How to keep log from SMS Mail security on windows platform
I faced a problem on my customer site. They used Symantec Mail Security Software that running on Windows platform. (SMS Version 4)
Since I read a SMS collector document. There is no mention "How to collect log from SMS running on Windows" only SMS Appliance and SMS on Linux platfrom.
So is there a possible way to collect log from its.
Sample log:
20090308,0,1=1,101=Antivirus scanner,100=LiveUpdate session initiated,2=400
20090308,0,1=1,101=Heuristic anti-spam scanner,100=LiveUpdate session initiated,2=400
20090308,5,100=SMSSMTP-4.1.11.41,2=44
20090308,55,1=1,11=192.168.8.221,120=294649,2=13
20090308,55,1=1,11=192.168.8.221,21=as221,23=747,52=M2009030800005500548,20=root@example.com,120=294649,2=5
20090308,55,1=1,11=192.168.8.221,120=294649,2=4
20090308,55,1=1,11=192.168.8.221,21=as221,52=M2009030800005500548,20=root@example.com,100=Local recipient not allowed.,2=21
20090308,55,1=1,21=root@example.com,23=2485,52=M2009030800005500549,20=mail@example.com,100=Automatically generated bounce message.,122=M2009030800005500548,2=46
20090308,55,1=1,11=192.168.8.221,21=as221,52=M2009030800005500548,20=root@example.com,100=Local recipient not allowed.,121=5,2=7
20090308,55,1=1,11=192.168.8.221,21=as221,52=M2009030800005500548,20=root@example.com,2=20
20090308,55,1=1,21=root@example.com,52=M2009030800005500549,20=mail@example.com,2=21
20090308,55,1=1,21=root@example.com,52=M2009030800005500549,20=mail@example.com,2=20
20090308,100,1=1,1202=20090306.057,101=Antivirus scanner,100=Successful,1203=20090307.003,2=405
20090308,100,1=1,101=Antivirus scanner,100=LiveUpdate session completed,2=400
20090308,100,1=1,1202=20090206.001,3=7,101=Heuristic anti-spam scanner,100=Successful,1203=20090206.001,2=406
20090308,100,1=1,3=7,101=Heuristic anti-spam scanner,100=LiveUpdate session completed,2=400
20090308,105,1=1,11=92.45.137.175,120=294650,2=13
20090308,152,1=1,11=92.45.137.175,21=user@example.com,23=2390,52=M2009030800014800550,22=Replica Purses,20=sheliaj@deleteddomains.com,120=294650,2=5
20090308,153,1=1,11=92.45.137.175,21=user@example.com,23=2390,52=M2009030800014800550,22=Replica Purses,20=sheliaj@deleteddomains.com,1401=100,100=Message is considered to be spam.,1400=06-Feb-2009 19:35:57,121=7,2=313
20090308,153,1=1,11=92.45.137.175,21=user@example.com,23=2396,22=Replica Purses,52=M2009030800014800550,101=Message is considered to be spam.,20=sheliaj@deleteddomains.com,100=Address or content not allowed.,121=4,2=8
Best Regards,
Narongrit
Comments
You need a different collector
You need the collector for Symantec Mail Security for SMTP 4.1 - there is a collector available for this. I think the version on it is 3.x as it was released a couple years ago before the Brightmail appliances were available.
Hope this helps
Thanks Megl for your answer.
Thanks Megl for your answer. That mean there is no collector support its available in this time ?
Best Regards.
SMS collector
I mean there IS collector support for the SMS 4.1 product and it IS available at this time
Since now I can't find the
Since now I can't find the collector support for SMS 4.1 as your mention.
Now I found a solution for
Now I found a solution for close my customer issue
BRs,
Narongrit I.
Did you find it?
It's an older collector I think called Symantec Mail Security for SMTP 4 ver 3.x
SMS 5.x
And is there available another collector for version 5.x or can I use the same one?
If not, can I use Windows Event Collector to collect the events??
Thanks.
Hey, I think the SMTP
Hey,
I think the SMTP collector is a sip only ? If I am not mistaken it was on a install CD of "SAV for SMTP" media.
You can olaways configure the product inside to write to Windows event logs and then use the Windows Event Collector.
There is a KB on how to do this for Scan Engine :
http://service1.symantec.com/support/ent-gate.nsf/...
Laurent
SMS 5.x
Is it the same as SMS?? I've been looking it up and it's an antivirus.
Thank you.
Hi, I wrote 2 more KBs, one
Hi,
I wrote 2 more KBs, one for SMS MSE 5.x and another for SMS MSE 6.x using Windows event collectors. I will post links once they are replicated
Laurent
Would you like to reply?
Login or Register to post your comment.