Use this Knowledge Script to monitor Edge Transport server message hygiene functions: whether the anti-spam update service is running, the total number of messages that have been filtered as spam, and the number of messages that have been filtered as spam from any one user. You determine which content filter to monitor.
Exchange2007_EdgeTransportServer
Exchange2010_EdgeTransportServer
By default, this script runs every hour.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
General Settings |
|
|
Job failure event notification |
|
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the ETS_MessageHygiene job fails. The default is 5. |
|
Monitor Anti-Spam Update Service |
|
|
Event Notification |
|
|
Raise event if anti-spam update service is not running? |
Select Yes to raise an event if the anti-spam update service is not running. The default is Yes. The anti-spam update service provides daily updates to your content filter. |
|
Event severity when anti-spam update service is not running |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the anti-spam update service is not running. The default is 15. |
|
Start anti-spam update service if not running? |
Select Yes to start the anti-spam update service if it is not running.The default is Yes. |
|
Threshold - Timeout for anti-spam update service to start |
Set the number of seconds that AppManager should wait for the anti-spam update service to start before raising an event. The default is 60 seconds. |
|
Raise event if anti-spam update service fails to start? |
Select Yes to raise an event if AppManager cannot start the anti-spam update service. The default is Yes. |
|
Event severity when anti-spam update service fail to start |
Set the severity level, from 1 to 40, to indicate the importance of an event in which AppManager cannot start the anti-spam service. The default is 5. |
|
Monitor Total Messages Filtered |
|
|
Include only those messages filtered for these reasons |
Provide a comma-separated list of the names of the content filters whose activity you want to monitor. The names do not need to be case-sensitive. One of the many fields in a message is a field titled “Reason.” The content of the Reason field is the filter name you provide in this parameter. Possible filter names are SCLAtORAboveDeleteThreshold, ACLAtOrAboveRejectThreshold, BlockListProvide, and LocalBlockList. To monitor all messages, leave this parameter blank. NOTE:Quotation marks (“) are not supported in this field. This script returns an error if you enter quotation marks as part of a content filter name. |
|
Event Notification |
|
|
Raise event if number of filtered messages exceeds threshold? |
Select Yes to raise an event if the number of filtered messages from all users exceeds the threshold you set. The default is Yes. |
|
Threshold - Maximum number of filtered messages |
Set the maximum number of messages that can be filtered for the reason you specified in Include only those messages filtered for these reasons. AppManager raises an event if the number of messages exceeds the threshold. The default is 1000. |
|
Event severity when number of filtered messages exceeds threshold |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the number of filtered messages exceeds the threshold. The default is 5. |
|
Data Collection |
|
|
Collect data for number of filtered messages? |
Select Yes to collect data for charts and reports. When enabled, data collection returns the number of messages filtered for the reason you specified in Include only those messages filtered for these reasons. The default is No. |
|
Monitor Worst Offenders |
|
|
Include only those messages filtered for these reasons |
Provide a comma-separated list of the names of the content filters whose activity you want to monitor. The names in the list do not need to be case-sensitive. One of the many fields in a message is a field titled “Reason.” The content of the Reason field is the filter name you provide in this parameter. To monitor all messages, leave this parameter blank. NOTE:Quotation marks (“) are not supported in this field. This script returns an error if you enter quotation marks as part of a content filter name. |
|
Maximum number of worst offenders to display |
Set the maximum number of worst-offending users to include in an event. These offenders will have sent e-mail that has been filtered as spam for the reasons you indicated in Include only those messages filtered for these reasons. The default is 10. |
|
Event Notification |
|
|
Raise event if number of filtered messages received from a user exceeds threshold? |
Select Yes to raise an event if the number of filtered messages from any one user exceeds the threshold you set. The default is Yes. |
|
Threshold -- Maximum number of filtered messages received from a user |
Set the maximum number of messages that can be filtered for the reason you specified in Include only those messages filtered for this reason. AppManager raises an event if the number of messages from one user exceeds the threshold. The default is 100. |
|
Event severity when number of filtered messages received from a user exceeds threshold |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the number of filtered messages from any one user exceeds the threshold. The default is 15. |
|
Data Collection |
|
|
Collect data for number of filtered messages received from worst offenders? |
Select Yes to collect data for charts and reports. When enabled, data collection returns the number of filtered messages that fit the following criteria:
The default is No. |