[Logwatch-Devel] Announce: New postfix filter available for testing

Geert Janssens info at kobaltwit.be
Tue Jan 23 08:11:11 MST 2007


Hi MrC,

I have tested your modified postfix logwatch scripts on two different 
installations of logwatch 7.1 (one running on Mandriva 2006 and the other 
running on Fedora Core 3).

Quite impressive ! The logentries are well organised, the increasing levels of 
detail scale nicely.

I tested the various levels of detail. They are all well organised. I also ran 
logwatch on the complete log archives, and it showed no unrecognized log 
entries. The old script on the other hand used to show some performance 
statistics this way.

I haven't played with the various per-section detail settings in postfix.conf, 
but it seems a very useful feature.

I have decided to continue to use the new script from now on, as it's so much 
clearer to read. I'll keep you informed if I encounter any problems.

Thank you for your work !

Regards,

Geert

On Thursday 18 January 2007 06:41, lists-logwatch at cappella.us wrote:
> [ posted in logwatch and logwatch-devel ]
>
> Hello logwatch / postfix users,
>
> I have rewritten the postfix reporting filter, and would like to get some
> final feedback before submission.  The script has been in use by myself and
> several early evaluators.  Some of my goals with the postfix filter were
> to:
>
>   - Facilitate spotting problematic senders
>   - Better summarize postfix's log data
>   - Provide increasing detail as requested via --detail
>   - Provide more useful information and summaries
>   - Provide ability to configure per section maximum detail
>   - Reduce the amount of manual scanning of postfix mail logs
>   - Optimize and combine the numerous REs
>   - Eliminate excessive copy/pasted reporting code
>   - Generalize log line capturing and reporting
>
> Below is a summary of some key features:
>
> Changes
>   - Multiple levels of reporting
>     Logwatch detail levels <5 provide basic summaries, whereas
>     levels 5 - 10 provide increasingly more detail.  Detail level 22
>     provides uncropped log lines. Try them all to determine which detail
>     level best suits your needs.
>
>   - Configuration of per section maximum detail
>     Maximum depth level of each detailed section can limited by setting a
> maximum
>     depth variable in the postfix.conf file. This helps reduce the report
> size as
>     desired.
>
>   - Report formatting more easily shows totals and sub-totals
>     Counts have been moved to the left of report lines.  Each level
> contains totals of its sub-levels.  This removes the excessive Time(s), at
> the right
>     of each line (which I find difficult to quickly scan for obvious
> offenders).
>
>   - More counts available in summary report
>
>   - Better categorization of reject reasons, with percentages
>
>   - Groups reject reasons based on postfix's "optional text" (man 5 access)
>
>   - Configuration or other critical postfix errors are pinned to top of
> summary report
>
>   - Includes inline sample test data
>
>   - Detailed summary lines are sorted first by count, then by IP and
> lexically
>
>   - Capture additional postfix log lines caught in the Other Items report.
>
> Future Consideration
>   - Create amavis+postfix filter that better evaluates and summarizes email
> disposition
>
> The new postfix logwatch filter can be downloaded from:
>
>    http://www.mikecappella.com/logwatch
>
> Download and expand the postfix.tgz file, and see the enclosed README file
> for
> installation instructions and customization information.  The filter has
> been
> tested with logwatch 7.3.x but probably works with older version too.  I
> have
> not determined the oldest version of logwatch that will work with this
> filter.
>
> Feedback (on list preferred) is welcome and encouraged.  If you have log
> lines that are not captured or processed correctly, please send me a copy
> of the line in some form of archive so that whitespace is not altered, and
> I'll update the script.  Either alter private information, or leave it as
> is, and rest assured your data will remain confidential.
>
> MrC
> ---
>
> Sample Output:
>
>  --------------------- postfix Begin ------------------------
>
>  ****** Summary *******************************************************
>
>    12.131M  Bytes accepted                        12,720,255
>    15.015M  Bytes delivered                       15,744,474
>  ========   ================================================
>
>       910   Accepted                                  69.36%
>       402   Rejected                                  30.64%
>  --------   ------------------------------------------------
>      1312   Total                                    100.00%
>  ========   ================================================
>
>         1   Reject relay denied                        0.25%
>       109   Reject HELO/EHLO                          27.11%
>        17   Reject unknown user                        4.23%
>        11   Reject recipient address                   2.74%
>       126   Reject sender address                     31.34%
>         8   Reject client host                         1.99%
>       120   Reject via RBL                            29.85%
>         7   Reject header                              1.74%
>         3   Reject body                                0.75%
>  --------   ------------------------------------------------
>       402   Total Rejects                            100.00%
>  ========   ================================================
>
>      1305   Connections made
>       214   Connections lost
>      1305   Disconnections
>       910   Removed from queue
>       926   Delivered
>        25   Sent
>        11   Forwarded
>
>         2   Timeout (inbound)
>         1   Numeric hostname
>        57   Hostname verification errors
>        17   TLS connections (inbound)
>        17   SASL authenticated messages
>
>
>  ****** Detailed ******************************************************
>
>         1   Reject relay denied ------------------------------------
>         1      192.168.0.55    192-169-0-55.example.com
>         1         support at sample.net
>
>       109   Reject HELO/EHLO ---------------------------------------
>        54      Non-qualified EHLO/HELO greetings are typically used by spam
> senders. If this...
>
> [ intentionally truncated ]
>
> _______________________________________________
> Logwatch-Devel mailing list
> Logwatch-Devel at logwatch.org
> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch-devel

-- 
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen

Tel  : +32 479 339 655
Email: info at kobaltwit.be


More information about the Logwatch-Devel mailing list