IronPort - daily management guide - AsyncOS 7.6.1
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Overview<br />
Log Retrieval Methods<br />
5-6<br />
Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> 7.6 for Email Daily Management Guide<br />
Chapter 5 Logging<br />
Log files can be retrieved based upon one of the following file transfer protocols. You set the protocol<br />
while creating or editing the log subscription in the GUI or via the logconfig command during the log<br />
subscription process.<br />
Table 5-3 Log Transfer Protocols<br />
Manually<br />
Download<br />
Log Filenames and Directory Structure<br />
Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> creates a directory for each log subscription based on the log subscription<br />
name. The actual name of the log file in the directory is composed of the log filename specified by you,<br />
the timestamp when the log file was started, and a single-character status code. The filename of logs are<br />
made using the following formula:<br />
/LogSubscriptionName/LogFilename.@timestamp.statuscode<br />
Status codes may be .current or .s (signifying saved). You should only transfer or delete log files with<br />
the saved status.<br />
Log Rollover and Transfer Schedule<br />
This method lets you access log files at any time by clicking a link to the log directory<br />
on the Log Subscriptions page, then clicking the log file to access. Depending on your<br />
browser, you can view the file in a browser window, or open or save it as a text file. This<br />
method uses the HTTP(S) protocol and is the default retrieval method.<br />
Note Using this method, you cannot retrieve logs for any computer in a cluster,<br />
regardless of level (machine, group, or cluster), even if you specify this method<br />
in the CLI.<br />
FTP Push This method periodically pushes log files to an FTP server on a remote computer. The<br />
subscription requires a username, password, and destination directory on the remote<br />
computer. Log files are transferred based on a rollover schedule set by you. See also Note<br />
About Loading Passwords for Log Subscriptions, page 8-40.<br />
SCP Push This method periodically pushes log files to an SCP server on a remote computer. This<br />
method requires an SSH SCP server on a remote computer using the SSH1 or SSH2<br />
protocol. The subscription requires a username, SSH key, and destination directory on<br />
the remote computer. Log files are transferred based on a rollover schedule set by you.<br />
Syslog Push This method sends log messages to a remote syslog server. This method conforms to<br />
RFC 3164. You must submit a hostname for the syslog server and choose to use either<br />
UDP or TCP for log transmission. The port used is 514. A facility can be selected for the<br />
log; however, a default for the log type is pre-selected in the dropdown menu. Only<br />
text-based logs can be transferred using syslog push.<br />
Log files are created by log subscriptions, and are rolled over (and transferred, if a push-based retrieval<br />
option is selected) based on the first user-specified condition reached: maximum file size or scheduled<br />
rollover. Use the logconfig command in the CLI or the Log Subscriptions page in the GUI to configure<br />
both the maximum file size and time interval for scheduled rollovers. You can also use the Rollover Now<br />
button in the GUI or the rollovernow command in the CLI to rollover selected log subscriptions. See<br />
Rolling Over Log Subscriptions, page 5-44 for more information on scheduling rollovers.<br />
Logs retrieved using manual download are saved until they reach the maximum number you specify (the<br />
default is 10 files) or until the system needs more space for log files.<br />
OL-25138-01