Authentication client starts a passdb lookup.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username to lookup.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client finishes a passdb lookup.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username to lookup.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client starts authentication request.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if present.
\n" }, "original_user": { "text": "Original username, if present.
\n" }, "auth_user": { "text": "Auth username, if present.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client receives a request from server to continue SASL\nauthentication.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if present.
\n" }, "original_user": { "text": "Original username, if present.
\n" }, "auth_user": { "text": "Auth username, if present.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client continues SASL authentication by sending a response\nto server request.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if present.
\n" }, "original_user": { "text": "Original username, if present.
\n" }, "auth_user": { "text": "Auth username, if present.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client receives response from server that authentication is\nfinished, either success or failure.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if present.
\n" }, "original_user": { "text": "Original username, if present.
\n" }, "auth_user": { "text": "Auth username, if present.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user_mask": { "text": "User mask to list.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client starts userdb iteration.
\n" }, "auth_client_userdb_list_finished": { "root": "auth-client", "inherit": "auth_client_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user_mask": { "text": "User mask to list.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client finishes userdb iteration.
\n" }, "auth_client_userdb_lookup_started": { "root": "auth-client", "inherit": "auth_client_lookup", "text": "Authentication client starts a userdb lookup.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username to lookup.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Authentication client finishes a userdb lookup.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username to lookup.
\n" }, "error": { "text": "Error string, if error occurred.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Name of service. Examples: imap, pop3, lmtp, ...
Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSSession identifier.
\n" }, "certificate_user": { "text": "Username from certificate.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
TLS SNI.
\n" }, "local_ip": { "text": "Local IP client connected to.
\n" }, "remote_ip": { "text": "Remote IP of client.
\n" }, "local_port": { "text": "Local port client connected to.
\n" }, "remote_port": { "text": "Remote port of client.
\n" }, "real_local_ip": { "text": "Real local IP as seen by the server.
\n" }, "real_remote_ip": { "text": "Real remote IP as seen by the server.
\n" }, "real_local_port": { "text": "Real local port as seen by the server.
\n" }, "real_remote_port": { "text": "Real remote port as seen by the server.
\n" }, "tls_cipher": { "text": "Cipher name used, e.g. TLS_AES_256_GCM_SHA384.
Cipher bits, e.g. 256.
Perfect forward-security mechanism, e.g. KxANY, KxECDHE.
TLS protocol name, e.g. TLSv1.3.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Set when error happens.
\n" }, "success": { "text": "yes, when authentication succeeded.
Time of penalty added by policy server.
\n" }, "policy_result": { "text": "ok, delayed, or refused.
Full username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSAuthentication request finished.
\nMost useful for tracking status of authentication/login attempts.
\n" }, "auth_passdb_request_started": { "root": "auth", "inherit": [ "auth_server_common", "auth_server_passdb" ], "text": "Processing has begun for a passdb block.
\nMost useful for debugging authentication flow.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSpassdb { name }.
\nDriver name.
\npassdb.Internal ID number of the passdb. May be useful to identify the passdb if it has no name.
\n" } } }, "auth_passdb_request_finished": { "root": "auth", "inherit": [ "auth_server_common", "auth_server_passdb" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "result": { "text": "okpassword_mismatchuser_unknownpass_expireduser_disabledscheme_not_availableinternal_failurenextmiss: Was not cachedhit: Found from cacheFull username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSpassdb { name }.
\nDriver name.
\npassdb.Internal ID number of the passdb. May be useful to identify the passdb if it has no name.
\n" } }, "text": "Processing has ended for a passdb block.
\nMost useful for debugging authentication flow.
\n" }, "auth_userdb_request_started": { "root": "auth", "inherit": [ "auth_server_common", "auth_server_userdb" ], "text": "Processing has begun for a userdb block. This event is also sent for userdb\niterations.
\nMost useful for debugging authentication flow.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Full username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSuserdb { name }.
\nDriver name.
\nuserdb.Internal ID number of the userdb. May be useful to identify the userdb if it has no name.
\n" } } }, "auth_userdb_request_finished": { "root": "auth", "inherit": [ "auth_server_common", "auth_server_userdb" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "result": { "text": "okuser_unknowninternal_failuremiss: Was not cachedhit: Found from cacheFull username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSuserdb { name }.
\nDriver name.
\nuserdb.Internal ID number of the userdb. May be useful to identify the userdb if it has no name.
\n" } }, "text": "Processing has ended for a userdb block. This event is also sent for userdb\niterations.
\nMost useful for debugging authentication flow.
\n" }, "auth_policy_request_finished": { "root": "auth", "inherit": "auth_server_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mode": { "text": "Either allow or report.
Value returned from policy server (number).
\n" }, "user": { "text": "Full username. This can change during authentication, for example due to passdb lookups.
\n" }, "original_user": { "text": "Original username exactly as provided by the client.
\n" }, "translated_user": { "text": "Similar to original_user, except after auth_username_translation translations are applied.
When doing a master user login, the user we are logging in as. Otherwise not set.
\n" }, "master_user": { "text": "When doing a master user login, the master username. Otherwise not set.
\n" }, "mechanism": { "text": "Name of used SASL mechanism (e.g. PLAIN).
\n" }, "service": { "text": "Same as protocol
Service doing the lookup (e.g. imap, pop3, ...).
Session ID.
\n" }, "client_id": { "text": "Expands to client ID request as IMAP arglist. Needs imap_id_retain = yes.
Remote IP address of the client connection.
\n" }, "local_ip": { "text": "Local IP address where client connected to.
\n" }, "remote_port": { "text": "Remote port of the client connection.
\n" }, "local_port": { "text": "Local port where the client connected to.
\n" }, "real_remote_ip": { "text": "Same as remote_ip, except if the connection was proxied this is the proxy's IP address.
Same as local_ip, except if the connection was proxied this is the proxy's IP where proxy connected to.
Same as remote_port, except if the connection was proxied this is the proxy connection's port.
Same as local_port, except if the connection was proxied this is the local port where the proxy connected to.
TLS SNI hostname, if given.
\n" }, "transport": { "text": "Transport security indicator. Values:
\ninsecuresecured\nsecured rather than trusted.TLSProcessing has ended for an auth policy request.
\nMost useful for debugging authentication flow.
\n" }, "auth_worker_request_finished": { "root": "auth", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "command": { "text": "Command received by auth worker.
\n" }, "command_id": { "text": "Command ID received by auth worker (integer).
\n" }, "error": { "text": "Error message (if request ended in error).
\n" } }, "text": "An authentication worker request has finished.
\n" }, "auth_master_client_login_started": { "inherit": "auth_master_common", "text": "Authentication master login request started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "id": { "text": "Login request ID.
\n" }, "local_ip": { "text": "Client connection's local (server) IP.
\n" }, "local_port": { "text": "Client connection's local (server) port.
\n" }, "remote_ip": { "text": "Client connection's remote (client) IP.
\n" }, "remote_port": { "text": "Client connection's remote (client) port.
\n" } } }, "auth_master_client_login_finished": { "inherit": "auth_master_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "error": { "text": "Error message if the request failed.
\n" }, "id": { "text": "Login request ID.
\n" }, "local_ip": { "text": "Client connection's local (server) IP.
\n" }, "local_port": { "text": "Client connection's local (server) port.
\n" }, "remote_ip": { "text": "Client connection's remote (client) IP.
\n" }, "remote_port": { "text": "Client connection's remote (client) port.
\n" } }, "text": "Authentication master login request finished.
\n" }, "client_connection_connected": { "inherit": "client_connection_common", "text": "Server accepted an incoming client connection.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "local_ip": { "text": "Local server IP address where TCP client connected to.
\n" }, "remote_ip": { "text": "Remote TCP client's IP address.
\n" }, "remote_port": { "text": "Remote TCP client's source port.
\n" }, "remote_pid": { "text": "Remote UNIX socket client's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket client's system user ID.
\n" } } }, "client_connection_disconnected": { "inherit": "client_connection_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of data read, in bytes.
\nin_bytes.Amount of data written, in bytes.
\nout_bytes.Disconnection reason.
\n" }, "local_ip": { "text": "Local server IP address where TCP client connected to.
\n" }, "remote_ip": { "text": "Remote TCP client's IP address.
\n" }, "remote_port": { "text": "Remote TCP client's source port.
\n" }, "remote_pid": { "text": "Remote UNIX socket client's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket client's system user ID.
\n" } }, "text": "Client connection is terminated.
\n" }, "server_connection_connected": { "inherit": "server_connection_common", "text": "Outgoing server connection was either successfully established or failed.
\nTIP
\nCurrently it is not possible to know which one happened.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "source_ip": { "text": "Source IP address used for the outgoing TCP connection. This is set only if a specific source IP was explicitly requested.
\n" }, "dest_ip": { "text": "TCP connection's destination IP address.
\n" }, "dest_port": { "text": "TCP connection's destination port.
\n" }, "dest_host": { "text": "TCP connection's destination hostname, if known.
\n" }, "socket_path": { "text": "UNIX socket connection's path.
\n" }, "remote_pid": { "text": "Remote UNIX socket server's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket server's system user ID.
\n" } } }, "server_connection_disconnected": { "inherit": "server_connection_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Disconnection reason.
\n" }, "source_ip": { "text": "Source IP address used for the outgoing TCP connection. This is set only if a specific source IP was explicitly requested.
\n" }, "dest_ip": { "text": "TCP connection's destination IP address.
\n" }, "dest_port": { "text": "TCP connection's destination port.
\n" }, "dest_host": { "text": "TCP connection's destination hostname, if known.
\n" }, "socket_path": { "text": "UNIX socket connection's path.
\n" }, "remote_pid": { "text": "Remote UNIX socket server's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket server's system user ID.
\n" } }, "text": "Server connection is terminated.
