We have two IronPort Email Security Appliances and one Management Security Appliance. I just took a look at the authentication log on one of my ESAs and I saw that the user "smaduser" was connecting from the MSA every few seconds. This makes sense - the MSA has to check for message tracking information, etc. - but it makes the signal/noise ratio in the log extremely high. Is there any way to keep the ESA from logging this normal activity or would we have to filter it out after FTP'ing the log from the device?
you can try changing the log level of the authentication log by running the command logconfig on the CLI. Select EDIT and the authentication log file. The log level will be most likely 3 Information. You can try chaning it to 2 Warning and see if that helps.
Otherwise you will need to filter it out once downloaded from the appliance.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...