eG Reporter
 

Outbound Domain Details Report

Administrators of an organization may often wish to know the domains to which most email messages are sent and the size of messages sent to each domain. The Outbound Domain Details report helps administrators in this regard. With the help of this report, administrators can identify the individual domain to which the mails were sent, the number of mails sent to each individual domain and the total size of the mails. Using this report, administrators can rapidly figure out if their users engaged in mail correspondence with legitimate domains only or if their mail activity is suspect - i.e., were many mails sent to domains that seem fraudulent? is the mail size unusually large?. This way, the report points to probable mail server abuse/hacking, based on which administrators can fine-tune firewall policies.

In order to generate the Outbound Domain Details report, do the following:

  1. Select the Outbound Domain Details option by following the menu sequence REPORTS BY FUNCTION -> Domain Specific Reports -> Microsoft Exchange.

  2. Then, select a criterion for analysis from the Analyze by list box. Using this report, you can analyze the performance of one/more Exchange components, or those that are part of a service or a segment. The options provided by the Analyze by list box are discussed hereunder:

    • Component: Select this option to choose the component(s) from across all the components that are available in the IT environment. For instance, for a report on the domain of a Microsoft Exchange server in the environment, select Component from the Analyze by list, select Microsoft Exchange 2013/2016 from the Component Type list, and then select the host listed in the Components list.

    • Service: Select this option if the components for which a report is to be generated are involved in the delivery of a business service. Then, select a Service.

    • Segment: Choose this option if the virtual hosts to be evaluated are part of a segment. Then, pick a Segment for analysis.

  3. Then, specify the Timeline for the report. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise system, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user's Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  4. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button. However, if you want to view and then alter these settings (if required), click on the icon. The default settings will then appear in the More Options drop down window. The steps below discuss each of these settings and how they can be customized.

  5. To view the Top-10 components, select Top-10 from the Show list. By default, the Top-<maximum number of active components for the test> will be the option chosen here - i.e., if this test takes a maximum of 5 components, then the Top-5 option will be selected here by default.

    Note

    The options to be listed in the Show list can be configured in the eg_report.ini file in the <EG_INSTALL_DIR>\manager\config directory. To achieve this, set the ShowTop parameter in the [INFOS] section of this list to a specific numeric value. For example, if you set ShowTop to 10, then the Show list will display the following options: Top-10, Top-2, Top-5, Last-10, Last-2, and Last-5.

  6. If the timeline specified for the report needs to exclude the data collected during the Weekends, then set Exclude weekends to Yes. If not, select No.

  7. Specify the start time and end time for report generation against the Time period field in the More Options drop down window.

  8. In large environments, reports generated using months of data can take a long time to complete. Administrators now have the option of generating reports on-line or in the background. When a report is scheduled for background generation, administrators can proceed with their other monitoring, diagnosis, and reporting tasks, while the eG manager is processing the report. This saves the administrator valuable time. To schedule background processing of a report, select the Background Save - PDF option from the Report Generation list. In this case, a Report Name text box will appear, where you would have to provide the name with which the report is to be saved in the background. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the {EG_INSTALL_DIR}\manager\config directory) is set to Yes.

    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background Save - PDF. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.

  9. Finally, click the Run Report button to generate the report.

  10. The report that appears, consists of four sections. In the first section, the summary reveals the number domains to which the mails were sent, total number of mails sent to the domains and the size of the mails.

  11. The second section contains a pie chart that provides a bird's-eye view of the mails sent to the various domains. The slices of the pie chart and their respective colors represent the percentage of mails that was sent to different domains.

  12. The third section of Outbound Domain Details Report is a bar chart that depicts the top-10 domains to which maximum number of mails were sent. The length of a bar depends upon the number of mails sent to the specific domain.

  13. In the fourth section of the report, a table provides you the details of mail activity for the chosen component. This table displays the following details:

    • Total number of mails sent to each domain

    • Size (in MB) of the mails sent to each domain

    • Average size (in MB) of the mails sent to each domain