\n" }, "fs": { "root": "fs", "text": "May be inherited from various different parents (e.g. "Mail User" event) or even from no parent.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "fs_file": { "root": "fs", "text": "Inherits from fs or any other specified event (e.g. mail).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "mail_user_session_finished": { "inherit": "mail_user", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "utime": { "text": "User CPU time used in microseconds.
\n" }, "stime": { "text": "System CPU time used in microseconds.
\n" }, "minor_faults": { "text": "Page reclaims (soft page faults).
\n" }, "major_faults": { "text": "Page faults (hard page faults).
\n" }, "vol_cs": { "text": "Voluntary context switches.
\n" }, "invol_cs": { "text": "Involuntary context switches.
\n" }, "rss": { "text": "Resident set size in bytes. (Skipped in non-Linux environments.)
\n" }, "vsz": { "text": "Virtual memory size in bytes. (Skipped in non-Linux environments.)
\n" }, "rchar": { "text": "I/O counter: chars (bytes) read from storage. (Skipped in non-Linux environments.)
\n" }, "wchar": { "text": "I/O counter: chars (bytes) written to storage. (Skipped in non-Linux environments.)
\n" }, "syscr": { "text": "Number of read syscalls. (Skipped in non-Linux environments.)
\n" }, "syscw": { "text": "Number of write syscalls. (Skipped in non-Linux environments.)
\n" }, "net_in_bytes": { "text": "Bytes received during this session (for applicable processes.)
\nin_bytes.Bytes sent during this session (for applicable processes.)
\nout_bytes.Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "uid": { "text": "UID of the expunged mail.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
A mail was expunged from the mailbox.
\nTIP
\nThis event inherits from mailbox, not mail.
\nAdded: 3.0.0
\nA mail was opened for reading its metadata.
\nTIP
\nThis event is not sent when mails' body is accessed.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "seq": { "text": "Mail sequence number.
\n" }, "uid": { "text": "Mail IMAP UID number.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Reason why the mail was opened. (optional)
\n" }, "seq": { "text": "Mail sequence number.
\n" }, "uid": { "text": "Mail IMAP UID number.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
A mail was opened, e.g., for reading its body.
\nTIP
\nThis event is not sent when mails' metadata is accessed, even if it causes\nopening the mail file.
\nA mail is set to be expunged.
\nTIP
\nExpunges can be rolled back later on, this event is emitted when an expunge\nis requested.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "seq": { "text": "Mail sequence number.
\n" }, "uid": { "text": "Mail IMAP UID number.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "filepath": { "text": "Path to the index file being recreated.
\n" }, "reason": { "text": "Human-readable reason why the mail index was recreated.
\n" } }, "text": "A mail index file was recreated.
\n" }, "indexer_worker_indexing_finished": { "root": "mail-index", "inherit": "mailbox", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "message_count": { "text": "Number of messages indexed.
\n" }, "first_uid": { "text": "UID of the first indexed message.
\n" }, "last_uid": { "text": "UID of the last indexed message.
\n" }, "user_cpu_usecs": { "text": "Total user CPU spent on the indexing transaction in microseconds.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Indexer worker process completed an indexing transaction.
\n" }, "mail_cache_decision_changed": { "root": "mail-cache", "inherit": "mail_index_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "field": { "text": "Cache field name (e.g. imap.body or hdr.from).
UNIX timestamp of when the field was accessed the last time. This is updated only once per 24 hours.
\n" }, "reason": { "text": "Reason why the caching decision changed:
\nadd: no -> temp decision change, because a new field was added to cache.old_mail: temp -> yes decision change, because a mail older than 1 week was accessed.unordered_access: temp -> yes decision change, because mails weren't accessed in ascending order.IMAP UID number that caused the decision change. This is set only for some reasons, not all.
\n" }, "old_decision": { "text": "Old cache decision.
\n" }, "new_decision": { "text": "New cache decision.
\n" } }, "text": "A field's caching decision changed.
\n\nDecisions:
\n| Decision | \nDescription | \n
|---|---|
no | \nThe field is not cached. | \n
temp | \nThe field is cached for 1 week and dropped on the next purge. | \n
yes | \nThe field is cached permanently. If the field isn't accessed for 30 days it's dropped. | \n
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "field": { "text": "Cache field name (e.g. hdr.from).
Reason why the caching decision changed:
\ntoo_many_headers\n: This can happen when the count of headers in the cache exceeds the maximum configured with mail_cache_max_headers_count.The decision to promote a field (from no to temp) was rejected.
Cache file purging is started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "file_seq": { "text": "Sequence of the new cache file that is created.
\n" }, "prev_file_seq": { "text": "Sequence of the cache file that is to be purged.
\n" }, "prev_file_size": { "text": "Size of the cache file that is to be purged.
\n" }, "prev_deleted_records": { "text": "Number of records (mails) marked as deleted in the cache file that is to be purged.
\n" }, "reason": { "text": "Reason string for purging the cache file:
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "field": { "text": "Cache field name (e.g. imap.body or hdr.from).
Old caching decision: temp, or yes.
UNIX timestamp of when the field was accessed the last time. This is updated only once per 24 hours.
\n" }, "file_seq": { "text": "Sequence of the new cache file that is created.
\n" }, "prev_file_seq": { "text": "Sequence of the cache file that is to be purged.
\n" }, "prev_file_size": { "text": "Size of the cache file that is to be purged.
\n" }, "prev_deleted_records": { "text": "Number of records (mails) marked as deleted in the cache file that is to be purged.
\n" }, "reason": { "text": "Reason string for purging the cache file:
\nExisting field is dropped from the cache file because it hadn't been accessed\nfor 30 days.
\n" }, "mail_cache_purge_finished": { "root": "mail-cache", "inherit": [ "mail_cache_purge", "mail_index_common" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "file_size": { "text": "Size of the new cache file.
\n" }, "max_uid": { "text": "IMAP UID of the last mail in the cache file.
\n" }, "file_seq": { "text": "Sequence of the new cache file that is created.
\n" }, "prev_file_seq": { "text": "Sequence of the cache file that is to be purged.
\n" }, "prev_file_size": { "text": "Size of the cache file that is to be purged.
\n" }, "prev_deleted_records": { "text": "Number of records (mails) marked as deleted in the cache file that is to be purged.
\n" }, "reason": { "text": "Reason string for purging the cache file:
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Reason string why cache was found to be corrupted.
\n" } }, "text": "Cache file was found to be corrupted and the whole file is deleted.
\n" }, "mail_cache_record_corrupted": { "root": "mail-cache", "inherit": "mail_index_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Reason string why cache was found to be corrupted.
\n" }, "uid": { "text": "IMAP UID of the mail whose cache record is corrupted.
\n" } }, "text": "Cache record for a specific mail was found to be corrupted and the record\nis deleted.
\n" }, "http_request_finished": { "root": "http-client", "inherit": "http_client", "text": "HTTP request is complete.
\nThis event is useful to track and monitor external services.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "attempts": { "text": "Amount of individual HTTP request attempts (number of retries after failures + 1).
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of data read, in bytes.
\nin_bytes.Amount of data written, in bytes.
\nout_bytes.Destination host.
\n" }, "dest_ip": { "text": "Destination IP address.
\n" }, "dest_port": { "text": "Destination port.
\n" }, "method": { "text": "HTTP verb used uppercased, e.g. GET.
Number of redirects done while processing request.
\n" }, "status_code": { "text": "HTTP result status code (integer).
\n" }, "target": { "text": "Request path with parameters, e.g. /path/?delimiter=%2F&prefix=test%2F.
Intermediate event emitted when an HTTP request is being redirected.
\nThe http_request_finished is still sent at the end of the request.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "attempts": { "text": "Amount of individual HTTP request attempts (number of retries after failures + 1).
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of data read, in bytes.
\nin_bytes.Amount of data written, in bytes.
\nout_bytes.Destination host.
\n" }, "dest_ip": { "text": "Destination IP address.
\n" }, "dest_port": { "text": "Destination port.
\n" }, "method": { "text": "HTTP verb used uppercased, e.g. GET.
Number of redirects done while processing request.
\n" }, "status_code": { "text": "HTTP result status code (integer).
\n" }, "target": { "text": "Request path with parameters, e.g. /path/?delimiter=%2F&prefix=test%2F.
Intermediate event emitted when an HTTP request is being retried.
\nThe http_request_finished is still sent at the end of the request.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "attempts": { "text": "Amount of individual HTTP request attempts (number of retries after failures + 1).
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of data read, in bytes.
\nin_bytes.Amount of data written, in bytes.
\nout_bytes.Destination host.
\n" }, "dest_ip": { "text": "Destination IP address.
\n" }, "dest_port": { "text": "Destination port.
\n" }, "method": { "text": "HTTP verb used uppercased, e.g. GET.
Number of redirects done while processing request.
\n" }, "status_code": { "text": "HTTP result status code (integer).
\n" }, "target": { "text": "Request path with parameters, e.g. /path/?delimiter=%2F&prefix=test%2F.
A new HTTP request has been received and the request headers (but not body\npayload) are parsed.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "request_id": { "text": "Assigned ID of the received request.
\n" }, "method": { "text": "HTTP verb used uppercased, e.g. GET.
Request path with parameters, e.g. /path/?delimiter=%2F&prefix=test%2F.
Local server IP address where TCP client connected to.
\n" }, "remote_ip": { "text": "Remote TCP client's IP address.
\n" }, "remote_port": { "text": "Remote TCP client's source port.
\n" }, "remote_pid": { "text": "Remote UNIX socket client's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket client's system user ID.
\n" } } }, "http_server_request_finished": { "root": "http-server", "inherit": "http_server", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of request data read, in bytes.
\nin_bytes.Amount of response data written, in bytes.
\nout_bytes.HTTP result status code (integer).
\n" }, "request_id": { "text": "Assigned ID of the received request.
\n" }, "method": { "text": "HTTP verb used uppercased, e.g. GET.
