Delete mail message information from logs according MID

Unanswered Question
Feb 25th, 2009
User Badges:

Hi,
I am interesting if any way exists to delete specific message (according MID) from IronPort mail logs .
The problem: VIP user send mail message with very sensitive information (in message subject) and we want to delete this specific message from any IronPort logs, because our HelpDesk have access to message tracking and we really don't want that HelpDesk can see subject (even accidentally)

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kyerramr Thu, 02/26/2009 - 03:46
User Badges:

This can be achieved by connecting to the appliance interface through ftp and verify the log file containing this MID and delete this file from the box.

igor.karasik Thu, 02/26/2009 - 04:12
User Badges:

Do you mean mail_logs folder ?

Do message tracking take information from this folder ?

Thanks

Donald Nash Thu, 02/26/2009 - 16:12
User Badges:

I'm going to point out the obvious here and say that if the information is sensitive then it shouldn't be in the subject line. It should be in the message body only, and the message body encrypted. Trying to delete evidence after the fact is a losing battle. You have to delete the entire log file, and thus lose all the other valuable logging information as well. And I'm fairly certain that this does not remove it from the message tracking database.

igor.karasik Fri, 02/27/2009 - 13:15
User Badges:


I'm going to point out the obvious here and say that if the information is sensitive then it shouldn't be in the subject line. .


Yes, I know.

But sometimes VIP persons don't think twice before sending sensitive information in mail subject :-(

Anyway, I deleted entire log file from mail_logs and now message tracking doesn't find this message.
Donald Nash Fri, 02/27/2009 - 16:21
User Badges:


But sometimes VIP persons don't think twice before sending sensitive information in mail subject

Ah, so this was an actual problem that needed remediating, rather than a hypothetical situation.

You know, VIPs get away stuff that would get peons like us in trouble. Too bad they can't be held to the same standard of accountability.

Anyway, I deleted entire log file from mail_logs  and now message tracking doesn't find this message.

That surprises me, but I'm glad it worked for you.
kyerramr Tue, 03/10/2009 - 01:24
User Badges:

Also, another way to do this is delete the tracking db.

Note: This would delete all the tracking info.

xxxxxx> diagnostic


Choose the operation you want to perform:
- RAID - Disk Verify Utility.
- DISK_USAGE - Check Disk Usage.
- NETWORK - Network Utilities.
- REPORTING - Reporting Utilities.
- TRACKING - Tracking Utilities.
[]> tracking


Choose the operation you want to perform:
- DELETEDB - Reinitialize the tracking database.
- DEBUG - Gather debug information.
[]> deletedb

Actions

This Discussion