How to check logs thought grep/find event cmd.

bsrinu001 · ‎08-16-2017

Hi,

Please suggest, how to grep a mail log for the specific date/ domain/ user/ IP address.

How can we use "findevent" cmd for the same. Many Thanks

Libin Varghese · ‎08-16-2017

Hi,

Please see this

https://supportforums.cisco.com/discussion/13236606/how-check-log-thought-cli-esa-specific-event

For usage of findevent please see the end user guide Page 35-35

https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa10-0/ESA_10-0_User_Guide.pdf

Regards,

Libin Varghese

Robert Sherwin · ‎08-16-2017

May be of some use to you as well --- ESA Message Disposition Determination

And... will throw this out...

A content filter with no condition and an action of Add Log Entry can be used with action variables.

Note: The complete listing of Action Variables can be located in the User Guide: Using Message Filters to Enforce Email Policies

For this instance, our example will use the Action Variables of $EnvelopeFrom, $EnvelopeRecipients, $MID, and $Subject:

This content filter is saved and applied against the default policy for incoming mail policies.

Now, from the CLI, when using grep to find an email from one user to another user, results should be similar to:

myesa.local> grep joe@example.com mail_logs

Tue Aug 18 08:10:58 2015 Info: MID 4044 Custom Log Entry: From: joe@example.com, To: robert@mydomain.com, MID: 4044, Subject: HELLO - This is a test
Tue Aug 18 08:52:24 2015 Info: MID 4045 Custom Log Entry: From: joe@example.com, To: robert@mydomain.com, MID: 4045, Subject: Daily Report [Tuesday, Aug. 18]

Now when an ESA administrator goes to search and find information using grep, they have a quicker solution at hand, providing them the From, To, MID, and Subject of a message sent through their ESA, all on one log line.

-Robert

Cheers,
Robert Sherwin