×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ESA Authentication Log

Unanswered Question
Dec 7th, 2011
User Badges:

Hi all,


We have two IronPort Email Security Appliances and one Management Security Appliance.  I just took a look at the authentication log on one of my ESAs and I saw that the user "smaduser" was connecting from the MSA every few seconds.  This makes sense - the MSA has to check for message tracking information, etc. - but it makes the signal/noise ratio in the log extremely high.  Is there any way to keep the ESA from logging this normal activity or would we have to filter it out after FTP'ing the log from the device?


Thanks,

- Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Enrico Werner Thu, 12/08/2011 - 02:27
User Badges:

Hi Steve,


you can try changing the log level of the authentication log by running the command logconfig on the CLI. Select EDIT and the authentication log file. The log level will be most likely 3 Information. You can try chaning it to 2 Warning and see if that helps.


Log level:

1. Critical

2. Warning

3. Information

4. Debug

5. Trace


Otherwise you will need to filter it out once downloaded from the appliance.


Regards,

Enrico

Actions

This Discussion

Related Content