Request path with parameters, e.g. /path/?delimiter=%2F&prefix=test%2F.
Local server IP address where TCP client connected to.
\n" }, "remote_ip": { "text": "Remote TCP client's IP address.
\n" }, "remote_port": { "text": "Remote TCP client's source port.
\n" }, "remote_pid": { "text": "Remote UNIX socket client's process ID.
\n" }, "remote_uid": { "text": "Remote UNIX socket client's system user ID.
\n" } }, "text": "HTTP request is fully completed, i.e. the incoming request body is read and\nthe full response to the request has been sent to the client.
\n" }, "pop3_command_finished": { "root": "pop3", "inherit": "pop3_command", "added": { "events_pop3_command_finished_added": false }, "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reply": { "text": "POP3 reply. Values:
\nOKFAILAmount of data read for this command, in bytes.
\n" }, "net_out_bytes": { "text": "Amount of data written for this command, in bytes.
\n" }, "cmd_name": { "text": "POP3 command name uppercased (e.g. UIDL).
POP3 command's full parameters (e.g. 1 1).
Username of the user.
\n" }, "session": { "text": "Session ID of the POP3 connection.
\n" }, "local_ip": { "text": "POP3 connection's local (server) IP.
\n" }, "local_port": { "text": "POP3 connection's local (server) port.
\n" }, "remote_ip": { "text": "POP3 connection's remote (client) IP.
\n" }, "remote_port": { "text": "POP3 connection's remote (client) port.
\n" } }, "text": "Added: 3.0.0
\nPOP3 command is completed.
\nThis event is useful to track individual command usage, debug specific\nsessions, and/or detect broken clients.
\nTIP
\nThis event is currently not sent for pre-login POP3 commands.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Mailbox name where hibernation was started in.
\n" }, "error": { "text": "Reason why hibernation attempt failed.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID of the IMAP connection.
\n" }, "local_ip": { "text": "IMAP connection's local (server) IP.
\n" }, "local_port": { "text": "IMAP connection's local (server) port.
\n" }, "remote_ip": { "text": "IMAP connection's remote (client) IP.
\n" }, "remote_port": { "text": "IMAP connection's remote (client) port.
\n" } }, "text": "IMAP client is hibernated or the hibernation attempt failed.
\nTIP
\nFor failures, this event can be logged by either imap or imap-hibernate\nprocess depending on which side the error was detected in.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Mailbox name where hibernation was started in.
\n" }, "reason": { "text": "Reason why client was unhibernated:
\nidle_done: IDLE command was stopped with DONE.idle_bad_reply: IDLE command was stopped with some other command than DONE.mailbox_changes: Mailbox change notifications need to be sent to the client.Number of microseconds how long the client was hibernated.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID of the IMAP connection.
\n" }, "local_ip": { "text": "IMAP connection's local (server) IP.
\n" }, "local_port": { "text": "IMAP connection's local (server) port.
\n" }, "remote_ip": { "text": "IMAP connection's remote (client) IP.
\n" }, "remote_port": { "text": "IMAP connection's remote (client) port.
\n" } }, "text": "IMAP client is unhibernated or the unhibernation attempt failed.
\nTIP
\nFor failures, this event can be logged by either imap or imap-hibernate\nprocess depending on which side the error was detected in.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Reason why unhibernation failed.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID of the IMAP connection.
\n" }, "local_ip": { "text": "IMAP connection's local (server) IP.
\n" }, "local_port": { "text": "IMAP connection's local (server) port.
\n" }, "remote_ip": { "text": "IMAP connection's remote (client) IP.
\n" }, "remote_port": { "text": "IMAP connection's remote (client) port.
\n" } }, "text": "An IMAP client is attempted to be unhibernated, but imap processes are busy\nand the unhibernation attempt is retried.
\nThis event is sent each time when retrying is done.
\nThe imap_client_unhibernated event is still sent when unhibernation\neither succeeds or fails permanently.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "tagged_reply_state": { "text": "Values:
\nOKNOBADFull tagged reply (e.g. OK SELECT finished.).
Timestamp when the command was running last time. (Command may be followed by internal "mailbox sync" that can take some time to complete.)
\n" }, "running_usecs": { "text": "How many usecs this command has spent running.
\n" }, "lock_wait_usecs": { "text": "How many usecs this command has spent waiting for locks.
\n" }, "net_in_bytes": { "changed": { "events_net_in_bytes_changed": "This was previously `in_bytes`." }, "text": "Amount of data read for this command, in bytes.
\nin_bytes.Amount of data written for this command, in bytes.
\nout_bytes.IMAP command tag.
\n" }, "cmd_name": { "text": "IMAP command name uppercased (e.g. FETCH).
Contains unknown for unknown command names.
IMAP command name exactly as sent (e.g. fetcH) regardless of whether or not it is valid.
IMAP command's full parameters (e.g. 1:* FLAGS).
IMAP command's full parameters, as human-readable output. Often it's the\nsame as cmd_args, but it is guaranteed to contain only valid UTF-8\ncharacters and no control characters.
Multi-line parameters are written only as <N byte multi-line literal>.
Username of the user.
\n" }, "session": { "text": "Session ID of the IMAP connection.
\n" }, "local_ip": { "text": "IMAP connection's local (server) IP.
\n" }, "local_port": { "text": "IMAP connection's local (server) port.
\n" }, "remote_ip": { "text": "IMAP connection's remote (client) IP.
\n" }, "remote_port": { "text": "IMAP connection's remote (client) port.
\n" } }, "text": "IMAP command is completed.
\nThis event is useful to track individual command usage, debug specific\nsessions, and/or detect broken clients.
\nTIP
\nThis event is currently not sent for pre-login IMAP commands.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "internal": { "text": "If yes, ID command parameters include the internally known x-* fields\nto update e.g. the IP or session ID. Typically these fields would be sent only\nby Dovecot proxies. The internal fields are not actually used, unless\ntrusted=yes also.
If yes, ID command parameters include fields sent by a regular IMAP client\n(non-internal fields). Dovecot proxy can send an ID command to a backend\ncontaining both internal and external fields. If the IMAP client sends only\ntag ID NIL command, the event is sent but external is not set.
If yes, the ID command came from an IP matching\nlogin_trusted_networks. If any internal fields were sent, they were\nprocessed.
Received parameters. The event name is the lowercase parameter key prefixed\nwith id_param_, the value is the parameter value.
Each key that contains invalid characters are enumerated starting with 1.\nValid characters are latin alphabetic characters (= a .. z),\nnumerals (= 0 .. 9), the dash (= -) and\nthe underscore (= _), every other character is\nconsidered invalid. The value of this field is the\noriginal parameter key including invalid characters,\nfollowed by a space character, and finally the\noriginal value concatenated into a single string.
IMAP command tag.
\n" }, "cmd_name": { "text": "IMAP command name uppercased (e.g. FETCH).
Contains unknown for unknown command names.
IMAP command name exactly as sent (e.g. fetcH) regardless of whether or not it is valid.
IMAP command's full parameters (e.g. 1:* FLAGS).
IMAP command's full parameters, as human-readable output. Often it's the\nsame as cmd_args, but it is guaranteed to contain only valid UTF-8\ncharacters and no control characters.
Multi-line parameters are written only as <N byte multi-line literal>.
Username of the user.
\n" }, "session": { "text": "Session ID of the IMAP connection.
\n" }, "local_ip": { "text": "IMAP connection's local (server) IP.
\n" }, "local_port": { "text": "IMAP connection's local (server) port.
\n" }, "remote_ip": { "text": "IMAP connection's remote (client) IP.
\n" }, "remote_port": { "text": "IMAP connection's remote (client) port.
\n" } }, "text": "Added: 3.0.0
\nThis event is emitted when the IMAP ID command was received, both for pre-\nas well as post-login. The parameters slightly differ for an unauthenticated\nclient, e.g. there is no user id.
\n" }, "mail_delivery_started": { "root": "local-delivery", "inherit": "mail_delivery", "text": "Message delivery has started.
\nThis event is useful for debugging mail delivery flow.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "message_id": { "text": "Message-ID header value (truncated to 200 bytes).
\n" }, "message_subject": { "text": "Subject header value, in UTF-8 (truncated to 80 bytes).
\n" }, "message_from": { "text": "Email address in the From header (e.g. user@example.com).
Size of the message, in bytes.
\n" }, "message_vsize": { "text": "Size of the message with CRLF linefeeds, in bytes.
\n" }, "rcpt_to": { "text": "Recipient address.
\n" }, "rcpt_param_notify": { "text": "The value of the NOTIFY parameter for the RCPT command.
\n" }, "rcpt_param_orcpt": { "text": "The address value of the ORCPT parameter for the RCPT command.
\n" }, "rcpt_param_orcpt_type": { "text": "The address type (typically "rfc822") of the ORCPT parameter for the RCPT command.
\n" }, "session": { "text": "The session ID for this connection (same as connection_id).
Transaction ID used by the server for this transaction (this ID is logged, mentioned in the DATA reply and part of the "Received:" header). It is based on the connection_id with a ":<seq>" sequence number suffix.
\n" }, "mail_from": { "text": "Sender address.
\n" }, "mail_param_auth": { "text": "The value of the AUTH parameter for the MAIL command.
\n" }, "mail_param_body": { "text": "The value of the BODY parameter for the MAIL command.
\n" }, "mail_param_envid": { "text": "The value of the ENVID parameter for the MAIL command.
\n" }, "mail_param_ret": { "text": "The value of the RET parameter for the MAIL command.
\n" }, "mail_param_size": { "text": "The value of the SIZE parameter for the MAIL command.
\n" }, "data_size": { "text": "The number data of bytes received from the client. This field is only present when the transaction finished receiving the DATA command.
\n" }, "connection_id": { "text": "The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message if the delivery failed.
\n" }, "message_id": { "text": "Message-ID header value (truncated to 200 bytes).
