System Logs
Last updated
Last updated
Introduction
Lucy maintains an internal log of application events. This allows for comprehensive monitoring and investigation of most application events, beyond just the service logs (e.g., Apache2 web server, Postfix mail server). By analyzing these logs users can effectively track and diagnose errors within the application.
Navigate to Support -> System Logs -> Service Logs
First select a file from the dropdown menu. On this page you can view the postfix mail log as well as the web server access and error logs.
Next define an interval, and Lucy will automatically paginate all the log entries from that file within that time frame. Keep in mind that log files are appended, meaning the most recent entries will be at the end of the file.
Often it is necessary to extract not just the mail and web server logs, but also runtime log files from the environment. Lucy offers a convenient way to download the runtime logs with a single click, just go to Support > System Logs > Send Logs and click the Download Logs button in the top-right.
You will download a .zip archive with the following:
mail.log (postfix log)
access.log and error.log (apache2 logs)
All log files in /opt/phishing/runtime/ (Lucy's application runtime logs)
The /opt/phishing/runtime/ folder contains a number of log files. Here is a breakdown of what types of operations are logged in each file.
application.log
Application errors from the database and web server.
awarenessrescheduler.log
Notifications for rescheduled awareness messages sent to recipients.
console.log
Events from various services and utilities used by background processes.
mailcrawler.log
Events related to the mail manager job.
migration.log
Activities during Lucy version migrations (for versions < 4.2).
proxystat.log
Events related to proxy operations when Lucy is behind a proxy.
reminders.log
Events related to campaign reminders.
reqsue_emailparse.log
Events for the email parsing job.
resque_enduser.log
Updates to victim statistics.
resque_letsencrypt.log
Events related to Let's Encrypt API interactions.
resque_scheduler.log
Scheduler events, including start and finish times for each recipient's schedule.
resque_ssl.log
SSL-related events such as certificate creation, renewal, and import.
resque_stats.log
Updates to campaign statistics displayed in the web interface.
resque_system.log
System performance-related jobs such as updates, reboots, shutdowns, and process terminations.
resque_victim.log
Events related to assigning recipient groups to campaigns.
resque_visit.log
Recipient visits to scenario web pages (both attack and awareness). The victim's ID is used to anonymize personal data, while visit data (IP address, user agent, OS, etc.) is recorded.
resque_worker.log
All Lucy events. Each job logs at least two notifications: start and finish.
scheduler.log
Scheduler activities.
systemmonitoring.log
System status and health information.
Each campaign in Lucy maintains its own message and error logs, which you can find in the campaign menu on the left of every campaign:
If you have supervisor users managing campaigns, a record of their actions will appear here.
