Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ESA want to retreive logs via cli

hi,

 

i want to retrieve  message tracking logs via cli

 

 

Can some body let me know the procedure

1 REPLY
Cisco Employee

Retrieve as in FTP copy them?

Retrieve as in FTP copy them?  Or retrieve as in setup syslog to push the logs off to a local syslog server?

Message tracking cannot be retrieved from CLI.  Only the mail_logs --- which are used to compile the message tracking DB on the appliance(s).

From the User Guide, 34-36:
Tracking logs record information about the email operations of AsyncOS. The log messages are a subset of the messages recorded in the mail logs.  The tracking logs are used by the message tracking component to build the message tracking database.
 

If you are trying to get the mail_logs...

You'll need to configure your logs via CLI: 'logconfig' or GUI: System Administration -> Log Subscriptions.  Edit, or suggested to create a new/copy of the log you are needing off-appliance, and set the push as needed per your environment ---

From the User Guide, 34-6:

Log Retrieval Methods
Log files can be retrieved based upon one of the following file transfer protocols. You set the protocol while creating or editing the log subscription in the GUI or via the logconfig command during the log subscription process.

Log Transfer Protocols

Manually Download
This method lets you access log files at any time by clicking a link to the log directory on the Log Subscriptions page, then clicking the log file to access. Depending on your browser, you can view the file in a browser window, or open or save it as a text file. This method uses the HTTP(S) protocol and is the default retrieval method.
NoteUsing this method, you cannot retrieve logs for any computer in a cluster, regardless of level (machine, group, or cluster), even if you specify this method in the CLI.

FTP Push
This method periodically pushes log files to an FTP server on a remote computer. The subscription requires a username, password, and destination directory on the remote computer. Log files are transferred based on a rollover schedule set by you.

SCP Push
This method periodically pushes log files to an SCP server on a remote computer. This method requires an SSH SCP server on a remote computer using the SSH1 or SSH2 protocol. The subscription requires a username, SSH key, and destination directory on the remote computer. Log files are transferred based on a rollover schedule set by you.

Syslog Push
This method sends log messages to a remote syslog server. This method conforms to RFC 3164. You must submit a hostname for the syslog server and choose to use either UDP or TCP for log transmission. The port used is 514. A facility can be selected for the log; however, a default for the log type is pre-selected in the dropdown menu. Only text-based logs can be transferred using syslog push.

 

If you are wanting to just copy over a specific set of logs for a one-time review or to provide... then, assure that FTP is enabled on the interface.  Then, using standard CLI from your desktop - ftp <IP/hostname>.  You'll be in the /configuration directory when you finish authenticating onto your appliance.  After - just simply use standard FTP commands to retrieve the log files you are after.

Ex.

