You can use the Secure Email Gateway (SEG) V2 Platform Admin page to perform the maintenance tasks for your SEG without editing the configuration file. The Admin page is locally available on your SEG at https://localhost:44444/seg/admin. If SSL is enabled for SEG, the prefix of the localhost URL is https else it is http.

After you install SEG, you can perform the following tasks from the Admin page:

  • Change the logging levels for the different SEG processes
  • Call diagnostics endpoints
  • Reconfigure the connections between SEG and API endpoints

 

The admin page displays two tabs called Logging and Diagnostics.

Logging

The information related to several SEG processes are recorded in a log file and each log entry is marked at a certain logging level. These logging levels control the amount of information that is logged into the log file.

On the Logging page, you can adjust the logging levels for the SEG processes. The logging levels that you can set for the SEG processes are All, Trace, Debug, Warn, Error, Info, and Off.

 

The SEG processes for which you can set up the logging levels are listed in the table.

Settings Description
Transaction Summary Logs summary information about every device request that the SEG processes, such as the user, type of command, HTTP response code, and the time taken for processing the request.
Device Transactions (All) Logs detailed information about individual EAS requests including allowed or blocked reason and HTTP headers.
Device Transactions (Blocked) Logs detailed information about individual EAS requests including allowed or blocked reason and HTTP headers for blocked devices.

Policy Cache

Policy Updates

Logs information about individual and bulk policy changes.

Transfer Handler Transfer Helper Encryption Helper MIME Type Conversion

 

Logs metadata used by email security policies for content security policies.

Console Transaction Reporting Logs information about reporting data used by MEM dashboards in the AirWatch Console.

Diagnostics

On the Diagnostics page, you can view the diagnostic information for SEG and execute the various diagnostic REST API endpoints available locally on SEG. With the diagnostics endpoints that are readily available on SEG, you can view information about the SEG configuration settings, look up the policies in the SEG cache, and download records related to specific policy types in a .csv format.

 

Though the URI of the APIs on the SEG begin with https://localhost:44444/seg/, you need to provide only the latter part of the URI after /seg/ as listed in the table. You can use the API endpoints to fetch SEG configuration settings, look up the policies, and download policy records.

API Endpoint   Description
/diagnostic/cluster

Returns SEG diagnostic information.

By default, the SEG diagnostic information is displayed on the diagnostics page.

/policy/segconfig Returns the SEG configuration settings.
/policy/<Policy Type> / <Policy Lookup Key>  

Look up the policies in the SEG cache.

/download/ <Policy Type>

Download records related to policy types such as device, account, managedattachment, unmanagedattachement, and 451redirectmapping.

The records are downloaded as a CSV file.

 

The following are the various policy types and the policy lookup keys to view the policies in the SEG cache. Replace the <Policy Type> and the <Policy Lookup Key> in the API endpoint, /policy/ <Policy Type> / <Policy Lookup Key>

PoIicy Type Policy Lookup Key Description
segconfig No lookup key required Look up the SEG configuration settings.
generalaccess No lookup key required Look up the general access policy.
device EAS Device Identifier

Look up the device policy by providing the EAS Device Identifier as the lookup key.

For example, /policy/device/SMKG1KBHQ53H39TFTNQQ10JDES

account Username Look up the account policy by providing username as the lookup key
easdevicetype EAS device type

Look up the EAS device type policy by providing EAS device type as the lookup key.

mailclient

Mail Client

Look up the mail client policy by providing mail client as the lookup key.

You must have all characters in the encoded URL form.

For example, /policy/mailclient/Apple-iPhone5C3%2F1405.526000002

hyperlink No lookup key required Look up the hyperlink policy.

encryptionkeydatapayload

AirWatch Device ID Look up the encryption key data payload by providing the AirWatch Device ID as the lookup key.