[Logwatch] Logwatch and postfix

nawshad hoossanbuksh nawshad01 at hotmail.com
Fri Jul 20 07:49:49 MST 2007


Hello MrC,

    Thank you for your explanation. In fact, it was the $postfix_Syslog_Name 
parameter in my postfix.conf file which was not set correctly. Now it works 
fine. Thank you for your script. Great Utility for log monitoring.









>From: MrC <lists-logwatch at cappella.us>
>Reply-To: lists-logwatch at cappella.us
>To: nawshad hoossanbuksh <nawshad01 at hotmail.com>
>CC: logwatch at logwatch.org
>Subject: Re: [Logwatch] Logwatch and postfix
>Date: Thu, 19 Jul 2007 20:31:44 -0700
>
>
>
>nawshad hoossanbuksh wrote:
>>Hello MrC,
>>
>>     Thanks for these details. Im afraid my explanation was may be not 
>>clear enough. I forget to tell you one thing. The name chita and maya are 
>>just the name of the machine (our pop and smtp server).
>
>Postfix messages look like this:
>
>Jul 19 20:20:02 hostname postfix/smtpd[516]: connect from 
>example.com[10.0.0.1]
>
>Note the "postfix/smtpd[PID]" syntax.  Yours look like this:
>
>Jul 17 10:31:09 194.3.0.1 chita/smtpd[26315]: disconnect from
> >>10.0.0.1.blabla.pl[87.116.234.221]
>
>Note the "chita/smtpd[PID]" syntax.  Your postfix installation has changed 
>the name "postfix" into your hostname, which is ok i suppose (I don't 
>really see the need for that change, since syslog normally logs the 
>hostname anyway).
>
> > Im not sure that this is something that would affect the functionning
> > of logwatch. Is it?
>
>Setting the postfix_syslog_name I mentioned earlier worked fine when I 
>tested your input, and should work fine in general. If you have multiple 
>hosts logging to syslog (eg. chita and maya), you'll have to set your 
>syslog_name to "chita|maya" in the config file or on the command line.
>
>I responded quickly earlier, and confused Maia (an amavis spinoff) with 
>your hostname "maya".  My confusion.
>
>>
>>Thank you
>>
>You're welcome!
>MrC
>
>>>nawshad hoossanbuksh wrote:
>>>>MrC & Tom,
>>>>
>>>>      Thanks for your replies. MrC, ive tried to use to new postfix 
>>>>filter, but still i get nothing in return.
>>>>
>>>>My current location is : /home/mymachine/Desktop/postfix-logwatch
>>>>
>>>>To execute, i did : /usr/local/bin/postfix-logwatch 
>>>>/var/log/maya/syslog/mail.log
>>>>
>>>>But still nothing in return.
>>>>
>>>>Here is my current maillog.conf :
>>>>
>>>...
>>>>and let me show u a sample of my /var/log/maya/postfix.log
>>>>
>>>>Jul 17 10:31:09 194.3.0.1 chita/smtpd[26315]: disconnect from 
>>>>10.0.0.1.blabla.pl[87.116.234.221]
>>>Here's your problem - your maya version has changed the service name from 
>>>"postfix" to "chita".
>>>
>>>You can set this with the postfix-logwatch argument --syslog_name:
>>>
>>>./postfix-logwatch  --syslog_name='chita'  /var/log/maya/postfix.log
>>>
>>>Change the
>>>
>>>    $postfix_Syslog_Name
>>>
>>>variable in the postfix.conf file for logwatch (which gets installed in
>>>
>>>   /etc/logwatch/conf/services/postfix.conf)
>>>
>>>
>>>
>>>Here's the output with the above setting:
>>>****** Summary ********************************************
>>>
>>>        1   Rejected                                 100.00%
>>>--------   ------------------------------------------------
>>>        1   Total                                    100.00%
>>>========   ================================================
>>>
>>>        1   Reject HELO/EHLO                         100.00%
>>>--------   ------------------------------------------------
>>>        1   Total Rejects                            100.00%
>>>========   ================================================
>>>
>>>        2   Connections made
>>>        1   Connections lost
>>>        2   Disconnections
>>>
>>>****** Detailed *******************************************
>>>
>>>        1   Reject HELO/EHLO -------------------------------
>>>        1      need fully-qualified hostname
