cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

EV Journal Filtering

Go to solution
SYMAJ
Level 6
Partner Accredited

‎06-11-2012 03:15 PM

I have a site where EV 902 is being used for archiving both the Exchange 2010 Journal and mailboxes.

I see that as in many EV sites we have a significant amount of email messages being archived from the journal which are not required to be archived - i.e. system management messages originating from monitoring / management servers.  These make up a large amount of emails each day, and as they are not required for compliance purposes I want to delete them from the journal mailbox as opposed to moving them to the journal archive.

I have been looking through Chapter 14 - Configuring Filtering - and am confused as to how to best achieve this.

From looking at the documentation I would assume that Custom Filtering is what I need to implement, which would have rules to delete the specific emails (selected by sender in my case) and then by default archive all of the other email in the journal mailbox.  Am I correct here ?

Also, can anyone outline the steps and provide an example of any files required (filtering files).  I see that the requirement (I think) is to set specific registry entries and have rule files / custom properties files exist in the root of the EV installation folder.

AJ

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎06-11-2012 03:58 PM

If you look in the Example Filter Rules there is an example that does exactly what you want

 
 <!--Example Rule 4: Delete mail from known junk-mail sources, (and others),
 if it contains certain common spam subjects-->
 <RULE NAME="Junk Mail" ACTION="HARD_DELETE">
  <AUTHOR INCLUDES="ANY" ALLOWOTHERS="Y">
   <DOMAIN>indiatimes.com</DOMAIN>
   <DOMAIN>websavings-usa.net</DOMAIN>
  </AUTHOR>
  <SUBJECTS INCLUDES="ANY">
   <SUBJ MATCH="CONTAINS">enlarge</SUBJ>
   <SUBJ MATCH="CONTAINS">weight loss</SUBJ>
  </SUBJECTS>
  <SUBJECTS INCLUDES="ALL">
   <SUBJ MATCH="CONTAINS">debt</SUBJ>
   <SUBJ MATCH="CONTAINS">consolidate</SUBJ>
   <SUBJ MATCH="CONTAINS">loan</SUBJ>
  </SUBJECTS>
 </RULE>

As for setting it up, check out Rob Wilcox's article on it here:
https://www-secure.symantec.com/connect/articles/custom-filtering-enterprise-vault

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎06-11-2012 03:58 PM

If you look in the Example Filter Rules there is an example that does exactly what you want

 
 <!--Example Rule 4: Delete mail from known junk-mail sources, (and others),
 if it contains certain common spam subjects-->
 <RULE NAME="Junk Mail" ACTION="HARD_DELETE">
  <AUTHOR INCLUDES="ANY" ALLOWOTHERS="Y">
   <DOMAIN>indiatimes.com</DOMAIN>
   <DOMAIN>websavings-usa.net</DOMAIN>
  </AUTHOR>
  <SUBJECTS INCLUDES="ANY">
   <SUBJ MATCH="CONTAINS">enlarge</SUBJ>
   <SUBJ MATCH="CONTAINS">weight loss</SUBJ>
  </SUBJECTS>
  <SUBJECTS INCLUDES="ALL">
   <SUBJ MATCH="CONTAINS">debt</SUBJ>
   <SUBJ MATCH="CONTAINS">consolidate</SUBJ>
   <SUBJ MATCH="CONTAINS">loan</SUBJ>
  </SUBJECTS>
 </RULE>

As for setting it up, check out Rob Wilcox's article on it here:
https://www-secure.symantec.com/connect/articles/custom-filtering-enterprise-vault

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
SYMAJ
Level 6
Partner Accredited

‎06-11-2012 04:58 PM

I think Rule 3 is for me - but thanks for the pointer.

As for Robs article, I guess I just need to 'tweek' it for the journal - as he is filtering on a mailbox archive as opposed to a journal archive.

I will go through this in detail tomorrow.

AJ

0 Kudos