Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1391
Views
0
Helpful
2
Replies

Subsecond timestamps for Cisco ESA Ironport textmail logs

RahimAbdulla
Level 1
Level 1

‎08-21-2019 10:31 AM

The Ironport text logs on the Cisco Email Security Appliance have timestamps that go down to the second, but not the millisecond - like this:

 

Tue Aug 20 16:57:21 2019

 

This can make things very confusing when you send the logs to a SIEM: each event can have multiple associated log entries with the exact same timestamp, which can cause the order to get mixed up in the SIEM.

 

Is there any way to include ms in the log events?

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎08-21-2019 10:48 AM

As far as I can tell, no.

But, 13.0, currently in Beta will have single log line output for each email, so a seim will see all of the results of what happened to an email without having to untangle the mail logs.



Ken




0 Helpful

ppreenja
Cisco Employee
Cisco Employee

‎08-21-2019 10:51 AM

Hello RahimAbdulla,

To best of my understanding, unfortunately, the timestamp of the "mail_logs" is not configurable.
If you need a different timestamp for these files you would need to perform some off box scripting or macros to alter them.

Cheers,
Pratham
0 Helpful
Customers Also Viewed These Support Documents
Top