Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
0
Helpful
1
Replies

3rd party syslog for mail logs repository

angfe.landagan
Level 1
Level 1

‎06-21-2011 11:22 PM

Hi,

    I'm a bit baffled on how i can archive or push all ironport mail logs in case i want to investigate them and can easily pull them back.

    Ironport on the box mail logs capability is a bit limited to some time since im going to store the logs for a span of 6 months before i archive them.

    I will be hosting multiple domains with different clients (inbound only) so each clients has their own reporting inquiry for investigation and wanted to

    have all the logs in case for review.

    Any idea on how can i move forward?

   Thank you.

Labels:
0 Helpful
1 Reply 1

viahmed
Cisco Employee
Cisco Employee

‎06-21-2011 11:39 PM

Greetings Angfe,

You can automate the log transfer to another server in your network.

This setup can be done via the GUI or CLI using the FTP or SCP protocols. Please read specifics below:

GUI (System Administration -> Log Subscriptions)

1. Click on the log name of the log you wish to modify under the 'Log Name' Field

2. Under 'Retrieval Method', you may select 'FTP on Remote Server' or 'SCP on Remote server'

You  will need to enter the correct values in the appropriate scenario you  choose. If you are not familiar with the correct values, please contact  your systems / network administrator as they can help you determine  which servers are available in your network.

CLI (Command Line Interface)

See the following CLI sequence:

S-Series> logconfig

[]> edit

[]>

Please enter the name for the log:
[Log_name]>

Log level:
1. Critical
2. Warning
3. Information
4. Debug
5. Trace

[3]>

Choose the method to retrieve the logs.
1. FTP Poll
2. FTP Push
3. SCP Push

Choose  the method that you desire to setup. From this point the CLI will walk  you through the same connection settings available in the GUI.

These are as follows:

FTP

Maximum Time Interval Between Transferring: 3600 seconds
FTP Host:       Host name / IP address of the FTP server
Directory:       Remote directory on FTP server (relative to the FTP logon. Typically '/')
Username:   FTP username   
Password:         FTP password

SCP

Maximum Time Interval Between Transferring: 3600 seconds
Protocol:         SSH1 or SSH2
SCP Host:         Host name / IP address of the SCP Server
Directory:         Remote directory on SCP server (relative to the SCP logon. Typically '/')
Username:         SCP username

Enable Host Key Checking
Automatically Scan
Enter Manually

NOTE:  FTP is a plain text protocol, meaning that sensitive data may be  readable by some one who is sniffing network traffic. SCP is an  encrypted protocol, thus making sniffing ineffective at snooping data.  If the data is sensitive and security is a concern, it is recommended  that SCP be used instead of FTP.

Hope this helps!

Regards,

Viquar

Customer Support Engineer

0 Helpful
Customers Also Viewed These Support Documents