Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide

Contributed by Nasir Shakour and Robert Sherwin, Cisco TAC
Engineers.
Jun 26, 2014

Introduction
Prerequisites
Message Tracking
     Findevent Command
     Grep Command
        Example

This document describes how to determine the disposition of a message with the mail logs retrieved from
various commands on the Cisco Email Security Appliance (ESA).

The information in this document is based on:

ESA

• 

All versions of AsyncOS

• 

If you run AsyncOS for Email Version 6.0 or later, the most effective way to determine what happened to a
particular message is to use the Message Tracking page from the Monitor tab. This allows you to search with
a variety of options in an easy−to−use web interface.

If you run an older version or need to gather all of the log lines for troubleshooting purposes, use the grep or
findevent commands as detailed in the next sections.

If you have AsyncOS for Email Version 5.1.2 or later, the CLI findevent command makes it simpler to search
for a specific message. Findevent lets you search by the envelope from, the envelope recipient, or the message
Subject. This can be done regardless of case as well. Once you find your message, you can return every log
line relevant to that message. If you run findevent with no arguments, it launches a wizard in order to guide
you through the process. As always, you can use the help command in order to learn the short form:

> help findevent

findevent [−i] [−f from | −s subject | −t to] log_name

findevent −m mid log_name

The first form conducts a search for a specific envelope from, subject, or envelope to within the named