Verify the Successful Delivery of Schedules Reports

Available Languages

Updated:May 26, 2020
Document ID:214654

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to troubleshoot and verify, if the scheduled reports are delivered to the recipients successfully on the Cisco Email Security Appliance (ESA), Cloud Email Security (CES), or Security Management Appliance (SMA).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Access to the GUI or CLI of the ESA/CES/SMA.
    • Familiar with grep commands on the CLI.
    • Scheduled reports configured on the ESA/CES/SMA.

    Components Used

    This document is not restricted to specific software and hardware versions.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Scheduled reports are configured on the ESA/CES/SMA to be delivered to recipients at the configured intervals however the recipients are not receiving the reports in their mailbox. On the mail_logs or message tracking, locating the events doesn't follow the general mail flow, as such it adds challenges to tracking down the scheduled report email event for diagnosis.

    Verify

    Verify that Scheduled Reports are Configured

    On the ESA/CES GUI, navigate to Monitor > Scheduled Reports, as shown in this image.

    On the SMA GUI, Navigate to Email > Reporting > Scheduled Reports, as shown in the image.

    Verify the Scheduled Reports that Sends Email Address

    Caution: When the address is set to @hostname on the domain portion, it will use the system hostname. This system hostname must be DNS resolvable else it will cause mail delivery issues of the scheduled reports. It is recommended to ensure the domain added to the sender address is a valid resolvable domain.

    On the ESA/CES GUI, navigate to System Administration > Return Addresses, as shown in this image:

    On the SMA GUI, navigate to Management > System Administration > Return Addresses, as shown in this image.

    On the SMA CLI:

    M690.lab> addressconfig

    Current bounce from: "Mail Delivery System" <MAILER-DAEMON@domain>
    Current reports from: "Cisco Reporting" <reporting@domain>
    Current all other messages from: "Mail Delivery System" <MAILER-DAEMON@domain>

    Choose the operation you want to perform:
    - BOUNCEFROM - Edit the bounce from address.
    - REPORTSFROM - Edit the reports from address.
    - OTHERFROM - Edit the all other messages from address.

    Verify the Scheduled Reports Email Task is Operational

    On the CLI of the ESA/SMA/CES:

    C680.esa.lab> grep "PERIODIC REPORTS: The Report Task has sent the report" gui_logs

    Thu Jul 18 01:00:01 2019 Info: PERIODIC REPORTS: The Report Task has sent the report "Executive Summary" to recipients "matt-reports-address@cisco.com"

    When the Scheduled Reports task is run by the device, the gui_log provides the output of the time of the task run, which report was sent, and to which recipients (as per configuration).

    In the event, the report task was run however no report was received in the recipient's mailbox, keep a record of the time when this was run to run a search on the mail_logs or message tracking. Scheduled Reports emails should not follow the same workflow normal emails as they are system generated.

    On the ESA/CES it generates and goes right into the delivery queue.

    From the SMA where there is an SMTP route configured to your local mail server (exchange) it will deliver directly.

    Verify the Mail Event of the Scheduled Report Email

    Use mail_logs

    From the mail_logs on the ESA/CES/SMA, use the grep command for the sender address defined in the configuration for reports.

    C680.esa.lab> grep -i "reporting@c680.esa.lab" mail_logs

    Thu Jul 18 01:00:01 2019 Info: MID 379004 From: <reporting@C680.esa.lab> To: <matt-reports-address@cisco.com>, ... 1 total recipients

    Match the MID number presented on the grep against the time-stamp of the Scheduled Report task which you verify.

    Grep the associated MID:

    C680.esa.lab> grep "MID 379004" mail_logs

    Thu Jul 18 01:00:01 2019 Info: MID 379004 From: <reporting@C680.esa.lab> To: <matt-reports-address@cisco.com>, ... 1 total recipients
    Thu Jul 18 01:00:01 2019 Info: MID 379004 queued for delivery
    Thu Jul 18 01:00:02 2019 Info: Delivery start DCID 13920 MID 379004 to RID [0]
    Thu Jul 18 01:00:02 2019 Info: Message done DCID 13920 MID 379004 to RID [0]
    Thu Jul 18 01:00:02 2019 Info: Message finished MID 379004 done

    This information will yield the flow of the Scheduled Report email. When an email is successfully delivered, the mail_logs will show Message done DCID xxxxx MID xxxxxx to RID [0] then followed with Message Finished MID xxxxxx done as provided.

    When the Scheduled Reports email generated but does not reach the recipient's mailbox, it is paramount to check the DCIDand associated MIDnumber to verify why the delivery had failed. An example provided shows the more common error seen on delivery of the Scheduled Reports email.

    C680.esa.lab> grep "MID 379004" mail_logs

    Thu Jul 18 01:00:01 2019 Info: MID 379004 From: <reporting@C680.esa.lab> To: <matt-reports-address@cisco.com>, ... 1 total recipients
    Thu Jul 18 01:00:01 2019 Info: MID 379004 queued for delivery
    Thu Jul 18 12:51:01 2019 Info: Delivery start DCID 13920 MID 379004 to RID [0]
    Thu Jul 18 12:51:01 2019 Info: Bounced: DCID 13920 MID 379004 to RID 0 - Bounced by destination server with response: 5.1.0 - Unknown address error ('553', ['Domain of sender address <reporting@c680.esa.lab> does not resolve.'])
    Thu Jul 18 12:51:01 2019 Info: MID 379005 was generated for bounce of MID 379004
    Thu Jul 18 12:51:01 2019 Info: Message finished MID 379004 done

    There are instances where the email can be rejected by the local mail server as well, checking the DCID yields the SMTP response the ESA received on attempted delivery.

    Use Message Tracking

    After obtaining the time-stamp of the Scheduled Report email task, log in to your ESA/CES/SMA GUI.

    Navigate to the Message Tracking feature.

    On ESA/CES, navigate to Monitor > Message Tracking.

    On SMAE, navigate to Mail Tab > Message Tracking > Message Tracking.

    On the search field for the Envelope Sender populate it with your reporting sender address and select the time-range of the schedule reports task.

    In this example, the sender address is reporting@C680.esa.lab.

    As the scheduled reports do not follow the same mail flow, a lot of the fields will not be populated on the Message Tracking, as well as the mail flow itself will be very short.

    Related Information 

    Revision History

    Revision Publish Date Comments
    1.0
    18-Jul-2019
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Mathew Huynh
      Cisco TAC Engineer
    • Kevin Luu
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products