Output Files - monozoide/MailLogSentinel GitHub Wiki

MailLogSentinel generates and utilizes the following key files during its operation:

  • CSV Data File: maillogsentinel.csv

    • Location: This file is stored in the directory specified by the working_dir setting in your maillogsentinel.conf file.
    • Purpose: This is the primary data output, containing a chronological record of all detected SASL authentication attempts. Each new attempt found during log processing is appended as a new row.
    • Columns:
      1. server: The hostname of the server as it appears in the log entry (e.g., mailserver01).
      2. date: The date and time of the authentication attempt, formatted as DD/MM/YYYY HH:MM.
      3. ip: The source IP address from which the authentication attempt originated.
      4. user: The username that was attempted during the login process.
      5. hostname: The result of the reverse DNS lookup for the source IP address. If the lookup fails or is not available, this field will contain "null".
      6. reverse_dns_status: Provides the status of the reverse DNS lookup. Common values include "OK" (successful lookup), "Timeout", "Errno -2 (Name or service not known)" (common for IPs without a PTR record), or "Failed (Unknown)".
      7. country_code: to identify countries
      8. asn: Autonomous System Number
      9. aso: Autonomous System Organization
    • Example Row (Illustrative): 
      mail.example.com;23/10/2023 14:35;198.51.100.123;admin;host.attacker.net;OK;CN;China Mobile;9808

  • Application Log File: maillogsentinel.log

    • Location: Also stored in the working_dir specified in the configuration.
    • Purpose: This file contains operational logs generated by the MailLogSentinel script itself. It includes messages about script startup and shutdown, which log files are being processed, any errors encountered during normal operation (e.g., DNS lookup issues, file permission problems if not related to setup), DNS cache status messages, and information about report generation. The level of detail in this log is determined by the log_level setting in maillogsentinel.conf.
    • Rotation: This log file is configured to automatically rotate when it reaches approximately 1MB in size. Up to 5 backup log files (e.g., maillogsentinel.log.1, maillogsentinel.log.2) are kept.

  • Setup Log File: maillogsentinel_setup.log

    • Location: This file is created in the current working directory from which the maillogsentinel --setup command is executed.
    • Purpose: It serves as a complete transcript of the interactive setup session. This includes all prompts shown to the user, the configuration values they selected or confirmed (user inputs like passwords are not logged if they were part of setup, though the current setup doesn't ask for them directly), and the full text of any example Systemd unit files that were generated. This log is very useful for reviewing the setup choices made and for troubleshooting the setup process itself.