We have two IronPort Email Security Appliances and one Management Security Appliance. I just took a look at the authentication log on one of my ESAs and I saw that the user "smaduser" was connecting from the MSA every few seconds. This makes sense - the MSA has to check for message tracking information, etc. - but it makes the signal/noise ratio in the log extremely high. Is there any way to keep the ESA from logging this normal activity or would we have to filter it out after FTP'ing the log from the device?