Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 28154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where are smtp log in XG Firewall (in console shell mode)?

FabriceBO

Hi evebody,

Where are smtp log in XG Firewall (in console shell mode)?

There is no /var/log/smtp.log like UTM.



This thread was automatically locked due to age.
  • 0
    Fabrice,

    use Log viewer from GUI or you can have a look at folder /var/tslog and check which file is used for SMTP traffic.
    I do not own an SMTP server at home so let us know if you find the file.

    Luk
  • 0 in reply to lferrara

    The Log Viewer in the GUI will give you the status of a message, like the UTM 9 Mail Log does - with no detail.  I did check the /var/tslog folder on the console for an smtp.log - no luck.  Plenty of logs in there, but not that one, nor one I see that looks like it could be that log where I need to look up details from the recipient server to see why it refused a message that was sent to a valid email address, even though the public IP we're using to send out mail isn't on any RBLs and has an rDNS and fits the SPF record for the domain.

     

    here's the file list for the /var/tslog folder:

    drwxr-xr-x 2 root 0 4096 Aug 1 15:58 .
    drwxr-xr-x 24 root 0 4096 Aug 10 09:47 ..
    -rw-r--r-- 1 root 0 1767 Apr 3 14:57 Arch85_Arch241.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 VPN.log
    -rw-r--r-- 1 root 0 27750788 Aug 10 11:02 WINGc.log
    -rw-r--r-- 1 root 0 991846 Aug 10 11:07 access_server.log
    -rw-r--r-- 1 root 0 19146 Jul 10 09:23 apache.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 apiparser.log
    -rw-r--r-- 1 root 0 14581003 Aug 10 11:11 applog.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 av.log
    -rw-r--r-- 1 root 0 19282015 Aug 10 11:18 avd.log
    -rw------- 1 root 0 20977955 Aug 7 10:44 avd.log.0
    -rw-r--r-- 1 root 0 93630700 Aug 10 11:18 awarrenhttp.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 awarrenhttp_access.log
    -rw-r--r-- 1 root 0 12385761 Aug 10 11:16 awarrenmta.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 awarrensmtp.log
    -rw-r--r-- 1 root 0 9053897 Aug 10 11:18 awed.log
    -rw------- 1 root 0 16777265 Aug 5 13:52 awed.log.0
    -rw-r--r-- 1 root 0 2050 Jul 10 09:23 bgpd.log
    -rw-r--r-- 1 root 0 1416 Jul 10 09:22 bwm.log
    -rw-r--r-- 1 root 0 928 Jul 10 09:23 clientless_access.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 crreportdb.log
    -rw-r--r-- 1 root 0 89862906 Aug 10 11:18 csc.log
    -rw-r--r-- 1 root 0 107206 Aug 2 04:17 cschelper.log
    -rw-r--r-- 1 root 0 154616 Aug 8 17:23 ctasd.log
    -rw-r--r-- 1 root 0 645740 Aug 10 10:24 ctipd.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 ctsyncd.log
    -rw-r--r-- 1 root 0 7184 Jul 10 09:22 ddc.log
    -rw-r--r-- 1 root 0 11278140 Aug 10 11:18 dgd.log
    -rw------- 1 root 0 50331877 Jul 28 09:04 dgd.log.0
    -rw-r--r-- 1 root 0 52479 Aug 10 09:50 dhcpd.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 dhcpd6.log
    -rw-r--r-- 1 root 0 102621 Aug 10 10:24 dnsd.log
    -rw-r--r-- 1 root 0 147198 Aug 10 11:09 dropbear.log
    -rw-r--r-- 1 root 0 76645 Aug 10 10:58 error_log.log
    -rw-r--r-- 1 root 0 272 Jul 10 09:23 firewall_rule.log
    -rw-r--r-- 1 root 0 315016 Aug 10 10:56 fqdnd.log
    -rw-r--r-- 1 root 0 0 Aug 1 15:58 fqdndebug.log
    -rw-r--r-- 1 root 0 71238 Aug 3 12:49 ftpproxy.log
    -rw-r--r-- 1 root 0 603 Jul 10 09:23 fwlog.log
    -rw-r--r-- 1 root 0 94111987 Aug 10 11:18 garner.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 hbtrust.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 heartbeatd.log
    -rw-r--r-- 1 root 0 1205869 Aug 10 08:00 hostapd.log
    -rw------- 1 root 0 4194314 Jul 11 16:30 hostapd.log.0
    -rw-r--r-- 1 root 0 82124 May 24 06:31 hotspotd.log
    -rw-r--r-- 1 root 0 1076 Jul 10 09:23 hwaccel.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 hwmon.log
    -rw-r--r-- 1 root 0 8334 Jul 10 09:22 improxy.log
    -rw-r--r-- 1 root 0 27586116 Aug 10 10:00 ips.log
    -rw-r--r-- 1 root 0 86586839 Aug 10 11:18 ipsec.log
    -rw------- 1 root 0 100663551 Jul 10 05:09 ipsec.log.0
    -rw-r--r-- 1 root 0 93898 Jul 27 10:39 ipsec_Arch85_Arch241.log
    -rw-r--r-- 1 root 0 12493 Jun 21 14:53 ipsec_Nutmeg_Lab.log
    -rw-r--r-- 1 root 0 27658334 Aug 10 11:03 iview.log
    -rw------- 1 root 0 33580016 Jul 28 00:06 iview.log.0
    -rw-r--r-- 1 root 0 0 Oct 20 2016 l2tpd.log
    -rw-r--r-- 1 root 0 29068 Aug 7 09:48 lcd.log
    -rw-r--r-- 1 root 0 315490 Aug 10 09:26 licensing.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 mdev.log
    -rw-r--r-- 1 root 0 12777 May 24 06:34 migration.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 mrouting.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 msync.log
    -rw-r--r-- 1 root 0 17404 Aug 7 09:51 nasm.log
    -rw-r--r-- 1 root 0 465740 Aug 7 09:52 networkd.log
    -rw-r--r-- 1 root 0 223805 Aug 10 10:35 ntpclient.log
    -rw------- 1 root 0 715 Aug 10 11:18 openvpn-status.log
    -rw-r--r-- 1 root 0 1328 Jul 10 09:23 ospfd.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 pimd.log
    -rw-r--r-- 1 root 0 3715 Aug 10 11:01 pktcapd.log
    -rw-r--r-- 1 root 0 39378 Jul 25 09:59 postgres.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 pptpvpn.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 radvd.log
    -rw-r--r-- 1 root 0 512 Aug 10 11:07 readobject.log
    -rw-r--r-- 1 root 0 0 Oct 20 2016 red.log
    -rw-r--r-- 1 root 0 840 Jul 19 17:39 regen_client_bundle.log
    -rw-r--r-- 1 root 0 92852 Aug 10 09:41 reportdb.log
    -rw-r--r-- 1 root 0 7063 Jul 10 09:33 reportmigration.log
    -rw-r--r-- 1 root 0 60473 Jul 27 13:40 reverseproxy.log
    -rw-r--r-- 1 root 0 6186 Aug 7 09:47 ripd.log
    -rw-r--r-- 1 root 0 408 Jul 10 09:23 sandbox_reportd.log
    -rw-r--r-- 1 root 0 706 Jul 10 09:23 sandboxd.log
    -rw-r--r-- 1 root 0 4692 Aug 10 09:45 sig_upgrade.log
    -rw-r--r-- 1 root 0 20035 Aug 10 09:41 sigdb.log
    -rw-r--r-- 1 root 0 11917 May 24 06:34 sigmigration.log
    -rw-r--r-- 1 root 0 17260 Jul 20 16:47 skein.log
    -rw-r--r-- 1 root 0 5343 Jul 10 09:23 smbnetfs.log
    -rw-r--r-- 1 root 0 6217982 Aug 10 11:18 sslvpn.log
    -rw-r--r-- 1 root 0 46224 Jul 10 09:20 sysinit.log
    -rw-r--r-- 1 root 0 103846519 Aug 10 11:18 syslog.log
    -rw-r--r-- 1 root 0 268435498 Jul 12 22:31 syslog.log.0
    -rw-r--r-- 1 root 0 155858 Aug 9 23:58 tmclient.log
    -rw-r--r-- 1 root 0 2100130 Aug 10 11:08 tomcat.log
    -rw-r--r-- 1 root 0 25789787 Aug 10 10:52 u2d.log
    -rw-r--r-- 1 root 0 5492 Aug 8 16:06 uma.log
    -rw-r--r-- 1 root 0 800025 Aug 10 09:47 up2date_av.log
    -rw-r--r-- 1 root 0 0 Jul 20 10:27 validation.log
    -rw-r--r-- 1 root 0 783564 Aug 10 10:58 validationError.log
    -rw------- 1 root 0 5249628 Aug 9 11:53 validationError.log.0
    -rw-r--r-- 1 root 0 0 Oct 20 2016 vhost.log
    -rw-r--r-- 1 root 0 6127 Aug 4 17:03 vpncertificate.log
    -rw-r--r-- 1 root 0 6283 Aug 4 17:00 waf_timer.log
    -rw-r--r-- 1 root 0 124738 Aug 1 15:48 warren.log
    -rw-r--r-- 1 root 0 1920847 Aug 10 11:11 wc_remote.log
    -rw------- 1 root 0 20979519 Aug 10 07:20 wc_remote.log.0
    -rw-r--r-- 1 root 0 0 Oct 20 2016 wifiauth.log
    -rw-r--r-- 1 root 0 3067 Jul 10 09:23 zebra.log

