Log Files

From SME Server
Revision as of 18:02, 27 September 2007 by Cactus (talk | contribs) (Added one line solution for time conversion of squid log files)
Jump to navigation Jump to search

Log Files

What they are and what they mean

There are many log files produced by SME Server. Some are standard, some are generated by contributions. This page aims to bring together enough knowledge to understand what generates each log file, what they are for, and how to interpret them.

Most of the SME log files are created using D.J. Bernstein's multilog.

  • Multilog logs to a file named 'current' in a subdirectory named for the service
  • Multilog records time as an "@" followed by "a precise timestamp".
  • Pipe multilog output through tai64nlocal to have multilog's cryptic time stamp converted to a human-readable form:
tail -f /var/log/qpsmtpd/current | tai64nlocal

Some SME logs are still created using syslog or another process (not multilog). An examples of this is the squid/access.log file. The following perl script filter will convert the times in a squid logfile to human-readable form:

#! /usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;

If the above perl code is put into a script 'timeconvert.pl', and made executable, then the squid access log can be converted using the following command:

# ./timeconvert.pl /var/log/squid/access.log

You can also do this analog to the first command like this:

tail /var/log/squid/access.log | perl -pe 's/^\d+\.\d+/localtime $&/e;'

E-mail logfiles

qmail imap imaps pop3 pop3s smtp-auth-proxy maillog qpsmtpd sqpsmtpd

HTTP logfiles

httpd httpd-admin squid squid.run qpdmtpd

System logfiles

messages dnscache iptables iptraf mysqld nmbd ntpd oidentd ppp yum tinydns wan vbox cron sshd flexbackup dhcpd dhcpcd dmesg pppoe pptpd spooler radius radiusd proftpd raidmonitor rpmpkgs sa samba secure rkhunter.log boot.log audit anaconda.log anaconda.syslog lastlog

Spam and virus

clamav clamd freshclam spamd