cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Change the size of MTA log (/var/log/maillog) and export it as syslog

Hi all,

My end user is using TE250X (Gaia R77.30) with MTA enabled to receive email traffic and doing threat emulation for mail attachment.

It is found that the default size (5 MB) of /var/log/maillog  is not sufficient for high email volumes and can only store logs for several minutes.

End user would like to

1. expand the size of /var/log/maillog 

2. export the /var/log/maillog as syslog and forward to 3rd party syslog server.

For task 1, I have found sk93505 seems fit the requirement. However, the steps described in the sk is confusing. I am not sure which files (mta_log_file_size,  log_rotation.conf) should I edit according to the sk93505. 

For task 2, , I have found sk122323 which describes the method to export Check Point logs over syslog. However, this KB applies to LOG SERVER ONLY. At the moment I have no idea the way to export /var/log/maillog over syslog.

I have noticed that start from R80.20, MTA logging and monitoring is supported in SmartLog. Definitely it is a really nice feature and looking forward to it.

Anyway, is there any workaround or ways to fulfil the upper 2 tasks in R77.30 TE appliance environment?

Remark: Management Server running R80.20, TE250X in R77.30

0 Kudos
2 Replies
Highlighted

Re: Change the size of MTA log (/var/log/maillog) and export it as syslog

sk93505 is clear.
Create the plain-text file called $FWDIR/conf/mta_log_file_size:
[Expert@GW_HostName]# touch $FWDIR/conf/mta_log_file_size
This file should contain the desired threshold size in MegaBytes (only the integer number):
[Expert@GW_HostName]# echo 'SIZE_in_MB' > $FWDIR/conf/mta_log_file_size
Example - set a desired threshold size to 10 MB:
[Expert@GW_HostName]# echo '10' > $FWDIR/conf/mta_log_file_size

So what is the confusing part here?
0 Kudos
Highlighted
Nickel

Re: Change the size of MTA log (/var/log/maillog) and export it as syslog

Hi Albrecht,

In the sk, part (3) troubleshooting,
log_rotation.conf has to be edited with the max size.
So I am not sure which file control the size of the /var/log/maillog

Do I have any misunderstanding here?
0 Kudos