Cisco Cisco Email Security Appliance X1070 User Guide
37-2
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 37 Logging
Overview
AsyncOS for Email generates the following log types:
Table 37-1
Log Types
Log
Description
Text Mail Logs
Text mail logs record information regarding the operations of the email
system. For example, message receiving, message delivery attempts, open
and closed connections, bounces, TLS connections, and others.
system. For example, message receiving, message delivery attempts, open
and closed connections, bounces, TLS connections, and others.
qmail Format Mail Logs
qmail format delivery logs record the same information regarding the
operations of the email system as delivery logs following, but stored in qmail
format.
operations of the email system as delivery logs following, but stored in qmail
format.
Delivery Logs
Delivery logs record critical information about the email delivery operations
of the Email Security appliance — for example, information regarding each
recipient delivery and bounce at the time of the delivery attempt. The log
messages are “stateless,” meaning that all associated information is recorded
in each log message and users need not reference previous log messages for
information about the current delivery attempt. Delivery logs are recorded in
a binary format for resource efficiency. Delivery Log files must be
post-processed using a provided utility to convert them to XML or CSV
(comma-separated values) format. The conversion tools are located at:
of the Email Security appliance — for example, information regarding each
recipient delivery and bounce at the time of the delivery attempt. The log
messages are “stateless,” meaning that all associated information is recorded
in each log message and users need not reference previous log messages for
information about the current delivery attempt. Delivery logs are recorded in
a binary format for resource efficiency. Delivery Log files must be
post-processed using a provided utility to convert them to XML or CSV
(comma-separated values) format. The conversion tools are located at:
http://support.ironport.com
Bounce Logs
Bounce logs record information about bounced recipients. The information
recorded for each bounced recipient includes: the message ID, the recipient
ID, the Envelope From address, the Envelope To address, the reason for the
recipient bounce, and the response code from the recipient host. In addition,
you can choose to log a fixed amount of each bounced recipient message.
This amount is defined in bytes and the default is zero.
recorded for each bounced recipient includes: the message ID, the recipient
ID, the Envelope From address, the Envelope To address, the reason for the
recipient bounce, and the response code from the recipient host. In addition,
you can choose to log a fixed amount of each bounced recipient message.
This amount is defined in bytes and the default is zero.
Status Logs
This log file records system statistics found in the CLI status commands,
including
including
status detail
and
dnsstatus
. The period of recording is set
using the
setup
subcommand in
logconfig
. Each counter or rate reported in
status logs is the value since the last time the counter was reset.
Domain Debug Logs
Domain debug logs record the client and server communication during an
SMTP conversation between the Email Security appliance and a specified
recipient host. This log type can be used to debug issues with specific
recipient hosts. You must specify the total number of SMTP sessions to
record in the log file. As sessions are recorded, this number decreases. You
can stop domain debug before all sessions have been recorded by deleting or
editing the log subscription.
SMTP conversation between the Email Security appliance and a specified
recipient host. This log type can be used to debug issues with specific
recipient hosts. You must specify the total number of SMTP sessions to
record in the log file. As sessions are recorded, this number decreases. You
can stop domain debug before all sessions have been recorded by deleting or
editing the log subscription.
Injection Debug Logs
Injection debug logs record the SMTP conversation between the Email
Security appliance and a specified host connecting to the system. Injection
debug logs are useful for troubleshooting communication problems between
the Email Security appliance and a host on the Internet.
Security appliance and a specified host connecting to the system. Injection
debug logs are useful for troubleshooting communication problems between
the Email Security appliance and a host on the Internet.
System Logs
System logs record the following: boot information, virtual appliance license
expiration alerts, DNS status information, and comments users typed using
expiration alerts, DNS status information, and comments users typed using
commit
command. System logs are useful for troubleshooting the basic state
of the appliance.
CLI Audit Logs
The CLI audit logs record all CLI activity on the system.
FTP Server Logs
FTP logs record information about the FTP services enabled on the interface.
Connection details and user activity are recorded.
Connection details and user activity are recorded.