Cisco CES

  1. Run the CLI command logconfig.

  2. Select the option new.

  3. Choose the log file type for this subscription, this will be "1" for IronPort Text Mail Logs, or any other log file type of your choice.

  4. Enter the name for the log file.

  5. Select the appropriate log level. Typically you would need to select "3" for Informational, or any other log level of your choice.

  6. When prompted 'Choose the method to retrieve the logs', select "3" for SCP Push.

  7. Enter in the IP address or DNS hostname to deliver the logs to.

  8. Enter the port to connect to on the remote host.

  9. Enter the directory on remote host to place logs.

  10. Enter in a filename to use for log files.

  11. Configure, if needed, system based unique identifiers like $hostname, $serialnumber to append to the log filename.

  12. Set Maximum filesize before transferring.

  13. Configure time-based rollover of the log files, if applicable.

  14. When asked "Do you want to enable host key checking?", enter "Y".

  15. You are then presented the "Please place the following SSH key(s) into your authorized_keys file so that the log files may be uploaded."

  16. Copy that key, as you will need to put the SSH key in your 'authorized_keys' file on the Syslog server. Paste the key given from logconfig to $HOME/.ssh/authorized_keys file on the Syslog server.

  17. From the ESA, run the CLI command commit to save and commit configuration changes

REFERENCE : https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200985-Configuring-SCP-push-of-mail-logs-on-ESA.html

PreviousCisco AMPNextSOPHOS AV

Last updated