I would like to know how we can go about the configuration of the retention period of the message details under the message tracking of our email security appliance. If the configuration is possible please let me know the procedure how to do it, however if it is impossible I would appreciate if you could send me a documentation from Cisco the default retention period for message tracking details as well as the document that provides information that retention period is not configurable.
The ESA model version is C370 and is currently configured to use the Local Tracking for Message Tracking Service Settings. We cannot use the Centralized Tracking as we do not have the Security Management Appliance. The currently AsyncOS version is 7.6.1-022 and the latest available upgrade is the AsyncOS 8.0.1 build 023.
Tracking logs record information about the email operations of AsyncOS. The log messages are a subset of the messages recorded in the mail logs. The tracking logs are used by the message tracking component to build the message tracking database.
You can view how much space is consumed by the 'diagnostic' command on the CLI: > diagnostic
Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities. - REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. > disk_usage
Services Disk Usage (GB) Quota(GB) ---------------------------------------------------------- Spam Quarantine 0.0 2.5 Reporting 0.0 17.0 Tracking 0.0 20.0 Total 0.1 39.5
On the ESA - there is not an option to reallocate disk quota/size for the services.
Depending on the model of appliance, message tracking data is limited to the quota. Once the quota is met/full - oldest data is rolled off accordingly: VM: 10G C150/C160/C170: 10G C350/C360/C370: 20G C650/C660/C670: 50G X1050/X1060/X1070: 50G
If you are looking to extend message tracking retention times - you would best be served by assuring that your mail_logs are pushed off-appliance, and stored on a syslog server.
I hope this helps!
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...