cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1694
Views
0
Helpful
7
Replies

Syslog document

Is there any document about the full list of all syslog in IronPort??

7 Replies 7

jaigill
Cisco Employee
Cisco Employee

Syslog push is a method that sends log messages to a remote syslog server. This method conforms to RFC 3164. You must submit a hostname for the syslog server and choose to use either UDP or TCP for log transmission. The port used is 514. A facility can be selected for the log; however, a default for the log type is pre-selected in the dropdown menu. Only text-based logs can be transferred using syslog push.

How can this be achieved. The GUI just let me select FTP and a timeinterval. So far I did not find how to configure the basic syslog push.

Any help is appreciated.

Roland

Roland,

there should be four options:

FTP

FTP on Remote Server

SCP on Remote Server

Syslog Push

Those are part of all Log subscriptions, athough I recall we recently indeed had a defect with Syslog Push not available on a specific log subscription. Could you check if Syslog Push is available for other logs on your appliance?

Cheers,

Andreas

Hi Andreas,

Many thank's for the fast response, I'm pretty impressed that someone is taking my beginner question serious.

I just checked what Log-Types support the "syslog push" (see list below).

Unfortunately the "Access Logs" I usually check with "tail" or "grep" is not included in the list.

In order to troubleshoot certain connection issues it would be very helpful to have the syslog messages analyzed by an external syslog server offering better filtering mechanisms.

What single Log-Type or Log-Type-Group is best to push to an external Syslog-Server in order to get the most valuable information troubleshooting connectivity issues ?

Best Regards

Roland

"Syslog-Push" supported Log-Types:

Hi Andreas,

Many thank's for the fast response, I'm pretty impressed that someone is taking my beginner question serious.

I just checked what Log-Types support the "syslog push" (see list below).

Unfortunately the "Access Logs" I usually check with "tail" or "grep" is not included in the list.

In order to troubleshoot certain connection issues it would be very helpful to have the syslog messages analyzed by an external syslog server offering better filtering mechanisms.

What single Log-Type or Log-Type-Group is best to push to an external Syslog-Server in order to get the most valuable information troubleshooting connectivity issues ?

Roland

"Syslog-Push" supported Log-Types:

----------------------------------

- CLI Audit Logs

- Data Security Logs

- Default Proxy Logs

- Feedback Logs

- GUI Logs

- Logging Logs

- NTP Logs

- PAC File Hosting Daemon Logs

- Reporting Logs

- Reporting Query Logs

- SHD Logs

- Status Logs

- System Logs

- Traffic Monitor Error Logs

- Updater Logs

- Welcome Page Acknowledgement Logs

Hello Roland,

glad my answer is helpful for you!  Basically all connection data is recorded in the mail_logs (Logging Logs in your list I suppose), i.e. IPs, hostnames, sender and recipient addresses, etc... Note that  pushing a log to a syslog server does not keep a local copy,  so if  you still want to use  findevent or grep for it locally, you can simply add add another log subscription of the same type (Ironport Mail Logs) for local storage.

BTW, you are correct on the access logs not to be configurable for Syslog push, probably coming up in a future version.

Andreas

Hello Andreas,

Many thank's for the fast and competent reply.

I'll check the log-type "mail_logs" content. It would be great if I'd be able to import the logs into a dedicated syslog application.

Looking for log-info using the grep and tail utility is a bit cumbersome.

Best Regards

Roland

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: