The Logs section and its use is described in the manual.
Tools for log configuration can be found in the context menu (right-click inside any log window):
The Save log option enables saving of the entire log or its selected part in a file on the disk.
The dialog options are as follows:
Format — the log may be saved as in plain text (TXT) or in hypertext (HTML). If the log is saved in HTML, the encoding and colors (where highlighting was used) will be saved. If it is expected that the log would be processed by a script, it might be better to save it in plain text.
Source — the option enables saving of the entire log or a selected part of the text.
Option Only selection is active only when a part of the text in the log is selected by the pointer. The selected text can be saved in a separate file.
Kerio Connect enables to highlight any part of text in logs. This function is used for better reference.
Click Highlighting to open a dialog box where highlighting can be added, changed and removed. If you add new highlighting, you can set the following parameters:
Description — description used for better reference.
Condition — every line containing the substring specified will be highlighted according to the parameters set in this dialog.
If Treat as regular expression is enabled, any regular expression can be entered.
Regular expressions are special POSIX expression for a string description. They are created by various flexible patterns that are compared with strings.
Button duplicates an item in the list.
— select a color used for the highlighting.
Every highlighting is applied to all log types. All lines meeting the condition are highlighted.
Select this option to open the Log debug dialog where you can set parameters for clearing or saving logs.
The File Logging tab
Enable logging to file — enables logging to a specified file. Use the File name entry to specify a path where logs will be saved.
Rotate regularly— select one of the following options:
Every hour — log is saved once an hour and a new log file is started.
Every day — log is rotated once a 24 hours.
Every week — log is rotated once a week.
Every month — log is rotated once a month.
Rotate when file exceeds size — set maximum log file size (in KBs) in Max log file size.
Number of rotated log files to keep — define how many log files will be stored. The oldest file will be cleared after each rotation.
The External Logging tab
Open the External Logging dialog to set logging to a Syslog server or to a file. The three options can be combined.
Enable Syslog logging — use this option to enable logging to a Syslog server
Syslog server — DNS name or IP address of the particular Syslog server.
Facility — this entry helps Kerio Connect recognize where a log came from (Syslog server can receive logs from various sources).
Severity — set how important the log is (Syslog enables filtering of logs with respect to their severity).
Clears the log window (information is also removed from the appropriate file).
This option enables the administrator to define advanced settings for information that will be monitored. You can find this option in a context menu in the Debug section. Other details are hereinafter explained.
Apart from the context menu options, each log window offers a possibility to search strings in the logs. Search field is in the top right corner of each window.
The config log stores the complete history of communication between Kerio Administration Console and Kerio Connect Engine. It is possible to determine what administration tasks were performed by a specific user.
Debug log is a special log which can be used to monitor certain kinds of information, This is especially useful for problem-solving. As default, it displays information relating to starting and stopping of Kerio Connect, lists the services and the addresses and ports used for connection. Other information relates to services and processes used to operate the server.
The other information describe services and processes which handle the server. Too much information could be confusing and impractical if displayed all at the same time. Usually, you only need to display information relating to a particular service or function.
In addition, displaying too much information slows Kerio Connect's performance. We recommend that you only display information that you are interested in and only when necessary.
For the above reasons the debug log allows you to define what information it will display. This can be done using the option in the context menu of the Debug window.
The Services section allow logging any information associated with services started in Kerio Connect:
SMTP Server — detailed information about communication between clients and the SMTP server. This log can be helpful when you experience problems with MX records.
IMAP Server — detailed information about communication between clients and the IMAP server. This log also gives information about communication through MAPI interface which is used by Kerio Outlook Connector.
POP3 Server — detailed information about communication between clients and the POP3 server. Together with IMAP server session and HTTP server session) helps to solve problems with retrieving email from the mailboxes.
IMAP Server — communication between clients and the HTTP server for the Kerio WebMail interface.
LDAP Server — detailed monitoring of communication between clients and the LDAP server, and search for contacts in the database.
NNTP Server — detailed information about communication between clients and the news server.
The Message Delivery section provides options for logging while message delivery is in progress:
Queue Processing — processing of the Mail Queue (sending and receiving messages, re-scheduling, etc.)
Remote POP3 Download — retrieval of remote POP3 mailboxes (Kerio Connect in the role of a POP3 client) and sorting rules (when a message is received or downloaded from a remote POP3 mailbox). The Remote POP3 download log together with Alias Expansion can be helpful when you experience problems with domain mailbox.
SMTP Client — sending outgoing mail (communication between Kerio Connect and the relay SMTP server or the target domain's server). The log includes commands and responses of the client and the server ordered by time when individual events happened. Therefore, this log can be very helpful for resolving problems regarding email sending.
Mailing List Processing — mailing lists monitoring (logins, logouts, message sending, moderators performance, etc.).
Alias Expansion — processing of aliases (during reception of a message or its download from a remote POP3 mailbox). The Alias Expansion log is used together with Remote POP3 download to solve problems with domain mailbox sorting.
Sieve Filters — filtering messages according to user filters.
