Skip to main content

Log configuration and analysis

Configure logs with LogBack

Default configuration files are located in the directory /usr/share/bm-conf/logs/:

  • bm-cli.log.xml
  • bm-core-audit.log.xml
  • bm-core.log.xml
  • bm-eas.log.xml
  • bm-milter.log.xml
  • bm-node.log.xml
  • bm-pimp.log.xml
  • bm-tika.log.xml
  • bm-webserver.log.xml
  • bm-ysnp.log.xml

To edit them, copy the file to /etc/bm/local and edit the copy.

Example of configuration:

<appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender">
  <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender -->
  <File>/var/log/bm/core.log</File>
  <encoder>
    <pattern>%d [%thread] %c{1} %p - %m\n</pattern>
  </encoder>
  <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
    <maxIndex>20</maxIndex>
    <FileNamePattern>/var/log/bm/core.log.%i.gz</FileNamePattern>
  </rollingPolicy>
  <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
    <MaxFileSize>60000KB</MaxFileSize>
  </triggeringPolicy>
</appender

The example above, about the mail log file core.log, is used to keep 20 log files of 60MB each maximum.

For more information about configuration, please visit the Log4j website or this documentation: https://logback.qos.ch/manual/appenders.html#RollingFileAppender

Analyzing logs with Auditlog

Auditlog is a log analysis tool.

The Auditlog feature allows you to obtain information about changes made to certain BlueMind entities. User operations can be saved and viewed via CLI.

All information considered relevant is saved. These vary from one entity to another:

  • For a mail: operations to move a folder to another or delete it
  • For a calendar event: any change. For example, a change of venue will create a new entry in the database, with an email indicating the changes made
  • User login actions
  • Actions to obtain/revoke user rights to calendars, mail folders, etc.
retention time

For performance reasons, the hard log retention is limited to 3 days.

CLI command

To run the analysis, use the bm-cli auditlog get command, specifying the log type and domain (with iud or an alias).

To refine your search, you can add the following options to your command:

  • --after: a date in yyyy-MM-dd format, to search for items after this date

  • --before: a date in yyyy-MM-dd format, to search for items predating this date

  • --container-id: a container id or --container-uid: a container uid

    The container-id and container-uid options are exclusive; using both options at the same time will result in an error.

  • --item-id: an item id or --item-uid: an item uid

    The item-id and item-uid options are exclusive; using both options at the same time will result in an error.

Examples:

⟹ To obtain changes made to a calendar event
⟹ To obtain information about a login

Find out more

Last updated on