Example: Creating a Custom Report

In this example, you will create a custom report that keeps track of outgoing messages that are likely to result in a loss of sensitive data. The report will monitor messages containing the words "Top Secret" or a credit card number. It will also record the number of times a message is sent with an attachment entitled Internal Financial Report.pdf.

  1. Edit the PureMessage Policy

    Marks for custom reports are not logged unless you an add an action for each value that you want reported. You can add a policy mark action to an existing rule, or, if necessary, create a new rule. Although this example shows the lines that you must insert in the policy.siv file, you can also modify the policy as necessary using the Policy Constructor. For more information, see “Editing the Policy” in the Manager Reference. This custom report requires the following rules:

    # attr NAME=Log messages containing TOP SECRET keywords
    if pmx_phrase :attachments :scanall :contains ["Top Secret"] {
         pmx_custom_mark "dlp_keyword_report" "Top Secret";
    # attr NAME=Log messages that contain the PDF named Internal Financial Report
    if pmx_attachment_name :tft :contains ["Internal Financial Report.pdf"] {
         pmx_custom_mark "dlp_keyword_report" "Financial Reports";
    # attr NAME=Log messages that contain a Credit Card
         if pmx_credit_card {
    pmx_custom_mark "dlp_keyword_report" "Credit Card Numbers";

    Notice that the last line of each rule contains a pmx_custom_mark action.

    The key that you enter in the next step must match this key (dlp_keyword_report) exactly. Each action has a unique value (for example, "Credit Card Numbers"), which must also exactly match a corresponding entry you will enter in step 2.

  2. Register the Report

    Now that you have created the necessary logic in the PureMessage policy, you must use the pmx-reports-custom tool to register the report. This must be done at the command line, as the PureMessage user (“pmx6” by default).

    1. The values (categories) for the report must be added by way of an external file. At the command line, create a file called DLP_Report that includes these values:
      Top Secret
      Financial Reports
      Credit Card Numbers
    2. Register a report that contains the values shown below. At the command line, run:
      pmx-reports-custom add --key dlp_keyword_report --title "Data Loss Prevention" --file /tmp/DLP_Report

      The --key must exactly match the key specified in the corresponding policy marks. The --title is the name of the report that will be displayed on the Reports page. The --file is the path to file containing the report values.

      The --key that you assign must be lowercase. If not, you are prompted to change it. You are then prompted to run pmx-profile sync-to-db --force --resource=reports_config.

      If you want to modify the values of the report, edit the file (in this case, DLP_Report), and run pmx-reports-custom update. For a complete list of commands see the pmx-reports-custom man page.

  3. Synchronizing Servers with the Database

    This step is required to update the database and any edge servers in your deployment:

    pmx-profile sync-to-db --force --resource=reports_config
  4. Restart the Mail Filter

    To add the changes performed in the previous steps, you must restart the mail filter. At the command line, run:

    pmx-milter restart
  5. Test the Report with Mail

    To ensure that the custom report is working as expected, process some messages that are designed to trigger pmx_custom_mark actions, and then gather new data for the message log.

    1. Pass mail through your PureMessage deployment that will trigger report actions.
    2. At the command line, run:
      pmx-reports-consume-message-log --v2
      Note Depending on when this default scheduled job was last run, it could take several minutes to consume the report data.
    3. Navigate to the Reports page in the Groups Web Interface. The custom report is displayed in a new section at the bottom of the Report Types sidebar.
  6. [Optional] Schedule the Mailing of Custom Reports

    Use the pmx-reports-mailer-v2 command to run and mail custom reports.

    pmx-reports-mailer-v2 --custom "Data Loss Prevention"  --mailto me@example.com

    For more information, see “Managing Scheduled Jobs” in the Manager Reference.