Cisco Cisco Email Security Appliance C160 Mode D'Emploi
39-15
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 39 Logging
Log Types
An interesting point to note about ‘rewritten’ entries is that they can appear after lines in the log
indicating use of the new MID.
indicating use of the new MID.
Messages Sent to the Spam Quarantine
When you send a message to the quarantine, the mail logs track the movement to and from the quarantine
using the RCID (RPC connection ID) to identify the RPC connection. In the following mail log, a
message is tagged as spam, and sent to the Spam Quarantine:
using the RCID (RPC connection ID) to identify the RPC connection. In the following mail log, a
message is tagged as spam, and sent to the Spam Quarantine:
Using Delivery Logs
Delivery logs record critical information about the email delivery operations of AsyncOS. The log
messages are “stateless,” meaning that all associated information is recorded in each log message and
users need not reference previous log messages for information about the current delivery attempt.
messages are “stateless,” meaning that all associated information is recorded in each log message and
users need not reference previous log messages for information about the current delivery attempt.
The delivery log records all information pertaining to email delivery operations for each recipient. All
information is laid out in a logical manner and is human-readable after conversion using a utility
provided by Cisco. The conversion tools are located at:
information is laid out in a logical manner and is human-readable after conversion using a utility
provided by Cisco. The conversion tools are located at:
http://support.ironport.com
Wed Feb 14 12:11:40 2007 Info: Start MID 2317877 ICID 15726925
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 From: <HLD@chasehf.bfi0.com>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ICID 15726925 RID 0 To:
<stevel@healthtrust.org>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 Message-ID
'<W1TH05606E5811BEA0734309D4BAF0.323.14460.pimailer44.DumpShot.2@email.chase.com>'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 Subject 'Envision your dream home - Now make
it a reality'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ready 15731 bytes from <HLD@chasehf.bfi0.com>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Wed Feb 14 12:11:41 2007 Info: MID 2317877 using engine: CASE spam suspect
Wed Feb 14 12:11:41 2007 Info: EUQ: Tagging MID 2317877 for quarantine
Wed Feb 14 12:11:41 2007 Info: MID 2317877 antivirus negative
Wed Feb 14 12:11:41 2007 Info: MID 2317877 queued for delivery
Wed Feb 14 12:11:44 2007 Info: RPC Delivery start RCID 756814 MID 2317877 to local
IronPort Spam Quarantine
Wed Feb 14 12:11:45 2007 Info: EUQ: Quarantined MID 2317877
Wed Feb 14 12:11:45 2007 Info: RPC Message done RCID 756814 MID 2317877
Wed Feb 14 12:11:45 2007 Info: Message finished MID 2317877 done