\n" }, "message_subject": { "text": "Subject header value, in UTF-8 (truncated to 80 bytes).
\n" }, "message_from": { "text": "Email address in the From header (e.g. user@example.com).
Size of the message, in bytes.
\n" }, "message_vsize": { "text": "Size of the message with CRLF linefeeds, in bytes.
\n" }, "rcpt_to": { "text": "Recipient address.
\n" }, "rcpt_param_notify": { "text": "The value of the NOTIFY parameter for the RCPT command.
\n" }, "rcpt_param_orcpt": { "text": "The address value of the ORCPT parameter for the RCPT command.
\n" }, "rcpt_param_orcpt_type": { "text": "The address type (typically "rfc822") of the ORCPT parameter for the RCPT command.
\n" }, "session": { "text": "The session ID for this connection (same as connection_id).
Transaction ID used by the server for this transaction (this ID is logged, mentioned in the DATA reply and part of the "Received:" header). It is based on the connection_id with a ":<seq>" sequence number suffix.
\n" }, "mail_from": { "text": "Sender address.
\n" }, "mail_param_auth": { "text": "The value of the AUTH parameter for the MAIL command.
\n" }, "mail_param_body": { "text": "The value of the BODY parameter for the MAIL command.
\n" }, "mail_param_envid": { "text": "The value of the ENVID parameter for the MAIL command.
\n" }, "mail_param_ret": { "text": "The value of the RET parameter for the MAIL command.
\n" }, "mail_param_size": { "text": "The value of the SIZE parameter for the MAIL command.
\n" }, "data_size": { "text": "The number data of bytes received from the client. This field is only present when the transaction finished receiving the DATA command.
\n" }, "connection_id": { "text": "The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
Message delivery is completed.
\nThis event is useful for logging and tracking mail deliveries.
\n" }, "dns_worker_request_started": { "root": "dns-worker", "text": "DNS request started being processed by DNS worker process.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "dns_request_started": { "root": "dns-client", "text": "DNS request sent by DNS client library to DNS worker process.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "dns_worker_request_finished": { "root": "dns-worker", "inherit": "dns", "text": "DNS request finished being processed by DNS worker process.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Human readable error.
\n" }, "error_code": { "text": "Error code usable with net_gethosterror().
\n" } } }, "dns_request_finished": { "root": "dns-client", "inherit": "dns", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "cached": { "text": "Set to yes or no depending if it was a cached reply or not.
Human readable error.
\n" }, "error_code": { "text": "Error code usable with net_gethosterror().
\n" } }, "text": "DNS request sent by DNS client library to DNS worker process has been\nfinished.
\n" }, "sql_query_finished": { "root": "sql", "inherit": "sql_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Human readable error.
\n" }, "error_code": { "text": "Error code (if available).
\n" }, "query_first_word": { "text": "First word of the query (e.g. SELECT).
Requested consistency for the query (Cassandra only).
\nConsistency attempted to be used by Cassandra for the failed query (Cassandra only).
\nName of the sql driver, e.g. mysql or cassandra.
Response was received to SQL query.
\n" }, "sql_transaction_finished": { "root": "sql", "inherit": "sql_common", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Human readable error.
\n" }, "error_code": { "text": "Error code (if available).
\n" }, "sql_driver": { "text": "Name of the sql driver, e.g. mysql or cassandra.
SQL transaction was committed or rolled back.
\n" }, "sql_connection_finished": { "root": "sql", "inherit": "sql_common", "text": "Connection to SQL server is closed.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "sql_driver": { "text": "Name of the sql driver, e.g. mysql or cassandra.
The command is received from the client.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "cmd_name": { "text": "Name of the command.
\n" }, "cmd_input_name": { "text": "SMTP command name exactly as sent (e.g. MaIL) regardless of whether or not it is valid.
SMTP command's full parameters (e.g. <from@example.com>).
SMTP command's full parameters, as human-readable output. For SMTP, this is currently identical to cmd_args.
The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
The session ID for this connection (same as connection_id).
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "status_code": { "text": "SMTP status code for the (first) reply. This is = 9000 for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "enhanced_code": { "text": "SMTP enhanced status code for the (first) reply. This is "9.0.0" for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "error": { "text": "Error message for the reply. There is no field for a success message.
\n" }, "cmd_name": { "text": "Name of the command.
\n" }, "cmd_input_name": { "text": "SMTP command name exactly as sent (e.g. MaIL) regardless of whether or not it is valid.
SMTP command's full parameters (e.g. <from@example.com>).
SMTP command's full parameters, as human-readable output. For SMTP, this is currently identical to cmd_args.
The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
The session ID for this connection (same as connection_id).
The command is finished. Either a success reply was sent for it or it\nfailed somehow.
\n" }, "smtp_server_transaction_started": { "root": "smtp-server", "inherit": "smtp_transaction", "text": "The transaction is started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "transaction_id": { "text": "Transaction ID used by the server for this transaction (this ID is logged, mentioned in the DATA reply and part of the "Received:" header). It is based on the connection_id with a ":<seq>" sequence number suffix.
\n" }, "session": { "text": "The session ID for this connection (same as connection_id).
Sender address.
\n" }, "mail_param_auth": { "text": "The value of the AUTH parameter for the MAIL command.
\n" }, "mail_param_body": { "text": "The value of the BODY parameter for the MAIL command.
\n" }, "mail_param_envid": { "text": "The value of the ENVID parameter for the MAIL command.
\n" }, "mail_param_ret": { "text": "The value of the RET parameter for the MAIL command.
\n" }, "mail_param_size": { "text": "The value of the SIZE parameter for the MAIL command.
\n" }, "data_size": { "text": "The number data of bytes received from the client. This field is only present when the transaction finished receiving the DATA command.
\n" }, "connection_id": { "text": "The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "status_code": { "text": "SMTP status code for the (first failure) reply. This is = 9000 for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "enhanced_code": { "text": "SMTP enhanced status code for the (first failure) reply. This is "9.0.0" for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "error": { "text": "Error message for the first failure reply. There is no field for a success message.
\n" }, "recipients": { "text": "Total number of recipients.
\n" }, "recipients_aborted": { "text": "The number of recipients that got aborted before these could either finish\nor fail. This means that the transaction failed early somehow while these\nrecipients were still being processed by the server.
\n" }, "recipients_denied": { "text": "The number of recipients denied by the server using a negative reply to the RCPT command.
\n" }, "recipients_failed": { "text": "The number of recipients that failed somehow (includes denied recipients, but not aborted recipients).
\n" }, "recipients_succeeded": { "text": "The number of recipients for which the transaction finally succeeded.
\n" }, "is_reset": { "text": "The transaction was reset (RSET) rather than finishing\nwith a DATA/BDAT command as it normally would. This happens when client\nside issues the RSET command. Note that a reset event is a success (no\nerror field is present).
\n" }, "transaction_id": { "text": "Transaction ID used by the server for this transaction (this ID is logged, mentioned in the DATA reply and part of the "Received:" header). It is based on the connection_id with a ":<seq>" sequence number suffix.
\n" }, "session": { "text": "The session ID for this connection (same as connection_id).
Sender address.
\n" }, "mail_param_auth": { "text": "The value of the AUTH parameter for the MAIL command.
\n" }, "mail_param_body": { "text": "The value of the BODY parameter for the MAIL command.
\n" }, "mail_param_envid": { "text": "The value of the ENVID parameter for the MAIL command.
\n" }, "mail_param_ret": { "text": "The value of the RET parameter for the MAIL command.
\n" }, "mail_param_size": { "text": "The value of the SIZE parameter for the MAIL command.
\n" }, "data_size": { "text": "The number data of bytes received from the client. This field is only present when the transaction finished receiving the DATA command.
\n" }, "connection_id": { "text": "The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
Transaction is finished or failed.
\n" }, "smtp_server_transaction_rcpt_finished": { "root": "smtp-server", "inherit": "smtp_recipient", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "status_code": { "text": "SMTP status code for the reply. This is = 9000 for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "enhanced_code": { "text": "SMTP enhanced status code for the reply. This is "9.0.0" for aborted commands (e.g., when the connection is closed prematurely).
\n" }, "error": { "text": "Error message for the reply if it is a failure. There is no field for a success message.
\n" }, "dest_host": { "text": "LMTP proxying only: Proxy destination hostname.
\nLMTP proxying only: Proxy destination IP address.
\nRecipient address.
\n" }, "rcpt_param_notify": { "text": "The value of the NOTIFY parameter for the RCPT command.
\n" }, "rcpt_param_orcpt": { "text": "The address value of the ORCPT parameter for the RCPT command.
\n" }, "rcpt_param_orcpt_type": { "text": "The address type (typically "rfc822") of the ORCPT parameter for the RCPT command.
\n" }, "session": { "text": "The session ID for this connection (same as connection_id).
Transaction ID used by the server for this transaction (this ID is logged, mentioned in the DATA reply and part of the "Received:" header). It is based on the connection_id with a ":<seq>" sequence number suffix.
\n" }, "mail_from": { "text": "Sender address.
\n" }, "mail_param_auth": { "text": "The value of the AUTH parameter for the MAIL command.
\n" }, "mail_param_body": { "text": "The value of the BODY parameter for the MAIL command.
\n" }, "mail_param_envid": { "text": "The value of the ENVID parameter for the MAIL command.
\n" }, "mail_param_ret": { "text": "The value of the RET parameter for the MAIL command.
\n" }, "mail_param_size": { "text": "The value of the SIZE parameter for the MAIL command.
\n" }, "data_size": { "text": "The number data of bytes received from the client. This field is only present when the transaction finished receiving the DATA command.
\n" }, "connection_id": { "text": "The session ID for this connection. The connection ID is forwarded through proxies, allowing correlation between sessions on frontend and backend systems.
\n" }, "protocol": { "text": "The protocol used by the connection; i.e., either smtp or lmtp.
