Where can I find mail related logs? (/var/log/mail.log is empty)
81 views
Skip to first unread message
bug...@gmail.com
Mar 24, 2015, 10:07:59 AM3/24/15
to securit...@googlegroups.com
Hi,
On a fresh Security Onion install, I am trying to see system logs related to sending/receiving email. I have ELSA enabled.
The problem is that the following files is always empty, not matter what I do with "mail":
/var/log/mail.*
Is this because I have ELSA enabled?
I checked and can confirm the following service is running (service name status)
syslog-ng
I suspect this is normal behaviour? since I am using ELSA?
Could someone please let me know what query I need to enter in ELSA to see logs related to mail activities?
If I wanted to enable (and maybe duplicate) logs to /var/log/mail.*, I guess I would have to edit the /etc/syslog-ng/syslog-ng.conf
but wanted to check if that information is already available somewhere! :)
Cheers,
Bugs.
On a fresh Security Onion install, I am trying to see system logs related to sending/receiving email. I have ELSA enabled.
The problem is that the following files is always empty, not matter what I do with "mail":
/var/log/mail.*
Is this because I have ELSA enabled?
I checked and can confirm the following service is running (service name status)
syslog-ng
I suspect this is normal behaviour? since I am using ELSA?
Could someone please let me know what query I need to enter in ELSA to see logs related to mail activities?
If I wanted to enable (and maybe duplicate) logs to /var/log/mail.*, I guess I would have to edit the /etc/syslog-ng/syslog-ng.conf
but wanted to check if that information is already available somewhere! :)
Cheers,
Bugs.
Doug Burks
Mar 24, 2015, 10:17:11 AM3/24/15
to securit...@googlegroups.com
Hi Bugs,
Yes, this is because you have ELSA enabled. Go to the ELSA query
menu, click Host Logs, and then click "Syslog-NG (Program)" and see if
your mail logs are listed there.
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Yes, this is because you have ELSA enabled. Go to the ELSA query
menu, click Host Logs, and then click "Syslog-NG (Program)" and see if
your mail logs are listed there.
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
bug...@gmail.com
Mar 24, 2015, 10:21:48 AM3/24/15
to securit...@googlegroups.com
There it is! thanks Doug!
I went straight to the "SMTP logs" and did not notice the "Host Logs"... even if the name was really giving it away! ;)
Cheers,
Bugs.
I went straight to the "SMTP logs" and did not notice the "Host Logs"... even if the name was really giving it away! ;)
Cheers,
Bugs.
Jim Solderitsch
Mar 24, 2015, 9:01:00 PM3/24/15
to securit...@googlegroups.com
Ah...
Thanks for this. Now I can see my raw arpwatch records in the Syslog-NG (program) list.
Jim
Thanks for this. Now I can see my raw arpwatch records in the Syslog-NG (program) list.
Jim
Reply all
Reply to author
Forward
0 new messages