Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
15-24
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 15 Logging
Log Subscriptions
Editing Log Subscriptions
Procedure
Step 1
Click the name of the log in the Log Name column on the Log Subscriptions page.
Step 2
Update the log subscription.
Step 3
Submit and commit your changes.
Configuring Global Settings for Logging
The system periodically records system metrics within text mail logs and status logs. Use the Edit
Settings button in the Global Settings section of the Log Subscriptions page (or the
Settings button in the Global Settings section of the Log Subscriptions page (or the
logconfig -> setup
command in the CLI) to configure:
•
The amount of time, in seconds, that the system waits between recording metrics
•
Whether to record the Message ID headers
•
Whether to record the remote response status code
•
Whether to record the subject header of the original message
•
The headers that should be logged for each message
All Cisco Content Security appliance logs optionally include the following three items:
•
Message-ID: When this option is configured, every message will have its Message ID header logged,
if it is available. This Message ID may have come from the received message or may have been
generated by AsyncOS. For example:
if it is available. This Message ID may have come from the received message or may have been
generated by AsyncOS. For example:
Tue Apr 6 14:38:34 2004 Info: MID 1 Message-ID Message-ID-Content
•
Remote Response: When this option is configured, every message will have its remote response
status code logged, if it is available. For example:
status code logged, if it is available. For example:
Tue Apr 6 14:38:34 2004 Info: MID 1 RID [0] Response 'queued as 9C8B425DA7'
The remote response string is the human-readable text received after the response to the DATA
command during the delivery SMTP conversation. In this example, the remote response after the
connection host issued the data command is “queued as 9C8B425DA7.”
command during the delivery SMTP conversation. In this example, the remote response after the
connection host issued the data command is “queued as 9C8B425DA7.”
[...]
250 ok hostname
250 Ok: queued as 9C8B425DA7
White space, punctuation, and, in the case of the 250 response, the OK characters are stripped from
the beginning of the string. Only white space is stripped from the end of the string. For example,
Cisco Content Security appliances, by default, respond to the DATA command with this string:
the beginning of the string. Only white space is stripped from the end of the string. For example,
Cisco Content Security appliances, by default, respond to the DATA command with this string:
250
Ok: Message MID accepted
. So, the entry “Message MID accepted” would be logged if the remote
host were another Cisco Content Security appliance.
•
Original Subject Header: When this option is enabled, the original subject header of each message
is included in the log.
is included in the log.
Tue May 31 09:20:27 2005 Info: Start MID 2 ICID 2
Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 From: <mary@example.com>
Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 RID 0 To: <joe@example.com>