We have to be honest, logs are often an after thought to most developers. Many logs are pretty cryptic unless you can look at the code and see what is going on. In this section, we will share what we think of a specific log: - the cryptic ones, the fun ones and some of the ones we see more often.
May 20 20:57:09 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=126.96.36.199 user=daemon
For: Linux servers running dovecot - imap server
Meaning: Dovecot failed logging attempt. Someone tried to authenticate to IMAP (email) using the user daemon from 188.8.131.52 (Airtel India).
What to do: If you see many requests from the same IP, we recommend blocking it.