Scheduling the export of Messaging Gateway's Control Center Admin Event Logs to a remote host

book

Article ID: 162282

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

This article contains information on Scheduling the export of Messaging Gateway's Control Center Admin Event Logs to a remote host

Cause

Symantec Messaging Gateway versions prior to 10.6 did not support remote logging options (such as log) for the Control Center admin events. This document describes a way to obtain the Admin Event logs on these older versions.
 
NOTE: As of Symantec Messaging Gateway version 10.6, admin event logs are provided as part of the base syslog functionality. For more information on configuring remote logging, please refer to HOWTO93081.

Resolution

Since version 10.5.4 of Symantec Messaging Gateway, it is possible to automate and schedule the export of Control Center Admin Event logs to a remote host.

Below is a procedure on how to prepare the SMG Appliance and a separate Linux server to transfer such logs on a scheduled basis.
Please note that this method is fully supported, since it does not involve any super-user functionality of the appliance.
 
Requirements:
In order to implement the procedure below, a separate Linux server will be needed, with full SSH connectivity with the Messaging Gateway appliance.
 
Steps:
Before proceeding with the remaining steps, ensure that a SSH terminal window is opened for both the Linux server (as root) and the Messaging Gateway Control Center appliance (as admin)
 
 

On the SMG appliance

1) Export the SMG RSA pub key and copy it to clipboard by typing the following command:            

        rsa-key export
    

Then, copy the content below "The local keyring:" to the clipboard
 


On the LINUX server

2) Generate a RSA key pair by typing the following command:

        ssh-keygen -t rsa 

      Note: do not enter a password and use default file locations
 

3)  Add the SMG key by editing the following file on the Linux server:  

          ~/.ssh/authorized_keys

    Paste the rsa key exported from SMG at step 1

    Ensure proper permissions are set on the file using the command:

        chmod 600  ~/.ssh/authorized_keys

    Then, close and save the file.

 

4) View the Linux RSA pub key by typing the following command:

        cat ~/.ssh/id_rsa.pub

Then, copy the contents to clipboard.


 

On the SMG appliance

5) Import the Linux RSA pub key with the following command:

            rsa-key import '<paste the Linux RSA pub key copied above at step 4>' 

6) Test the SSH connection from SMG to Linux with the following command:

        rsa-key test [email protected]_IP

 


On the LINUX server

Create a file with the following script contents and edit the first lines/options as needed.

Notes:

  • SMG_IP  is the Brightmail Control Center Appliance's IP

#!/bin/bash

SMG_IP='192.168.2.6'
LINUX_IP='192.168.2.103'
LINUXTMP='/tmp'
LINUXDIR='/opt'
LINUXUSR='root'

#-----------DO NOT EDIT BELOW THIS LINE---------------------------------
rm -rf $LINUXTMP/*
echo "* Executing remote commands on the SMG appliance. Please wait..."
ssh [email protected]$SMG_IP "diagnostics --logs all scprsa://'$LINUXUSR'@$LINUX_IP/$LINUXTMP"
if [[ $? == 0 ]]; then
        echo "* Operation successful!"
else
        echo "* OOPS! I found some problems, quitting now."
        exit 1
fi
cd $LINUXTMP
FILE=$(find $LINUXTMP -name diagnostics*.tar.gz)
echo "* Uncompressing diagnostics package"
tar xvfz $FILE > /dev/null 2>&1
echo "* Copying Control Center Admin logs to $LINUXDIR"
for logfile in $(find $LINUXTMP -name Brightmail_Admin_Events*); do
        cp $logfile $LINUXDIR
done
echo "* FINISHED!!"

 

The script file can now be scheduled to run at desired times. It is recommended to schedule it once every day.

Powered by Wolken Software