starting with AsyncOS 5.1.2 there is a new command "findevent" . The Release notes only showed how to use this command with the integrated CLI Menu.
You can also use it directly with the following arguments:
findevent [ -m MID | -s SUBJECT | -t TO | -f FROM ] LOGNAME
findevent -f woizik mail_logs
Will give you the Message ID's found in mail_logs, which you can than use with the -m MID switch.
There are probably more switches available. Maybe someone from Ironport wants to update the CLI Reference Guide ;-)
I have this problem too.