Message body logged anywhere?

Unanswered Question
Jun 4th, 2009

Hi Guys,

Just wondering if the message body is logged anywhere on the Ironport (C150 model in my case). If it is not by default is there a way to enable this feature?

Regards,
R.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Thu, 06/04/2009 - 22:12

By default, the mail_log file does not log the entire message body. Whether in INFO or DEBUG mode, the message body will not be logged.

However, there is a message filter action called "archive();" that will capture the entire message. However, we don't recommend you activate the "archive()" function for every email.

Maybe it should be done for specific reasons, if the message body contained HIPAA terms or privacy terms, etc.

Here is an explanation of the 'archive()' action from the AsyncOS advanced user guide:


Archive Action
The archive action saves a copy of the original message, including all message headers and
recipients into an mbox-format file on the appliance. The action takes a parameter that is the
name of the log file in which to save the message. The system automatically creates a log
subscription with the specified filename when you create the filter, or you can also specify an
existing filter log file. After the filter and the filter log file are created, the filter log options may
then be edited with the filters -> logconfig subcommand.
Note — The logconfig command is a subcommand of filters. See “Using the CLI to
Manage Message Filters” on page 269 for a full description of how to use this subcommand.
The mbox format is a standard UNIX mailbox format, and there are many utilities available to
make viewing the messages easier. Most UNIX systems allow you to type
“mail -f mbox.filename” to view the files. The mbox format is in plain text, so you can use a
simple text editor to view the contents of the messages.
In the following example, a copy of the message is saved to a log named joesmith if the
Envelope Sender matches [email protected]:
logJoeSmithFilter:
if(mail-from == [email protected]\\.com$')
{
archive('joesmith');
}




Hi Guys, 

Just wondering if the message body is logged anywhere on the Ironport (C150 model in my case). If it is not by default is there a way to enable this feature?

Regards,
R.
rokeeffe265 Tue, 06/09/2009 - 10:54

Hi Kluu,

Just what I was looking for.
Much appreciated and many thanks.
Ronan.

Actions

This Discussion