OJM Insight May 14, 2015
Searching mail and apache logs over SSH
Auditing mail and apache access logs are all part of a sysadmins role, we thought we’d share some nice ways to quickly navigate around them when you’re looking for that proverbial needle.
Accessing the mail and access logs on a Linux machine is pretty straightforward using SSH then using the cat command to view them. But how about a live view of the logs? try this command:
$ tail -f /usr/local/var/log/maillog
This is a great tool to have in your admin tool-bag, very handy for debugging and troubleshooting. How about if you’re looking for all entries for a specific user, email address or IP address? Well you can search for entries like this:
$ cat /usr/local/var/log/maillog | grep "email@example.com"
What about if the records you’re looking for are in an archived log? Well there’s a nice easy way to access them without having to unpack and destroy the current logs by using “zcat” on the zipped files instead of cat:
$ zcat /usr/local/var/log/maillog | grep "firstname.lastname@example.org"
Whilst it’s certainly more practical to work with the logs via SSH there maybe occasions when you’d like to view or process them on your local machine. A safe and secure way to get them down from the server is to use SFTP, your user will need to have the ability to escalate their privileges to root and after that it’s a straight forward process to use your favorite SFTP client to access them.