Using and configuring logs

Logs overview

Logs keep information records of selected events occurred in or detected by Kerio Control. Each log is displayed in a window in the Logs section.

Optionally, records of each log may be recorded in files on the local disk and/or on the Syslog server.

Locally, the logs are saved in the files under the logs subdirectory where Kerio Control is installed. The file names have this pattern: log_name.log (e.g. debug.log). Each log includes an .idx file, i.e. an indexing file allowing faster access to the log when displayed in the administration interface.

Individual logs can be rotated — after a certain time period or when a threshold of the file size is reached, log files are stored and new events are logged to a new (empty) file.

Kerio Control allows to save a selected log (or its part) in a file as plaintext or in HTML. The log saved can be analyzed by various tools, published on web servers, etc.

Logs Context Menu

When you right-click inside any log window, a common context menu will be displayed:


This action makes a copy of the selected text from the log and keeps it in the clipboard. Text selection and copying through the context menu is supported only in Internet Explorer where it is necessary to allow access to the clipboard.

For this operation it is recommended to use shortcut Ctrl+C (or Apple+C on Mac). This method is compatible throughout operating systems.

Save Log

This option saves the log or selected text in a file as plaintext or in HTML.


This function provides more comfortable operations with log files than a direct access to log files on the disk of the computer where Kerio Control is installed. Logs can be saved even if Kerio Control is administered remotely.

The Save log option opens a dialog box with the following parameters:

  • Format — logs can be saved as plaintext or in HTML. If the HTML format is used, colors will be saved for the lines background (see section Highlighting) and all URLs will be saved as hypertext links.
  • Source — either the entire log or only a part of the text selected can be saved. In case of remote administration, saving of an entire log may take some time.


Highlighting may be set for logs meeting certain criteria (for details, see below).

Log Settings

A dialog where log rotation and Syslog parameters can be set.

Clear Log

Removes entire log. All information of will be removed from the log forever (not only the information saved in the selected window).


Removed logs cannot be refreshed anymore.


Only users with read and write rights are allowed to change log settings or remove logs.

Log highlighting

For better reference, it is possible to set highlighting for logs meeting certain criteria. Highlighting is defined by special rules shared by all logs. Seven colors are available (plus the background color of unhighlighted lines), however, number of rules is not limited.

  1. Use the Highlighting option in the context pop-up menu to set highlighting parameters. Highlighting rules are ordered in a list. The list is processed from the top. The first rule meeting the criteria stops other processing and the found rule is highlighted by the particular color. Thanks to these features, it is possible to create even more complex combinations of rules, exceptions, etc. In addition to this, each rule can be disabled or enabled for as long as necessary.
  2. Click on Add and define a rule or double-click the existing rule and redefine it.
  3. Each highlighting rule consists of a condition and a color which will be used to highlight lines meeting the condition. Condition can be specified by a substring (all lines containing the string will be highlighted) or by a regular expression (all lines containing one or multiple strings matching the regular expression will be highlighted).
  1. Click OK.

Logs Settings

In option Log settings in the log context menu, you can select options for saving the log and sending messages to the Syslog server. These parameters are saved separately for each log.

File Logging

Use the File Logging tab to define file name and rotation parameters.

  1. Select Enable logging to file. This option enables/disables saving to a file. If the log is not saved in a file on the disk, only records generated since the last login to Kerio Control will be shown. After logout (or closing of the window with the administration interface), the records will be lost.
  2. Select a type of rotation:

Rotate regularly

Set intervals in which the log will be rotated regularly. The file will be stored and a new log file will be started in selected intervals.

Weekly rotation takes effect on Sunday nights. Monthly rotation is performed at the end of the month (in the night when one month ends and another starts).

Rotate when file exceeds size

Set a maximal size for each file. Whenever the threshold is reached, the file will be rotated. Maximal size is specified in megabytes (MB).

  1. Type a number of rotated log files to keep. Maximal count of log files that will be stored. Whenever the threshold is reached, the oldest file will be deleted.
  2. Click OK.


  1. If both Rotate regularly and the Rotate when file exceeds size are enabled, the particular file will be rotated whenever one of these conditions is met.
  2. Setting of statistics and quotas accounting period does not affect log rotation. Rotation follows the rules described above.

Syslog Logging

The External Logging tab allows sending of individual log records to the Syslog server. Simply enter the DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. name or the IP addressAn identifier assigned to devices connected to a TCP/IP network. of the Syslog server. If you are using default port, type the server name only. If you are using non default port, customize it as server:port in the Syslog server field.

Syslog settings for the Alert log

The Syslog server distinguishes logs by Facility and Severity.

  • Facility — The default value is 16: Local use 0, but you can change it as you need.
  • Severity — The value is fixed for each log. Severity values are provided in table below.

In the Application field, you can type a description displayed in the Syslog server.

Log Severity
Alert 1: Alert
Config 6: Informational
Connection 6: Informational
Debug 7: Debug
Dial 5: Notice
Error 3: Error
Filter 6: Informational
Host 6: Informational
Http 6: Informational
Security 5: Notice
Warning 4: Warning
Web 6: Informational

Detailed articles

Log Article
Alert Using Alert Messages
Config Using the Config log
Connection Using the Connection log
Debug Using the Debug log
Dial Using the Dial log
Error Using the Error log
Filter Using the Filter log
Host Using the Host log
Http Using the Http log
Security Using the Security log
Warning Using the Warning log
Web Using the Web log