General

In the General tab you decide how log entries will be saved.

Figure. Logging management: General tab.

General section

Field

Description

Delete logs older than (Days)

By default, a new log file is created on a daily basis.

This option allows you to delete old log files by specifying a threshold in days.

In the screen shot above logs older than 7 days are deleted automatically.

A value of zero here means the logs should never be deleted.

Archive deleted logs to file

Check this option and specify a fully qualified path to a file (ZIP or, older versions, MCB) where deleted logs will be archived.

Note: Specifying just a folder name here could cause deletion of all other files in this folder.

Log file cache

Here, you can specify an amount of memory to be used as a cache for logs.

Log entries are written to the cache until the cache is full, at which point the cache is written and consequently it is cleared.

A value of 0 specifies that no cache is used

Rotate log files when size exceeds

On a very busy server with a high level of logging, the daily log files could become too large to be readable.

If you specify a number here then the logs will be rotated when the file reaches that size.

In the above screenshot files will be rotated when they reach 70MB in size.

Log files are saved into the <install_dir>/logs directory (if not changed within the System > Storage > Directories tab) or a subdirectory thereof:

Saved in <install_dir>/logs directory with a file name of axyyyymmdd-nn.log, where:

Field

Description

x

server ID defined within the load balancing setting

a

type of logs - logs for:

c - Web/Control Service

e - general errors (including DB errors)

f - FTP Service

g - GroupWare Service

i - Instant Messaging

m - IMAP Service

p - POP3 Service

s - SMTP Service

y

year

mm

month (2 digits)

dd

day (2 digits)

nn

two digit incremental value, starting at 00, used if the log rotates within a one day period

So, m120190913-01.log is the first server second IMAP log for 13th September 2018.

Subdirectories are named according to the logging data contained therein, they are:

  • activesync

  • Antispam

  • antivirus

  • ldap

  • loganalyzer

  • maintenance (settings changes, e.g.: 'System' updated '123@icewarpdemo.com')

  • purple

  • reports (for spam / quarantine reports)

  • setup (installer logs)

  • sip

  • syncml

  • syncpush

  • voip

  • webdav

  • webmail

Note: There is the setup.log file within the <install_dir>/logs/setup folder. This file is valid only for Windows installations. For information on Linux setup, refer to the Installation and Control in Linux.pdf guide.

Syslog section

Field

Description

Send logs to system log function (syslog)

You can check this option to have all logged events sent to the system log.

Events are written using the C_System_Logging_General_SystemLogFunction Windows API function.

Send logs to server (syslog protocol)

Check this option to have the syslog sender send its data to an external (remote) syslog server.

This is usually used in large multi-server installations where there is a centralized syslog repository.

Information packets are sent over UDP using the system log call function.

System section

Field

Description

System maintenance log

Select the logging level you want to use:

  • None:no logs at all.

  • Summary: system/config updates (creations) are logged.

  • Debug: access denied errors are logged.

  • Extended: summary + debug logs.

Authentication log

Here, you can set authentication attempts logging. Also, login policy logs can be found here.

Select the logging level you want to use:

  • None: no logs at all.

  • Summary: only the login policy logs and unsuccessful attempts are logged.

  • Debug and Extended: login policy logs and all login attempts are logged.

Examples:

194.188.6.143 [21E4] 17:31:40:920 Login policy [IMAP] - increased failed login count to 1, user=b@t.com

194.188.6.143 [1D14] 17:34:43:897 Login policy [IMAP] - cleared failed login count, user=b@t.com

194.188.6.143 [1D14] 17:39:16:874 Authentication [IMAP] - Result=0, User=b, Method=0

194.188.6.143 [1D14] 17:39:16:874 Authentication [IMAP] - Result=1, User=b@t.com, Method=0

Possible Methods:

0=gmPASS

1= gmMD5

2= gmCRAMMD5

3= gmNTLM

4= gmDIGESTMD5

5= gmSHA1

6= gmOTP

7= gmSYNCMLMD5

User with full email address is logged only when authentication is successful. Otherwise, only the user name provided by the user is logged. This user name may not exist at all in the system.

Authentication made through IceWarp Server's API is reported with the common service name of Control.

Logs button

Field

Description

Logs

Click this button to access the Status - Logs node of IceWarp Server immediately.