安全 : 思科内容安全管理设备

报告和跟踪数据保持扩展的ESA

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 23 日) | 反馈

简介

本文描述如何增加在思科电子邮件安全工具(ESA)的允许报告的和跟踪的数据保持为了数据重叠。

贡献用安德鲁沃斯特和罗伯特Sherwin, Cisco TAC工程师。

先决条件

Cisco 建议您了解以下主题:

  • 思科ESA
  • 思科内容安全管理设备(SMA)

报告数据

当SMA是脱机或不可得到的时, ESA开始排队报告数据。默认情况下ESA保留100个文件,其中每一有一15分钟持续时间的。本质上, ESA保留数据为当前1,500分钟(15 x 100),相当于25个小时。如果SMA发生故障30个小时,您然后疏松报告的数据为前5个小时(30个小时- 25个小时)。

在本例中请使用信息为了增加在AsyncOS版本6.x到7.1的ESA保留文件的数量:

example.com> reportingconfig

Choose the operation you want to perform:
- MAILSETUP - Configure reporting for the ESA.
- MODE - Enable centralized or local reporting for the ESA.
[]> mailsetup

SenderBase timeout used by the web interface: 2 seconds
Sender Reputation Multiplier: 3
The current level of reporting data recording is: unlimited
No custom second level domains are defined.
Legacy mailflow report: Disabled

Choose the operation you want to perform:
- SENDERBASE - Configure SenderBase timeout for the web interface.
- MULTIPLIER - Configure Sender Reputation Multiplier.
- COUNTERS - Limit counters recorded by the reporting system.
- THROTTLING - Limit unique hosts tracked for rejected connection reporting.
- TLD - Add customer specific domains for reporting rollup.
- STORAGE - How long centralized reporting data will be stored on the C-series
before being overwritten.
- LEGACY - Configure legacy mailflow report.
[]> storage

While in centralized mode the C-series will store reporting data for the
M-series to collect.  If the M-series does not collect that data then
eventually the C-series will begin to overwrite the oldest data with
new data.

A maximum of 24 hours of reporting data will be stored.
How many hours of reporting data should be stored before data loss?
[24]> 30

跟踪数据

同样地,当SMA是脱机或不可得到的时, ESA开始排队跟踪数据。ESA保留60个文件,其中每一有一三分钟持续时间的。所以, ESA保留数据为过去180分钟(60 x 3)。没有从ESA大于三个小时获取并且的任何跟踪数据丢失。

在本例中请使用信息为了增加跟踪文件最大:

example.com> trackingconfig

Choose the operation you want to perform:
- MODE - Set whether tracking is run on box or centralized.
[]> storage

While in centralized mode the C-series will store tracking data for the
M-series to collect.  If the M-series does not collect that data then
eventually the C-series will begin to overwrite the oldest data with new
data.

A maximum of 60 files are presently stored.  This means a maximum of 3 hours
will be stored, though depending on load that time may be smaller.
How many files should be stored before data loss?
[60]> 500

注意:对于AsyncOS版本7.5和以上, MAILSETUP是隐藏命令在reportingconfig下


相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


Document ID: 117807