The transaction is finished or failed for this particular recipient. When\nsuccessful, this means the DATA command for the transaction yielded success\nfor that recipient (even for SMTP this event is generated for each\nrecipient separately). Recipients can fail at various stages, particularly\nat the actual RCPT command where the server can deny the recipient.
\n" }, "smtp_submit_started": { "root": "smtp-submit", "text": "Started message submission.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "smtp_submit_finished": { "root": "smtp-submit", "inherit": "smtp_submit", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message for submission failure.
\n" }, "mail_from": { "text": "The envelope sender for the outgoing message.
\n" }, "recipients": { "text": "The number of recipients for the outgoing message.
\n" }, "data_size": { "text": "The size of the outgoing message.
\n" } }, "text": "Finished the message submission.
\n" }, "push_notification_finished": { "root": "push-notification", "inherit": "mail_user", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Mailbox for event.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Push notification event was sent. See push notification stats.
\n" }, "sieve_runtime_script_started": { "root": "sieve-runtime", "inherit": "sieve_runtime", "text": "Started evaluating a Sieve script.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "script_name": { "text": "The name of the Sieve script as it is visible to the user.
\n" }, "script_location": { "text": "The full location string of the Sieve script.
\n" }, "binary_path": { "text": "The path of the Sieve binary being executed (if it is not only in memory).
\n" }, "error": { "text": "If present, this field indicates that the script execution has failed. The error message itself is very simple.
\n" }, "message_id": { "text": "The message-id of the message being filtered.
\n" }, "mail_from": { "text": "Envelope sender address if available.
\n" }, "rcpt_to": { "text": "Envelope recipient address if available.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_runtime_script_finished": { "root": "sieve-runtime", "inherit": "sieve_runtime", "text": "Finished evaluating a Sieve script.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "script_name": { "text": "The name of the Sieve script as it is visible to the user.
\n" }, "script_location": { "text": "The full location string of the Sieve script.
\n" }, "binary_path": { "text": "The path of the Sieve binary being executed (if it is not only in memory).
\n" }, "error": { "text": "If present, this field indicates that the script execution has failed. The error message itself is very simple.
\n" }, "message_id": { "text": "The message-id of the message being filtered.
\n" }, "mail_from": { "text": "Envelope sender address if available.
\n" }, "rcpt_to": { "text": "Envelope recipient address if available.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_action_finished": { "root": "sieve-execute", "inherit": "sieve_execute", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "action_name": { "text": "| Action | \nDescription | \n
|---|---|
discard | \nThe discard action was executed successfully (only has an effect when no explicit keep is executed). | \n
| ileinto` | \nThe fileinto action was executed successfully. | \n
keep | \nThe keep action was executed successfully (maps to fileinto internally, so the fields are identical). | \n
notify | \nThe notify action was executed successfully (either from the notify or the enotify extension). | \n
pipe | \nThe pipe action (from vnd.dovecot.pipe extension) was executed successfully. | \n
redirect | \nThe redirect action was executed successfully. | \n
reject | \nThe reject action was executed successfully. | \n
report | \nThe report action (from vnd.dovecot.report extension) was executed successfully. | \n
vacation | \nThe vacation action was executed successfully. | \n
The location string for this Sieve action (a combination of "<script-name>: line <number>".
\n" }, "redirect_target": { "text": "The target address for the redirect action.
\n" }, "notify_target": { "text": "The list of target addresses for the notify action.
\n" }, "report_target": { "text": "The target address for the report action.
\n" }, "report_type": { "text": "The feedback type for the report action.
\n" }, "fileinto_mailbox": { "text": "The target mailbox for the fileinto/keep action.
\n" }, "pipe_program": { "text": "The name of the program being executed by the pipe action.
\n" }, "message_id": { "text": "The message-id of the message being filtered.
\n" }, "mail_from": { "text": "Envelope sender address if available.
\n" }, "rcpt_to": { "text": "Envelope recipient address if available.
\n" }, "user": { "text": "Username of the user.
\n" } }, "text": "Emitted when sieve action is completed successfully.
\n" }, "sieve_script_opened": { "root": "sieve-storage", "inherit": "sieve_storage", "text": "Opened a Sieve script for reading (e.g. for ManageSieve GETSCRIPT or\ncompiling it at delivery).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_script_closed": { "root": "sieve-storage", "inherit": "sieve_storage", "text": "Closed a Sieve script (after reading it).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_script_deleted": { "root": "sieve-storage", "inherit": "sieve_storage", "text": "Deleted a Sieve script.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_script_activated": { "root": "sieve-storage", "inherit": "sieve_storage", "text": "Activated a Sieve script.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } } }, "sieve_script_renamed": { "root": "sieve-storage", "inherit": "sieve_storage", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "old_script_name": { "text": "Old name of the Sieve script.
\n" }, "new_script_name": { "text": "New name for the Sieve script.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } }, "text": "Renamed a Sieve script.
\n" }, "sieve_storage_save_started": { "root": "sieve-storage", "inherit": "sieve_storage", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "script_name": { "text": "Name of the Sieve script.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } }, "text": "Started saving a Sieve script.
\n" }, "sieve_storage_save_finished": { "root": "sieve-storage", "inherit": "sieve_storage", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "script_name": { "text": "Name of the Sieve script.
\n" }, "storage_driver": { "text": "The driver name of the Sieve storage (file, ldap, or dict).
The location string for the Sieve script.
\n" }, "error": { "text": "Error message for when storage operation has failed.
\n" }, "user": { "text": "Username of the user.
\n" } }, "text": "Finished saving a Sieve script.
\n" }, "managesieve_command_finished": { "root": "managesieve", "inherit": "managesieve", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "script_name": { "text": "Name for the Sieve script this command operated on (if any).
\n" }, "old_script_name": { "text": "Old name of the Sieve script (only set for RENAMESCRIPT).
\n" }, "new_script_name": { "text": "New name for the Sieve script (only set for RENAMESCRIPT).
\n" }, "compile_errors": { "text": "The number of compile errors that occurred (only set for PUTSCRIPT, CHECKSCRIPT and SETACTIVE when compile fails).
\n" }, "compile_warnings": { "text": "The number of compile warnings that occurred (only set for PUTSCRIPT, CHECKSCRIPT and SETACTIVE when script is compiled).
\n" }, "cmd_name": { "text": "Name of the ManageSieve command.
\n" }, "cmd_args": { "text": "Arguments for the ManageSieve command.
\n" }, "error": { "text": "Error message for when the command failed.
\n" } }, "text": "Finished the ManageSieve command.
\n" }, "dict_created": { "root": "dict", "inherit": "dict_init", "text": "Dictionary is initialized.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "dict_name": { "text": "Name of the dict as set in configurations.
\n" }, "dict_driver": { "text": "Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_destroyed": { "root": "dict", "inherit": "dict_init", "text": "Dictionary is destroyed.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "dict_name": { "text": "Name of the dict as set in configurations.
\n" }, "dict_driver": { "text": "Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_lookup_finished": { "root": "dict", "inherit": "dict_lookup", "text": "Dictionary lookup finishes.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "key": { "text": "Key name, starts with priv/ or shared/.
Set to yes if key not found.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_iteration_finished": { "root": "dict", "inherit": "dict_iteration", "text": "Dictionary iteration finished.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "rows": { "text": "Number of rows returned.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "key": { "text": "Key name, starts with priv/ or shared/.
Set to yes if key not found.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_transaction_finished": { "root": "dict", "inherit": "dict_transaction", "text": "Dictionary transaction has been committed or rolled back.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "rollback": { "text": "Set to yes when transaction was rolled back.
Set to yes if write was not confirmed.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_server_lookup_finished": { "root": "dict-server", "inherit": "dict_lookup", "text": "Dictionary server finishes lookup.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "key": { "text": "Key name, starts with priv/ or shared/.
Set to yes if key not found.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_server_iteration_finished": { "root": "dict-server", "inherit": "dict_iteration", "text": "Dictionary server finishes iteration.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "rows": { "text": "Number of rows returned.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "key": { "text": "Key name, starts with priv/ or shared/.
Set to yes if key not found.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "dict_server_transaction_finished": { "root": "dict-server", "inherit": "dict_transaction", "text": "Dictionary server finishes transaction.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username, if it's not empty.
\n" }, "rollback": { "text": "Set to yes when transaction was rolled back.
Set to yes if write was not confirmed.
Name of the dictionary driver, e.g. sql or proxy.
Error, if one occurred.
\n" } } }, "login_aborted": { "added": { "events_login_aborted_added": false }, "inherit": "pre_login_client", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Short reason; see the short reason to description mapping.
\n" }, "auth_successes": { "text": "Number of successful authentications, which eventually failed due to other reasons.
\n" }, "auth_attempts": { "text": "Total number of authentication attempts, both successful and failed.
\n" }, "auth_usecs": { "text": "How long ago the first authentication attempt was started.
\n" }, "connected_usecs": { "text": "How long ago the client connection was created.
\n" }, "local_ip": { "text": "Local IP address.
\n" }, "local_name": { "text": "TLS SNI hostname, if given.
\nLocal port.
\n" }, "remote_ip": { "text": "Remote IP address.
\n" }, "remote_port": { "text": "Remote port.
\n" }, "user": { "text": "Full username.
\n" }, "service": { "text": "Same as protocol
Name of service e.g. submission, imap.
