1Squirrel Logger plugin for SquirrelMail
2=======================================
3Ver 2.3, 2008/11/30
4
5
6Copyright (c) 2001-2004 Ron Chinn <ron@squeaksoft.com>
7 2002-2003 Pat Winn <ptwinn@velocibyte.com>
8 2005-2008 Paul Lesniewski <paul@squirrelmail.org>
9
10
11
12Description
13===========
14
15This plugin implements logging functionality for your webmail
16interface. You can choose to log to a database, a file, your
17system log, or any combination thereof. You can also choose
18which kinds of events to log, including login events, logout
19events, login error events, all outgoing messages, possible
20outgoing spam messages, and other error events.
21
22Also included is monitoring functionality that will send alert
23emails to the administrator when certain events trigger.
24
25If you use the timeout_user plugin, logout events caused by
26user timeouts will be captured.
27
28Log message format is also completely custom-defined to meet
29your needs in the configuration file.
30
31
32
33License
34=======
35
36This plugin is released under the GNU General Public
37License (see COPYING for details).
38
39
40
41Donations
42=========
43
44If you or your company make regular use of this software, please
45consider supporting Open Source development by donating to the authors
46or inquire about hiring them to consult on other projects. Donation/
47wish list links for the author(s) are as follows:
48
49Paul Lesniewski: https://sourceforge.net/donate/index.php?user_id=508228
50
51
52
53Requirements
54============
55
56 * Compatibility plugin, version 2.0.10 or above
57
58 * For logging of failed login attempts or other errors, you need
59 at least SquirrelMail 1.4.4
60
61 * For logging of outgoing messages, you need SquirrelMail at least 1.4.6
62
63 * For logging to SQL databases, you need Pear and a SQL-compliant database
64
65
66
67Installation
68============
69
70See the INSTALL file for setup instructions.
71
72
73
74Configuration
75=============
76
77Please see the configuration file included herein.
78
79
80
81Privacy
82=======
83
84PLEASE NOTE that some of the logging and alert types may be
85considered invasive (particularly MASS_MAILING) and if you
86turn them on, BE SURE your users understand that their
87messages may be subject to review. You are encouraged to
88have an appropriate privacy policy and terms of service
89agreement if you use these options.
90
91Keep user privacy concerns in mind whilst carefully setting
92the following options:
93
94$sl_log_mass_mailing_show_recipients
95$sl_log_mass_mailing_show_from
96$sl_log_mass_mailing_show_reply_to
97$sl_log_mass_mailing_show_subject
98$sl_log_mass_mailing_show_message_body
99$sl_log_outgoing_messages_show_recipients
100$sl_log_outgoing_messages_show_from
101$sl_log_outgoing_messages_show_reply_to
102$sl_log_outgoing_messages_show_subject
103$sl_log_outgoing_messages_show_message_body
104
105
106
107Help Requests
108=============
109
110Before looking for help elsewhere, please try to help yourself:
111
112 * Read the Troubleshooting section herein.
113
114 * Look to see if others have already asked about the same issue.
115 There are tips and links for the best places to do this in
116 the SquirrelMail mailing list posting guidelines:
117 http://squirrelmail.org/wiki/MailingListPostingGuidelines
118 You should also try Google or some other search engine.
119
120 * If you cannot find any information about your issue, please
121 first mail your help request to the squirrelmail-plugins
122 mailing list. Information about it can be found here:
123 http://lists.sourceforge.net/mailman/listinfo/squirrelmail-plugins
124 You MUST read the mailing list posting guidelines (see above)
125 and include as much information about your issue (and your
126 system) as possible. Including configtest output, any debug
127 output, the plugin configuration settings you've made and
128 anything else you can think of to make it easier to diagnose
129 your problem will get you the most useful responses. Inquiries
130 that do not comply with the posting guidelines are liable to
131 be ignored.
132
133 * If you don't get any replies on the mailing list, you are
134 welcome to send a help request to the authors' personal
135 address(es), but please be patient with the mailing list.
136
137
138
139Tips and Troubleshooting
140========================
141
142 * If, when logging to file, the log file doesn't get updated
143 and/or doesn't get created, check your web server error log
144 file (probably error_log if you're using apache). It's likely
145 that your web server doesn't have permission to write to the
146 log file or your database connection parameters are incorrect.
147
148 * If you want a human readable log format, consider using tab ("\t")
149 as your field delimiter. It'll space things out nicely and make
150 it a lot easier to read.
151
152 * If you use the login_alias, password_forget, vlogin or other
153 plugins that might manipulate the username during login, this
154 plugin might be best placed *AFTER* those plugins in the list
155 of all activated plugins.
156
157 * Make sure the plugin is configured correctly by browsing to
158 http://your-squirrelmail-location/src/configtest.php
159
160 * For information about setting up fail2ban to monitor the failed
161 login attempts that Squirrel Logger catches, see the file
162 "fail2ban" in the "contrib" directory.
163
164 * If you have some SMTP authentication method configured in the
165 main SquirrelMail configuration (or perhaps POP before SMTP is
166 turned on) and administrative alert emails are not getting sent,
167 particularly when a user fails to login, this is because the
168 SMTP authentication credentials are not yet available before a
169 user has logged in, so you need to provide administrative
170 credentials for sending such emails. See $sl_smtp_auth_mech
171 (and related settings) in the configuration file.
172
173 * If changes to the configuration file don't seem to be having any
174 effect, ensure that there are not two Squirrel Logger configuration
175 files, one in the squirrel_logger directory and one in the main
176 SquirrelMail config directory (named "config_squirrel_logger.php").
177 The one in the main SquirrelMail config directory will always
178 override the one in the squirrel_logger directory.
