Messaging Gateway

 View Only

  • 1.  Format SMG log output

    Posted Nov 07, 2013 05:07 AM

    Hi,

    is there any documentation what kind of format logs SMG uses? I implemented syslog logging to remote machine with primary tast to alert when spam, malware, ... etc. is detected.

     

    Thank you for any ideas or examples...

     

     



  • 2.  RE: Format SMG log output

    Broadcom Employee
    Posted Nov 07, 2013 05:25 AM

    you can Configure remote logging to syslog

    Log format of Conduit, Brightmail Client, Brightmail Engine, and JLU Controller for remote syslog

     

    Article:HOWTO92561  |  Created: 2013-10-18  |  Updated: 2013-10-18  |  Article URL http://www.symantec.com/docs/HOWTO92561

     

    Standard prefix for Scanner logs sent to remote syslog

     

    Article:HOWTO92558  |  Created: 2013-10-18  |  Updated: 2013-10-18  |  Article URL http://www.symantec.com/docs/HOWTO92558

     



  • 3.  RE: Format SMG log output

    Posted Nov 07, 2013 09:04 AM

    Thank you for reply, pete ...

    I don't have access to SMG right now. I receive something like this:

    14:45 Symantec_Brightmail <142>Jul 3 14:51:36 mailrelay ecelerity: 1341316296|c0a88701-b7cedae000003dec-a7-4ff2dcc83a30|ACCEPT|192.168.115.130:51998

    14:45 Symantec_Brightmail <142>Jul 3 14:51:14 mailrelay bmserver: 1341316274|c0a88701-b7cedae000003dec-91-4ff2dcb2aaaf|VERDICT|xxx123@gmail.com|senderauth_batv_sign|default|static bounce attack prevention sign
    14:45 Symantec_Brightmail <142>Jul 3 14:51:10 mailrelay bmserver: 1341316270|c0a88701-b7cedae000003dec-8c-4ff2dcae65dc|VERDICT|mir@mac.com|senderauth_batv_sign|default|static bounce attack prevention sign
    14:45 Symantec_Brightmail <142>Jul 3 14:51:15 mailrelay ecelerity: 1341316275|c0a88701-b7cedae000003dec-92-4ff2dcb3dfaa|ACCEPT|192.168.115.132:51723
    14:45 Symantec_Brightmail <142>Jul 3 14:51:05 mailrelay ecelerity: 1341316265|c0a88701-b7cedae000003dec-86-4ff2dca8f358|DELIVER|212.199.239.178:25|edi@perry5y.co.il
    14:44 Symantec_Brightmail <142>Jul 3 14:50:53 mailrelay ecelerity: 1341316221|c0a88701-b7cedae000003dec-52-4ff2dc7c9c9d|SENDER|shlomy1006+caf_=sshahar=xyx.il@gmail.com
    14:44 Symantec_Brightmail <142>Jul 3 14:50:44 mailrelay bmserver: 1341316244|c0a88701-b7cedae000003dec-71-4ff2dc941242|VERDICT|m32@wanna.com|senderauth_batv_sign|default|static bounce attack prevention sign
    14:45 Symantec_Brightmail <142>Jul 3 14:51:14 mailrelay bmserver: 1341316274|c0a88701-b7cedae000003dec-91-4ff2dcb2aaaf|VERDICT|rgakanov@gmail.com|senderauth_batv_sign|default|static bounce attack prevention sign

     

    The accepting/declining message is in a part "verdict" I guess. Are there more options (except SENDER, DELIVER, VERDICT)?

    Thank you ... your last post is very usefull for me.