Cisco Cisco Email Security Appliance X1070 User Guide
38-7
Cisco AsyncOS 9.1 for Email User Guide
Chapter 38 Logging
Log Types
Log Filenames and Directory Structure
AsyncOS creates a directory for each log subscription based on the log subscription name. The actual
name of the log file in the directory is composed of the log filename specified by you, the timestamp
when the log file was started, and a single-character status code. The filename of logs are made using
the following formula:
name of the log file in the directory is composed of the log filename specified by you, the timestamp
when the log file was started, and a single-character status code. The filename of logs are made using
the following formula:
/LogSubscriptionName/LogFilename.@timestamp.statuscode
Status codes may be
.current
or
.s
(signifying saved). You should only transfer or delete log files with
the saved status.
Log Rollover and Transfer Schedule
Log files are created by log subscriptions, and are rolled over (and transferred, if a push-based retrieval
option is selected) based on the first user-specified condition reached: maximum file size or scheduled
rollover. Use the
option is selected) based on the first user-specified condition reached: maximum file size or scheduled
rollover. Use the
logconfig
command in the CLI or the Log Subscriptions page in the GUI to configure
both the maximum file size and time interval for scheduled rollovers. You can also use the Rollover Now
button in the GUI or the
button in the GUI or the
rollovernow
command in the CLI to rollover selected log subscriptions. See
for more information on scheduling rollovers.
Logs retrieved using manual download are saved until they reach the maximum number you specify (the
default is 10 files) or until the system needs more space for log files.
default is 10 files) or until the system needs more space for log files.
Logs Enabled by Default
Your Email Security appliance is pre-configured with many log subscriptions enabled by default (other
logs may be configured depending on which license keys you have applied). By default, the retrieval
method is “Manually Download.”
logs may be configured depending on which license keys you have applied). By default, the retrieval
method is “Manually Download.”
All pre-configured log subscriptions have a Log Level of 3, except for
error_logs
which is set at 1 so
that it will contain only errors. See
for more information. For information about
creating new log subscriptions, or modifying existing ones, see
.
Log Types
•
•
SCP Push
This method periodically pushes log files to an SCP server on a remote computer. This
method requires an SSH SCP server on a remote computer using the SSH1 or SSH2
protocol. The subscription requires a username, SSH key, and destination directory on
the remote computer. Log files are transferred based on a rollover schedule set by you.
method requires an SSH SCP server on a remote computer using the SSH1 or SSH2
protocol. The subscription requires a username, SSH key, and destination directory on
the remote computer. Log files are transferred based on a rollover schedule set by you.
Syslog Push
This method sends log messages to a remote syslog server. This method conforms to
RFC 3164. You must submit a hostname for the syslog server and choose to use either
UDP or TCP for log transmission. The port used is 514. A facility can be selected for the
log; however, a default for the log type is pre-selected in the dropdown menu. Only
text-based logs can be transferred using syslog push.
RFC 3164. You must submit a hostname for the syslog server and choose to use either
UDP or TCP for log transmission. The port used is 514. A facility can be selected for the
log; however, a default for the log type is pre-selected in the dropdown menu. Only
text-based logs can be transferred using syslog push.
Table 38-3
Log Transfer Protocols (continued)