Cisco Cisco Email Security Appliance X1070 Guía Para Resolver Problemas
The Cisco Email Security Appliance (ESA) creates a directory for each log subscription based on the log
subscription name.
subscription name.
ESA log file format
The actual name of the log file in the directory is composed of the log filename specified by you, the
timestamp when the log file was started, and a single−character status code.
timestamp when the log file was started, and a single−character status code.
/LogSubscriptionName/LogFilename.@timestamp.statuscode
LogSubscriptionNames can be seen via the logconfig command:
esa.example.com> logconfig
Currently configured logs:
Log Name Log Type Retrieval Interval
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
1. TLStest Injection Debug Logs Manual Download None
2. Test Domain Debug Logs Manual Download None
3. amp AMP Engine Logs Manual Download None
4. amparchive AMP Archive Manual Download None
5. antispam Anti−Spam Logs Manual Download None
6. antivirus Anti−Virus Logs Manual Download None
7. asarchive Anti−Spam Archive Manual Download None
8. authentication Authentication Logs Manual Download None
9. avarchive Anti−Virus Archive Manual Download None
10. bounces Bounce Logs Manual Download None
11. cli_logs CLI Audit Logs Manual Download None
12. encryption Encryption Logs Manual Download None
13. error_logs IronPort Text Mail Logs Manual Download None
Additional Log FIle Extensions
Status codes may show a file extension such as .c (signifying current) or .s (signifying saved)
How can I access the logs?
By default, there are two methods for retrieving your logs that are stored within your ESA: FTP or SCP.