Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
14-11
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 14 Logging
Cisco IronPort Spam Quarantine GUI Log Example
In this example, the log shows a successful authentication, login, and logout:
Using Cisco IronPort Text Mail Logs
These logs contain details of email receiving, email delivery, and bounces. Status information is also
written to the mail log every minute. These logs are a useful source of information to understand delivery
of specific messages and to analyze system performance.
written to the mail log every minute. These logs are a useful source of information to understand delivery
of specific messages and to analyze system performance.
These logs do not require any special configuration. However, you must configure the system properly
to view attachment names, and attachment names may not always be logged. For specifics, see
to view attachment names, and attachment names may not always be logged. For specifics, see
.
shows the information displayed in text mail logs.
Sample
Use the following sample as a guide to interpret log files.
Table 14-10
Cisco IronPort Spam Quarantine GUI Log Example
Fri Aug 11 22:05:28 2006 Info: ISQ: Serving HTTP on 192.168.0.1, port 82
Fri Aug 11 22:05:29 2006 Info: ISQ: Serving HTTPS on 192.168.0.1, port 83
Fri Aug 11 22:08:35 2006 Info: Authentication OK, user admin
Fri Aug 11 22:08:35 2006 Info: logout:- user:pqufOtL6vyI5StCqhCfO
session:10.251.23.228
Fri Aug 11 22:08:35 2006 Info: login:admin user:pqufOtL6vyI5StCqhCfO
session:10.251.23.228
Fri Aug 11 22:08:44 2006 Info: Authentication OK, user admin
Table 14-11
Text Mail Log Statistics
Statistic
Description
ICID
Injection Connection ID. This is a numerical identifier for an individual SMTP
connection to the system. A single message or thousands of individual messages can
be sent over one SMTP connection to the system.
connection to the system. A single message or thousands of individual messages can
be sent over one SMTP connection to the system.
DCID
Delivery Connection ID. This is a numerical identifier for an individual SMTP
connection to another server, for delivery of one to thousands of messages, each with
some or all of its RIDs being delivered in a single message transmission.
connection to another server, for delivery of one to thousands of messages, each with
some or all of its RIDs being delivered in a single message transmission.
RCID
RPC Connection ID. This is a numerical identifier for an individual RPC connection
to the Cisco IronPort Spam Quarantine. It is used to track messages as they are sent
to and from the Cisco IronPort Spam Quarantine.
to the Cisco IronPort Spam Quarantine. It is used to track messages as they are sent
to and from the Cisco IronPort Spam Quarantine.
MID
Message ID: Use this to track messages as they flow through the logs.
RID
Recipient ID. Each message recipient is assigned an ID.
New
New connection initiated.
Start
New message started.