search cancel

Command line 'delete scannerlogs' does not delete all audit log data

book

Article ID: 163483

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When running the 'delete scannerlogs' command from the Messaging Gateway (SMG) command line (CLI) only the audit_mta* files are removed, leaving the audit_mte* and audit_bmengine* files in place. This can result in incomplete data being returned for audit log queries.

Example

smgmx> list -t | grep audit
       24576 /data/logs/scanner/audit_bmengine_log201607190000.idx
       20480 /data/logs/scanner/audit_bmengine_log201607180000.idx
       17929 /data/logs/scanner/audit_mte_log201607190000.lzm
       16384 /data/logs/scanner/audit_mta_log201607190000.idx
       11902 /data/logs/scanner/audit_bmengine_log201607190000.lzm
       11573 /data/logs/scanner/audit_mte_log201607180000.lzm
        8192 /data/logs/scanner/audit_mta_log201607180000.idx
        8192 /data/logs/scanner/audit_mte_log201607180000.idx
        8192 /data/logs/scanner/audit_mte_log201607190000.idx
        7584 /data/logs/scanner/audit_bmengine_log201607180000.lzm
        4827 /data/logs/bcc/BMI_MAL/bcc_audit.2016-07-19.log
        1826 /data/logs/scanner/audit_mta_log201607190000.lzm
        1515 /data/logs/scanner/audit_mta_log201607180000.lzm
smgmx>
smgmx> delete scannerlogs
WARNING: Using ctrl-c to interrupt this program may corrupt your settings.
WARNING: You are about to delete the following:

        * scanner logs

Delete? (You must type 'yes' to confirm): yes
Removed file /data/logs/dmesg
Removed file /data/logs/maillog
Removed file /data/logs/mysql/error.log
Removed file /data/logs/rebootwatch
Removed file /data/logs/scanner/agent_log
Removed file /data/logs/scanner/agent_log201310260000
Removed file /data/logs/scanner/audit_mta_log201607180000.idx
Removed file /data/logs/scanner/audit_mta_log201607180000.lzm
Removed file /data/logs/scanner/audit_mta_log201607190000.idx
Removed file /data/logs/scanner/audit_mta_log201607190000.lzm
Removed file /data/logs/scanner/bmclient_log
Removed file /data/logs/scanner/bmserver_log
Removed file /data/logs/scanner/conduit_log
Removed file /data/logs/scanner/jlu-controller_log
Removed file /data/logs/scanner/mscsvc_log
Removed file /data/scanner/LiveUpdate/liveupdt.log
smgmx>
smgmx> list -t | grep audit
       24576 /data/logs/scanner/audit_bmengine_log201607190000.idx
       20480 /data/logs/scanner/audit_bmengine_log201607180000.idx
       17929 /data/logs/scanner/audit_mte_log201607190000.lzm
       11902 /data/logs/scanner/audit_bmengine_log201607190000.lzm
       11573 /data/logs/scanner/audit_mte_log201607180000.lzm
        8192 /data/logs/scanner/audit_mte_log201607180000.idx
        8192 /data/logs/scanner/audit_mte_log201607190000.idx
        7584 /data/logs/scanner/audit_bmengine_log201607180000.lzm
        4827 /data/logs/bcc/BMI_MAL/bcc_audit.2016-07-19.log
smgmx>

Cause


 

Resolution

This is a known issue and will be resolved in a future release. Please subscribe to this article to be automatically notified of any changes.

To remove all audit files in addition to all scanner logs please run 'delete mallogs' in addition to 'delete scannerlogs'