Searching/Parsing Mail_logs

daniel larsen · ‎01-09-2015

Hello,

I am looking to do some logfile parsing for attachment tracking from CLI, and I have a few questions. Here is what I would like to do:

Since this device is 'nix based, I assume its got CRON for scheduling tasks. I'd like to write a script to run every day to give me a list of all attachments leaving the organization. From there, I can pull the results into a pivot table in excel and have a 30,000 foot view of attachment flow. Counts, types, names, the works. I know, I could SCP the files off and run the script against it, but I don't have another 'niz box laying around just for file parsing right now. Probably end up do it that way.

I'm sure someone is going to tell me....can't change stuff, unsupported, I get it....but I still want more out of this box. I have looked at the report options offered, they just are not as detailed as I need. Any ideas appreciated =)

Robert Sherwin · ‎01-09-2015

Well - as far as being UNIX based - correct, but access to the underlying OS is not possibility. All log parsing that you wish to do in your scenario is done off appliance. CRON wouldn't be a possibility from on the ESA, and being that it is a "black box", we aren't scheduling jobs to run as a normal UNIX based appliance would...

Unfortunately, you are left with writing external scripting to parse logs once you scp/ftp them off, or you are left to script out an ssh job onto the box to cli string what you may be looking for.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117968-troubleshoot-grep-00.html

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117853-technote-esa-00.html

-Robert

Cheers,
Robert Sherwin

daniel larsen · ‎01-09-2015

Thanks Robert, I figured that would be the way it would have to be.