Table of Contents
Log files explained
The following article comprises an overview of Lucy's logging sequences. Lucy keeps an internal log of application events. Thus, besides analyzing service logs (apache2 web server, postfix mail server and etc), one can also monitor most of the application events and perform an investigation of occurring errors.
Lucy internal logs
Depending on the instance type (on-premise or our VPS) administrators can access Lucy log files from the web interface and/or from the backend. Directory /opt/phishing/runtime contains log files of the web application on the server. Same directory archive + webserver error log can be downloaded from Lucy web interface under Support → Send Logs. The only apparent distinction is that on the server, logs can be dynamically monitored in real-time.
Here is the list of the log files followed by a short overview:
- application.log Application-related log that collects errors from database and webserver.
- resque_worker.log The file that stores the journal of all Lucy events. Every job produces at least 2 notifications: job start and finish. Notification messages consist of the timestamp, id of the process, arguments (e.g. campaign data), and job status.
- awarenessrescheduler.log File contains plain notifications of re-scheduled awareness sent to the recipients.
- console.log Log file that collects events from various services and utilities used by background processes.
- mailcrawler.log Events related to the mail manager job get logged in here. Mail manager work
- migration.log Journal that is filled only in case Lucy instance is being migrated from version to version (for Lucy version < 4.2)
- proxystat.log If Lucy is working behind the proxy, all the related events will appear in here.
- reminders.log Log file for events related to reminders in campaigns.
- resque_emailparse.log Contains log for email parse job
- resque_enduser.log Log file for job updating victims statistics.
- resque_letsencrypt.log This file keeps a log of events related to Let's Encrypt API.
- resque_scheduler.log File contains the log of the scheduler events: schedule rule start and finish for each recipient.
- resque_ssl.log All SSL-related events: certificate creation, renewal, import, and etc.
- resque_stats.log Log of the campaign statistics job that regularly updates campaign results in the web interface.
- resque_system.log Jobs that affect system performance, e.g. updates, reboots, shutdowns, process killjobs.
- resque_victim.log Events related to binding recipient groups to campaigns.
- resque_visit.log Log of recipients visits to scenario web pages (both attack and awareness). The recipient's personal data is represented only with the victim's id here. Thus, no sensitive data is exposed whilst visit data is attributed to the victim (IP address, user agent, OS and etc).
- scheduler.log Scheduler log file.
- systemmonitoring.log System status log file.
Status - Log of user actions
Lucy also provides an opportunity to monitor users' activity: login-logout, started campaigns, messages sent and etc. Log files can be found within the user interface under Support → Status.
As of the screenshot:
- Status logs are presented in the list: time of the event, type of the event, and username.
- Logs can be filtered on the right pane. You can filter events by the type of action and specify the time period.
- Logs can be exported in CSV or XML format by pressing the Export button.
- Lucy's log journal can also be removed from the instance by pressing the Clear button.
- By pressing on the date one can proceed to a more detailed view of the log. It contains events with short messages describing the event briefly. Also, on the right one can always find a pane with information about the current user: name, phone and etc.
Lucy also keeps journaling service logs - apache2 web server log and mail server log. These can be accessed under Support → Service Logs. You can choose the file and specify the time period within the accordant fields. There are three files (and their older versions):
- mail.log - contains postfix mail server events.
- access.log - apache2 web server log that contains all requests received.
- error.log - apache2 web server errors.