Added: 3.0.0
\n\nreason values:
| Reason | \nDescription | \n
|---|---|
anonymous_auth_disabled | \nAnonymous authentication is not allowed. | \n
authorization_failed | \nMaster user authentication succeeded, but authorization to access the requested login user wasn't allowed. | \n
auth_aborted_by_client | \nClient started SASL authentication, but returned "*" reply to abort it. | \n
auth_failed | \nGeneric authentication failure. Possibly due to invalid username/password, but could have been some other unspecified reason also. | \n
auth_nologin_referral | \nAuthentication returned auth referral to redirect the client to another server. This is normally configured to be sent only when the client is a Dovecot proxy, which handles the redirection. | \n
auth_process_comm_fail | \nInternal error communicating with the auth process. | \n
auth_process_not_ready | \nClient disconnected before auth process was ready. This may indicate a hanging auth process if connected_usecs is large. | \n
auth_waiting_client | \nClient started SASL authentication, but disconnected instead of sending the next SASL continuation reply. | \n
cleartext_auth_disabled | \nAuthentication using cleartext mechanism is not allowed at this point. It would be allowed if SSL/TLS was enabled. | \n
client_ssl_cert_untrusted | \nClient sent an SSL certificate that is untrusted with auth_ssl_require_client_cert = yes. | \n
client_ssl_cert_missing | \nClient didn't send SSL certificate, but auth_ssl_require_client_cert = yes. | \n
client_ssl_not_started | \nClient didn't even start SSL with auth_ssl_require_client_cert = yes. | \n
connection_limit | \nClient reached mail_max_userip_connections limit. | \n
internal_failure | \nInternal failure. The error log has more details. | \n
invalid_base64 | \nClient sent invalid base64 in SASL response. | \n
invalid_mech | \nUnknown SASL authentication mechanism requested. | \n
login_disabled | \nThe user has the passdb: Authentication `nologin` Extra Field field set in passdb and is thereby not able to login. | \n
no_auth_attempts | \nClient didn't send any authentication attempts. | \n
password_expired | \nThe user's password is expired. | \n
process_full | \nservice configuration (client_limit) and service configuration (process_limit) was hit and this login session was killed. | \n
shutting_down | \nThe process is shutting down so the login is aborted. | \n
tls_handshake_not_finished | \nTLS handshake failed or was not finished. | \n
user_disabled | \nUser is in deny passdb, or in some other way disabled passdb. | \n
Proxying reason values:
| Reason | \nDescription | \n
|---|---|
proxy_dest_connect_failed | \nLocal authentication succeeded, but connection to destination hop failed. | \n
proxy_dest_internal_failure | \nLocal authentication succeeded, but internal failure occurred after that. | \n
proxy_dest_remote_failure | \nLocal authentication succeeded, but destination hop reported unspecified failure. | \n
proxy_dest_protocol_failure | \nLocal authentication succeeded, but destination hop unexpectedly violated the protocol standard. | \n
proxy_dest_auth_failed | \nLocal authentication succeeded, but proxying failed to authenticate to the destination hop. | \n
proxy_dest_auth_temp_failed | \nLocal authentication succeeded, but proxying failed to temporarily authenticate to the destination hop. | \n
proxy_dest_redirected | \nLocal authentication succeeded, but destination hop redirected to another host. | \n
proxy_dest_connection_limit | \nAdded: 3.2.0 Login to backend failed because client reached mail_max_userip_connections limit. | \n
Connection to proxy destination has started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "dest_host": { "text": "Host name of the proxy destination (if proxying is configured with IP address, will have the same value as dest_ip).
Proxy destination IP.
\n" }, "dest_port": { "text": "Proxy destination port.
\n" }, "source_ip": { "text": "Source IP where proxy connection originated from.
\n" }, "master_user": { "text": "If proxying is done with a master user authentication, contains the full username of master user.
\n" }, "local_ip": { "text": "Local IP address.
\n" }, "local_name": { "text": "TLS SNI hostname, if given.
\nLocal port.
\n" }, "remote_ip": { "text": "Remote IP address.
\n" }, "remote_port": { "text": "Remote port.
\n" }, "user": { "text": "Full username.
\n" }, "service": { "text": "Same as protocol
Name of service e.g. submission, imap.
Connection to proxy destination is established and user is successfully\nlogged into the backend.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "source_port": { "text": "Source port where proxy connection originated from.
\n" }, "reconnect_attempts": { "text": "Number of times connection failed and reconnection was attempted.
\n" }, "dest_host": { "text": "Host name of the proxy destination (if proxying is configured with IP address, will have the same value as dest_ip).
Proxy destination IP.
\n" }, "dest_port": { "text": "Proxy destination port.
\n" }, "source_ip": { "text": "Source IP where proxy connection originated from.
\n" }, "master_user": { "text": "If proxying is done with a master user authentication, contains the full username of master user.
\n" }, "local_ip": { "text": "Local IP address.
\n" }, "local_name": { "text": "TLS SNI hostname, if given.
\nLocal port.
\n" }, "remote_ip": { "text": "Remote IP address.
\n" }, "remote_port": { "text": "Remote port.
\n" }, "user": { "text": "Full username.
\n" }, "service": { "text": "Same as protocol
Name of service e.g. submission, imap.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "If login to destination failed, contains the error.
\n" }, "error_code": { "text": "If login to destination failed, contains the error code.
\nWhich side disconnected: client, server, proxy.
Reason for disconnection (empty = clean disconnect).
\n" }, "idle_usecs": { "changed": { "events_proxy_session_finished_idle_usecs_changed": "This was previously named `idle_secs`." }, "text": "Number of seconds the connection was idling before getting disconnected.
\nidle_secs.Amount of data read from client, in bytes.
\nin_bytes.Amount of data written to client, in bytes.
\nout_bytes.Source port where proxy connection originated from.
\n" }, "reconnect_attempts": { "text": "Number of times connection failed and reconnection was attempted.
\n" }, "dest_host": { "text": "Host name of the proxy destination (if proxying is configured with IP address, will have the same value as dest_ip).
Proxy destination IP.
\n" }, "dest_port": { "text": "Proxy destination port.
\n" }, "source_ip": { "text": "Source IP where proxy connection originated from.
\n" }, "master_user": { "text": "If proxying is done with a master user authentication, contains the full username of master user.
\n" }, "local_ip": { "text": "Local IP address.
\n" }, "local_name": { "text": "TLS SNI hostname, if given.
\nLocal port.
\n" }, "remote_ip": { "text": "Remote IP address.
\n" }, "remote_port": { "text": "Remote port.
\n" }, "user": { "text": "Full username.
\n" }, "service": { "text": "Same as protocol
Name of service e.g. submission, imap.
Connection to proxy destination has ended, either successfully or with error.
\n\nList of error codes:
\n| Error Code | \nExplanation | \n
|---|---|
authorization_failed | \nUser authorization failed. | \n
temp_fail | \nAuth service reported temporary failure. | \n
user_disabled | \nUser is disabled. | \n
password_expired | \nPassword is expired. | \n
invalid_base64 | \nChallenge response was invalid base64 encoded. | \n
login_disabled | \nLogin is disabled. | \n
invalid_mech | \nUsed mechanism isn't supported. | \n
cleartext_auth_disabled | \nCleartext authentication is not enabled, use TLS. | \n
anonymous_auth_disabled | \nAnonymous authentication is not enabled. | \n
Proxying error codes:
\n| Reason | \nDescription | \n
|---|---|
proxy_dest_connect_failed | \nLocal authentication succeeded, but connection to destination hop failed. | \n
proxy_dest_internal_failure | \nLocal authentication succeeded, but internal failure occurred after that. | \n
proxy_dest_remote_failure | \nLocal authentication succeeded, but destination hop reported unspecified failure. | \n
proxy_dest_protocol_failure | \nLocal authentication succeeded, but destination hop unexpectedly violated the protocol standard. | \n
proxy_dest_auth_failed | \nLocal authentication succeeded, but proxying failed to authenticate to the destination hop. | \n
proxy_dest_auth_temp_failed | \nLocal authentication succeeded, but proxying failed to temporarily authenticate to the destination hop. | \n
proxy_dest_redirected | \nLocal authentication succeeded, but destination hop redirected to another host. | \n
proxy_dest_connection_limit | \nAdded: 3.2.0 Login to backend failed because client reached mail_max_userip_connections limit. | \n
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Reason for the attempt failure.
\n" }, "error_code": { "text": "Error code for the attempt failure.
\n" }, "source_port": { "text": "Source port where proxy connection originated from.
\n" }, "reconnect_attempts": { "text": "Number of times connection failed and reconnection was attempted.
\n" }, "dest_host": { "text": "Host name of the proxy destination (if proxying is configured with IP address, will have the same value as dest_ip).
Proxy destination IP.
\n" }, "dest_port": { "text": "Proxy destination port.
\n" }, "source_ip": { "text": "Source IP where proxy connection originated from.
\n" }, "master_user": { "text": "If proxying is done with a master user authentication, contains the full username of master user.
\n" }, "local_ip": { "text": "Local IP address.
\n" }, "local_name": { "text": "TLS SNI hostname, if given.
\nLocal port.
\n" }, "remote_ip": { "text": "Remote IP address.
\n" }, "remote_port": { "text": "Remote port.
\n" }, "user": { "text": "Full username.
\n" }, "service": { "text": "Same as protocol
Name of service e.g. submission, imap.
Connection to proxy failed, but reconnect will be attempted.\nreconnect_attempts=1 for the first event and increases for each subsequent\nevent.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Reason for the batch user move, as given by the\ndoveadm cluster user batch move backend/site --reason parameter.
Maximum number of users to try to move.
\n" } }, "text": "Moving a cluster user batch started.
\n" }, "cluster_user_batch_move_finished": { "root": "cluster", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "reason": { "text": "Reason for the batch user move, as given by the\ndoveadm cluster user batch move backend/site --reason parameter.
Number of users for which moving failed.
\n" }, "moved_users": { "text": "Number of users that were successfully moved.
\n" }, "users_count": { "text": "Number of users that were asked to be moved.
\n" } }, "text": "Moving a cluster user batch finished.
\n" }, "cluster_user_move_started": { "root": "cluster", "text": "Moving a cluster user started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "cluster_user_move_finished": { "root": "cluster", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message why moving the user failed.
\n" } }, "text": "Moving a cluster user finished.
