Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Backup and restore logs, quarantines cisco ironport c170

Hello,

Is there anyway to backup and restore logs and quarantine to another ironport c170? 

Thanks in advance.

Alexandre

1 ACCEPTED SOLUTION

Accepted Solutions

Backup and restore logs, quarantines cisco ironport c170

Hello Alexandre,

logs can easily be downloaded via FTP or SCP, there is a folder per logs subscription, i.e.

/mail_logs

/system_logs

/error_logs

Each folder contains multiple logs, thos e are with extention .s are the ones that have rolled over, while .c and .current are the ones currently written to. I would not recommend to upload them to another appliance, as this may cause problems or at least confusion. Quarantines cannot be backed up, that functionality is limited to SMAs (M-series).

Hope that helps,

Andreas

11 REPLIES

Backup and restore logs, quarantines cisco ironport c170

Hello Alexandre,

logs can easily be downloaded via FTP or SCP, there is a folder per logs subscription, i.e.

/mail_logs

/system_logs

/error_logs

Each folder contains multiple logs, thos e are with extention .s are the ones that have rolled over, while .c and .current are the ones currently written to. I would not recommend to upload them to another appliance, as this may cause problems or at least confusion. Quarantines cannot be backed up, that functionality is limited to SMAs (M-series).

Hope that helps,

Andreas

New Member

Re: Backup and restore logs, quarantines cisco ironport c170

Hi Andreas,

Thanks for your prompt response.

Moreoever, how can exploit this logs (e.g : /mail_logs, /system_logs, /error_logs) in the best and most efficient way ? (eq: Cisco tools...)

Best regards,

Alexandre

Re: Backup and restore logs, quarantines cisco ironport c170

Hello Alexandre,

the logs are normal text files that you can open with any text editor, or grep as usual from any command line. There is also the findevent command available for download:

https://supportforums.cisco.com/docs/DOC-9075

On the same link, there is also a tool called spamtowho.exe, which you can use for statistics, reporting, etc. on Cisco IronPort mail logs.

Hope that helps,

Andreas

New Member

Re: Backup and restore logs, quarantines cisco ironport c170

Is there any procedure to backup the logs?

Cisco Employee

Re: Backup and restore logs, quarantines cisco ironport c170

Hi,

 

You can use FTP or SCP to access the appliance and download the logs to your system.

 

You can also navigate to System Administration -> Log Subscriptions -> Click on a log to modify -> Retrieval Method -> To push the logs to a different server.

 

- Libin V

New Member

Re: Backup and restore logs, quarantines cisco ironport c170

Thank you Libin. Do you have an idea how can we access the root of WSA? because we're still getting the logging disk high utilization.

Cisco Employee

Re: Backup and restore logs, quarantines cisco ironport c170

I do not think root access is available for end customers, at least that is the case for ESA.

 

I would recommend opening a case with TAC to get that reviewed.

 

It would be best to have an engineer check if the high disk usage is due to a defect before you decide on deleting logs.

 

- Libin V

 

 

Re: Backup and restore logs, quarantines cisco ironport c170

There is no "root" access available to on the WSA.

The logs get imported into the reporting db for reports and then are kept until they age out/ rollover.

To address space issues on the logging disk, you can set the logs to compress, tell it to keep fewer logs, rotate them faster and just delete them via ftp....


New Member

Re: Backup and restore logs, quarantines cisco ironport c170

Thank you Ken for the information. Right now our logging disk is 97%, and we would like to know what causes the high utilization of logging disk?

Re: Backup and restore logs, quarantines cisco ironport c170

It's a balancing act between the amount of traffic you have and the length of time you keep the logs.



Nothing is "broken" or "wrong" you've just outgrown the default config on a C170.

Assuming its still fast enough for you, you'll need to tweak the log settings.






New Member

Re: Backup and restore logs, quarantines cisco ironport c170

Thanks Ken,

 

How can we tweak the settings? 

3241
Views
0
Helpful
11
Replies
CreatePlease login to create content