Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Logging of URL-related logs is disabled by default. This includes the logs for the following events:

Category of any URL in the message matches the URL category filters

Reputation score of any URL in the message matches URL reputation filters

Outbreak Filter rewrites any URL in the message

Use the 

outbreakconfig

 command in CLI to enable the logging of these events.

The following example shows how to enable logging of URLs using the 

outbreakconfig

 command

mail.example.com> outbreakconfig

Outbreak Filters: Enabled

Choose the operation you want to perform:

- SETUP - Change Outbreak Filters settings.

[]> setup

Outbreak Filters: Enabled

Would you like to use Outbreak Filters? [Y]>

Outbreak Filters enabled.

Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back 

down below), meaning that new messages of

certain types could be quarantined or will no longer be quarantined, respectively.

Would you like to receive Outbreak Filter alerts? [N]>

What is the largest size message Outbreak Filters should scan?

[524288]>

Do you want to use adaptive rules to compute the threat level of messages? [Y]>

Logging of URLs is currently disabled.

Do you wish to enable logging of URL's? [N]> Y

Logging of URLs has been enabled.

The Outbreak Filters feature is now globally enabled on the system.  You must use the 

'policyconfig' command in the CLI or the Email

Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and 

Outgoing Mail Policies.

Choose the operation you want to perform:

- SETUP - Change Outbreak Filters settings.

[]>