filtering for Journal Archiving
Created: 25 Nov 2012 | Updated: 03 Dec 2012 | 8 comments
This issue has been solved. See solution.
Hi everyone,
I did some checking and found that our SCOM server generates so much mail that it's probably worse than any spam. Obviously it gets archived as it passes through the journaling mail box and ultimately ends up in the Journal Archive. It always comes from the same address scom.admin@mycompany.com.
I wish I could filter this sender out from archiveing completely. And probably same goes for the reciepient. Has anyone emplemented anything similar? I will appriciate any help.
I'm running EV 901 and Exchange 2007
Igs
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
you may refer the following article bY Rob.Wilcox
https://www-secure.symantec.com/connect/articles/selective-journaling-enterprise-vault
If this response answers your concern, please mark it as a "solution"
Your filter will look something like this:
<RULE NAME="SCOM Mail" ACTION="HARD_DELETE">
<AUTHOR INCLUDES="ANY" ALLOWOTHERS="Y">
<EA>scom.admin@mycompany.com</EA>
</AUTHOR>
</RULE>
Also, here is the link to Robs article, the above link didn't seem to work:
https://www-secure.symantec.com/connect/articles/custom-filtering-enterprise-vault
Since his article is for Mailbox you will need to tweak it for Journaling. Also check out these TN's:
Example ruleset file for custom filtering
Exchange Server and journal filtering
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
Tony. Thank you. Excatly what I needed. Adopting it for Journaling is no problem.
After I create the reg entries and the Filter Rules.xml, the task appears to start. However, I did not create the Custom Properties.xml file, as I really can't figure out what it's for. As this file is missing EV gives off a warning:
The custom properties definition file could not be found - custom property indexing and categorisation functionality has been disabled.
I'm not sure if EV journaling functionality is impacted by this.
No it'll be fine without it.
Remember one of the other reasons for doing custom filtering is to add additional index attributes and categorisation to messages - that's what the custom property file is for. As you're not doing that, you don't need it.
Many Thanks,
Rob
www.quadrotech-it.com - All your EV Tools
PS I hope that the post proves helpful.
Rob, thank you very much. Appriciate your help
Glad to help. Did you get chance to try it out?
Many Thanks,
Rob
www.quadrotech-it.com - All your EV Tools
PS I hope that the post proves helpful.
Just put it in. All started OK (with that warning message). Running dtrace to test. and will search the journal mail box
Would you like to reply?
Login or Register to post your comment.