Sophos PureMessage for UNIX Blocklist is a spam and antivirus filter for mail systems operating on a UNIX platform.
The Agent flat file collection mechanism uses state tracking to reference the directory and retain the last log read from the file. You will need the following information to configuring collection of the logs from PureMessage for UNIX Blocklist:
- The full path to the directory containing the flat files.
- The LogRhythm System Monitor Agent that will collect the audit logs from the flat file.
Configure Sophos PureMessage for UNIX Blocklist
Note the location of the blocklist_log file which is usually located in /opt/pmx/var/log/.
After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. The file being collected must be viewable on the host with the Agent using a standard file name path such as: /var/log/logfile.txt or C:\logs\logfile.txt.
Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
The name of the log message source is Flat File - PureMessage For UNIX Blocklist Log. In addition, when configuring this log source:
- For Log Message Processing Mode, select MPE Processing Enabled, Event Forwarding Enabled.
- For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
- On the Flat File Settings tab, enter the following:
- File Path. <path to log file, including the file name and extension>
- Date Parsing Format. Select existing PureMessage For UNIX Blocklist Log (<yy><M><d>T<h>:<m>:<s>)
- Log Message Start Regex. ^