Cisco Cisco Email Security Appliance C650 Guía Del Usuario
34-23
Cisco AsyncOS 8.0 for Email User Guide
Chapter 34 Logging
Log Types
Domain Debug Log Example
Using IronPort Injection Debug Logs
Injection debug logs record the SMTP conversation between the Cisco appliance and a specified host
connecting to the system. Injection debug logs are useful for troubleshooting communication problems
between the Cisco appliance and a client initiating a connection from the Internet. The log records all
bytes transmitted between the two systems and classifies them as “Sent to” the connecting host or
“Received from” the connecting host.
connecting to the system. Injection debug logs are useful for troubleshooting communication problems
between the Cisco appliance and a client initiating a connection from the Internet. The log records all
bytes transmitted between the two systems and classifies them as “Sent to” the connecting host or
“Received from” the connecting host.
You must designate the host conversations to record by specifying an IP address, an IP range, hostname,
or partial hostname. Any connecting IP address within an IP range will be recorded. Any host within a
partial domain will be recorded. The system performs reverse DNS lookups on connecting IP addresses
to convert to hostnames. IP addresses without a corresponding PTR record in DNS will not match
hostnames.
or partial hostname. Any connecting IP address within an IP range will be recorded. Any host within a
partial domain will be recorded. The system performs reverse DNS lookups on connecting IP addresses
to convert to hostnames. IP addresses without a corresponding PTR record in DNS will not match
hostnames.
You must also specify the number of sessions to record.
Each line within an Injection Debug log contains the following information in
.
Sat Dec 21 02:37:22 2003 Info: 102503993 Sent: 'MAIL FROM:<daily@dailyf-y-i.net>'
Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'
Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'RCPT TO:<LLLSMILE@aol.com>'
Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'
Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'DATA'
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '354 START MAIL INPUT, END WITH "." ON A
LINE BY ITSELF'
Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '250 OK'
Table 34-15
Injection Debug Log Statistics
Statistic
Description
Timestamp
Time that the bytes were transmitted
ICID
The Injection Connection ID is a unique identifier that can be tied to the same
connection in other log subscriptions
connection in other log subscriptions
Sent/Received
Lines marked with “Sent to” are the actual bytes sent to the connecting host. Lines
marked with “Received from” are the actual bytes received from the connecting
host
marked with “Received from” are the actual bytes received from the connecting
host
IP Address
IP address of the connecting host