Where do the log files hide?

Discussion in 'General' started by tmdg, Mar 26, 2007.

  1. tmdg

    tmdg New Member

    Hi,

    I am new to ISPConfig. So please forgive me me if this is in the Documentation, but I can't find the answer.

    I used to the system rotating the logfiles with logrotate in Red Hat and Fedora distros.
    where each week the logs are rotated. i.e.
    maillog.3 becomes maillog.4
    maillog.2 becomes maillog.3
    maillog.1 becomes maillog.2
    maillog ecomes maillog.1
    I'm running ISPConfig on FC5.

    I wanted to review the maillogs earlier and found that each day around midnight ispconfig runs a script to process the log files. In the process maillog gets truncated.

    Just now I wanted to look in to how some spam made it though my antispam setup around 14:00 but since I didn't look untill after 24:00 the information was not there.

    Is it gone for ever? I hope not.

    TIA

    Regards,
    Tom.
     
    Last edited: Apr 1, 2007
  2. Hans

    Hans Moderator ISPConfig Developer

    The ISPConfig logfile is located /home/admispconfig/ispconfig/ispconfig.log
    The other system logfiles normally are located in /var/log folder.
     
  3. tmdg

    tmdg New Member

    The log file /home/admispconfig/ispconfig/ispconfig.log only tells me what has happening in ispconfig.

    /var/log is missing loads of information.
    Code:
    # cd /var/log
    # ll maillog*
    -rw------- 1 root root 237147 Mar 26 08:57 maillog
    -rw------- 1 root root 215827 Mar 25 04:44 maillog.1
    -rw------- 1 root root 131071 Mar 18 04:43 maillog.2
    -rw------- 1 root root    841 Mar 11 04:43 maillog.3
    -rw------- 1 root root    728 Mar  4 04:43 maillog.4
    
    The first entry in maillog.1 is time stamped Mar 24 23:58:28
    The last entry in maillog.1 is time stamped Mar 25 04:44:01
    The first entry in maillog is time stamped Mar 25 23:59:03
    The last entry is maillog is time stamped Mar 26 09:01

    So where are all the log messages from Mar 25 04:44:01 to Mar 25 23:59:03?

    Tom.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    ISPConfig makes a copy of the log, and then it processes the copy, so the original isn't changed.
     
  5. tmdg

    tmdg New Member

    Well something is turncating the file. I'll do more digging when time permits.

    Tom.
     
    Last edited: Apr 1, 2007
  6. tmdg

    tmdg New Member

    Well I belive that ispconfig IS truncating the mail logs may be others too.

    If it's not what is the point of the "Save Log" check box in
    Managment -> Server -> Settings -> Email

    I'm not on the latest and greatest ISPConfig but it's only a few releases out of date.

    The script /root/ispconfig/scripts/shell/mail_logs.php has no revision information in it.
    However,

    Line 53:-
    Code:
    $mod->log->caselog("cp -f $dist_mail_log $dist_mail_log.$datum", $FILE, __LINE__);
    if($server["server_mail_log_save"]){
      $mod->log->caselog("touch $dist_mail_log.ispconfigsave", $FILE, __LINE__);
      $mod->log->caselog("cat $dist_mail_log >> $dist_mail_log.ispconfigsave", $FILE, __LINE__);
    }
    
    $fp = fopen($dist_mail_log, "w");
    fwrite($fp, "");
    fclose($fp);
    
    Makes a copy of the log. Posibly save a copy of the log. Then Truncates the log.

    In Fedora and other Red Hat distros the log rotate happens at 04:00 on Sunday of each week or at 04:00 each day.

    So assuming you don't change any thing you ISPConfig Looses the logs from Midnight to 04:00 each sunday. If like my you change the log rotate to daily then you loose the first 4 hours everyday.

    Is there any point in me modifiing the mail_logs.php to handle this better?

    T.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    This is something totally different. As Falko posted above, ISPConfig works on a copy of the mail log and this function will archive this copy besides your normally rotated logfile.

    No. It copies the logfile, the touch command is executed on the ispconfig logfile version and NOT on your normal linux logfile.

    This is not a problem with the PHP script. Just make sure that the ISPConfig script is called right before the logrotate script.
     
  8. tmdg

    tmdg New Member

    Sorry I don't agree.

    I've commented the code as I read it.
    Code:
    /*   FIrst copy /var/log/maillog to  /var/log/maillog.DATEandTIMEofRUN  */
    $mod->log->caselog("cp -f $dist_mail_log $dist_mail_log.$datum", $FILE, __LINE__);
    
    /*  If required make a copy of the log file  in /var/log/maillog.ispconfigsave */
    if($server["server_mail_log_save"]){
      $mod->log->caselog("touch $dist_mail_log.ispconfigsave", $FILE, __LINE__);
      $mod->log->caselog("cat $dist_mail_log >> $dist_mail_log.ispconfigsave", $FILE, __LINE__);
    }
    
    /* Please tell me this does not truncate the original log file */
    $fp = fopen($dist_mail_log, "w");
    fwrite($fp, "");
    fclose($fp);
    
    The man page for fopen is quite clear on this matter. The "w" in the mode argument is. :-
    From man fopen
    Code:
     w      Truncate  file  to  zero length or create text file for writing.
                  The stream is positioned at the beginning of the file.
    
    Regards,
    Tom.
     

Share This Page