Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
0
Helpful
1
Replies

Ironport logs do not show up IP addresses

yyang00011
Level 1
Level 1

‎05-23-2016 07:30 PM

Hi, does anyone know if we can set up to log email traffic using IP based, not email addresses in Ironport? OR can we log both? Thanks.

Labels:
0 Helpful
1 Reply 1

Raed Boshmaf
Cisco Employee
Cisco Employee

‎05-26-2016 06:49 AM

Hi, mail_logs already logs the sender IP address and sender/recipients email-addresses.

Snippet from the mail_logs "for a test e-mail that i send in our local labs" i used BOLD for the sender IP/sender/recipient. 

Thu May 26 12:24:06 2016 Info: New SMTP ICID 2006 interface management (10.48.78.10) address 10.48.78.35 reverse dns host _ldap._tcp.dc_msdcs.ironport.local verified no
Thu May 26 12:24:06 2016 Info: ICID 2006 ACCEPT SG WHITELIST match 10.48.78.35 SBRS rfc1918
Thu May 26 12:24:06 2016 Info: Start MID 2781 ICID 2006
Thu May 26 12:24:06 2016 Info: MID 2781 ICID 2006 From: <raed@munich.local>
Thu May 26 12:24:06 2016 Info: Alias match: MID 2781 RID 0 recipient raed@amman.local mapped to ['mahmoud@amman.local']
Thu May 26 12:24:06 2016 Info: MID 2781 ICID 2006 RID 0 To: <mahmoud@amman.local>

Check the following How do I search and view the mail logs on the ESA

Regards

Raed

0 Helpful
Customers Also Viewed These Support Documents