Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
ESA Log Filenames of Attachments Configuration
Example
Example
Document ID: 117970
Contributed by Chris Porter, Cisco TAC Engineer.
Jul 16, 2014
Contents
Introduction
Prerequisites
Configure
Prerequisites
Configure
Introduction
This document describes how to log the filenames of attachments that pass through the Cisco Email Security
Appliance (ESA).
Appliance (ESA).
Prerequisites
The information in this document is based on these software and hardware versions:
ESA
•
All versions of AsyncOS
•
Configure
Note: In AsyncOS Version 7.x and later, attachments are logged automatically if you have at least one filter
installed that checks for file information (file name, extension, file type, content scanning). Refer to the user
guide or online help in AsyncOS for more information.
installed that checks for file information (file name, extension, file type, content scanning). Refer to the user
guide or online help in AsyncOS for more information.
This solution can be used for earlier AsyncOS versions.
Create a new header that contains the filenames of all attachments.
1.
Use logconfig > logheaders to record the value of that header to the mail_log.
2.
Here is a filter that records the filenames for messages that have attachments:
add_filenames_header:
if (attachment−filename == "^.+$") {
insert−header ("X−fn", "$filenames");
The "^.+$" regex assures that there is an attachment with at least one character in the filename. This is false
for messages with no attachments, so only attachments are logged.
for messages with no attachments, so only attachments are logged.
Note: The definition of "Attachment" to an email message is debatable. Typically, the first text/plain and
text/HTML parts are considered the "body". See the user's guide for more detail on what is considered an
attachment.
text/HTML parts are considered the "body". See the user's guide for more detail on what is considered an
attachment.