Search GWAVA 4 SMTP Log from the Linux Command Line

  • 7019918
  • 27-Apr-2009
  • 07-Aug-2017

Environment

GWAVA 4 SMTP Appliance Build 117 and above

Situation

I am using the GWAVA 4 SMTP Appliance and I need to search the logs for a specific transaction. Which log should I look at and how can I search for the transaction from the command line?

Resolution

The log for the SMTP scanner is under gwvsmtp. In order to view that log from the web interface, go to Server/Scanner Management | [your server] | Server Management | Logs. Select gwvsmtp and you will be able to view the latest log. If you need to view older logs or if you need to search the logs, then you can find them located under /opt/beginfinite/gwava/services/logs/gwvsmtp/. If your logs are in Diagnostic mode, then you will be able to view the entire SMTP transaction when you search the log. To view your logs from the command line, you’ll need to log in as root to the Linux system. You can do this from the system itself or remotely with an ssh client. Once logged in, change to the directory where the logs are housed: G4SMTP:~ # cd /opt/beginfinite/gwava/services/logs/gwvsmtp/ To view the available logs, use the ls command to list all of the available logs. Now you can select a log file that you’d like to search. Note that the names of the log files correspond to the date they were created. So, if I wanted to search the log for 5/1/2009, then you’d search the log named 20080501.log. You’ll note that only the current log is in plain-text format. Older logs are zipped to conserve space on the server. To unzip the log, use the unzip command: G4SMTP:/opt/beginfinite/gwava/services/logs/gwvsmtp # unzip 20090419.log.zip Archive:  20090419.log.zip   inflating: 20090419.log Now when you use the ls command to list the files in the directory, you will find the unzipped log file. To search the log, use the cat command (writes to the screen) and grep command (finds a criteria you indicate). Thus, if you were looking for a sender’s e-mail address to locate a mail they sent to a user on a certain day, you’d use this command: cat 20090501.log | grep sendersemail@domain.com The results of the search will be displayed on the screen. If nothing is found than the system will return to the prompt. You can search for a variety of criteria, such as the timestamp and process thread to find more information about a specific transaction. Remember that the search is case-sensitive and that you can use real expressions to aid in your searches.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1220.