\n" }, "cluster_site_reachability_check_started": { "root": "cluster", "text": "A site reachability check has been started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" } } }, "cluster_site_reachability_check_finished": { "root": "cluster", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message why the reachability check failed.
\n" }, "host": { "text": "The site load-balancer targeted with the reachability check.
\n" }, "reachable": { "text": "Was the site load-balancer reachable or not.
\n" } }, "text": "A site reachability check has been finished.
\n" }, "fts_dovecot_too_many_triplets": { "root": "fts-dovecot", "inherit": "mail_user", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "triplet_count": { "text": "Number of triplets found
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Emitted when number of triplets exceeds the limit defined by\nfts_dovecot_max_triplets.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened.
\n" }, "file_type": { "text": "mail: Email fileindex: Index bundlebox: Mailbox directory (for creating/deleting it, if used by the storage driver)fts: FTS fileReason for accessing the file.
\n" } }, "text": "Inherits from fs or any other specified event (e.g. mailbox).
\n" }, "obox_index_merge_started": { "inherit": "mailbox", "root": "obox", "text": "Mailbox index merging was started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Mailbox index merging was finished.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Index merging required changing the mailbox's IMAP UIDVALIDITY.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "renumber_count": { "text": "Number of UIDs that were renumbered.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Index merging required changing some mails' IMAP UIDs because they\nconflicted between the two indexes.
\n" }, "obox_index_merge_skip_uid_renumbering": { "inherit": "mailbox", "root": "obox", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "renumber_count": { "text": "Number of UIDs that should have been renumbered.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Index merging should have renumbered UIDs due to conflicts, but there were\ntoo many of them (more than metacache_merge_max_uid_renumbers, so\nno renumbering was done after all.
Metacache is being refreshed when user is being accessed. Sent only when a\nstorage operation is done to perform the refresh; the event isn't sent if\nthe metacache is used without refreshing.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Metacache was refreshed when user is being accessed. Sent only when a\nstorage operation is done to perform the refresh; the event isn't sent if\nthe metacache is used without refreshing.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Status of the refresh operation:
\nrefreshed_changed: Bundles were listed in storage. New bundles were\nfound and downloaded. This is used also when an existing mailbox is\nfirst downloaded to metacache.refreshed_unchanged: Bundles were listed in storage, but no new changes\nwere found.yes, if mailbox is going to be rescanned.
If set, reason why the index was forcibly refreshed:
\ninterval: Added: 3.1.0 metacache_forced_refresh_intervalonce-after: Added: 3.1.0 metacache_refresh_index_once_afteryes: Removed: 3.1.0 metacache_forced_refresh_intervalError message if the refresh failed.
\n" } } }, "metacache_mailbox_refresh_started": { "inherit": [ "mailbox" ], "root": "metacache", "tags": [ "obox" ], "text": "Metacache is being refreshed when mailbox is being accessed. Sent only when\na storage operation is done to perform the refresh; the event isn't sent if\nthe metacache is used without refreshing.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Metacache was refreshed when mailbox is being accessed. Sent only when\na storage operation is done to perform the refresh; the event isn't sent if\nthe metacache is used without refreshing.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Status of the refresh operation:
\nrefreshed_changed: Bundles were listed in storage. New bundles were\nfound and downloaded. This is used also when an existing mailbox is\nfirst downloaded to metacache.refreshed_unchanged: Bundles were listed in storage, but no new changes\nwere found.yes, if mailbox is going to be rescanned.
If set, reason why the index was forcibly refreshed:
\ninterval: Added: 3.1.0 metacache_forced_refresh_intervalonce-after: Added: 3.1.0 metacache_refresh_index_once_afteryes: Removed: 3.1.0 metacache_forced_refresh_intervalError message if the refresh failed.
\n" } } }, "metacache_user_bundle_download_started": { "inherit": [ "mail_user", "metacache_bundle_download" ], "root": "metacache", "tags": [ "obox" ], "text": "User index bundle file is being downloaded (can happen while the user is\nbeing refreshed).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "error": { "text": "Error message if the download failed.
\n" } } }, "metacache_user_bundle_download_finished": { "inherit": [ "mail_user", "metacache_bundle_download" ], "root": "metacache", "tags": [ "obox" ], "text": "User index bundle file was downloaded (can happen while the user is being\nrefreshed).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "error": { "text": "Error message if the download failed.
\n" } } }, "metacache_mailbox_bundle_download_started": { "inherit": [ "mailbox", "metacache_bundle_download" ], "root": "metacache", "tags": [ "obox" ], "text": "Mailbox index bundle file is being downloaded (can happen while the mailbox\nis being refreshed).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "error": { "text": "Error message if the download failed.
\n" } } }, "metacache_mailbox_bundle_download_finished": { "inherit": [ "mailbox", "metacache_bundle_download" ], "root": "metacache", "tags": [ "obox" ], "text": "Mailbox index bundle file was downloaded (can happen while the mailbox is\nbeing refreshed).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "error": { "text": "Error message if the download failed.
\n" } } }, "metacache_upload_started": { "inherit": [ "metacache_upload", "mail_user", "mailbox" ], "root": "metacache", "tags": [ "obox" ], "text": "Changes in metacache are being uploaded to storage.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message if the upload failed.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" } } }, "metacache_upload_finished": { "inherit": [ "metacache_upload", "mail_user", "mailbox" ], "root": "metacache", "tags": [ "obox" ], "text": "Changes in metacache were uploaded to storage.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "error": { "text": "Error message if the upload failed.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" } } }, "metacache_user_bundle_upload_started": { "inherit": [ "metacache_bundle_upload", "mail_user", "mailbox" ], "root": "metacache", "tags": [ "obox" ], "text": "User index bundle file is being uploaded. Can happen while the user is\nbeing uploaded.
\nTIP
\nThis event can be inherited from a mailbox event, and include the\nmailbox fields, if the user upload was triggered by a mailbox\nupload.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "filename": { "text": "Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "mailbox": { "text": "Full mailbox name in UTF-8
\n" }, "mailbox_guid": { "text": "Mailbox GUID
\n" }, "reason": { "text": "Reason for what changed in the indexes to cause this bundle\nto be created and uploaded.
\n" }, "error": { "text": "Error message if the upload failed.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
User index bundle file was uploaded. Can happen while the user is being\nuploaded.
\nTIP
\nThis event can be inherited from a mailbox event, and include the\nmailbox fields, if the user upload was triggered by a mailbox\nupload.
\nDuration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "filename": { "text": "Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "mailbox": { "text": "Name of the mailbox being uploaded.
\nNote that this field may or may not exist depending on whether a single mailbox\nor the whole user is being uploaded.
\n" }, "mailbox_guid": { "text": "GUID of the mailbox being uploaded.
\n" }, "reason": { "text": "Reason for what changed in the indexes to cause this bundle\nto be created and uploaded.
\n" }, "error": { "text": "Error message if the upload failed.
\n" } } }, "metacache_mailbox_bundle_upload_started": { "inherit": "metacache_bundle_upload", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox index bundle file is being uploaded. Can happen while the mailbox\nis being uploaded.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "filename": { "text": "Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "mailbox": { "text": "Name of the mailbox being uploaded.
\nNote that this field may or may not exist depending on whether a single mailbox\nor the whole user is being uploaded.
\n" }, "mailbox_guid": { "text": "GUID of the mailbox being uploaded.
\n" }, "reason": { "text": "Reason for what changed in the indexes to cause this bundle\nto be created and uploaded.
\n" }, "error": { "text": "Error message if the upload failed.
\n" } } }, "metacache_mailbox_bundle_upload_finished": { "inherit": "metacache_bundle_upload", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox index bundle file was uploaded. Can happen while the mailbox is\nbeing uploaded.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "filename": { "text": "Bundle filename.
\n" }, "bundle_type": { "text": "Bundle type: diff, base, or self.
Size of the bundle file in bytes (uncompressed).
\n" }, "mailbox": { "text": "Name of the mailbox being uploaded.
\nNote that this field may or may not exist depending on whether a single mailbox\nor the whole user is being uploaded.
\n" }, "mailbox_guid": { "text": "GUID of the mailbox being uploaded.
\n" }, "reason": { "text": "Reason for what changed in the indexes to cause this bundle\nto be created and uploaded.
\n" }, "error": { "text": "Error message if the upload failed.
\n" } } }, "metacache_user_clean_started": { "inherit": [ "mail_user" ], "root": "metacache", "tags": [ "obox" ], "text": "User is started to be cleaned from metacache, either entirely or only\npartially (only low priority files).
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "should_clean": { "text": "The decision whether the user should be cleaned or not.
\n" }, "last_host": { "text": "The last metacache host.
\n" }, "cluster_backend_name": { "text": "The current backend's name (cluster_backend_name).
Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Which priority indexes are being cleaned.
\n" }, "error": { "text": "Error message if the upload failed.
\n" } }, "inherit": [ "mail_user", "metacache_clean" ], "root": "metacache", "tags": [ "obox" ], "text": "Clean command received with IF-MOVED parameter.
\n" }, "metacache_user_clean_finished": { "inherit": [ "mail_user", "metacache_clean" ], "root": "metacache", "tags": [ "obox" ], "text": "User is finished being cleaned from metacache.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "user": { "text": "Username of the user.
\n" }, "session": { "text": "Session ID for the storage session.
\n" }, "service": { "text": "Name of the service. Examples: imap, pop3, lmtp, ...
Which priority indexes are being cleaned.
\n" }, "error": { "text": "Error message if the upload failed.
\n" } } }, "metacache_pull_started": { "inherit": "metacache_pull_common", "root": "metacache", "tags": [ "obox" ], "text": "Metacache pulling has started.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "source_host": { "text": "Which host metacache is being pulled from.
\n" }, "dest_host": { "text": "Which host metacache is being pulled to.
\nserver: The event is emitted by the host that metacache is being pulled\nfrom. (This host is source_host.)client: The event is emitted by the host that is pulling metacache\nfrom source_host.Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "files_count": { "text": "Number of files being transferred.
