45
Chapter 5 Logging
Log Subscriptions
5-58
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
•
Configuring Host Keys, page 5-74
Configuring Log Subscriptions
Use the Log Subscriptions page on the System Administration menu (or the
logconfig
command in the CLI) to configure a log subscription. Log
subscriptions create log files that store information about AsyncOS activity,
including errors. A log subscription is either retrieved or delivered (pushed) to
another computer. Generally, log subscriptions have the following attributes:
Log Levels
Log levels determine the amount of information delivered in a log. Logs can have
one of five levels of detail. A more detailed setting creates larger log files and puts
more drain on system performance. More detailed settings include all the
messages contained in less detailed settings, plus additional messages. As the
level of detail increases, system performance decreases.
Table 5-33
Log File Attributes
Attribute
Description
Log type
Defines the type of information recorded and the format of
the log subscription. See Table 5-1, “Log Types,” on
page 2 for more information.
Name
Nickname for the log subscription to be used for your
future reference.
Rollover by File Size
The maximum size the file can reach before rolling over.
Rollover by Time
Sets the time interval for file rollovers.
Log level
Sets the level of detail for each log subscription.
Retrieval method
Defines how the log subscription will be obtained from the
Cisco IronPort appliance.
Log filename
Used for the physical name of the file when written to
disk. If multiple Cisco IronPort appliances are being used,
the log filename should be unique to identify the system
that generated the log file.
C# Imaging - Scan Barcode Image in C#.NET Recognize PDF-417 2D barcode in .NET WinForms & ASP.NET in .NET WinForms project & ASP.NET web form with C# Mature .NET Code 128 image reader & scanner for C#
extract data from pdf forms; html form output to pdf
43
5-59
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Chapter 5 Logging
Log Subscriptions
Note
Log levels may be selected for all mail log types.
Creating a Log Subscription in the GUI
To create a log subscription,
Step 1
Click Add Log Subscription on the Log Subscription page. The New Log
Subscription page is displayed:
Table 5-34
Log Levels
Log Level
Description
Critical
The least detailed setting. Only errors are logged. Using this
setting will not allow you to monitor performance and other
important activities; however, the log files will not reach
their maximum size as quickly. This log level is equivalent
to the syslog level “Alert.”
Warning
All errors and warnings created by the system. Using this
setting will not allow you to monitor performance and other
important activities. This log level is equivalent to the syslog
level “Warning.”
Information
The information setting captures the second-by-second
operations of the system. For example, connections opened
or delivery attempts. The Information level is the
recommended setting for logs. This log level is equivalent to
the syslog level “Info.”
Debug
Use the Debug log level when you are trying to discover the
cause of an error. Use this setting temporarily, and then
return to the default level. This log level is equivalent to the
syslog level “Debug.”
Trace
The Trace log level is recommended only for developers.
Using this level causes a serious degradation of system
performance and is not recommended. This log level is
equivalent to the syslog level “Debug.”
10
Chapter 5 Logging
Log Subscriptions
5-60
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Figure 5-1
Creating a New Log Subscription
Step 2
Select a log type and enter the log name (for the log directory) as well as the name
for the log file itself.
46
5-61
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Chapter 5 Logging
Log Subscriptions
Step 3
Specify the maximum file size before AsyncOS rolls over the log file as well as a
time interval between rollovers. See Rolling Over Log Subscriptions, page 5-66
for more information on rolling over log files.
Step 4
Select the log level. The available options are Critical, Warning, Information,
Debug, or Trace.
Step 5
Configure the log retrieval method.
Step 6
Submit and commit your changes.
Editing Log Subscriptions
To edit a log subscription:
Step 1
Click the name of the log in the Log Settings column on the Log Subscriptions
page. The Edit Log Subscription page is displayed.
Step 2
Make changes to the log subscription.
Step 3
Submit and commit your changes.
Configuring Global Settings for Logging
The system periodically records system measurements within the IronPort Text
Mail Logs and the IronPort Status Logs. Use the Edit Settings button in the
Global Settings section of the System Administration > Log Subscriptions page
(or the
logconfig -> setup
command in the CLI) to configure:
•
System metrics frequency. This is the amount of time, in seconds, that the
system waits between recording measurements.
•
Whether to record the Message-ID headers.
•
Whether to record the remote response status code.
•
Whether to record the subject header of the original message.
•
A list of headers that should be logged for each message.
All IronPort logs optionally include the following three pieces of data:
1.
Message-ID
31
Chapter 5 Logging
Log Subscriptions
5-62
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
When this option is configured, every message will have its Message ID
header logged, if it is available. Note that this Message-ID may have come
from the received message or may have been generated by AsyncOS itself.
For example:
2.
