1

Topic: Additional Logging Logwatch Daily Logs

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.8
- Deployed with iRedMail Easy or the downloadable installer? Download
- Linux/BSD distribution name and version: Ubuntu 20.04.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Back in the day I used to see logs like this in the logwatch daily logs. If I had to give a version, I would have to say somewhere in the 1.5 range, maybe early 1.6 (honestly unsure on exact). I have since rebuilt the system a few times since then. I am just looking to get these types of logs back. Does anyone know how to increase the logging I am missing or what configuration I may need to modify?

 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    222.186.46.200 -> ip.ws.126.net:443: 2 Time(s)
 
 A total of 7 sites probed the server 
    120.85.182.101
    167.71.210.212
    192.241.215.38
    192.241.224.126
    222.186.46.200
    39.106.79.215
    45.129.56.200
 
 Requests with error response codes
    400 Bad Request
       null: 9 Time(s)
       *: 4 Time(s)
       http://ip.ws.126.net/ipquery: 4 Time(s)
       /: 2 Time(s)
       /manager/html: 2 Time(s)
       /manager/text/list: 2 Time(s)
       ip.ws.126.net:443: 2 Time(s)
       /0bef: 1 Time(s)
       /users/sign_in: 1 Time(s)
       V\x1D\xC7\x06q\xAA\xB2\x0C\xF9\xA5\xCD\x12 ... 88:SY\xA46\xDBp: 1 Time(s)
       \xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s)
       http://110.242.68.4/: 1 Time(s)
    404 Not Found
       /Telerik.Web.UI.WebResource.axd?type=rau: 2 Time(s)
       /actuator/health: 2 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 2 Time(s)
       //sitemap.xml: 1 Time(s)
       /ab2g: 1 Time(s)
       /autodiscover/autodiscover.json?a=a@edu.ed ... s/exchange.asmx: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /plugins/jqueryui/js/jquery-ui.min.js?s=1640816963: 1 Time(s)
       /program/js/app.min.js?s=1640816963: 1 Time(s)
       /program/js/common.min.js?s=1640816963: 1 Time(s)
       /program/js/jquery.min.js?s=1640817055: 1 Time(s)
       /program/js/jstz.min.js?s=1640817055: 1 Time(s)
       /remote/login: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /skins/elastic/deps/bootstrap.bundle.min.js?s=1640817073: 1 Time(s)
       /skins/elastic/images/favicon.ico?s=1640816963: 1 Time(s)
       /skins/elastic/ui.min.js?s=1640816963: 1 Time(s)
    499 (undefined)
       /Microsoft-Server-ActiveSync?jRIJBBBOaW5lQ ... XBZb3VycwcBAA==: 10 Time(s)
 
 ---------------------- httpd End ------------------------- 

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Additional Logging Logwatch Daily Logs

This is how i use it:

I dun use logwatch as a cron from a user, but as a system wide cronjob

under /etc/cron.daily/00logwatch i have the follwoing script:

#!/bin/bash

#Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0

#execute
#/usr/sbin/logwatch --output mail
/usr/sbin/logwatch --detail high --format html --mailto root

this script is run everyday at 00:45 and sends me a detailed report in HTML format to the root account which then is forwarded to my main administrator email, if you wish another mail, you can use mail@domain.tld instead of root without any problems