Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2066
Views
0
Helpful
4
Replies

Viewing the number of bytes send to an external server

Henk Fictorie - Ulrich
Level 1
Level 1

‎01-13-2021 12:47 AM

Hi, I have a problem in which I want to see how many bytes are transferred when a specific email is delivered to an external server. (we have a problem in which attachments are emptied somewhere in the email chain).

In the message tracking I see that the incoming email has a certain size. I don't see that any filter is deleting bytes from the email.I see that the email is delivered with success to the external server, but I don't see how many bytes are delivered.

How can I be sure that all bytes of the email are actually send to the external server?

I tried the domain debug logging. The domain debug logging however is logging all traffic with the external server, which is quite big. Is there any method to see the number of bytes send for a particular email address?

Labels:
0 Helpful
4 Replies 4

Libin Varghese
Cisco Employee
Cisco Employee

‎01-19-2021 02:51 AM

The size of emails is currently logged only once during processing and like you mentioned unless there are filters configured to do so the contents remain intact.

You could possibly setup packet captures and evaluate packets being transmitted towards the destination but not an easy straightforward method.

 

Regards,

Libin

0 Helpful

Henk Fictorie - Ulrich
Level 1
Level 1
In response to Libin Varghese

‎01-19-2021 03:28 AM - edited ‎01-19-2021 03:30 AM

I ended up with using Domain Debug logging to see the SMTP conversation with the receiving SMTP server. That conversation shows the number of bytes sent to the receiving SMTP server.

It is not an optimal solution, but it does it jobs. We just had to coordinate the testing, so that the test would only take a couple of minutes and the domain debug log wouldn't grow too big.

 

regards Henk

0 Helpful

Lemat
Level 1
Level 1
In response to Libin Varghese

‎02-16-2021 04:40 PM

How about creating a content filter with action log-entry("$BodySize") or $filesizes ?

See Action Variables table in https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01010.html

0 Helpful

Henk Fictorie - Ulrich
Level 1
Level 1
In response to Lemat

‎02-16-2021 11:24 PM

Good idea! It will at least give more certainty that the ESA doesn't loose bytes. These action variables are already available early in the email pipeline (message filter) and processing later on could drop bytes from the email. Therefore 100% confidence can't be expected from this output, but it will definite give more confidence.

Thanks for you feedback.

0 Helpful
Customers Also Viewed These Support Documents