Messaging Gateway

Checked, didn't find any, thinking use API to get some system status. 

There is a development guide, which can be obtained from support.

What do u want to accomplish?

Would be great to get more details about what you would like to see an API for and reasons.

Trying to accomplish what again?

Thanks, let me open a case 

What we wanted to do is to pull the message logs or any queue infomation instead of looking at the console.  Will check the  development guide see what can be done. 

That would be cool if possible. Let us know if anything comes of it please.

Message Logs can be brought remote via the remote log feature. This would send the message audit logs via syslog to a SIEM for additional processing.

 

For the message queues you can leverage the output of the message audit log in SIEM to show everything that has not a state of delivery or something from your policy action like delete, what could show you what is in queue. In addition there is the SNMP option to see what is happening at the message queue.

Let me know if that helps,

toby 

Thanks. But why should I use syslog to monitor what it should I be able to do on the SMG. There should be better queue monitoring. More granular options are deeply needed. Thanks

Support said no such guide (API or development), any idea? 

Need more queue logging options pls Toby. Thanks.

Hi,

I'm still not sure what u try to accomplish.

You have a lot of choices as already mentioned above:

- Syslog: We do use syslog as a sort of "backup" of comm-data, hist statistics and siem events.

- SNMP: Could be used to get queue status etc but as its exposed to internet we prefer our implementation, see webinterface

- Webinterface: Wrote a powershell script triggert by scheduler logging into webinterface and getting queue status, parsing it and setting eventlog events. Therefore scom is triggert by these custom events and scom events are handed over to siem.

Thomas

What does your Powershell code look like to accomplish this? Seems like a cool feature.

Cant give you the hole script but for a good start

1. Login like:
    Write-Host $url        #url is https://ip_name_CC//brightmail/viewLogin.do

    [net.httpWebRequest] $req = [net.webRequest]::create($url)
    $req.method = "GET"
    $req.Accept = "text/html"
    $req.AllowAutoRedirect = $true
    ...
    $match=$result | Select-String '(name="lastlogin" value="*.*")'
    #...some more replacing, spliting ...

    Write-Host $url2    #url2 is .../brightmail/login.do
    Write-Host $postData    #postData is username=xxx&password=xxx...

    [net.httpWebRequest] $req2 = [net.webRequest]::create($url2)
    $buffer = [text.encoding]::ascii.getbytes($postData)
    $req2.method = "POST"
    $req2.Accept = "text/html"
    $req2.CookieContainer = $CookieContainer
    $req2.ContentType = "application/x-www-form-urlencoded"
    $req2.ContentLength = $buffer.length
    # ...some more getResponse, IO.StreamReading

2. Checking the queues, eg delivery queue:
    #as above but dont forget to use the cookie
    Write-Host .../brightmail/status/messageQueue/MessageQueueFlow$list.flo
    #get the IO.Stream and split it like "[INT]$count = $matches.Matches[$service.Result].value.Split('>*<')[2]"
    
3. Check if the value is above your limit to alert:
    if ($count -gt $ServiceError)...
    Write-EventLog -LogName Application -Source $ServiceSource -EntryType Error -EventId $ErrorEventID -Message ...

Regards

Thomas

Woo. This is gold. How did you know how to write this code.

The problem is the logs in syslog breaks to mulitple lines, customer need to addtional custmization in the SIEM to parse out the logs. 

It wasn't only me ;-) Got help from colleague, google&co, ms documentation like https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-6 Or https://stackoverflow.com/questions/22921529/powershell-webrequest-post Or If i remember correct take a look at sharepoint Update scripting Thomas

So what app can I use to run this? Winamp, or putty?

Come on, this is a part of a powershell script.

Open scheduler on win and get it going

Thomas

Okay. I'll try it. Thx