Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
1
Replies

Mail logs for individual listeners on ESA C670

Pravar
Level 1
Level 1

‎01-30-2018 10:35 PM - edited ‎03-10-2019 01:21 PM

Hi

Referring to the post for configuring mail logs for individual listeners,

https://supportforums.cisco.com/t5/email-security/specific-ironport-mail-logs-listener/td-p/3045937

and

the requested enhancement under

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCul76430/?reffering_site=dumpcr

 

We are currently running 11.0.0-274 on Cisco C670 ESA. Is there any way configure the logs for individual listeners in the newer versions?. Would like to analyze the specific listener logs. Is there any workaround available?

 

Appreciate your guidance.

 

Thanking you,

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎01-31-2018 03:48 AM

No fixed versions listed on the feature request yet. You can certainly reach out to your accounts team if you wish to have this enhancement request prioritised.

 

Not an easy workaround, however you can grep the listener name within mail_logs to get a list of all connections coming to it.

 

For example: (replace Management with the name of listener on your appliance)

hulk.cisco.com> grep "interface Management" mail_logs

 

Thu Jul 27 07:35:30 2017 Info: New SMTP ICID 1 interface Management (10.106.36.202) address 10.196.105.184 reverse dns host unknown verified no

Thu Jul 27 07:37:19 2017 Info: New SMTP ICID 2 interface Management (10.106.36.202) address 10.196.105.184 reverse dns host unknown verified no

Wed Aug  9 19:15:40 2017 Info: New SMTP ICID 1 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Wed Aug  9 19:15:43 2017 Info: New SMTP ICID 2 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Wed Aug  9 19:15:46 2017 Info: New SMTP ICID 3 interface Management (10.106.36.202) address 10.106.36.94 reverse dns host unknown verified no

Tue Sep 19 04:30:36 2017 Info: New SMTP ICID 1 interface Management (10.106.36.200) address 10.106.36.177 reverse dns host unknown verified no

 

To grep for a specific date

grep "Jan 30.*interface Management" mail_logs

 

To get a count of matches

grep "Jan 30.*interface Management" mail_logs -c

 

As listener only records the start of the connection, you would still need to grep individual ICID's for details of the emails.

 

Regards,

Libin Varghese 

0 Helpful
Customers Also Viewed These Support Documents