Hi Libin

Thx for the reply

Not sure if I need to turn on the download locally option in the UI somewhere..

the mail subscriptions were working correctly till the time we tried to push the mail_logs to a syslog server

The push did not work as expected and we had to revert back the settings to "Manually Download logs from <hostname> and provided mail as the log file name again

I even did a manual rollover and now cannot have the mail.current file to tail the mail_logs

Can you provide some screenshots of where I could specify the log download options

That would explain the behavior. If you are currently using syslog server for the mail_logs the device would no longer store a local copy of the mail_logs.

You could configure another copy of the mail_logs under System Administration -> Log Subscriptions with the manual download option selected. (screenshot attached)

The same steps can be used to change back from syslog to local storage for the logs.

- Libin V

Thx Libin,

Its working now

Wondering if there is lag from the time the log subscriptions is enabled for the mail_logs.. appeared like it started to work after the log files got populated and reached a specific size

Also had a upgrade question for the async os upgrade  in our env. We are looking to move all the below to aysncOS 10.x is moving to 10.x directly supported and if so is there a sequence that we should follow for updating . As you can see we r running a mix of Async OS's on various ironports

We don’t run a clustered env.

We currently run the following

Model: M670

Version: 7.2.2-110

Product: Cisco IronPort C370 Messaging Gateway(tm) Appliance- Non Clustered

Model: C370

Version: 8.0.1-023

Product: Cisco C100V Email Security Virtual Appliance

Model: C100V

Version: 8.0.0-671

Product UDI: C170 V04 FTX1743M008

Name: C170

Product: Cisco IronPort C170 Messaging Gateway(tm) Appliance

Model: C170

Version: 8.5.6-092

Thx for all the inputs and appreciate it

All of those will require multiple upgrades to get to 10. I just RMA'd a 370, replacement shipped with 7.5, I had to hit 8.x, 9.x and then 10.x. (8.0.1, 9.7.1, 10.0.2)

If you go to upgrade each box (System Administration/System Upgrade, click on Upgrade Options...), it will tell you what your first upgrade option is, I just picked the highest option each time, until I got to the version I needed. 

For the mail_logs the logs would be pushed as per the configured rollover size or time configured, however you would not be able to grep or tail the mail_logs until it is set to manual download.

As Ken mentioned it would be a step by step upgrade to get to the latest release.

You can confirm the upgrade paths by reviewing the release notes for the SMA and ESA devices.

http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-release-notes-list.html

http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html

Also to ensure the SMA and ESA are on compatible releases below is the compatibility matrix.

https://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/SMA-ESA-WSA_Compatibility.pdf

Start off by upgrading to the latest release displayed when you attempt to upgrade the devices from System Administration -> System Upgrade and then the next set of upgrades would become available.

- Libin V