\nNumber of files that were successfully imported.
\nExit code for finished metacache pull commands. If the command finished\nsuccessfully it is 0.
The exit codes are the same as doveadm exit codes.
\nError message if metacache pull failed.
\n" }, "source_host": { "text": "Which host metacache is being pulled from.
\n" }, "dest_host": { "text": "Which host metacache is being pulled to.
\nserver: The event is emitted by the host that metacache is being pulled\nfrom. (This host is source_host.)client: The event is emitted by the host that is pulling metacache\nfrom source_host.Metacache pulling has finished.
\n" }, "obox_mailbox_rescan_started": { "inherit": "obox_rebuild", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox is being rescanned. A rescan happens when a mailbox is opened for\nthe first time in this backend (or after it was cleaned away). All mails\nin the storage are listed and synced against the local indexes in\nmetacache.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mails_new": { "text": "Number of new mails found.
\n" }, "mails_temp_lost": { "text": "Number of mails temporarily lost due to "Object exists in dict, but not in\nstorage".
\n" }, "mails_lost": { "text": "Number of mails that existed in index, but no longer exists in storage.
\n" }, "mails_lost_during_resync": { "text": "Number of new mails found, but when doing GUID the mail no longer existed.
\n" }, "mails_kept": { "text": "Number of mails found in both the index and in storage.
\n" }, "mails_total": { "text": "Number of mails that exists in the mailbox now.
\n" }, "guid_lookups": { "text": "Number of mails whose GUIDs were looked up from the email metadata.
\n" }, "guid_lookups_skipped": { "text": "Number of mails whose GUIDs were not looked up due to reaching the GUID\nlookup limit.
\n" }, "error": { "text": "Error message if the rescan/rebuild failed.
\n" } } }, "obox_mailbox_rescan_finished": { "inherit": "obox_rebuild", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox was rescanned. A rescan happens when a mailbox is opened for\nthe first time in this backend (or after it was cleaned away). All mails\nin the storage are listed and synced against the local indexes in\nmetacache.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mails_new": { "text": "Number of new mails found.
\n" }, "mails_temp_lost": { "text": "Number of mails temporarily lost due to "Object exists in dict, but not in\nstorage".
\n" }, "mails_lost": { "text": "Number of mails that existed in index, but no longer exists in storage.
\n" }, "mails_lost_during_resync": { "text": "Number of new mails found, but when doing GUID the mail no longer existed.
\n" }, "mails_kept": { "text": "Number of mails found in both the index and in storage.
\n" }, "mails_total": { "text": "Number of mails that exists in the mailbox now.
\n" }, "guid_lookups": { "text": "Number of mails whose GUIDs were looked up from the email metadata.
\n" }, "guid_lookups_skipped": { "text": "Number of mails whose GUIDs were not looked up due to reaching the GUID\nlookup limit.
\n" }, "error": { "text": "Error message if the rescan/rebuild failed.
\n" } } }, "obox_mailbox_rebuild_started": { "inherit": "obox_rebuild", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox is being rebuilt. A rebuild happens after some kind of corruption\nhad been detected. All mails in the storage are listed and synced against\nthe local indexes in metacache.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mails_new": { "text": "Number of new mails found.
\n" }, "mails_temp_lost": { "text": "Number of mails temporarily lost due to "Object exists in dict, but not in\nstorage".
\n" }, "mails_lost": { "text": "Number of mails that existed in index, but no longer exists in storage.
\n" }, "mails_lost_during_resync": { "text": "Number of new mails found, but when doing GUID the mail no longer existed.
\n" }, "mails_kept": { "text": "Number of mails found in both the index and in storage.
\n" }, "mails_total": { "text": "Number of mails that exists in the mailbox now.
\n" }, "guid_lookups": { "text": "Number of mails whose GUIDs were looked up from the email metadata.
\n" }, "guid_lookups_skipped": { "text": "Number of mails whose GUIDs were not looked up due to reaching the GUID\nlookup limit.
\n" }, "error": { "text": "Error message if the rescan/rebuild failed.
\n" } } }, "obox_mailbox_rebuild_finished": { "inherit": "obox_rebuild", "root": "metacache", "tags": [ "obox" ], "text": "Mailbox was rebuilt. A rebuild happens after some kind of corruption\nhad been detected. All mails in the storage are listed and synced against\nthe local indexes in metacache.
\n", "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "mails_new": { "text": "Number of new mails found.
\n" }, "mails_temp_lost": { "text": "Number of mails temporarily lost due to "Object exists in dict, but not in\nstorage".
\n" }, "mails_lost": { "text": "Number of mails that existed in index, but no longer exists in storage.
\n" }, "mails_lost_during_resync": { "text": "Number of new mails found, but when doing GUID the mail no longer existed.
\n" }, "mails_kept": { "text": "Number of mails found in both the index and in storage.
\n" }, "mails_total": { "text": "Number of mails that exists in the mailbox now.
\n" }, "guid_lookups": { "text": "Number of mails whose GUIDs were looked up from the email metadata.
\n" }, "guid_lookups_skipped": { "text": "Number of mails whose GUIDs were not looked up due to reaching the GUID\nlookup limit.
\n" }, "error": { "text": "Error message if the rescan/rebuild failed.
\n" } } }, "obox_save_throttling": { "root": "metacache", "tags": [ "obox" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "pending_save": { "text": "Number of message saves pending completion.
\n" }, "pending_copy": { "text": "Number of message copies pending completion.
\n" } }, "text": "Obox is throttling the number of concurrent saves/copies.
\nThis event is used to expose externally the status of the internal parallelism,\ni.e. to let tests assess if we can actually reach the degree of parallelism\nexpected through obox_max_parallel_writes and\nobox_max_parallel_copies or if instead anything chokes the\nperformance to less optimal levels.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "path": { "text": "Virtual FS path to the object (based on dict).
\n" }, "object_id": { "text": "Object ID in the storage.
\n" }, "cleanup": { "text": "success, failed or disabled. Indicates if uncertain write was\nattempted to be cleaned (deleted) and whether it was successful.
Error message why the write initially failed.
\n" } }, "text": "A dictionary write is uncertain (e.g., writes to Cassandra may\neventually succeed even if the write initially appeared to fail).
\nSee also fs_object_write_uncertain event.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "path": { "text": "Virtual FS path to the object (based on dict).
\n" }, "object_id": { "text": "Object ID in the storage.
\n" }, "deleted": { "text": "Set to yes, if the corresponding entry in dict has been deleted because of\nfs_dictmap_delete_dangling_links = yes.
"Object exists in dict, but not in storage" error happened.
\nNormally this shouldn't happen, because the writes and deletes are\ndone in such an order that Dovecot prefers to rather leak objects in storage\nthan cause this error. A likely source of this error can be resurrected\ndeleted data (see\nObox Troubleshooting: Object exists in dict, but not in storage for\nmore details).
\n" }, "fs_dictmap_max_bucket_changed": { "inherit": [ "fs_file", "fs_iter" ], "root": "fs-dictmap", "tags": [ "obox" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened.
\n" }, "reason": { "text": "Reason for accessing the file.
\n" }, "old_max_bucket": { "text": "The max_bucket value for the current mailbox, before the event was\nemitted.
The newly set max_bucket value.
Error string if error occurred. Only set if setting the new max_bucket\nvalue failed.
mail: Email fileindex: Index bundlebox: Mailbox directory (for creating/deleting it, if used by the storage driver)fts: FTS fileThis event is sent whenever the max_bucket value for a mailbox changes.\nThere can be three situations when this happens.
A new mail is added to a mailbox, where the current bucket is found to\nbe filled and the next bucket is started to be filled\n(reason = file).
Besides the expected situation, Dovecot emits this event if it\nencounters a bucket with a higher index then the current max_bucket\nwhile iterating a mailbox (reason = iter).
In addition max_bucket can be shrunk in case an iteration discovers\nempty buckets before the current max_bucket value (reason = iter).
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened.
\n" }, "empty_bucket": { "text": "Index of the empty bucket that was just discovered.
\n" }, "max_bucket": { "text": "The current max_bucket value.
The count of deleted keys for the empty bucket.
\n" }, "file_type": { "text": "mail: Email fileindex: Index bundlebox: Mailbox directory (for creating/deleting it, if used by the storage driver)fts: FTS fileReason for accessing the file.
\n" } }, "text": "An empty bucket is found while iterating which is not the last bucket.
\n" }, "fs_object_write_uncertain": { "inherit": "fs_file", "root": "fs-dictmap", "tags": [ "obox" ], "added": { "event_fs_object_write_uncertain_added": false }, "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "cleanup": { "text": "success or failed. Indicates if uncertain write was cleaned (deleted) successfully
Error message why the write initially failed.
\n" } }, "text": "Added: 3.0.0
\nSent whenever an object write is uncertain.
\nWhen a write HTTP operation times out actual outcome is uncertain.
\nSee also fs_dictmap_dict_write_uncertain event.
Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "append": { "text": "If 1, the message was saved via IMAP APPEND.
The number of attachments processed in this message (attachments with size > min_atc_size).
The calculated hash of the entire message.
\n" }, "size": { "text": "The size (in bytes) of the entire message.
\n" } }, "text": "If message-hashing plugin is loaded, emitted for every message saved.
\n" }, "message_hashing_msg_part": { "tags": [ "message-hashing" ], "fields": { "duration": { "text": "Duration of the event (in microseconds)
\n" }, "reason_code": { "text": "List of reason code strings why the event happened. See event reasons for possible values.
\n" }, "append": { "text": "If 1, the message was saved via IMAP APPEND.
The calculated hash of the attachment.
\n" }, "size": { "text": "The size (in bytes) of the attachment.
\n" } }, "text": "If message-hashing plugin is loaded, emitted for every attachment found\nwhen a message is saved.
\n" } }