Hi again
I have noticed for some time now that the logs created by mercury are not consistent.
For example, today I was looking at a file named TCP0A1F.MS created on the 10 Aug and modified on the 21 Aug. The file contained transaction details for connections made on the 10 and 21 Aug:
11:58:54.646: Connection from 192.168.0.70, Wed Aug 10 11:58:54 2011<lf>
11:58:54.646: << 220 apsarchaeology.co.uk ESMTP server ready.<cr><lf>
11:58:54.646: >> EHLO Orion<cr><lf>
11:58:54.646: << 250-apsarchaeology.co.uk Hello Orion; ESMTPs are:<cr><lf>250-TIME<cr><lf>
11:58:54.646: << 250-SIZE 0<cr><lf>
11:58:54.646: << 250-AUTH CRAM-MD5 LOGIN<cr><lf>
11:58:54.646: << 250-AUTH=LOGIN<cr><lf>
11:58:54.646: << 250 HELP<cr><lf>
11:58:54.646: >> AUTH LOGIN<cr><lf>
11:58:54.646: << 334 VXNlcm5hbWU6<cr><lf>
11:58:54.646: --- Connection closed normally at Wed Aug 10 11:58:54 2011. ---
11:58:54.646:
00:48:26.630: Connection from 65.15.109.253, Sun Aug 21 00:48:26 2011<lf>
00:48:26.630: << 220 apsarchaeology.co.uk ESMTP server ready.<cr><lf>
00:48:30.593: >> EHLO SCHASPA001<cr><lf>
00:48:30.593: << 250-apsarchaeology.co.uk Hello SCHASPA001; ESMTPs are:<cr><lf>250-TIME<cr><lf>
00:48:30.593: << 250-SIZE 0<cr><lf>
00:48:30.593: << 250-AUTH CRAM-MD5 LOGIN<cr><lf>
00:48:30.593: << 250-AUTH=LOGIN<cr><lf>
00:48:30.593: << 250 HELP<cr><lf>
00:48:33.870: >> AUTH LOGIN<cr><lf>
00:48:33.870: << 334 VXNlcm5hbWU6<cr><lf>
00:48:36.975: >> c3VwcG9ydA==<cr><lf>
00:48:36.975: << 334 UGFzc3dvcmQ6<cr><lf>
00:48:36.505: >> c3VwcG9ydDEyMzQ=<cr><lf>
00:48:36.505: << 501 Authentication failed - bad user or password.<cr><lf>
00:48:37.504: --- Connection closed normally at Sun Aug 21 00:48:37 2011. ---
00:48:37.504:
This is all the log file contained. Why has the information from the connection made on the 21 Aug been logged in a file that was created on the 10th? This makes it very difficult to track and troubleshoot connections created in the past.
I don't know what generated the connection from Orion (192.168.0.70). Orion is the server that Mercury/32 is installed on. I am seeing quite a few of these since we switched from MessageLabs to Webroot, but that is probably a coincidence.
Any help will be appreciated.
Thanks.
<P>Hi again</P>
<P>I have noticed for some time now that the logs created by mercury are not consistent.</P>
<P>For example, today I was looking at a file named TCP0A1F.MS created on the&nbsp;10 Aug and modified on the 21 Aug. The file contained&nbsp;transaction details&nbsp;for connections made on the 10 and 21 Aug:</P>
<P>11:58:54.646: Connection from 192.168.0.70, Wed Aug 10 11:58:54 2011&lt;lf&gt;
11:58:54.646: &lt;&lt; 220 apsarchaeology.co.uk ESMTP server ready.&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &gt;&gt; EHLO Orion&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 250-apsarchaeology.co.uk Hello Orion; ESMTPs are:&lt;cr&gt;&lt;lf&gt;250-TIME&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 250-SIZE 0&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 250-AUTH CRAM-MD5 LOGIN&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 250-AUTH=LOGIN&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 250 HELP&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &gt;&gt; AUTH LOGIN&lt;cr&gt;&lt;lf&gt;
11:58:54.646: &lt;&lt; 334 VXNlcm5hbWU6&lt;cr&gt;&lt;lf&gt;
11:58:54.646: --- Connection closed normally at Wed Aug 10 11:58:54 2011. ---
11:58:54.646:
00:48:26.630: Connection from 65.15.109.253, Sun Aug 21 00:48:26 2011&lt;lf&gt;
00:48:26.630: &lt;&lt; 220 apsarchaeology.co.uk ESMTP server ready.&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &gt;&gt; EHLO SCHASPA001&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &lt;&lt; 250-apsarchaeology.co.uk Hello SCHASPA001; ESMTPs are:&lt;cr&gt;&lt;lf&gt;250-TIME&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &lt;&lt; 250-SIZE 0&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &lt;&lt; 250-AUTH CRAM-MD5 LOGIN&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &lt;&lt; 250-AUTH=LOGIN&lt;cr&gt;&lt;lf&gt;
00:48:30.593: &lt;&lt; 250 HELP&lt;cr&gt;&lt;lf&gt;
00:48:33.870: &gt;&gt; AUTH LOGIN&lt;cr&gt;&lt;lf&gt;
00:48:33.870: &lt;&lt; 334 VXNlcm5hbWU6&lt;cr&gt;&lt;lf&gt;
00:48:36.975: &gt;&gt; c3VwcG9ydA==&lt;cr&gt;&lt;lf&gt;
00:48:36.975: &lt;&lt; 334 UGFzc3dvcmQ6&lt;cr&gt;&lt;lf&gt;
00:48:36.505: &gt;&gt; c3VwcG9ydDEyMzQ=&lt;cr&gt;&lt;lf&gt;
00:48:36.505: &lt;&lt; 501 Authentication failed - bad user or password.&lt;cr&gt;&lt;lf&gt;
00:48:37.504: --- Connection closed normally at Sun Aug 21 00:48:37 2011. ---
00:48:37.504: </P>
<P>This is all the log file contained. Why has the information from the connection made on the&nbsp;21 Aug been logged in a file that was created on the 10th? This makes it very difficult to track and troubleshoot connections created in the past.</P>
<P>I don't know what generated the connection from Orion (192.168.0.70). Orion is the server that Mercury/32 is installed on. I am seeing quite a few of these since we switched from MessageLabs to Webroot, but that is probably a coincidence.</P>
<P>Any help will be appreciated.</P>
<P>Thanks.</P>