Mail Logs

Overview

Evidence: Mail Logs
Description: Collect Mail Logs
Category: System
Platform: aix
Short Name: maill
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

AIX mail logs are stored in /var/spool (note: not /var/spoon) and contain email delivery logs, mail queue information, and SMTP transaction records from mail transfer agents running on AIX systems.

Data Collected

This collector gathers structured data about mail logs.

Collection Method

This collector gathers AIX mail logs and queue files from /var/spool/mail and /var/spool/mqueue directories, capturing email delivery and queue management information.

Forensic Value

AIX mail logs are important for investigating email-based attacks, spam campaigns, data exfiltration via email, and mail server abuse. They provide evidence of email communications and delivery attempts on AIX mail servers.

Notes

Artifact collector for AIX. Locations: /var/spoon/mail/, /var/spoon/mqueue/