Thx Libin,, Really appreciate

bosco.manjaly · ‎06-21-2017

Is there an option to return more than a 1000 messages when performing a message search using the tracking and reporting server (M670)

Looking for results for an 8 /12 hours worth of messages to troubleshoot a particular smtp flow issue.

Any option to search for a particular attachment name in the mail traffic via CLI /Tracking Web UI?

Can the maillogs be copied/ftp etc from the ironport host? e.g can the file name post the log rollover with a .s extension be used and parsed in an editor?

Also is there any option to include the sender IP in the export of the message trace into a csv

Appreciate your valuable feedback as always..

Libin Varghese · ‎06-21-2017

Hi,

The message tracking query results are currently limited to 1000 results. It is recommended to narrow down the search to a smaller time frame or sender/recipient/subject etc.

Ability to increase that is currently filed as an internal feature request, however no ETA on that.

Mail logs are stored individually on the ESA's that process the emails and you can certainly use grep on the ESA CLI to get results based on the attachment name.

For example:
grep "attachment.doc" mail_logs

Message tracking advanced search on the SMA would also allow you to search based on attachment names.

Mail_logs from the ESA can be pushed to FTP/SCP/syslog servers by configuring it to do so on the ESA under System Administration -> Log Subscriptions -> mail_logs

Even without pushing the file if FTP is enabled on the ESA interface you can FTP to the appliance and download the log file with the .s extension and edit it using text editors.

[ENHANCEMENT REQUEST] Add sending IP and server to export from tracking
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb02481/?reffering_site=dumpcr

Thank You!
Libin Varghese

bosco.manjaly · ‎06-21-2017

Thx Libin,, Really appreciate your responses

Tracking on M670