Line 11: |
Line 11: |
| ===E-mail logfiles=== | | ===E-mail logfiles=== |
| | | |
− | qmail - details mail distribution (to mailboxes and to other hosts via SMTP). | + | qmail - details mail distribution (to mailboxes and to other hosts via SMTP). Traces connections, message numbers, bytes, concurrency, and UID. |
− | imap - connections to the local imap folders | + | imap - connections to the server IMAP folders (IMAP). Shows connections from local device unless IMAP enabled for internet access. Use in conjunction with other logs to trace email. |
− | imaps | + | imaps - secure connections to the server IMAP folders (IMAPS). Shows connections from local devices unless IMAPS enabled for internet access. Use in conjunction with other logs to trace email. |
− | pop3 - requests from users to collect mail from local server | + | pop3 - Details connections via pop3 to the server. |
− | pop3s | + | pop3s - Details connections via pop3s to the server. |
| smtp-auth-proxy | | smtp-auth-proxy |
− | maillog | + | maillog - nothing. Empty. |
− | qpsmtpd - incoming SMTP connections | + | qpsmtpd - incoming SMTP connections. |
− | sqpsmtpd | + | sqpsmtpd - incoming Secure SMTP connections. Authenticated SMTP Via SSL port 465. |
| clamav - antivirus | | clamav - antivirus |
| clamd | | clamd |
| freshclam | | freshclam |
| spamd - spam | | spamd - spam |
| + | |
| + | In SME9 IMAP connections are logged in /var/log/dovecot/current |
| | | |
| ===HTTP logfiles=== | | ===HTTP logfiles=== |
Line 70: |
Line 72: |
| lastlog | | lastlog |
| | | |
− | ===Error Messages===
| + | ==Error Messages== |
| *Log message regarding permissions on /var/spool/qpsmtpd/ | | *Log message regarding permissions on /var/spool/qpsmtpd/ |
| You may see messages similar to this in your log file: | | You may see messages similar to this in your log file: |
Line 79: |
Line 81: |
| They can be safely ignored. Clamav runs under a different user and needs read access to the spool area to avoid copying the file. | | They can be safely ignored. Clamav runs under a different user and needs read access to the spool area to avoid copying the file. |
| [[https://sourceforge.net/tracker/index.php?func=detail&aid=1314168&group_id=96750&atid=615772]] | | [[https://sourceforge.net/tracker/index.php?func=detail&aid=1314168&group_id=96750&atid=615772]] |
− |
| |
| | | |
| *I get messages that look like: (pam_unix)[31705]: session opened for user root by (uid=0) | | *I get messages that look like: (pam_unix)[31705]: session opened for user root by (uid=0) |
Line 91: |
Line 92: |
| *I get a message saying that: the RSA server certificate CommonName (CN)`servername.domainname.tld' does NOT match server name! | | *I get a message saying that: the RSA server certificate CommonName (CN)`servername.domainname.tld' does NOT match server name! |
| If you change the servername, you will be prompted to reboot. When you do, the SMESERVER will generate a certificate for the new servername-domainname combination and httpd.conf will now reference that new name. References to other virtual domains and hosts will generate warnings in the log. | | If you change the servername, you will be prompted to reboot. When you do, the SMESERVER will generate a certificate for the new servername-domainname combination and httpd.conf will now reference that new name. References to other virtual domains and hosts will generate warnings in the log. |
− |
| |
| | | |
| *I get: server squid[3145]: WARNING: Disk space over limit: 148412 KB > 102400 KB. | | *I get: server squid[3145]: WARNING: Disk space over limit: 148412 KB > 102400 KB. |
| This message is just log noise. The message is informational and squid takes care of the issue itself. | | This message is just log noise. The message is informational and squid takes care of the issue itself. |
− |
| |
| | | |
| *I get in the radius log: Info: Using deprecated naslist file. Support for this will go away soon. | | *I get in the radius log: Info: Using deprecated naslist file. Support for this will go away soon. |
| This is just the radius daemon (a computer program that runs in the background, rather than under the direct control of a user) complaining about a file that exists in the directory. We don't use it. | | This is just the radius daemon (a computer program that runs in the background, rather than under the direct control of a user) complaining about a file that exists in the directory. We don't use it. |
− |
| |
| | | |
| *I get in the clamd log: Error: cli_untar: only standard TAR files are currently supported | | *I get in the clamd log: Error: cli_untar: only standard TAR files are currently supported |
Line 105: |
Line 103: |
| | | |
| Nothing to be concerned about. The fix, if any arrives, will come from the Clam team if they Determine this file format is worthy of their attention. | | Nothing to be concerned about. The fix, if any arrives, will come from the Clam team if they Determine this file format is worthy of their attention. |
− |
| |
| | | |
| *I get in the smeserver-clamscan.log: LibClamAV Warning: Multipart/alternative MIME message contains no boundary header. | | *I get in the smeserver-clamscan.log: LibClamAV Warning: Multipart/alternative MIME message contains no boundary header. |
| This is just log noise. Clamav is scanning badly formatted MIME mail. | | This is just log noise. Clamav is scanning badly formatted MIME mail. |
− |
| |
| | | |
| *In the /var/log/messages, I get: 10fix_privilege_tables: ERROR | | *In the /var/log/messages, I get: 10fix_privilege_tables: ERROR |
| You can safely ignore these errors. The errors just mean that your tables are already up to date. | | You can safely ignore these errors. The errors just mean that your tables are already up to date. |
− |
| |
| | | |
| *In the /var/log/messages, I get: rec_read bad magic.... | | *In the /var/log/messages, I get: rec_read bad magic.... |
Line 121: |
Line 116: |
| rm /var/cache/samba/printing/<printer>.tdb | | rm /var/cache/samba/printing/<printer>.tdb |
| /etc/init.d/smbd restart | | /etc/init.d/smbd restart |
− |
| |
| | | |
| *cannot remove /var/run/dovecot/login: is a directory | | *cannot remove /var/run/dovecot/login: is a directory |
| You may see this on system startup. It is just noise and doesn't affect anything. | | You may see this on system startup. It is just noise and doesn't affect anything. |
− |
| |
| | | |
| *I get: | | *I get: |
Line 132: |
Line 125: |
| | | |
| Ignore the message. The warnings are just log noise. After a SPAMASSASSIN update, the rules have been added but don't have a score associated with them. So they will be treated as non-existent and result in an error message. | | Ignore the message. The warnings are just log noise. After a SPAMASSASSIN update, the rules have been added but don't have a score associated with them. So they will be treated as non-existent and result in an error message. |
− |
| |
| | | |
| *I get: | | *I get: |
Line 156: |
Line 148: |
| mv mirrors.dat mirrors.dat.old | | mv mirrors.dat mirrors.dat.old |
| sv t /service/freshclam | | sv t /service/freshclam |
− |
| |
| | | |
| *After a ClamAV update or when freshclam is run, the following may appear in the log file | | *After a ClamAV update or when freshclam is run, the following may appear in the log file |
Line 165: |
Line 156: |
| If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla 7164]] | | If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla 7164]] |
| | | |
− | ===RK Hunter Messages===
| + | ==RK Hunter Messages== |
| Root Kit Hunter performs a daily check of your system, these are common warnings. | | Root Kit Hunter performs a daily check of your system, these are common warnings. |
| | | |