing up the message in the queue and clicking the button "view all events for this message".

If the message has already left the system, you can still track it, so long as you know something about the message such as: Sender, Recipient, Subject, or Attachment file name(s).

If your event log is set to NORMAL or higher for both the SMTP Relay and the Policy engine, you will be able to learn a lot about what happened to the message.

Say you want to track a message to joe@companyA.com with an attachment file1.xls:

1. In 6.0 and later Web Admin, go to Event Log and select Edit Filters.

In 5.x Web Admin, open the event log, and select Create/Edit filters.

2. Enter a name for your new filter and click Create.

3. In the filter, make sure all event times and levels are selected. You may want to show events for ALL days or specify a time range in which to search. Select "All Categories" and "All Components". For the ID, enter 4094. Most importantly, in Event Details Text, enter the detail you wish to track (e-mail address of sender or recipient OR message subject OR attachment file name). For this example, we could enter file1.xls.

4. Click Save, then OK to go back to the main event log display.

5. Select the new filter from the drop-down list, then click Search.

6. This will give you all 4094 policy engine events where "file1.xls" is included. If the attachment was sent to multiple people, you may have to read through several events to find the one to joe@companyA.com that you want to track. The event may look like this:

Event Class Description : Message was received
Event Details : from: mary@companyB.com
Routed To:
to: joe@companyA.com
subject: test one
Message size: 3036 bytes
Attachments:
file1.xls

7. Once you've found the 4094 event for the particular message you want to track, look for the Instance ID in that event, for example:

Instance ID : 1184EFF9100204-01

Highlight and copy (ctrl-c) the part of the Instance ID that is in front of the dash:

1184EFF9100204.

8. In EMF 6.0 and later, you would now select Search for Message Events, and paste the Instance ID into the Message IDs field. Then make sure the other search parameters (e.g., time) are correct, and select Search.

In EMF 5.x, back in the list of all events (filtered or unfiltered - it doesn't matter), look for the Instance ID field at the top of the screen and paste (ctrl-v) the copied Instance ID in, then click "Find".

9. This will give you all events for the message in question - at Normal logging levels, you can see basic delivery/return info.

If the info you want isn't available at the Normal logging level, try increasing the logging level to TRACE and sending another message, then repeating the steps above. At the TRACE logging level, you will see more detail.

If you are troubleshooting a problem where a policy doesn't seem to be enforced properly, just turn the Policy Engine logging level up to TRACE, and leave the SMTP Relay logging level at NORMAL.

If you are troubleshooting a problem where a message is stuck in Retry and you wish to know why, turn the SMTP Relay logging level up to TRACE, and leave the Policy Engine logging level at NORMAL.


NOTE: LEAVING YOUR LOGGING LEVEL AT TRACE FOR A LONG PERIOD OF TIME WILL RESULT IN A LOG THAT IS EXCEEDINGLY LARGE AND UNMANAGEABLE. IT MAY ALSO RESULT IN RUNNING OUT OF DISK SPACE AS YOUR DATABASE GROWS. BE CAREFUL TO RETURN THE LOGGING LEVELS TO NORMAL ONCE THE REQUIRED DATA IS CAPTURED IN THE LOG.