Hey Guys,
I have used server admin to set imap logging to "critical". I would
expect that to mean that normal login attempts would not be logged.
However, I noticed that /var/log/system.log is still getting hit with
logon
entries:
---------
Jan 31 10:19:41 mx imap[4388]: login: sq.morningside.edu [192.168.0.55]
bsm001 plaintext User logged in
Jan 31 10:19:41 mx imap[9967]: login: sq.morningside.edu [192.168.0.55]
wat001 plaintext User logged in
--------
Also, /var/log/asl.log is also getting logon entries:
--------
[Time 2006.01.31 16:27:49 UTC] [Facility local6] [Sender imap] [PID 1812]
[Message login: sq.morningside.edu [192.168.0.55\] goode plaintext User
logged in] [Level 5] [UID -2] [GID -2] [Host mx]
[Time 2006.01.31 16:27:49 UTC] [Facility local6] [Sender imap] [PID 9041]
[Message login: sq.morningside.edu [192.168.0.55\] wells plaintext User
logged in] [Level 5] [UID -2] [GID -2] [Host mx]
--------
Here is my imapd.conf:
-----------------------------
admins: cyrusimap
configdirectory: /var/imap
partition-default: /var/spool/imap
unixhierarchysep: yes
altnamespace: yes
servername: mx.morningside.edu
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
lmtp_downcase_rcpt: 1
tls_cert_file: /etc/certificates/imap.morningside.edu.crt
log_rolling_days: 1
imap_auth_login: yes
tls_server_options: use
tls_common_name: imap.morningside.edu
log_rolling_days_enabled: true
enable_quota_warnings: yes
lmtp_over_quota_perm_failure: yes
tls_key_file: /etc/certificates/imap.morningside.edu.key
imap_auth_plain: yes
-------------
Contents of /etc/syslog.conf:
-------------
*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit
/dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit
/var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this
line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit
/dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.crit /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
*.emerg *
local6.crit /var/log/mailaccess.log
----------------
Is this the right behavior? If not, can I change it manually, and what
would be the best way to do that?
>From the [Facility local6] lines I see in asl.conf, I suspect I could add
local6.crit /var/log/mailaccess.log
to imapd.conf.
Am I close? I have no need to see all of these login attempts right now,
so it would be nice to take them off of the system's shoulders.
Thanks in advance,
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
