Threshold values for Exchange email traffic

While scheduling a traffic logs task, you can choose certain threshold values (under the Advanced Settings option) for triggering alert notifications. Click Schedule New Task, choose Traffic Logs under Gathering Task Name, and navigate to Advanced Settings → Threshold. On checking the box next to Threshold, you will find six different actions under the Select Actions field. You can choose one or multiple actions to set the threshold conditions.

Sent Mail Count

This action can be used to generate alerts when the number of emails sent internally or externally, over a set time interval, exceeds the given value.
While configuring the condition, you need to enter the maximum number of emails that can be sent within the set interval of time without triggering an alert.

Consider the image below; in this case, if more than five internal emails are sent within a two-hour interval or if more than three external emails are sent within one hour from the selected mailboxes, alerts will be triggered.

Note: The intervals are considered only from the last schedule of traffic logs fetched.

Threshold values for Exchange email traffic

Received Mail Count

This action can be used to generate alerts when the number of internal or external emails received by the selected mailboxes, over a set time interval, exceeds the given value.
While configuring the condition, you need to enter the maximum number of emails that can be received by the mailboxes within the set interval of time without triggering an alert.

Consider the image below; in this case, if more than 10 internal emails are received within a four -hour interval by the selected mailboxes, an alert will be triggered.

Note: The intervals are considered only from the last schedule of traffic logs fetched.

Mail Recipient Count

This action can be used to generate alerts when the total number of recipients of an email sent internally or externally exceeds the given value.
While configuring the condition, you need to enter the maximum number of recipients an email can have without triggering an alert.

Consider the image below; in this case, if an internal email sent from the selected mailboxes is received by more than 10 recipients or if an external email is received by more than five recipients, an alert will be triggered.

Important note:

When the recipient count action is enabled, an email sent to the distribution group will be considered a single email. By default, the product will store these settings (applicable wherever required). If you want to override this behavior, that is, if you want the product take the count of members in a distribution group as the number of recipients (instead of one as given earlier), simply follow these steps:

Go to the Exchange Reporter Plus installation folder (the default path is C:\Program Files\ManageEngine\Exchange Reporter Plus).
Navigate to the conf folder, and open the custom_prop.properties file.
Add a # symbol before the ERP.MTL.DIST_TRAF.EXCLUDE property, and restart the product.

Sent Mail Size

This action can be used to generate alerts when emails of a size larger than a set value are sent internally or externally.
While configuring the condition, you need to enter the maximum size of the email that can be sent without triggering an alert.

Consider the image below; in this case, if an email larger than 10KB in sent internally or if an email larger than 10MB is sent externally from the selected mailboxes, an alert will be triggered.

Received Mail Size

This action can be used to generate alerts when emails of a size larger than a set value are received from internal or external domains.
While configuring the condition, you need to enter the maximum size of the email that can be received without triggering an alert.

Consider the image below; in this case, if an email larger than 10KB is received from an external domain or if an email larger than 10MB is received by the selected mailboxes from an internal and external domain, an alert will be triggered.

Undelivered Emails

This action can be used to generate and send alert notifications to the senders and recipients of an undelivered email (emails sent from the selected mailboxes).

Note: The Undelivered Emails action has the capability to send alert notification to the recipient, sender and other configured email IDs. However, to enable notifications to the sender, it's vital that you enable the Undelivered Emails action by checking the first box next to Send alert to the recipient when the mail is not delivered.

After configuring these action thresholds you can enter the Email IDs and notification Message, and click Create.

Previous Topic Next Topic