  • 0 in reply to Chris Shipley

    I submitted a support request and learned a few things.  The logs we are looking for are in /log accessed via the SSH Shell for:

    5. Device Management

    sub menu: 3. Advanced Shell

    cd /log

    awarrensmtp.log (if you are in smtp proxy mode - i suspect, mine is empty)

    awarrenmta.log (if you are in MTA mode)

    You may need to Enable Debug Mode (not truly sure how at the moment) to really get deep info.  The support agent was on the phone with me for an hour an unable to show why the system failed sending.  There is no apparent way to download via a console interface :(

  • +1 in reply to Chris Shipley

    Chris,

    this is an old thread but thanks for updating it. On other thread I shared how to view smtp logs (MTA and Legacy) using advanced shell.

    As you said,

    awarrensmtp.log are log used to store smtp logs when XG is deployed in legacy mode, while awarrenmta.log stores smtp logs when XG acts in MTA mode.

    In order to enable debugging on services use the following command:

    service awarrensmtp:debug -dsnosync

    again to disable the debug.

    To list all the services use the command: service -S

    Regards

  • 0 in reply to lferrara

    Thanks so much.  I never found your other thread regardless of the search I did.  I wonder if its only searching titles and not content.

  • 0 in reply to Chris Shipley

    You are welcome. Searching on community does not return all the expected result. I am using my memory to remember same thread.

    [;)]