How do I monitor the Cisco Content Security appliance logs from my workstation?
To monitor any of the the Content Security logs from your workstation without logging in to your Cisco C-Series appliance, you can use the following command in a command line ssh client:
ssh admin@<YourIronPort> tail mail_logs
Where the number after the tail command (mail_logs, above) corresponds to the log number on the Cisco C-Series appliance. Use the logconfig command in the CLI to see a list of log numbers on the appliance. In the example, the admin account is used to log in.
You will be prompted to enter the password for the user (admin, above). Once you have done so, a "tail" or running display of the messages being written to the end of the mail log will appear on your terminal display.
You may use the same command to tail the different logs that are available on your Cisco Content Security appliance. In the above example, option 9 corresponds to the mail logs.
You do not need to use the admin account when using this command. You can use other accounts you have created on the Cisco Content Security appliance.
Note: In order to use this method, a command line SSH client must be installed on your workstation.