06-27-2013 01:53 PM
I'm trying to change the mail_log file size to rollover at 300 MB, but keep getting the error below. It's the same error in the GUI as well as CLI. Can anyone help on this or have experienced this before?
logconfig
NOTICE: This configuration command has not yet been configured for the current cluster mode (Machine resesa01.pacificlife.com).
What would you like to do?
1. Switch modes to edit at mode "Cluster Ironport_Cluster".
2. Start a new, empty configuration at the current mode (Machine resesa01.pacificlife.com).
3. Copy settings from another cluster mode to the current mode (Machine resesa01.pacificlife.com).
[1]>
Currently configured logs:
Log Name Log Type Retrieval Interval
---------------------------------------------------------------------------------
1. Bounce_In_Out_logs Bounce Logs FTP Push - Host 172.20.1.10None
2. Configuration_ChangesConfiguration History Logs FTP Push - Host 172.20.1.10None
3. antispam Anti-Spam Logs Manual Download None
4. antivirus Anti-Virus Logs Manual Download None
5. asarchive Anti-Spam Archive Manual Download None
6. authentication Authentication Logs Manual Download None
7. avarchive Anti-Virus Archive Manual Download None
8. bounces Bounce Logs Manual Download None
9. cli_logs CLI Audit Logs Manual Download None
10. encryption Encryption Logs Manual Download None
11. error_logs IronPort Text Mail Logs Manual Download None
12. euq_logs Spam Quarantine Logs Manual Download None
13. euqgui_logs Spam Quarantine GUI Logs Manual Download None
14. ftpd_logs FTP Server Logs Manual Download None
15. gui_logs HTTP Logs Manual Download None
16. mail_logs IronPort Text Mail Logs Manual Download None
17. repeng Reputation Engine Logs Manual Download None
18. reportd_logs Reporting Logs Manual Download None
19. reportqueryd_logs Reporting Query Logs Manual Download None
20. scanning Scanning Logs Manual Download None
21. slbld_logs Safe/Block Lists Logs Manual Download None
22. smtp_logs SMTP Conversation Logs Manual Download None
23. snmp_logs SNMP Logs Manual Download None
24. sntpd_logs NTP logs Manual Download None
25. status Status Logs Manual Download None
26. system_logs System Logs Manual Download None
27. trackerd_logs Tracking Logs Manual Download None
28. updater_logs Updater Logs Manual Download None
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
- CLUSTERSET - Set how logs are configured in a cluster.
- CLUSTERSHOW - Display how logs are configured in a cluster.
[]> edit
Enter the number of the log you wish to edit.
[]> 16
Please enter the name for the log:
[mail_logs]>
Log level:
1. Critical
2. Warning
3. Information
4. Debug
5. Trace
[3]>
Choose the method to retrieve the logs.
1. Download Manually: FTP/HTTP(S)/SCP
2. FTP Push
3. SCP Push
4. Syslog Push
[1]>
Filename to use for log files:
[mail]>
Please enter the maximum file size. You can specify suffixes: "m" for megabytes, "k" for kilobytes. Suffixes are case-insensitive:
[100000000]> 300000000
The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.
Please enter the maximum file size. You can specify suffixes: "m" for megabytes, "k" for kilobytes. Suffixes are case-insensitive:
[100000000]> 300m
The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.
Please enter the maximum file size. You can specify suffixes: "m" for megabytes, "k" for kilobytes. Suffixes are case-insensitive:
[100000000]> 300M
The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.
Please enter the maximum file size. You can specify suffixes: "m" for megabytes, "k" for kilobytes. Suffixes are case-insensitive:
[100000000]> 300000000
The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.
06-27-2013 09:54 PM
Try "300000K"
I think it wants a suffix.
Sent from Cisco Technical Support iPad App
06-28-2013 11:24 AM
I've tried multiple ways with the k, m, g etc... and it's always the same error.
06-28-2013 01:06 PM
Danny,
Please allow me to expand on the error that has been provided:
The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.
The validation on this field is looking for an expanded value that will fall between the values that are shown. Based on this, the smallest value that is allowed is 100000 bytes and the largest value that is allowed is 100000000 bytes. As 300M is well outside of this, it will not work.
Regards,
Richard Schiller
Customer Support Engineer, Email Security
Content Security Technical Services – Raleigh, NC
06-28-2013 02:24 PM
I see that the error states it has to be within the 2 values, but then why would they bother to have a size specification of M or G when 10000M or 10000G would be too large? It does not make sense to have any value other than K represented because it would become misleading. The issue I have is that I would like to have a daily rollover for the log files with a maximum of 28 days, but have the max rollover log file to be 300M. It appears that I would have to set the daily rollover with a Max of 100M per file and then change the amount of maximum log file count to be 84 to cover the 300M threshold for 28 days. Does that sound right?
07-01-2013 02:04 PM
Hi Danny,
If log retension is a concern, and you have a Linux server where disk storage is not at a premium, I would recommend you create a new log subscription for mail_logs and change the retrieval method to either SCP or syslog. In this way you can push a copy of the rolling logs to another server in your environment for longer retension.
The IronPort SMA device can also serve a similar purpose by centralizing and making the log data searchable with the GUI interface, as well as providing centralized reporting if you have multiple ESA devices. For the DIYer, I'd go the syslog route though, which would allow for easier grep commands and scripted data mining in the long run. Consuming lots of disk space on the ESA with transaction logs just isn't really an option at this time, and I think there are advantages to offloading to another server anyway.
Just my two cents.
Best,
Zach
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide