Sophos PureMessage for Exchange SMTP Log is a spam and antivirus filter for mail systems operating on an SMTP Exchange.
The Agent flat file collection mechanism uses state tracking to reference the directory and retain the last log read from the file. You will need the following information to configuring collection of the logs from PureMessage for Exchange SMTP Log:
- The full path to the directory containing the flat files.
- The LogRhythm System Monitor Agent that will collect the audit logs from the flat file.
Configure Sophos PureMessage for Exchange SMTP
To configure Sophos PureMessage for Exchange SMTP Log for collection by a LogRhythm Agent:
- From the PureMessage For Exchange Management Console, click Configuration, click System, and then click Log Settings.
- Select the level of logging you want from the File Logging list.
The resulting SMTPScan.log is located in the Logs folder of the PureMessage installation directory. Note the location for further use; for the rest of the document it is referred to as:
After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. The file being collected must be viewable on the host with the Agent using a standard file name path such as: /var/log/logfile.txt or C:\logs\logfile.txt.
Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
The name of the log message source is Flat File - PureMessage For Exchange SMTP Log. In addition, when configuring this log source:
- For Log Message Processing Mode, select MPE Processing Enabled, Event Forwarding Enabled.
- For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
- On the Flat File Settings tab, enter the following:
- File Path. <path to log file, including the file name and extension>
- Date Parsing Format. Select existing PureMessage For Exchange SMTP Log: (<d>/<M>/<yy> <h>:<m>:<s>)
- Log Message Start Regex. ^