This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Longson_Ho1
Contributor
‎2019-03-26 01:45 AM

Change the size of MTA log (/var/log/maillog) and export it as syslog

Hi all,

My end user is using TE250X (Gaia R77.30) with MTA enabled to receive email traffic and doing threat emulation for mail attachment.

It is found that the default size (5 MB) of /var/log/maillog  is not sufficient for high email volumes and can only store logs for several minutes.

End user would like to

1. expand the size of /var/log/maillog 

2. export the /var/log/maillog as syslog and forward to 3rd party syslog server.

For task 1, I have found sk93505 seems fit the requirement. However, the steps described in the sk is confusing. I am not sure which files (mta_log_file_size,  log_rotation.conf) should I edit according to the sk93505. 

For task 2, , I have found sk122323 which describes the method to export Check Point logs over syslog. However, this KB applies to LOG SERVER ONLY. At the moment I have no idea the way to export /var/log/maillog over syslog.

I have noticed that start from R80.20, MTA logging and monitoring is supported in SmartLog. Definitely it is a really nice feature and looking forward to it.

Anyway, is there any workaround or ways to fulfil the upper 2 tasks in R77.30 TE appliance environment?

Remark: Management Server running R80.20, TE250X in R77.30

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-03-26 03:39 AM

sk93505 is clear.
Create the plain-text file called $FWDIR/conf/mta_log_file_size:
[Expert@GW_HostName]# touch $FWDIR/conf/mta_log_file_size
This file should contain the desired threshold size in MegaBytes (only the integer number):
[Expert@GW_HostName]# echo 'SIZE_in_MB' > $FWDIR/conf/mta_log_file_size
Example - set a desired threshold size to 10 MB:
[Expert@GW_HostName]# echo '10' > $FWDIR/conf/mta_log_file_size

So what is the confusing part here?
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Longson_Ho1
Contributor
‎2019-03-26 03:46 AM
In response to G_W_Albrecht

Hi Albrecht,

In the sk, part (3) troubleshooting,
log_rotation.conf has to be edited with the max size.
So I am not sure which file control the size of the /var/log/maillog

Do I have any misunderstanding here?
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events