A domain has been configured in the Mailprotector Console, users have been added, and the email graphs are showing messages delivered to the domain and its users. When going to the Log search, the latest messages are not showing up in the results.
At a later time, the log search results that were not showing up begin to appear. The observed window of time from a message sent or delivered to be visible in the logs can be between a few minutes and up to an hour.
Explanation of Function
The Console log system was not designed with real-time logging as a priority. The emphasis was on capturing all of the data associated with a message passing through Mailprotector, organizing it by entity (account, domain, group, user), and indexing the information for fast searching.
The message logs are captured across several servers in the Mailprotector infrastructure. The raw logs are processed and added to a database that provides meaningful information and facilitates the fast searches.
The log processor is designed to queue up data during spikes of activity rather than drop data because it cannot process the logs fast enough. Queuing is most common during the busiest hours of the workday. This design decision gives us very fast searching by entity but no guarantee of instantly available log data in the Console.
Typically, log data in the Console is used to troubleshoot email header information to understand why a message was or was not quarantined. Other common reasons are messages deferred on Mailprotector's servers, identifying forgotten content policies that affect a message, and searching for various "proof of life" that a message was sent or delivered to or from a particular email address.
Troubleshooting Best Practice: Mail Flow
Message statistics that are presented in Console graphs are near real-time. If you are trying to confirm that messages are being delivered and sent through Mailprotector, using the graph on the domain's Main page or visiting the Summary page, will provide information on message counts, as shown in figure 1.
Confirming messages are being relayed to the configured Inbound SMTP Host Address will require waiting for the Logs to process so that details can be reviewed. Alternatively, a message arriving at the Inbound SMTP Host Address can be confirmed by accessing the mailbox address being tested.
Future Log Enhancements
Mailprotector continuously receives feedback and suggestions from our partners. (Thanks, by the way! Keep it coming, please.)
Real-time email logs have a place and purpose. We have feature requests to improve upon our current log system. However, real-time log data would need to be approached differently. Real-time log data is on the feature request list.
If you additional questions about Console Logs or how to use them, please open a support request at console.mailprotector.com/support