Cisco Cisco Email Security Appliance C160 Mode D'Emploi
38-15
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 38 Logging
Log Types
Using Delivery Logs
Delivery logs record critical information about the email delivery operations of AsyncOS. The log
messages are “stateless,” meaning that all associated information is recorded in each log message and
users need not reference previous log messages for information about the current delivery attempt.
messages are “stateless,” meaning that all associated information is recorded in each log message and
users need not reference previous log messages for information about the current delivery attempt.
The delivery log records all information pertaining to email delivery operations for each recipient. All
information is laid out in a logical manner and is human-readable after conversion using a utility
provided by Cisco. The conversion tools are located at:
information is laid out in a logical manner and is human-readable after conversion using a utility
provided by Cisco. The conversion tools are located at:
http://support.ironport.com
Delivery logs are recorded and transferred in a binary format for resource efficiency. Information
recorded in delivery logs is shown in the following table:
recorded in delivery logs is shown in the following table:
Wed Feb 14 12:11:40 2007 Info: MID 2317877 Subject 'Envision your dream home - Now make
it a reality'
Wed Feb 14 12:11:40 2007 Info: MID 2317877 ready 15731 bytes from <HLD@chasehf.bfi0.com>
Wed Feb 14 12:11:40 2007 Info: MID 2317877 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Wed Feb 14 12:11:41 2007 Info: MID 2317877 using engine: CASE spam suspect
Wed Feb 14 12:11:41 2007 Info: EUQ: Tagging MID 2317877 for quarantine
Wed Feb 14 12:11:41 2007 Info: MID 2317877 antivirus negative
Wed Feb 14 12:11:41 2007 Info: MID 2317877 queued for delivery
Wed Feb 14 12:11:44 2007 Info: RPC Delivery start RCID 756814 MID 2317877 to local
IronPort Spam Quarantine
Wed Feb 14 12:11:45 2007 Info: EUQ: Quarantined MID 2317877
Wed Feb 14 12:11:45 2007 Info: RPC Message done RCID 756814 MID 2317877
Wed Feb 14 12:11:45 2007 Info: Message finished MID 2317877 done
Table 38-7
Delivery Log Statistics
Statistic
Description
Delivery status
Success (message was successfully delivered) or bounce (message was hard bounced)
Del_time
Delivery time
Inj_time
Injection time.
del_time
-
inj_time
= time the recipient message stayed in the queue
Bytes
Message size
Mid
Message ID
Ip
Recipient host IP. The IP address of the host that received or bounced the recipient
message
message
From
Envelope From, also known as Envelope Sender or MAIL FROM
Source_ip
Source host IP. The IP address of the host of the incoming message