Cisco Cisco Email Security Appliance X1070 Guía De Información

Choose Add log subscription....

In the Log Type field, select Injection Debug Logs and input the appropriate data.

Here are some important considerations when you input the Injection Debug Logs data&colon;

The CIDR addresses, such as 10.1.1.0/24, are permitted.

•

The IP address ranges, such as 10.1.1.10−20, are permitted.

•

The IP subnets, such as 10.2.3, are permitted.

•

Hostnames and wildcards, such as crm.example.com, are permitted (but not example.com).

•

Wildcards should be expressed as .example.com (without an asterisk).

•

When you trace an inbound email, the host name should match the sender host.

•

When you trace an outbound email, the host name should match the internal host name(s).

•

The number of SMTP sessions should be between one and 25.

•

Complete these steps in order to enable the Injection Debug Logs with the CLI:

Enter the logconfig > new command into the CLI.

Choose Injection Debug Logs.

Enter a name for the log, such as debugging_example.

Enter the hostname, IP address, or block of IP addresses for which you want to record the injection
debug information, such as mail1.example.com.

Enter the number of SMTP sessions that you want to record for this domain. Ensure that the value is
between one and 25.

Enter the method that you want to use in order to retrieve the logs, such as FTP Poll.

Enter the filename. You can use the default filename if you desire.

Select the defaults that remain.

This example shows the Injection Debug Logs when the ESA accepts mail from a server.

Note: The Injection Debug Logs and the Domain Debug Logs are similar to the mail_logs, so you can use the
grep and tail commands.

Sent to '10.251.21.203': '220 ironportappliance ESMTP\r\n'

Rcvd from '10.251.21.203': 'EHLO outgoing.example.com\r\n'

Sent to '10.251.21.203': '250−nibbles.run\r\n250−8BITMIME\r\n250

SIZE 104857600\r\n'

Rcvd from '10.251.21.203': 'MAIL FROM:<jsmith@example.com>\r\n'