Log Files
Log Files
What they are and what they mean
There are many log files produced by SME Server. Some are standard, some are generated by contributions. This page aims to bring together enough knowledge to understand what generates each log file, what they are for, and how to interpret them.
Most of the SME log files are created using D.J. Bernstein's multilog.
- Multilog logs to a file named 'current' in a subdirectory named for the service
- Multilog records time as an "@" followed by "a precise timestamp".
- Pipe multilog output through tai64nlocal to have multilog's cryptic time stamp converted to a human-readable form:
tail -f /var/log/qpsmtpd/current | tai64nlocal
Some SME logs are still created using syslog or another process (not multilog). An examples of this is the squid/access.log file. The following perl script filter will convert the times in a squid logfile to human-readable form:
#! /usr/bin/perl -p s/^\d+\.\d+/localtime $&/e;
If the above perl code is put into a script 'timeconvert.pl', and made executable, then the squid access log can be converted using the following command:
# ./timeconvert.pl /var/log/squid/access.log
You can also do this analog to the first command like this:
tail /var/log/squid/access.log | perl -pe 's/^\d+\.\d+/localtime $&/e;'
E-mail logfiles
qmail imap imaps pop3 pop3s smtp-auth-proxy maillog qpsmtpd sqpsmtpd
HTTP logfiles
httpd httpd-admin squid squid.run qpdmtpd
System logfiles
messages dnscache iptables iptraf mysqld nmbd ntpd oidentd ppp yum tinydns wan vbox cron sshd flexbackup dhcpd dhcpcd dmesg pppoe pptpd spooler radius radiusd proftpd raidmonitor rpmpkgs sa samba secure rkhunter.log boot.log audit anaconda.log anaconda.syslog lastlog
Spam and virus
clamav clamd freshclam spamd