Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 15496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Appliance Log

BopBop

We have some data control policy configured in email appliance. Each time a policy triggers an email it sends an email to a designated email account and log the event in email appliance.

Is there any way I can  download logs from Email appliance  so I can put it in excel? I know Email appliance has a option to transfer logs to syslog server, but is there other option?

:25673


This thread was automatically locked due to age.
  • 0

    Hi BopBop,

    The only other option (besides syslog) would be to backup your 'System Logs' to FTP.  The logs will be in the same format as when transferred via syslog.  So a syslog server would usually be preferrable because log data is transferred in real time.

    You could import this data into excel, use a reporting program, or manually search the data (eg. via script).  More details on the format are here:
    http://esa.sophos.com/docs/esa/sea_docs/en/ESA/references/SEASyslog.html

    If you just want more information about the message that was quarantined, you could consider enhancing the notification instead.  You can add variables to your notification to give more detail:

    http://esa.sophos.com/docs/esa/sea_docs/en/ESA/concepts/PolAboutActionsTempVars.html

    Does that help?  Let me know if there was something specific you want from the logging.

    Thanks,

    Tom.

    :25675
  • 0

    I took your suggestions and backed up file in FTP site. But going thru and what I want to find is very hard.

    Here is what we are getting now

    Whenever DLP  log an email to Email Appliance it is sending email to XXX account with attachment and it is

    Violation - Ailment, disease and diagnosis lexicon (ICD-9) [USA] - Lecture_Week10Day1_AdaptiveImmunityPart2.pdf

    Now , my CIO wants to see  a report  such as “ how many “Ailment …(ICD9) policy triggered in email appliance . ( I send him weekly report from Sophos Enterprise console” in excel and he can do pivot table and see by each policy.

    can i do this without Syslog server ?

    :25683
  • 0

    Hi,

    At the present time customized reporting based on that information is not available.  That specific information is not stored in a database table in which the reports are able to query.  Please contact our support team to request this feature be added into the product.

    -Jason

    :25693
Unfiltered HTML