Remote Response
When this option is configured, every message will have its remote response
status code logged, if it is available. For example:
The remote response string is the human-readable text received after the
response to the DATA command during the delivery SMTP conversation. In
this example, the remote response after the connection host issued the data
command is “queued as 9C8B425DA7.”
Whitespace, punctuation, (and in the case of the 250 response, the OK
characters) are stripped from the beginning of the string. Only whitespace is
stripped from the end of the string. For example, Cisco IronPort appliances,
by default, respond to the DATA command with this string: 250 Ok: Message
MID accepted. So, the string “Message MID accepted” would be logged if the
remote host were another Cisco IronPort appliance.
3.
Original Subject Header
Tue Apr 6 14:38:34 2004 Info: MID 1 Message-ID Message-ID-Content
Tue Apr 6 14:38:34 2004 Info: MID 1 RID [0] Response 'queued as
9C8B425DA7'
[...]
250 ok hostname
250 Ok: queued as 9C8B425DA7
32
5-63
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Chapter 5 Logging
Log Subscriptions
When this option is enabled, the original subject header of each message is
included in the log.
Logging Message Headers
In some cases, it is necessary to record the presence and contents of a message’s
headers as they pass through the system. You specify the headers to record in the
Log Subscriptions Global Settings page (or via the
logconfig
->
logheaders
subcommand in the CLI). The Cisco IronPort appliance records the specified
message headers in the IronPort Text Mail Logs, the IronPort Delivery Logs, and
the IronPort Bounce Logs. If the header is present, the system records the name
of the header and the value. If a header is not present, nothing is recorded in the
logs.
Note
The system evaluates all headers that are present on a message, at any time during
the processing of the message for recording, regardless of the headers specified
for logging.
Note
The RFC for the SMTP protocol is located at
http://www.faqs.org/rfcs/rfc2821.html
and defines user-defined headers.
Tue May 31 09:20:27 2005 Info: Start MID 2 ICID 2
Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 From: <mary@example.com>
Tue May 31 09:20:27 2005 Info: MID 2 ICID 2 RID 0 To: <joe@example.com>
Tue May 31 09:20:27 2005 Info: MID 2 Message-ID '<44e4n$2@example.com>'
Tue May 31 09:20:27 2005 Info: MID 2 Subject 'Monthly Reports Due'
26
Chapter 5 Logging
Log Subscriptions
5-64
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Note
If you have configured headers to log via the
logheaders
command, the header
information appears after the delivery information:
For example, specifying “date, x-subject” as headers to be logged will cause the
following line to appear in the mail log:
Configuring Global Settings for Logging via the GUI
To configure global settings for logging,
Step 1
Click the Edit Settings button in the Global Settings section of the Log
Subscriptions page. The Log Subscriptions Global Settings page is displayed:
Table 5-35
Log Headers
Header name
Name of the header
Value
Contents of the logged header
Tue May 31 10:14:12 2005 Info: Message done DCID 0 MID 3 to RID [0]
[('date', 'Tue, 31 May 2005 10:13:18 -0700'), ('x-subject', 'Logging this
header')]
15
5-65
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Chapter 5 Logging
Log Subscriptions
Figure 5-2
Configuring Log Subscriptions Global Settings
Step 2
Specify the system measurement frequency, whether to include Message-ID
headers in mail logs, whether to include the remote response, and whether to
include the original subject header of each message.
Step 3
Enter any other headers you wish to include in the logs.
Step 4
Submit and commit your changes.
44
Chapter 5 Logging
Log Subscriptions
5-66
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Rolling Over Log Subscriptions
To prevent log files on the appliance from becoming too large, AsyncOS performs
a “rollover” and archives a log file when it reaches a user-specified maximum file
size or time interval and creates a new file for incoming log data. Based on the
retrieval method defined for the log subscription, the older log file is stored on the
appliance for retrieval or delivered to an external computer. See Log Retrieval
Methods, page 5-10 for more information on how to retrieve log files from the
appliance.
When AsyncOS rolls over a log file, it performs the following actions:
•
Renames the current log file with the timestamp of the rollover and a letter
“
s
” extension signifying saved.
•
Creates a new log file and designates the file as current with the “
current
”
extension.
•
Transfers the newly saved log file to a remote host (if using the push-based
retrieval method).
•
Transfers any previously unsuccessful log files from the same subscription (if
using the push-based retrieval method).
•
Deletes the oldest file in the log subscription if the total number of files to
keep on hand has been exceeded (if using the poll-based retrieval method).
You define a log subscription’s rollover settings when creating or editing the
subscription using the System Administration > Log Subscriptions page in the
GUI or the
logconfig
command in the CLI. The two settings available for
triggering a log file rollover are:
•
A maximum file size.
•
A time interval.
Figure 5-3 shows the rollover settings available for log subscriptions in the GUI.
Documents you may be interested
Documents you may be interested
