Logs

Message log

This is where you view your message logs.

Email clients must send out using the submission (587) or SMTPS (465) ports for Warden to be able to log it as an outgoing message. If a message is sent out port 25 then it will logged as being relayed.

Column Description
Created The date and time that the entry was created.
Sender The From: address.
Recipient The final destination from the To: address.
Client addr The last relay client IP address.
Subject The subject line of the message.
Content The content type of the message. (spam,spammy,virus,banned file,bad header,clean,bad mime,oversized,mta error,unchecked,unknown)
Delivery The delivery status of the message (pass,reject,bounce,discard,tempfail)
Size The size of the mesage.
Spam level The spam score for the message from SpamAssassin.
Direction The direction of the message (incoming,outgoing,internal,relay)
Flag The country flag of the last relay client IP address.

Data source: database

Filter Log

This is where you view your content filter logs.

Warden uses a verbose logging template for Amavis. If you process a lot of email and would like your logging to be less verbose edit (RHEL/Centos/CloudLinux/AlmaLinux) /etc/amavisd/warden.conf or (Debian / Ubuntu) /etc/amavis/conf.d/99-warden and change $log_templ = $log_verbose_templ; to $log_templ = $log_short_templ;

Column Description
Created The date and time that the entry was created.
Amavis ID The ID assigned by the Amavis content filter.
Message The message content.

Data source: /var/log/maillog or /var/log/amavisd.log

Mail Log

The mail raw log area lists the raw postfix logs.

Column Description
Created The date and time that the entry was created.
Service The name of the service that generated the entry.
mesage The log message.

Data source: /var/log/maillog

Reject Log

The mail rejection log area lists emails that were rejected by postfix.

Column Description
Created The date and time that the entry was created.
Queue ID The postfix queue ID of the message.
Sender The message sender.
Recipient The message recipient.
Message The message returned by postfix.
Proto The protocol that was used to connect.
Helo The SMTP "HELO" command that the connecting server issued.

Data source: /var/log/maillog

POP3/IMAP Log

The POP3/IMAP log area list all IMAP and POP3 connections from clients trying to check their incoming email.

Column Description
Created The date and time that the entry was created.
Message The message returned from postfix.
Protocol The protocol that was used to connect (IMAP or POP3)
User The username the client was using to authenticated with.
Client IP The IP address of the connecting email client.
Location The geolocation of the client IP address.
Flag The country flag of the client IP address.

Data source: /var/log/maillog

SMTP Auth Log

The SMTP Auth log area list all SMTP connections from clients sending outgoing email.

Column Description
Created The date and time that the entry was created.
Message The message or queue ID returned from postfix.
Method The SMTP authentication method.
Client IP The IP address of the connecting email client.
Client rDNS The reverse DNS of the client IP.
Location The geolocation of the client IP address.
Flag The country flag of the client IP address.

Data source: /var/log/maillog

Anti-virus Log

The AV log area lists the information from the ClamAV daemon log.

Column Description
ID The search result of the entry.
Created The date and time that the entry was created.
Message The log message.

Data source: /var/log/clamd.scan

Signature Log

The AV Signature Log area lists the information from the freshclam signature update log.

Column Description
ID The search result of the entry.
Created The date and time that the entry was created.
Message The log message.

Data source: /var/log/freshclam.log

Rule Log

The rule Log area lists the information from the anti-spam rule update log.

Column Description
Created The date and time that the entry was created.
PID The process ID of the entry.
Message The log message.

Data source: /var/log/sa-update.log

Action Log

The action logs area records all actions that are performed through the web interface.

Column Description
ID The database ID of the entry.
Created The date and time that the entry was created.
Action The action that the user performed through the web interface.
Login The username that the user was logged in as.
Role The group that the use was a part of.
IP Address The IP address of the user.

Data source: database

Application Log

The application logs area records all error and debug information of the web interface.

Column Description
ID The database ID of the entry.
Created The date and time that the entry was created.
Message The message (usually an exception).
Level The log level of the entry (0-8).

Data source: database