matnewman.com

IBM Domino - Logging additional information about users and activity

Mat Newman  November 22 2017 20:29:59
A question came in from a customer today which I've heard a number of times recently, so I thought I'd share the quick resolution.

"The customer has a Domino SMTP mail relay server. They have are a lot of external applications using this Domino SMTP mail relay server to receive and deliver the email to users and mail-in databases. From the log in Domino SMTP mail relay server, it only shows the sender IP address info. The customer is asking is it possible to have the sender ID like email address in the log file?"

Short answer. Yes. It's Domino. It can do ANYTHING.

Two things you can do here - Increase the Router logging level, and increase the Session logging level.

Log_MailRouting


If you set the Router log level to 40 (maximum output), you get everything. Server Connected, IP Address, Sender, Recipient. Everything is captured and every SMTP session is identified (notice in the below sample, I have a mail monitor set up that checks whether my SMTP service is running "monitor.*.*.*", it does nothing other than connect on port 25, but you can see that even a "probe" is captured, even if nothing is delivered; The other is my IBM Protector server "windu.*.*.*" connecting and actually delivering a message. I should really write more about IBM Protector - It's BRILLIANT!).

Set Config Log_MailRouting=40

At the server console to configure this, and have it immediately take effect.

Note: you can also change this setting in the server configuration document, however it will not take effect immediately as it does by setting it using the Console command.
  • Open the Servers Configuration Document,
  • Router/SMTP Tab,
  • Advanced Tab,
  • Controls Tab,
  • Change the Logging Level value to 'Verbose'

TIP: Doing this will get rid of the "Router: notes.ini setting for Log_Mailrouting being used (note - this option may now be configured in a Server Configuration document)" appearing in the server console.


Figure 1: changing the Mail Logging Level in a Configuration document

Log_Sessions


If you increase the Session log level to the option introduced back with 8.5.1, you get all of the information about a server/users connection: Name, Client Version Number, IP address and access type (eg: C=native client), This works on all versions of Domino after 8.5.1

Set Config Log_Sessions=2

At the server console to configure this, and have it immediately take effect.

Results of above Changes are colour coded and shown below:

** Live console connected to server yoda/iteam **
11/22/2017 18:59:19   Opened live remote console session for Mat Newman/*/*
11/22/2017 18:59:38   Remote console command issued by Mat Newman/*/*: Set Config Log_MailRouting=40
11/22/2017 18:59:39   Router: Updating values from Configuration document
11/22/2017 18:59:39   Router: notes.ini setting for Log_Mailrouting being used (note - this option may now be configured in a Server Configuration document)
11/22/2017 19:00:03   SMTP Server: monitor.*.*.* (192.*.*.*) connected
11/22/2017 19:00:03   SMTP Server: monitor.*.*.* (192.*.*.*) disconnected. 0 message[s] received
11/22/2017 19:02:15   Router: Updating values from Configuration document
11/22/2017 19:02:29   Router: Delivery thread [00000010] searching for work
11/22/2017 19:02:43   Remote console command issued by Mat Newman/*/*: Set Config Log_Sessions=2
11/22/2017 19:02:43   LOG_SESSIONS changed to 2.
11/22/2017 19:03:03   SMTP Server: monitor.*.*.* (192.*.*.*) connected
11/22/2017 19:03:03   SMTP Server: monitor.*.*.* (192.*.*.*) disconnected. 0 message[s] received
11/22/2017 19:03:48   SMTP Server: windu.*.*.* (203.*.*.*) connected
11/22/2017 19:03:48   SMTP Server: Originator: matnewman@*.*.com
11/22/2017 19:03:48   SMTP Server: Recipient: mat@*.com
11/22/2017 19:03:49   SMTP Server: Message 002C4B73 (MessageID: ) received from windu.*.*.* (203.*.*.*) size 4602 bytes
11/22/2017 19:03:49   SMTP Server: windu.*.*.* (203.*.*.*) disconnected. 1 message[s] received
11/22/2017 19:03:49   Router: Delivery to local recipient Mathew Newman/* is ready with 1 messages
11/22/2017 19:03:49   Router: Message 002C4B73, 002C46BA delivered to Mathew Newman/* from matnewman@*.*.com OFB9A38226:D97B106C ONCA2581E0:002C4B73 Size: 6K Time: 00:00:00 Hop Count: 1
11/22/2017 19:06:03   SMTP Server: monitor.*.*.* (192.*.*.*) connected
11/22/2017 19:06:03   SMTP Server: monitor.*.*.* (192.*.*.*) disconnected. 0 message[s] received
11/22/2017 19:06:57   Opened session for 'CN=Mat Newman/OU=*/O=*' (Release 9.0.1) SessId 23C71C9D Ip '120.*.*.*' 'Auth' 'C'
11/22/2017 19:06:58   Opened session for 'CN=iam/OU=*/O=*' (Release 9.0.1FP9) SessId 234A1C9D Ip '203.*.*.*' 'Auth' 'C'
11/22/2017 19:06:58   Closed session for 'iam/*/*' SessId 234A1C9D Databases accessed:     2 Documents read:     0   Documents written:     0   Transactions:      8

So can you show additional information in the server log about Sessions and Mail Routing?

Of course you can - It's DOMINO!

Enjoy!
Comments

1Rolando  11/23/2017 0:10:23  
IBM Domino - Logging additional information about users and activity

Of course you can - It's DOMINO!

And of course, you are absolutly right...

2Nicki  11/23/2017 0:14:53  
IBM Domino - Logging additional information about users and activity

"It's Domino. It can do ANYTHING. "

We should put that on a t-shirt! :)

3Nicki  11/23/2017 0:18:07  
IBM Domino - Logging additional information about users and activity

PS ... your Protector server is named "Windu" -- that is AWESOME!

4Mat Newman

11/23/2017 20:10:56  IBM Domino - Logging additional information about users and activity

@Rolando: #ThisStuffJustWorks 👍

@Nikki: That would be a great shirt! Of course it's called Windu - It's the Chief Protector 😉 BTW; You will never guess what the "Master Training Server" is called 😀

Mat Newman IBM Champion

5Ecio  05/16/2018 18:53:06  
IBM Domino - Logging additional information about users and activity

Is there a way to correlate the message details (sender, recipient, ip address)?

This type of logging can help only if you are processing a small number of messages but the moment that you start having multiple concurrent connections you are unable to understand anything as there's no unique ID that match them together message by message.

Even adding the process_id/thread_id doesn't seem to be enough as those can be reused for multiple messages

6Gary Young  06/07/2020 17:05:22  
IBM Domino - Logging additional information about users and activity

I am struggling to get Domino to display incoming IMAP connection IP details.

I want to feed this information to fai2ban, to stop the flog of fake imap connections, but Domino just shows a blank space betwwn 2 x Square Brackets (where the IP should be ?? )

Any way to get this to be populated ?

Mat Newman

THE Notes (formerly IBM/Lotus Notes) Guy. Productivity Guru. Evangelist. IBM Champion for IBM Collaboration Solutions, 2011/2012/2013. Former IBMer. HCLite. Views are my own.

#GetProductive #GetHCLNotes

Mat Newman




Home  | 

Get Serious. Get Domino.