Loading...
Loading...

Trustwave Knowledge Base

Home » Knowledgebase » Trustwave MailMarshal (SEG) » HOWTO: How do I collect MailMarshal (SEG) or ECM logs and files...

HOWTO: How do I collect MailMarshal (SEG) or ECM logs and files requested by Technical Support?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange 7.X

Question:

  • How do I collect SEG or ECM logs and files requested by Technical Support?
  • What information is required when logging a SEG or ECM related call with Trustwave Technical Support?

Information:

When logging a case you should be prepared to provide the following:

Required Information

  1. End Customer information (full name and abbreviation if applicable).
    • Product Information
    • Product Name
    • Product Version
  2. Environmental Information:
    • Version of operating system (e.g. Windows 2012 R2: include service pack levels)
    • Manager/node set up (how many nodes, location of nodes)
    • Product running natively or in a virtual environment?
    • Plug-ins used with Trustwave products along with version of plug-ins (such as Anti-Virus scanners, Malware scanners, URL Filtering lists)
  3. Detailed Description of the Technical Issue:
    • What is the error or technical issue?
    • When did this problem begin?
    • What changed in the end user's environment at the time this problem began?
  4. Details of Troubleshooting Steps Taken:
    • Clear description of steps undertaken to troubleshoot technical fault prior to requesting assistance from Trustwave Technical Support.
    • Steps to reproduce the error.
  5. Samples and Logs to be provided:
    • MailMarshal - MML files
    • Product service logs (e.g. engine, sender, receiver, controller, Array Manager; WebMarshal support tool output if the case is related to WebMarshal)
      • Please include the username and time the error occurred or the reproduction steps and details from your testing.
    • If a service failed, Windows application event log.

Preferred Procedure:

For most issues, the quickest way to gather the required data is to run the SEG Support tool. For details of this tool and how to get it, see article Q15024.

  • For MailMarshal SPE installations, see article Q15019.
  1. If possible, run a test to replicate the issue.
  2. Make a note of all details concerning the test or other issue, such as time, date, Message ID, email address from and to.
  3. Run the Support Tool.
    • Leave all default items checked unless instructed otherwise by Support.
    • If the issue relates to a particular message then select Gather specific message and enter the message name. (This function must be run on the server where the message was processed.)
    • Select the output directory, enter a case number (if you do not have a case, enter a short name) and then click Go.
  4. If you already have a case open, you can choose to upload the results directly to Trustwave. Otherwise send the resulting file as directed by your support contact.

Manual methods:

The information below can be useful for older versions, or if for some reason you cannot run the Support tool. It also provides some additional details of the types and locations of information.

  • If you encountered difficulty in running the Support Tool, please be sure to inform Technical Support.

MailMarshal Service Logs

There are multiple text log files, one for each MailMarshal Service. The file names include the service name and date. Once a file reaches 10MB, a new one is created with an alphabetical increment in the file name.

By default, MailMarshal retains these logs on your server for five days. Technical Support may request the logs for the date on which the issue occurred or all of the available logs for historic purposes.

  1. On the computer where MailMarshal is installed open Microsoft Windows Explorer.
  2. Navigate to the log file location.
    • For SEG 8.X and above (64 bit), by default the logs are stored in C:\Program Files\Trustwave\Secure Email Gateway\Logging
    • For MailMarshal Exchange 7.X, by default the logs are stored in C:\Program Files (x86)\Marshal\M86 MailMarshal Exchange\Logging
    • For details of the default file locations for each MailMarshal version, see the following Trustwave Knowledge Base articles:
      • Q10832 (SEG/MailMarshal SMTP)
      • Q14003 (ECM/MailMarshal Exchange)
  3. Zip the log files and upload the zip file to your case in the Trustwave Portal (if your support is not directly through Trustwave, send the file as directed by the reseller).

MailMarshal Configuration

The MailMarshal Configuration is a file that can be exported from MailMarshal and contains all of the information seen in the MailMarshal Configurator.

For MailMarshal (SEG) 10.X and below:

    1. Navigate to the SEG web console.
    2. Select System Configuration | Backup.
    3. Click Back up Now.
    4. The resulting zip file can be found in the ConfigurationBackup subfolder of the installation on the Array Manager server.

For SEG 8.X and below:

    1. On the Array Manager open the MailMarshal Configurator.
    2. Select Tools | MailMarshal Properties | General.
    3. Click Backup.
    4. Select a filename for the export file. The export file will be in XML format.
    5. Click Save.
    6. Compress the XML file into a ZIP archive

Upload the zip file to your case in the Trustwave Portal (if your support is not directly through Trustwave, send the file as directed by the reseller).

MML copy of an Email

MML is the file extension that MailMarshal uses for email message files. Often this original message file is needed to attempt to duplicate, troubleshoot or verify issues that occur with MailMarshal. It is a standard RFC822 formatted message file, with its envelope information inserted at the end. 

Note: The MML file contains all original header and formatting information - on the other hand an email message forwarded from your mail client (such as Outlook) will have lost a lot of this potentially essential information. Please do not send copies of messages from an email client unless specifically requested.

Determine the file name and locate the file by looking in the MailMarshal Console (Mail History or the Folders). Take note of the message name (such as B5xxxxxxxx.xxxxxxx.nnnn.mml). 

  • On a system with more than one processing node, the final group of digits (in this case 0001) indicates the processing node.

 

Use the following steps to copy the file:

  1. On the correct processing node, open Microsoft Windows Explorer.
  2. Navigate to the archive folder (to find the folder, refer to the Knowledge Base article mentioned above).

    • If you are looking for a message that deadlettered (such as unpacking or malformed) it would be found in ...\Quarantine\Deadletter
    • Any message in an archive (or named) folder would be found in ...\Quarantine\Symbolic\folder name
    • Each folder has subfolders by date. You can use search or find the dated folder.





  3. Locate the named file.
  4. If the file could be virus infected then send it in a password protected ZIP (.zip) file (and provide the password by email or in the support case).
  5. Upload the zip file to your case in the Trustwave Portal (if your support is not directly through Trustwave, send the file as directed by the reseller).

 

This article was previously published as:
NETIQKB35514

To contact Trustwave about this article or to request support:

Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.016. 8 queries. Compression Disabled.
Powered by InstantKB.NET