Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1374
Views
0
Helpful
3
Replies

cisco ironport

markcamacho
Level 1
Level 1

‎04-22-2014 01:48 AM

I would like to know how we can go about the configuration of the retention period of the message details under the message tracking of our email security appliance.
If the configuration is possible please let me know the procedure how to do it, however if it is impossible I would appreciate if you could send me a documentation from Cisco the default retention period for message tracking details as well as the document that provides information that retention period is not configurable.

The ESA model version is C370 and is currently configured to use the Local Tracking for Message Tracking Service Settings. We cannot use the Centralized Tracking as we do not have the Security Management Appliance. The currently AsyncOS version is 7.6.1-022 and the latest available upgrade is the AsyncOS 8.0.1 build 023.

 

Labels:
0 Helpful
3 Replies 3

Robert Sherwin
Cisco Employee
Cisco Employee

‎04-23-2014 06:29 AM

Tracking logs record information about the email operations of AsyncOS. The log messages are a subset of the messages recorded in the mail logs.  The tracking logs are used by the message tracking component to build the message tracking database.

You can view how much space is consumed by the 'diagnostic' command on the CLI:
> diagnostic


Choose the operation you want to perform:
- RAID - Disk Verify Utility.
- DISK_USAGE - Check Disk Usage.
- NETWORK - Network Utilities.
- REPORTING - Reporting Utilities.
- TRACKING - Tracking Utilities.
- RELOAD - Reset configuration to the initial manufacturer values.
[]> disk_usage


Services                      Disk Usage (GB)   Quota(GB)
----------------------------------------------------------
Spam Quarantine                       0.0           2.5
Reporting                             0.0          17.0
Tracking                              0.0          20.0
Total                                 0.1          39.5

On the ESA - there is not an option to reallocate disk quota/size for the services.  

Depending on the model of appliance, message tracking data is limited to the quota.  Once the quota is met/full - oldest data is rolled off accordingly:
VM: 10G
C150/C160/C170: 10G
C350/C360/C370: 20G
C650/C660/C670: 50G
X1050/X1060/X1070: 50G

If you are looking to extend message tracking retention times - you would best be served by assuring that your mail_logs are pushed off-appliance, and stored on a syslog server.

I hope this helps!

-Robert

 

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin
0 Helpful

markcamacho
Level 1
Level 1
In response to Robert Sherwin

‎04-23-2014 06:22 PM

Hi robert,

 

thank you for the information,

do you have a document such as whitepaper for Cisco ESA stating the details on what you sent?

 

 

0 Helpful
Customers Also Viewed These Support Documents