|
|
|
|
|
|
|
Logging
IMail Server logs all spam events, such as error and status messages, to a separate log file. These events are stored in the log file that is selected in the Log To list box on the Logging tab. Some of the actions for which log entries are generated are:
The following sections describe the logging options and how to read the log file entries.
Logging Tab
To enable and configure logging for the anti-spam features, do the following:
- In the left panel, expand the localhost folder, and select the Antispam folder.
- In the right panel, click the Logging tab.
- Select one of the following logging options:
- No Log. Disables logging.
- spamMMDD.log (default). Sends event information to a file of this name where MM is the month and DD is the day the log was written. This file is stored in the Spool directory.
- App Log. Sends event information to the Windows Application Log (viewed with the Windows Event Viewer.)
- Log Server. Sends event information to the Log Server file indicated on the Log Files tab.
Verbose Logging. This option records more information than standard logging, such as changes to anti-spam settings, and entries in the white list or exclude list. This option can create a very large file and may be resource intensive, however, it is especially helpful in troubleshooting issues.
File Format
The file format for anti-spam log messages is similar to the IMail Server log format, except that anti-spam log entries also contain an anti-spam message ID. The generic format of a log file entry is:
Date - Time - Thread or Process ID -Anti-Spam Message ID - Host name - Entry Type - Message
When the anti-spam engine processes a message, it assigns it an anti-spam message ID. This message ID allows you to identify all log entries for specific messages. For example, if you want to identify all log entries for the previous example, you would look for every log entry that contains the anti-spam message ID of (00001316).
Log Message Components
Log messages contain all or some of the following components. For a complete list of all log messages, see "Anti-Spam Log Messages".
All log messages are preceded by the following line:
month:day hour:minute app_name(connection_ID)
- Month: The month the message was logged.
- Day: The day of the month that the message was logged.
- Hour: The hour of the day (24 hour clock) that the message was logged.
- Minute: The minute that the message was logged.
- app_name: The application that logged the message (i.e. SMTPD, SMTP, etc.)
- connection_id: The ID of the message that is used in the IMail SMTPD and SMTP log. This can be used to cross reference messages in the spam log with those in the SMTPD and SMTP logs for IMail Server.
Most log messages also have the following line:
- message_id: Every message that is saved is assigned a message ID for logging purposes since multiple messages can be delivered on a single connection. This makes it easier to group log messages, since they will be mixed together as the spam checking is done simultaneously for all messages.
- domain: This is the IMail Server domain for which the message is logged.
Many black list log messages refer to the configured black list as a service and identify the black list by the following line:
- name: The configured name of the black list.
- server: The fully qualified domain name or IP address of the black list server.
- query_domain: The area of the domain to contact on the blacklist server.
Note: You can configure the Queue Manager to compile and send out a daily report of server activity. Included in this report are the number of statistical filtering and phrase filtering matches. See "Queue Manager".
 Ipswitch, Inc. http://www.ipswitch.com |
| |
|
|
|
| ©Ipswitch 2004 | |||
