Security Management

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Device Log Action criteria, SMTP problem

    Posted 05-14-2009 04:09

    Hi,

     

    can anyone tell me where to find a log (which log) entry for the device log action criteria. Having some problems when triggered logs are forwarded with SMTP. I've looked at /var/log/maillog (not there). Also looked through the gui and dev errorlogs.

     

    The problem is that log acition criteria (SMTP) seems to be working for some subdomains and for some not. They are all configured the same except the dest. email address. Also found in the server that accepts these mails that there is a "name service error". In the NSM the receiving address is configured nsmmail@company.com but the receiving says that the mails comes in as nsmmail@company.00 so the host doesn't match nsmmail@company.com

     

     

    Also if someone has a idea why it changes the email address would be a big help.

     

    BR,

    Anders


    #"log
    #SMTP
    #NSM
    #action"


  • 2.  RE: Device Log Action criteria, SMTP problem
    Best Answer

    Posted 05-14-2009 07:56

    Hi Anders,

     

    When SMTP is configured for log2action, you will see a messge show up in the /usr/netscreen/DevSvr/var/errorLog/newLogWalker.0. The best and easy way to verify this is to see if the temporary files are getting created. They will be in the /usr/netscreen/DevSvr/var/misc/sp directory. The files will be named .email. The temp email file gets created in this dcirectory and gets removed after it is sent out.

     

    Thanks,

    Chandra



  • 3.  RE: Device Log Action criteria, SMTP problem

    Posted 05-19-2009 03:44

    Thanks Chandra,

     

     

    found from the log that the NSM tried to use an old SMTP server IP. The schema update must have done something, cause now I only did a "save"  in teh SMTP server options in the NSM gui (the correct IP was in the field)  and the there are no more smtp failures in the log. 

     

    -Anders