$ ftp myesa
Connected to myesa.
220 myesa.local Cisco IronPort FTP server (V8.0.1) ready
Name (myesa:robsherw): admin
331 Password required.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (XXX,16,6,165,16,243)
150 Opening ASCII mode data connection for file list
drwxrwx---   4 root     config       1024 Apr 25 10:02 configuration
drwxrwx---   2 root     config        512 Jun  2  2013 captures
drwxrwx---   2 root     config        512 Jun  2  2013 diagnostic
drwxrwx---   2 root     log           512 Apr 25 09:58 upgrade_logs
drwxrwx---   2 root     log          1024 Apr 25 09:58 authentication
drwxrwx---   2 root     log           512 Apr 25 09:58 system_logs
drwxrwx---   2 root     log           512 Apr 25 09:58 cli_logs
drwxrwx---   2 root     log           512 Apr 25 09:58 trackerd_logs
drwxrwx---   2 root     log           512 Apr 25 09:58 reportd_logs
drwxrwx---   2 root     log           512 May  2 15:35 slbl_db
drwxrwx---   2 root     log           512 Apr 25 09:58 ftpd_logs
drwxrwx---   2 root     log           512 Apr 25 09:58 euq_logs
drwxrwx---   2 root     log           512 Apr 25 09:59 updater_logs
drwxrwx---   2 root     log           512 Apr 25 09:59 euqgui_logs
drwxrwx---   2 root     log           512 Apr 25 10:01 reportqueryd_logs
drwxrwx---   2 root     log           512 Apr 25 10:02 mail_logs
drwxrwx---   2 root     log           512 Apr 25 10:02 status
drwxrwx---   2 root     log          1024 Apr 25 10:02 asarchive
drwxrwx---   2 root     log           512 Apr 25 10:02 bounces
drwxrwx---   2 root     log           512 Apr 25 10:02 error_logs
drwxrwx---   2 root     log          1024 Apr 25 10:02 avarchive
drwxrwx---   2 root     log           512 Apr 25 10:02 crash_archive
drwxrwx---   2 root     log           512 Apr 25 10:03 sntpd_logs
drwxrwx---   2 root     log           512 Apr 25 09:59 gui_logs
drwxrwx---   2 root     log          1024 Apr 25 10:04 scanning
drwxrwx---   2 root     log           512 Apr 25 10:04 antispam
drwxrwx---   2 root     log           512 Apr 25 10:04 repeng
drwxrwx---   2 root     log           512 Apr 25 10:04 antivirus
drwxrwx---   2 root     log           512 Apr 25 10:04 encryption
drwxrwx---   2 root     log           512 Jan 23 10:55 domain
drwxrwx---   2 root     log          1024 Feb 27 21:21 domain_3
drwxrwx---   2 root     log           512 Jan 23 10:55 domain_2
drwxrwx---   2 root     log           512 Apr 25 09:58 slbld_logs
drwxrwx---   2 root     log           512 May  2 15:35 slbl_isq_db
drwxr-xr-x   3 root     log           512 Feb  6 00:00 periodic_reports
drwxrwx---   2 root     log           512 Apr 25 09:58 snmp_logs
 
You can then use standard FTP/UNIX commands to navigate through the directory structure, cd mail_logs, for example and mget the files.
 
Ex.
ftp> cd mail_logs
250 CWD command successful.
ftp> ls
227 Entering Passive Mode (XXX,16,6,165,13,125)
150 Opening ASCII mode data connection for file list
-rw-rw----   2 root     log       1399268 May  6 15:33 mail.current
-rw-rw----   2 root     log       1399268 May  6 15:33 mail.@20140425T100233.c
-rw-rw----   1 root     log        145117 Feb 10 11:58 mail.@20140210T091956.c
-rw-rw----   1 root     log        167043 Feb 11 12:03 mail.@20140211T090246.c
-rw-rw----   1 root     log       1943018 Mar  4 14:14 mail.@20140227T094039.c
-rw-rw----   1 root     log       2404319 Feb 27 09:40 mail.@20140211T124239.s
-rw-rw----   1 root     log       1822273 Mar 20 11:58 mail.@20140304T151809.c
-rw-rw----   1 root     log          1267 Mar  4 14:40 mail.@20140304T142732.s
-rw-rw----   1 root     log       3415936 Apr 24 12:55 mail.@20140325T090800.c
-rw-rw----   1 root     log         67740 Mar 24 16:48 mail.@20140324T120910.c
-rw-rw----   1 root     log         70220 Feb  7 15:29 mail.@20140206T184523.c
226 Transfer Complete
ftp> mget mail.@*
mget mail.@20140425T100233.c [anpqy?]? a
Prompting off for duration of mget.
227 Entering Passive Mode (XXX,16,6,165,180,210)
150 Opening Binary mode data connection for file 'mail.@20140425T100233.c'
  2% |*** 

 

And so it will copy those off...

Once complete - the files will now be in the directory on your local desktop.

I hope this helps!

-Robert

 

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

907
Views
0
Helpful
1
Replies
CreatePlease to create content