Suppressing Event Log entries for unwanted SMTP activity


This article applies to:

  • Trustwave SEG 7.3.5 and above

Question:

  • How can I stop logging large numbers of events to the Event Log for relay blocking in the Receiver?
  • How can I stop logging of invalid SMTP commands and multiple RSET commands to the Event Log?

Procedure:

If you do not want to log each Receiver SMTP block to the event log, you can disable these entries using a Registry entry. This entry affects logging of relay attempts, excessive RSETs, and invalid commands.

  1. On the Array Manager, edit the Registry (10.X: use Advanced Settings in the Management Console)
  2. Navigate to the SEG Receiver key:
    • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Receiver
    • 10.X: value names have the prefix Receiver. (Receiver dot).
    • For full details of the location for each product version, see article Q10832.
  3. Create a new DWORD (integer) value named SuppressEventLogOnAttack
  4. Set the value to 1.
  5. Commit configuration and restart the Receiver service on processing nodes.

To restore the default behavior, set the value to 0 or delete the value entry.

Note:

As always, take due care when editing the Registry. Best practice is to back up the Registry before making changes.


Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle20228.aspx