Send Email Logs to Remote Syslog Server
The SpamExperts Local Cloud solution supports sending detailed logs of message connections and status changes to a remote syslog server, which can be enabled either via Remote Syslog Integration (recommended) or via the Software API. You can store the remote syslog on a designated server of your own choice for however long you need.
To start receiving the data, first you have to set the location of the remote syslog server where the data will be sent. This can be achieved with the following API call:
api_set_remote_syslog_server(host='', port='', facility='', socket_type='', message_template='', enabled='', level='', status_template='') > "". https://demo-domain.invalid/cgi-bin/api?call=api_set_remote_syslog_server&host=HOST&port=PORT&facility=FACILITY&socket_type=SOCK
The following call can be used as an example:
https://demo-domain.invalid/cgi-bin/api?call=api_set_remote_syslog_server&host=remotesyslog.server.tld&port=514&enabled=true&level=DEBUG&message_template=default&status_template=default""
- Host - the server you store the remote syslog
- Port - in most cases 514 (unless you have another port open to listen for this)
- Message Template - the format you will receive the remote syslog results when we process the message
- Status template - similar to message template, is sent when the message status changes, for example: the message is released from quarantine
If you wanted something more detailed, for example to show more delivery details on the message, then you can use the following example, making sure to enter the credentials relevant to your server:
https://demo-domain.invalid/cgi-bin/api?call=api_set_remote_syslog_server&host=remote.demo-domain.invalid&enabled=True&message_template="%(id)s","%(filtering_host)s","%(sender)s","%(recipient)s","%(domain)s","%(timestamp)s","%(sender_host)s","%(helo)s","%(sender_ip)s","%(incoming_size)s","%(outgoing_size)s","%(status)s","%(from_header)s","%(to_header)s","%(cc_header)s","%(subject_header)s"&status_template="%(id)s","%(filtering_host)s","%(domain)s","%(recipient)s","%(status)s","%(delivery_date)s","%(delivery_ip)s","%(delivery_port)s","%(delivery_fqdn)s","%(delivery_data)s"
The SpamExperts API call for retrieving the remote syslog also supports other arguments than the ones provided so far, such as:
- id
- filtering_host
- domain
- sender*
- recipient*
- timestamp
- sender_host
- sender_ip
- sender_location
- incoming_size
- outgoing_size
- bandwidth
- from_header
- to_header
- cc_header
- subject_header
- status
- main_class
- sub_class
- extra_class
- helo
- auth_user
- identity
*The “sender” and “recipient” arguments are actually the “envelope-sender” and “envelope-recipient” that are retrieved within the template. If you want to retrieve the email “from”, “cc” or “to” please use the “from_header”, “cc_header” or “to_header” arguments.
And optionally we can also support the following arguments for when the message status changes:
- id
- status
- filtering_host
- domain
- recipient
- delivery_date
- delivery_ip
- delivery_fqdn
- delivery_port
- delivery_interface
- delivery_data*
*The delivery_data argument contains the remote server’s response, as for example: if the server rejects the message it will contain the server’s reject reply. The reply could be as follows:
SMTP error from remote mail server after end of data: 550 rbl-reject: Message rejected because 198.51.100.0 is block listed
To check the remote syslog server settings, you can use the following API call:
api_get_remote_syslog_server() > ""
https://demo-domain.invalid/cgi-bin/api?call=api_get_remote_syslog_server
After execution, the api_get_remote_syslog_server call will return all the configuration set before with api_set_remote_syslog_server.