Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2430
Views
0
Helpful
5
Replies

Unable to change mail_log file size on 4 Clustered Ironport c370

Danny Vu
Level 1
Level 1

‎06-27-2013 01:53 PM

I'm trying to change the mail_log file size to rollover at 300 MB, but keep getting the error below.  It's the same error in the GUI as well as CLI.  Can anyone help on this or have experienced this before?

logconfig

NOTICE: This configuration command has not yet been configured for the current cluster mode (Machine resesa01.pacificlife.com).

What would you like to do?

1. Switch modes to edit at mode "Cluster Ironport_Cluster".

2. Start a new, empty configuration at the current mode (Machine resesa01.pacificlife.com).

3. Copy settings from another cluster mode to the current mode (Machine resesa01.pacificlife.com).

[1]>

Currently configured logs:

    Log Name            Log Type                      Retrieval           Interval

---------------------------------------------------------------------------------

1. Bounce_In_Out_logs  Bounce Logs                   FTP Push - Host 172.20.1.10None

2. Configuration_ChangesConfiguration History Logs    FTP Push - Host 172.20.1.10None

3. antispam            Anti-Spam Logs                Manual Download     None

4. antivirus           Anti-Virus Logs               Manual Download     None

5. asarchive           Anti-Spam Archive             Manual Download     None

6. authentication      Authentication Logs           Manual Download     None

7. avarchive           Anti-Virus Archive            Manual Download     None

8. bounces             Bounce Logs                   Manual Download     None

9. cli_logs            CLI Audit Logs                Manual Download     None

10. encryption          Encryption Logs               Manual Download     None

11. error_logs          IronPort Text Mail Logs       Manual Download     None

12. euq_logs            Spam Quarantine Logs          Manual Download     None

13. euqgui_logs         Spam Quarantine GUI Logs      Manual Download     None

14. ftpd_logs           FTP Server Logs               Manual Download     None

15. gui_logs            HTTP Logs                     Manual Download     None

16. mail_logs           IronPort Text Mail Logs       Manual Download     None

17. repeng              Reputation Engine Logs        Manual Download     None

18. reportd_logs        Reporting Logs                Manual Download     None

19. reportqueryd_logs   Reporting Query Logs          Manual Download     None

20. scanning            Scanning Logs                 Manual Download     None

21. slbld_logs          Safe/Block Lists Logs         Manual Download     None

22. smtp_logs           SMTP Conversation Logs        Manual Download     None

23. snmp_logs           SNMP Logs                     Manual Download     None

24. sntpd_logs          NTP logs                      Manual Download     None

25. status              Status Logs                   Manual Download     None

26. system_logs         System Logs                   Manual Download     None

27. trackerd_logs       Tracking Logs                 Manual Download     None

28. updater_logs        Updater Logs                  Manual Download     None

Choose the operation you want to perform:

- NEW - Create a new log.

- EDIT - Modify a log subscription.

- DELETE - Remove a log subscription.

- SETUP - General settings.

- LOGHEADERS - Configure headers to log.

- HOSTKEYCONFIG - Configure SSH host keys.

- CLUSTERSET - Set how logs are configured in a cluster.

- CLUSTERSHOW - Display how logs are configured in a cluster.

[]> edit

Enter the number of the log you wish to edit.

[]> 16

Please enter the name for the log:

[mail_logs]>

Log level:

1. Critical

2. Warning

3. Information

4. Debug

5. Trace

[3]>

Choose the method to retrieve the logs.

1. Download Manually: FTP/HTTP(S)/SCP

2. FTP Push

3. SCP Push

4. Syslog Push

[1]>

Filename to use for log files:

[mail]>

Please enter the maximum file size.  You can specify suffixes: "m" for megabytes, "k" for kilobytes.  Suffixes are case-insensitive:

[100000000]> 300000000

The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.

Please enter the maximum file size.  You can specify suffixes: "m" for megabytes, "k" for kilobytes.  Suffixes are case-insensitive:

[100000000]> 300m

The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.

Please enter the maximum file size.  You can specify suffixes: "m" for megabytes, "k" for kilobytes.  Suffixes are case-insensitive:

[100000000]> 300M

The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.

Please enter the maximum file size.  You can specify suffixes: "m" for megabytes, "k" for kilobytes.  Suffixes are case-insensitive:

[100000000]> 300000000

The value must be a number from 100000 to 100000000 or an equivalent size specification which is a number prepended with K, M, or G.

Labels:
0 Helpful
5 Replies 5

Ken Stieers
VIP
VIP

‎06-27-2013 09:54 PM

Try "300000K"

I think it wants a suffix.

Sent from Cisco Technical Support iPad App

0 Helpful

Danny Vu
Level 1
Level 1
In response to Ken Stieers

‎06-28-2013 11:24 AM

I've tried multiple ways with the k, m, g etc... and it's always the same error.

0 Helpful

Richard Schiller
Cisco Employee
Cisco Employee

‎06-28-2013 01:06 PM

Danny,

Please allow me to expand on the error that has been provided:

The value must be a number from 100000 to 100000000 or an equivalent  size specification which is a number prepended with K, M, or G.

The validation on this field is looking for an expanded value that will fall between the values that are shown.  Based on this, the smallest value that is allowed is 100000 bytes and the largest value that is allowed is 100000000 bytes.  As 300M is well outside of this, it will not work.

Regards,

Richard Schiller

Customer Support Engineer, Email Security

Content Security Technical Services – Raleigh, NC

0 Helpful

Danny Vu
Level 1
Level 1
In response to Richard Schiller

‎06-28-2013 02:24 PM

I see that the error states it has to be within the 2 values, but then why would they bother to have a size specification of M or G when 10000M or 10000G would be too large?  It does not make sense to have any value other than K represented because it would become misleading.  The issue I have is that I would like to have a daily rollover for the log files with a maximum of 28 days, but have the max rollover log file to be 300M.  It appears that I would have to set the daily rollover with a Max of 100M per file and then change the amount of maximum log file count to be 84 to cover the 300M threshold for 28 days.  Does that sound right?

0 Helpful

Zachary Reneau
Cisco Employee
Cisco Employee

‎07-01-2013 02:04 PM

Hi Danny,

If log retension is a concern, and you have a Linux server where disk storage is not at a premium, I would recommend you create a new log subscription for mail_logs and change the retrieval method to either SCP or syslog. In this way you can push a copy of the rolling logs to another server in your environment for longer retension.

The IronPort SMA device can also serve a similar purpose by centralizing and making the log data searchable with the GUI interface, as well as providing centralized reporting if you have multiple ESA devices. For the DIYer, I'd go the syslog route though, which would allow for easier grep commands and scripted data mining in the long run. Consuming lots of disk space on the ESA with transaction logs just isn't really an option at this time, and I think there are advantages to offloading to another server anyway.

Just my two cents.


Best,

Zach

0 Helpful
Customers Also Viewed These Support Documents