[Logwatch] Logwatch and postfix

MrC lists-logwatch at cappella.us
Thu Jul 19 20:31:44 MST 2007



nawshad hoossanbuksh wrote:
> Hello MrC,
> 
>     Thanks for these details. Im afraid my explanation was may be not clear 
> enough. I forget to tell you one thing. The name chita and maya are just the 
> name of the machine (our pop and smtp server).

Postfix messages look like this:

Jul 19 20:20:02 hostname postfix/smtpd[516]: connect from 
example.com[10.0.0.1]

Note the "postfix/smtpd[PID]" syntax.  Yours look like this:

Jul 17 10:31:09 194.3.0.1 chita/smtpd[26315]: disconnect from
 >>10.0.0.1.blabla.pl[87.116.234.221]

Note the "chita/smtpd[PID]" syntax.  Your postfix installation has 
changed the name "postfix" into your hostname, which is ok i suppose (I 
don't really see the need for that change, since syslog normally logs 
the hostname anyway).

 > Im not sure that this is something that would affect the functionning
 > of logwatch. Is it?

Setting the postfix_syslog_name I mentioned earlier worked fine when I 
tested your input, and should work fine in general. If you have multiple 
hosts logging to syslog (eg. chita and maya), you'll have to set your 
syslog_name to "chita|maya" in the config file or on the command line.

I responded quickly earlier, and confused Maia (an amavis spinoff) with 
your hostname "maya".  My confusion.

> 
> Thank you
> 
You're welcome!
MrC

>> nawshad hoossanbuksh wrote:
>>> MrC & Tom,
>>>
>>>      Thanks for your replies. MrC, ive tried to use to new postfix 
>>> filter, but still i get nothing in return.
>>>
>>> My current location is : /home/mymachine/Desktop/postfix-logwatch
>>>
>>> To execute, i did : /usr/local/bin/postfix-logwatch 
>>> /var/log/maya/syslog/mail.log
>>>
>>> But still nothing in return.
>>>
>>> Here is my current maillog.conf :
>>>
>> ...
>>> and let me show u a sample of my /var/log/maya/postfix.log
>>>
>>> Jul 17 10:31:09 194.3.0.1 chita/smtpd[26315]: disconnect from 
>>> 10.0.0.1.blabla.pl[87.116.234.221]
>> Here's your problem - your maya version has changed the service name from 
>> "postfix" to "chita".
>>
>> You can set this with the postfix-logwatch argument --syslog_name:
>>
>> ./postfix-logwatch  --syslog_name='chita'  /var/log/maya/postfix.log
>>
>> Change the
>>
>>    $postfix_Syslog_Name
>>
>> variable in the postfix.conf file for logwatch (which gets installed in
>>
>>   /etc/logwatch/conf/services/postfix.conf)
>>
>>
>>
>> Here's the output with the above setting:
>> ****** Summary ********************************************
>>
>>        1   Rejected                                 100.00%
>> --------   ------------------------------------------------
>>        1   Total                                    100.00%
>> ========   ================================================
>>
>>        1   Reject HELO/EHLO                         100.00%
>> --------   ------------------------------------------------
>>        1   Total Rejects                            100.00%
>> ========   ================================================
>>
>>        2   Connections made
>>        1   Connections lost
>>        2   Disconnections
>>
>> ****** Detailed *******************************************
>>
>>        1   Reject HELO/EHLO -------------------------------
>>        1      need fully-qualified hostname
>>        1         10.0.0.4         unknown
>>        1            kreryh
>>
>>        1   Connections lost -------------------------------
>>        1      After RCPT
>>        1         10.0.1.4         unknown
>>
>> MrC
>>
>>
>>> Jul 17 10:32:22 194.3.0.1 chita/smtpd[26315]: connect from 
>>> unknown[10.0.0.4]
>>> Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: NOQUEUE: reject: RCPT from 
>>> unknown[10.0.0.4]: 504 5.5.2 <kreryh>: Helo command rejected: need 
>>> fully-qualified hostname; from=<blabla at toto.com> to=<toto.titi at domain.com> 
>>> proto=SMTP helo=<kreryh>
>>> Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: lost connection after RCPT 
>> >from unknown[10.0.1.4]
>>> Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: disconnect from 
>>> unknown[10.10.10.64]
>>> Jul 17 10:33:36 194.3.171.1 chita/smtpd[26315]: connect from 
>>> unknown[59.1.167.119]
>>>
>>>
>>> Here it is. Can not understand why it does not work. Thank you a lot for 
>>> further details.
>>>
>>> Nash
>>>
>>>
>>>
>>>
>>>> From: MrC <lists-logwatch at cappella.us>
>>>> Reply-To: lists-logwatch at cappella.us
>>>> To: nawshad hoossanbuksh <nawshad01 at hotmail.com>
>>>> CC: logwatch at logwatch.org
>>>> Subject: Re: [Logwatch] Logwatch and postfix
>>>> Date: Wed, 18 Jul 2007 10:22:15 -0700
>>>>
>>>> nawshad hoossanbuksh wrote:
>>>>> hello everyone,
>>>>>
>>>>>     i am currently using logwatch to monitor different logfiles.
>>>>> Actually i am trying to deal with a postfix logfile, but in vain.
>>>>> Logwatch does not seem to get any line in input for treatment. I try
>>>>> to do the following for debugging, but i get nothing in return:
>>>>>
>>>>> in the file ../scripts/services/postfix i did
>>>>>
>>>>> while (defined($ThisLine = <STDIN>)) {
>>>>>    print "\n$ThisLine"; ##line added for debugging
>>>>>    if (
>>>>>       ( $ThisLine =~ m/^$re_MsgID: client=([^ ]*\[[^ ]*\])\s*$/ ) or
>>>>>       ( $ThisLine =~ m/^$re_MsgID: message-id/ ) or
>>>>>       ............................
>>>>>       ............
>>>>>
>>>>> but i get nothing in return,except that.
>>>>> --------------------- postfix Begin ------------------------
>>>>>
>>>>> ---------------------- postfix End -------------------------
>>>>>
>>>>>
>>>>> In my maillog, im sure i put the correct path to my logfile:
>>>>> LogFile = /var/log/maya/postfix.log
>>>> Nawshad,
>>>>
>>>> It appears that logwatch is not using the LogFile path you believe is 
>>>> set.  Please show your maillog.conf file, and the full path to that file.
>>>>
>>>> Next first try the latest postfix filter in standalone mode:
>>>>
>>>>   http://www.mikecappella.com/logwatch
>>>>
>>>> Unpack the archive, and run:
>>>>
>>>>    make install-standalone
>>>>
>>>> Then run:
>>>>
>>>>    /usr/local/bin/postfix-logwatch /var/log/maya/postfix.log
>>>>
>>>> You should see the report.  It is safe to install this into logwatch as 
>>>> well, with
>>>>
>>>>   make install-logwatch
>>>>
>>>> MrC
>>>>
>>>>
>>>>> It seems that the STDIN is empty, though for other services, such as
>>>>> qpopper or httpd, i get the usual stats from logwatch.
>>>>>
>>>>> I think iv missed something in logwatch functionning. Can anyone
>>>>> help me please??
>>>>> Thank you very much for any help.
>>>>>
>>> _________________________________________________________________
>>> http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_2G_0507
>>>
>>> _______________________________________________
>>> Logwatch mailing list
>>> Logwatch at logwatch.org
>>> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch
> 
> _________________________________________________________________
> http://im.live.com/messenger/im/home/?source=hmtextlinkjuly07
> 
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch


More information about the Logwatch mailing list