What is this log?

We have to be honest, logs are often an after thought to most developers. Many logs are pretty cryptic unless you can look at the code and see what is going on. In this section, we will share what we think of a specific log: - the cryptic ones, the fun ones and some of the ones we see more often.

Log: dovecot-failedlogin-pam

May 20 20:57:09 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost= user=daemon

ID:  dovecot-failedlogin-pam
For: Linux servers running dovecot - imap server

Meaning: Dovecot failed logging attempt. Someone tried to authenticate to IMAP (email) using the user daemon from (Airtel India).

What to do: If you see many requests from the same IP, we recommend blocking it.

Simple, affordable, log management and analysis.