Dovecot Maillog Output Question

LennonZA

• July 11, 2018 05:01

Hi guys! I have been trying to find a decent explanation of the Dovecot Maillog output, specifically for IMAP users. The command I used is as follows: cat /var/log/maillog | grep "user@domain.com" | grep "imap" | grep "Logged out" The output line that confuses me is as follows: dovecot: imap(user@domain.com): Logged out in=787, out=63023692, bytes=787/63023692 Basically, I need to know exactly what each of the following means: Logged out in= out= bytes= Any info would be awesome.

• 

  rpvw

  • July 11, 2018 11:06

  This looks confusing, but I shall try and make it a bit simpler: The IMAP section of the dovecot.conf contains the variables that are used to write to the log: # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client imap_logout_format = in=%i, out=%o, bytes=%i/%o
  The log entry you are seeing has a number of parts: dovecot:imap - the process is dovecot and the protocol is IMAP user - the name of the account that is using the protocol Logged out - the fact that the user has logged out of an IMAP session in= - the number of bytes of data read from the client out= - the number of bytes of data sent to the client bytes= in/out - the number of bytes of data read/sent to the client Why the number of bytes data is repeated, I have no idea :( Hope this helps

  0
• 

  LennonZA

  • July 11, 2018 11:28

  This looks confusing, but I shall try and make it a bit simpler: The IMAP section of the dovecot.conf contains the variables that are used to write to the log: # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client imap_logout_format = in=%i, out=%o, bytes=%i/%o
  The log entry you are seeing has a number of parts: dovecot:imap - the process is dovecot and the protocol is IMAP user - the name of the account that is using the protocol Logged out - the fact that the user has logged out of an IMAP session in= - the number of bytes of data read from the client out= - the number of bytes of data sent to the client bytes= in/out - the number of bytes of data read/sent to the client Why the number of bytes data is repeated, I have no idea :( Hope this helps

  
  Hi rpvw. Thanks for replying. :) So the out= section indicates what the client has downloaded and the bytes= section is the total amount of data which the client has sent / uploaded to the server as well as what he / she has downloaded?

  0
• 

  rpvw

  • July 11, 2018 11:54

  bytes = is just a repeat of the in= and the out= ..... I have no idea why they decided to repeat the same data in a different format Look at the variables used: imap_logout_format = in=%i, out=%o, bytes=%i/%o

  0
• 

  LennonZA

  • July 11, 2018 11:58

  bytes = is just a repeat of the in= and the out= ..... I have no idea why they decided to repeat the same data in a d"different format Look at the variables used: imap_logout_format = in=%i, out=%o, bytes=%i/%o

  
  Cool. Thanks very much for explaining this. :):):)

  0
• 

  cPanelLauren

  • July 11, 2018 15:39

  @rpvw Thanks for your answer here, perfect!

  0
• 

  Esquio

  • July 29, 2022 09:38

  Hello I'm investigating a phishing fraud, so the logs are useful. I remember that dovecot logging had the "retr=0/0,del=0/0" parameter info to know the deleted mails once user makes logout, however on my log it only appears that this post say, I only have the "in=0,out=0" section so I can't know if a message was deleted. Why the log was changed? How can activate that parameters?

  0

Please sign in to leave a comment.