cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
1
Replies
Highlighted
Beginner

Mail logs for individual listeners on ESA C670

Hi

Referring to the post for configuring mail logs for individual listeners,

https://supportforums.cisco.com/t5/email-security/specific-ironport-mail-logs-listener/td-p/3045937

and

the requested enhancement under

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCul76430/?reffering_site=dumpcr

 

We are currently running 11.0.0-274 on Cisco C670 ESA. Is there any way configure the logs for individual listeners in the newer versions?. Would like to analyze the specific listener logs. Is there any workaround available?

 

Appreciate your guidance.

 

Thanking you,

1 REPLY 1
Highlighted
Cisco Employee

No fixed versions listed on the feature request yet. You can certainly reach out to your accounts team if you wish to have this enhancement request prioritised.

 

Not an easy workaround, however you can grep the listener name within mail_logs to get a list of all connections coming to it.

 

For example: (replace Management with the name of listener on your appliance)

hulk.cisco.com> grep "interface Management" mail_logs

 

Thu Jul 27 07:35:30 2017 Info: New SMTP ICID 1 interface Management (10.106.36.202) address 10.196.105.184 reverse dns host unknown verified no

Thu Jul 27 07:37:19 2017 Info: New SMTP ICID 2 interface Management (10.106.36.202) address 10.196.105.184 reverse dns host unknown verified no

Wed Aug  9 19:15:40 2017 Info: New SMTP ICID 1 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Wed Aug  9 19:15:43 2017 Info: New SMTP ICID 2 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Wed Aug  9 19:15:46 2017 Info: New SMTP ICID 3 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Tue Sep 19 04:30:36 2017 Info: New SMTP ICID 1 interface Management (10.106.36.200) address 10.106.36.177 reverse dns host unknown verified no

 

To grep for a specific date

grep "Jan 30.*interface Management" mail_logs

 

To get a count of matches

grep "Jan 30.*interface Management" mail_logs -c

 

As listener only records the start of the connection, you would still need to grep individual ICID's for details of the emails.

 

Regards,

Libin Varghese