The Content Filters section includes options for enabling/disabling logs tracing antivirus and antispam control:
Antivirus Checking — communication with the antivirus program, processing of individual message attachments. This log can be used if the infected messages are not detected by an antivirus program and are delivered to users.
Spam Filter — the option logs spam rating of each message which has passed through the Kerio Connect's antispam filter.
SPF Record Lookup — the option gathers information of SPF queries sent to SMTP servers. It can be used for solving problems with SPF check.
SpamAssassin Processing — the option enables tracing of processes occurred during SpamAssassin antispam tests.
The Message Store section enables logging of operations associated with data store, searching, backups, etc.:
Message Folder Operations — operations with user and public folders (opening, saving messages, closing).
This log can be used for example to resolve problems regarding mapping of public folders.
Searching and Sorting — this log includes operations that server performs while searching in email, calendars, contacts and tasks folders. Also operations performed during sorting (e.g. alphabetical sorting of email messages, sorting by date of reception, etc.) are logged.
Quota and Login Statistics— the log may be helpful especially where a problem regarding user quotas and related issues occurs.
Store Backup — the report lists the backup process, browsing and backing up of all folders. Use this report to be sure if the backup process is correct and if it was not interrupted.
Messages decoding — this log may be helpful where problems regarding decoding of TNEF or uuencode messages occur.
Items clean-out — this log helps scrutinize issues regarding automatic clean out of messages in the Junk E-Mail and Deleted Items folders.
The HTTP Server Modules provides options that enable logging information regarding traffic over an HTTP interface:
WebDAV Server Requests — the log lists all operations related to the WebDAV interface. It is useful especially for solving communication issues between Kerio Connect and MS Entourage, NotifyLink, Kerio Sync Connector and iCal clients.
SyncML Synchronization — this option allows to save log of all synchronization processes performed with SyncML.
PHP Engine Messages — the log gathers information related to the Kerio WebMail interface. This information is an extension to the Error log and it can be used for troubleshooting of Kerio WebMail issues.
ActiveSync Synchronization — this log lists ActiveSync traffic performed between mobile devices and Kerio Connect.
KOC Offline Requests — this log helps shoot down issues that might occur in communication between the Kerio Outlook Connector (Offline Edition) and Kerio Connect.
Kerio Blackberry Connector — the log can help identify Kerio Blackberry Connector problems.
The Auxiliary Modules section provides the following logging options:
User Authentication — external authentication of users (NT domain, Kerberos, PAM)
Network Connections and SSL — establishing connections to remote servers (on the TCP level), DNS requests, SSL encrypting, etc.
DNS Resolver— finding target domain SMTP servers through DNS MX record lookup
Directory Service Lookup — queries to the external user database (Active Directory). This log can be used in case of problems with import of users from local domains.
Update Checker Activity — monitors communication with the update.kerio.com server where new versions of Kerio Connect are stored.
Thread Pool Activity — describes establishing, progress and closing of any threads processed by Kerio Connect.
Administration Console Connections — logs connections and activity of the Kerio Administration Console.
Domain rename — the log records events associated with domain renaming processes.
The Local Services section controls local services of Kerio Connect:
Service Manager — it can help you target local services in general (message queue, resource scheduling issues, etc.).
Resource Service — it helps you target resource scheduling issues.
GAL Service — this option may help you shoot down issues regarding contact synchronization with the Global Address List.
Distributed Domain Service — allows recording of all operations associated with the distributed domain.
The error log displays serious errors that affect the functionality of the entire firewall. The Kerio Connect administrator should check this log regularly and try to eliminate problems found here. If this is not done, users are in danger of not being able to use certain (or even all) services. They may also lose their messages or security problems may occur (the MailServer can for example be misused to send spam email or virus-infected email).
Typical error messages displayed in the error log pertain to: service initiation (usually due to port conflicts), disk space allocation, antivirus check initialization, improper authentication of users, etc.
The mail log contains information about individual messages processed by Kerio Connect. The log includes all message types:
incoming messages,
outgoing messages,
mailing list messages,
DSN (Delivery Status Notification).
The operations log gathers information about removed and moved items (messages, contacts, events, tasks and notes) in user mailboxes. It is helpful especially if a user does not manage to find a particular message in their mailbox. The log tells us whether the desired message has not been removed.
In addition to the items related information, the log also includes information about removing and moving any folders in mailboxes.
The security log contains information related to Kerio Connect's security. It also contains records about all messages that failed to be delivered.
The spam log displays information about all spam emails delivered to Kerio Connect. Information about individual spam messages are displayed in rows. The logs differ according to the mode of spam detection. The spam log lists also messages that have been marked as spam by Kerio Connect, but the user marked them as regular messages.
The warning log shows error warnings which are not severe. Typical examples of such warnings are messages stating that a user with administrator rights has a blank password, that a user account of a given name does not exist or that a remote POP3 server is unavailable.
Events causing display of warning messages in this log do not greatly affect Kerio Connect's operation. They can, however, indicate certain (or possible) problems. The warning log can help if for example a user is complaining that certain services are not working.