179
180
181
182Viewing Logs
183============
184
185Included herein is a script called "show_stats.php" that will let
186you query and manage your logs if they are in a MySQL database.
187This script could conceivably be modified to use Pear and be brought
188inside of the SquirrelMail interface; contributions welcome. For
189now, if you want to use this, you'll have to edit the file and
190take the first "exit" command out, then put the file somewhere
191safe (password protected) and have fun.
192
193
194
195Data Schema
196===========
197
198If you use the SQL logging type, you will need a database table
199that the plugin can work with. What follows is the recommended
200DDL for the logging table. You may change this at will, but be
201sure to update the needed SQL queries in the config.php file.
202This is a MySQL DDL, but should be easily adapted to your database
203of choice.
204
205
206CREATE DATABASE squirrelmail_logging;
207GRANT SELECT, UPDATE, INSERT, DELETE on squirrelmail_logging.* TO 'user'@'localhost';
208
209CREATE TABLE user_activity (
210 id int(11) NOT NULL auto_increment,
211 event varchar(30) NOT NULL,
212 username varchar(128) NOT NULL,
213 domain varchar(128) NOT NULL,
214 remote_address varchar(255) NOT NULL,
215 date datetime NOT NULL,
216 comments varchar(255) DEFAULT '',
217 PRIMARY KEY (id),
218 UNIQUE KEY id (id),
219 KEY event (event),
220 KEY domain (domain),
221 KEY date (date)
222) TYPE=MyISAM;
223
224
225
226API
227===
228
229It is possible for other plugins and code to send custom log events
230to the SquirrelMail log. Any event types are acceptable, as long
231as they are added to the $sl_log_events, $sl_logs and possibly
232$sl_send_alerts (and $sl_alert_to, etc) settings in the configuration
233file. The two possible points of entry for logging an event are:
234
235 sl_logit($event, $message='', $user='')
236 sl_send_to_log($event, $timestamp, $date_str, $user='', $dom='',
237 $remote_addr='', $message='')
238
239sl_logit() will construct the log fields for you, using the current
240request and SquirrelMail login environment (note that the $user parameter
241to sl_logit() is only an override and is not usually necessary).
242sl_send_to_log() may be used when any of the logged fields need to be
243built differently by other modules; this function will only dispatch
244the fields to the needed log backends. See the documentation for
245both of these functions in the "functions.php" file herein.
246
247
248
249Todo
250====
251
252 * For logging outgoing messages, do we want to include any headers
253 beside Message-ID, From, Reply-To, Subject and To/Cc/Bcc?
254
255 * Someone once asked to have the ability to log when users download
256 message attachments. This would probably involve a source hack,
257 and it's a one-off request, so I am leaving it alone for now. If
258 many people see this and think "that's a great idea", please speak
259 up and maybe it can be implemented.
260
261
262
263Change Log
264==========
265
266 v2.3 2008/11/30 Paul Lesniewski <paul@squirrelmail.org>
267 * Added ability to show message subject separately from
268 message body when logging OUTGOING and MASS_MAILING events
269 * Added ability to log From and Reply-To headers for
270 the OUTGOING and MASS_MAILING events
271 * Make the From address for administrative alert messages
272 configurable
273 * Added ability to store configuration file in main SquirrelMail
274 config directory
275
276 v2.2 2008/04/11 Paul Lesniewski <paul@squirrelmail.org>
277 * Allow overrides of SquirrelMail SMTP/Sendmail settings
278 when sending administrative alert emails
279
280 v2.1 2008/02/06 Paul Lesniewski <paul@squirrelmail.org>
281 * HTML is removed from any log messages; multiline messages
282 crammed into one line
283 * System logging controls have been made much more fine-grained;
284 $sl_syslog_priority has been removed from the configuration
285 file
286 * Small code cleanup
287 * Use sq_send_mail() to send alerts
288 * Added logging of all outgoing messages
289 * Make sure syslog events are done in UTC/GMT when configured as
290 such (Thanks to Eray Aslan)
291
292 v2.0 2005/06/10 Paul Lesniewski <paul@squirrelmail.org>
293 * Re-write and cleanup; the plugin has changed quite a bit
294 (many new configuration settings, log format has changed
295 slightly (it's completely configurable though), new
296 features... needs testing)
297 * Split configuration into separate file
298 * Log messages configurable per log type and event type
299 * Merged SQL functionality from SQL Logger plugin
300 * Logging can be done to more than one place
301 * Logging can be turned on/off per event type
302 * Alert emails can be sent to administrators
303 * Added monitoring of outgoing messages for mass mailings
304 (possible spam)
305 * Added API so other plugins and code can log custom events
306 * Minor cleanup of show_stats.php
307 * Will now fail silently if database connection can't be made
308 * Added ability to turn on/off logging for certain domains
309
310 v1.4 2004/03/23
311 * Added option to log to syslog
312
313 v1.3 2003/03/28
314 * Fixed safe mode file writing issue.
315 (Thanks to Christian Mayer for pointing this out.)
316 * Fixed the "Address is not a valid IPv4 or IPv6 address" issue
317 (Thanks to Ingo Welling for the fix)
318
319 v1.2 2001/10/12
320 * Added ability to log user inactivity timeouts using Ray Black's
321 Timeout User plugin.
322 * Added failed login attempt logging. This requires the user
323 edit the imap_general.php file to add a hook.
324
325 v1.1 2001/10/12
326 * Added hostname lookup feature (set $sl_namelookups)
327 * Changed default time format to show date before time.
328
329 v1.0 2001/10/11
330 * Initial Release
331
332
333