This article applies to:
- Trustwave MailMarshal (SEG)
- Trustwave ECM/MailMarshal Exchange 7.X
Question:
- How can I stop certain information from being logged to the MailMarshal text logs?
Procedure:
Current versions of MailMarshal allow you to limit what is logged to text logs using Regular Expression matching.
This facility is available for the Receiver, Engine, Sender, Controller, and Array Manager services.
To enable this filtering, for MailMarshal 8.X and ECM, add a Registry entry LogFilter for each service, and enter a Regular Expression that defines the entries you do not want to see in the logs.
For MailMarshal (SEG) 10 and above:
- Add the values for Receiver, Engine, and Sender in the Advanced Settings section of the Management Console
- Add the value for Array Manager in the arraymanager.config.json file
- Add the value for Controller in the controller.config.json file on each node
Remember to back up the json files before editing.
Note: For details of the registry/Advanced setting locations for each MailMarshal version, see the following Knowledge Base articles:
For example, the following Registry value would stop logging of rules that do not apply to a message recipient. - In MailMarshal 10.0 and above, open the Management Console and navigate to Advanced Settings. Add a new value:
- Name: Engine.LogFilter
- Type: string
- Value: 0 user\(s\) match rule| Name=U.*False
- In MailMarshal 8.X and below, and ECM, open the Registry Editor on the Array Manager. Within the base registry key, navigate to \Default\Engine
- In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Engine
- For information about the registry location for each version, see article Q10832.
- Enter the value as a new REG_SZ value named LogFilter.
- Set the value to : 0 user\(s\) match rule| Name=U.*False
- Save your registry settings or configuration settings.
- Commit the configuration changes and restart the MailMarshal Engine service on each node.
Notes:
- The example value entry includes \ (backslash) characters. These are used to allow the Regular Expression to match the literal parentheses.
- For the Manager and Controller entries in json files, you must also consider json escaping. For example, a literal backslash must be escaped as \\
Notes:
-
This is an advanced feature. Only administrators familiar with MailMarshal logs, and who regularly review the logs, should set filters.
-
Invalid regular expression syntax can cause the affected service to not start.
-
In current MailMarshal versions, logging of redundant "not triggered" lines is greatly reduced and filtering is usually unnecessary.
-
When requesting help from Trustwave Technical Support, you will usually be requested to disable any log filtering.
-
To apply the Registry changes, you must
- Commit configuration changes
- Restart the affected service(s) on each server.
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Trustwave cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Make sure that you back up your Registry prior to making any changes.
