Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Injection debug logs record the SMTP conversation between the Email Security appliance and a 
specified host connecting to the system. Injection debug logs are useful for troubleshooting 
communication problems between the Email Security appliance and a client initiating a connection from 
the Internet. The log records all bytes transmitted between the two systems and classifies them as “Sent 
to” the connecting host or “Received from” the connecting host.

You must designate the host conversations to record by specifying an IP address, an IP range, hostname, 
or partial hostname. Any connecting IP address within an IP range will be recorded. Any host within a 
partial domain will be recorded. The system performs reverse DNS lookups on connecting IP addresses 
to convert to hostnames. IP addresses without a corresponding PTR record in DNS will not match 
hostnames.

You must also specify the number of sessions to record.

Each line within an Injection Debug log contains the following information in 

.

Sat Dec 21 02:37:22 2003 Info: 102503993 Sent: 'MAIL FROM:<daily@dailyf-y-i.net>'

Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'

Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'RCPT TO:<LLLSMILE@aol.com>'

Sat Dec 21 02:37:23 2003 Info: 102503993 Rcvd: '250 OK'

Sat Dec 21 02:37:23 2003 Info: 102503993 Sent: 'DATA'

Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '354 START MAIL INPUT, END WITH "." ON A 

LINE BY ITSELF'

Sat Dec 21 02:37:24 2003 Info: 102503993 Rcvd: '250 OK'

Time that the bytes were transmitted

The Injection Connection ID is a unique identifier that can be tied to the same 
connection in other log subscriptions

Lines marked with “Sent to” are the actual bytes sent to the connecting host. Lines 
marked with “Received from” are the actual bytes received from the connecting 
host

IP address of the connecting host