This section describes the usage and customization of the Event Log View in the ORF Log Viewer.
All basic functions of the ORF Log Viewer can be accessed by clicking various icons of the toolbar in the upper-right corner. These are:
Double click on the event row or hit Enter to display the event in the Log Event Properties dialog. Click the Next and Previous buttons in the dialog to navigate between events or click Copy to Clipboard to copy the event properties to the clipboard.
If you click the Explain button in the Event Properties dialog, the Log Viewer will try to query our online knowledge base and fetch detailed information about the given event.
Copy contents of a single cell to the clipboard by either pressing CTRL-C or right-click the cell and selecting Copy Cell.
To copy the active event, press CTRL-R or right-click on the row and select Copy Selected Events. You can copy multiple events using this option. To select multiple events, hold the SHIFT key down and select the event range to be copied either by the mouse or by the cursor control keys. Non-continuous event ranges can be selected by holding the CTRL key and selecting the event rows by the mouse.
Right-click the selected event(s) and choose the data that you want to send to the ORF Administration Tool. See the Remote Control section for more information.
Right-click a quarantine-type event and select Resend Attachment to resend the quarantined attachment to the intended recipient(s) with a single click, or select Show in Attachment Quarantine to open the Attachment Quarantine Manager and export, delete or resend the quarantined attachment from there.
Events are grouped by email by default, with the exception of Greylisting events. Right-click a column header and select Expand All or Collapse All to expand or collapse all event groups. Right-click an event, or a selection of events, and select Expand Event Group (+) or Collapse Event Group (-) to expand or collapse the selected event group(s). Event grouping can be enabled or disabled using the menu.
Event grouping is fully supported on Microsoft® Exchange servers, but has a limited support on IIS SMTP servers where only On Arrival events are grouped together.
Grab the column header and pull it to its new location in the header. Alternatively, you can use the Column Settings dialog to change the order.
Click the header of the column to sort the Event View by the contents of the selected column. The active sort column is marked with gray background.
The default sort order is descending. Change the sort order by a repeated click on the column header. To control the sort order from menu, right-click the column header and select either Sort Ascending or Sort Descending from the popup menu.
You can also sort columns containing email addresses or domains, by username, organizational domain or top-level domain.
Right-click the column header and select Fit Column to fit the column length to the widest data in the column. Select Autofit This Column to automatically fit the column on log reloads or filtering. Some columns, such as Sender or Recipient(s) are Autofit by default.
Press CTRL - Grey Plus to fit the all columns of the Event View at once. Press CTRL - Grey Minus to minimize the columns to the smallest possible width.
Columns can be hidden or restored by using the Column Settings dialog.
To display the Column Settings dialog, right-click the header and select Choose Columns... from the popup menu.
Select the column to hide or restore from the list of the available columns and clear or set its checkbox.
Change the column order by selecting the column to move and setting the new position using the Move Up and Move Down buttons.
To reset the column settings to the Log Viewer defaults, click Reset.
| Column name | Visible by default | Logged by default | Explanation |
|---|---|---|---|
| Version | - | ✓ | Version of the ORF service that generated the log entry |
| Log Mode | - | ✓ | Verbosity level of the log entry |
| Server | ✓ | ✓ | Name of the mail server that received the email |
| Service | - | ✓ | Name of the service that submitted the email for filtering |
| Time | ✓ | ✓ | The date the log entry was recorded |
| Class | ✓ | ✓ | Class of the event as assigned by ORF |
| Severity | ✓ | ✓ | Indicates the significance of the event |
| Actions | ✓ | ✓ | The action taken on the email |
| Filtering Point | ✓ | ✓ | The filtering point (Before Arrival or On Arrival) where the event was recorded |
| Related Test | - | - | Name of the ORF test responsible for the event |
| Message ID | - | - | Unique identifier generated by the sending mail system |
| HELO/EHLO Domain | - | - | Domain name of the SMTP host connected to the mail server running ORF |
| Source IP | - | ✓ | IP address of the SMTP host that originally sent the email |
| Remote Peer IP | ✓ | ✓ | IP addresses of the SMTP host that directly delivered the email to the mail server running ORF |
| Sender IP | ✓ | ✓ | IP address of the SMTP host responsible for delivering the email to your organization's (wider) network |
| Sender | ✓ | ✓ | The envelope sender (RFC5321.MailFrom) address |
| Author | ✓ | ✓ | The author (RFC5322.From) address - displayed by email clients |
| Recipient(s) | ✓ | ✓ | Email address of the email's recipient(s) |
| Email Subject | ✓ | ✓ | Subject line of the email |
| Message | ✓ | ✓ | Further details of the event are displayed here |
Press F6 or select Show Preview Panel from the View menu. You can disable the preview the same way.
Click the dropdown icon on the right side of the Preview Panel, next to the "X" (Close) icon and select the column to be viewed from the menu displayed.
Alternatively you can drag the column header in the Event View to the Preview Panel to set the column.