>>>        1         10.0.0.4         unknown
>>>        1            kreryh
>>>
>>>        1   Connections lost -------------------------------
>>>        1      After RCPT
>>>        1         10.0.1.4         unknown
>>>
>>>MrC
>>>
>>>
>>>>Jul 17 10:32:22 194.3.0.1 chita/smtpd[26315]: connect from 
>>>>unknown[10.0.0.4]
>>>>Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: NOQUEUE: reject: RCPT from 
>>>>unknown[10.0.0.4]: 504 5.5.2 <kreryh>: Helo command rejected: need 
>>>>fully-qualified hostname; from=<blabla at toto.com> 
>>>>to=<toto.titi at domain.com> proto=SMTP helo=<kreryh>
>>>>Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: lost connection after RCPT
>>> >from unknown[10.0.1.4]
>>>>Jul 17 10:32:25 194.3.0.1 chita/smtpd[26315]: disconnect from 
>>>>unknown[10.10.10.64]
>>>>Jul 17 10:33:36 194.3.171.1 chita/smtpd[26315]: connect from 
>>>>unknown[59.1.167.119]
>>>>
>>>>
>>>>Here it is. Can not understand why it does not work. Thank you a lot for 
>>>>further details.
>>>>
>>>>Nash
>>>>
>>>>
>>>>
>>>>
>>>>>From: MrC <lists-logwatch at cappella.us>
>>>>>Reply-To: lists-logwatch at cappella.us
>>>>>To: nawshad hoossanbuksh <nawshad01 at hotmail.com>
>>>>>CC: logwatch at logwatch.org
>>>>>Subject: Re: [Logwatch] Logwatch and postfix
>>>>>Date: Wed, 18 Jul 2007 10:22:15 -0700
>>>>>
>>>>>nawshad hoossanbuksh wrote:
>>>>>>hello everyone,
>>>>>>
>>>>>>     i am currently using logwatch to monitor different logfiles.
>>>>>>Actually i am trying to deal with a postfix logfile, but in vain.
>>>>>>Logwatch does not seem to get any line in input for treatment. I try
>>>>>>to do the following for debugging, but i get nothing in return:
>>>>>>
>>>>>>in the file ../scripts/services/postfix i did
>>>>>>
>>>>>>while (defined($ThisLine = <STDIN>)) {
>>>>>>    print "\n$ThisLine"; ##line added for debugging
>>>>>>    if (
>>>>>>       ( $ThisLine =~ m/^$re_MsgID: client=([^ ]*\[[^ ]*\])\s*$/ ) or
>>>>>>       ( $ThisLine =~ m/^$re_MsgID: message-id/ ) or
>>>>>>       ............................
>>>>>>       ............
>>>>>>
>>>>>>but i get nothing in return,except that.
>>>>>>--------------------- postfix Begin ------------------------
>>>>>>
>>>>>>---------------------- postfix End -------------------------
>>>>>>
>>>>>>
>>>>>>In my maillog, im sure i put the correct path to my logfile:
>>>>>>LogFile = /var/log/maya/postfix.log
>>>>>Nawshad,
>>>>>
>>>>>It appears that logwatch is not using the LogFile path you believe is 
>>>>>set.  Please show your maillog.conf file, and the full path to that 
>>>>>file.
>>>>>
>>>>>Next first try the latest postfix filter in standalone mode:
>>>>>
>>>>>   http://www.mikecappella.com/logwatch
>>>>>
>>>>>Unpack the archive, and run:
>>>>>
>>>>>    make install-standalone
>>>>>
>>>>>Then run:
>>>>>
>>>>>    /usr/local/bin/postfix-logwatch /var/log/maya/postfix.log
>>>>>
>>>>>You should see the report.  It is safe to install this into logwatch as 
>>>>>well, with
>>>>>
>>>>>   make install-logwatch
>>>>>
>>>>>MrC
>>>>>
>>>>>
>>>>>>It seems that the STDIN is empty, though for other services, such as
>>>>>>qpopper or httpd, i get the usual stats from logwatch.
>>>>>>
>>>>>>I think iv missed something in logwatch functionning. Can anyone
>>>>>>help me please??
>>>>>>Thank you very much for any help.
>>>>>>
>>>>_________________________________________________________________
>>>>http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_2G_0507
>>>>
>>>>_______________________________________________
>>>>Logwatch mailing list
>>>>Logwatch at logwatch.org
>>>>http://www2.list.logwatch.org:81/mailman/listinfo/logwatch
>>
>>_________________________________________________________________
>>http://im.live.com/messenger/im/home/?source=hmtextlinkjuly07
>>
>>_______________________________________________
>>Logwatch mailing list
>>Logwatch at logwatch.org
>>http://www2.list.logwatch.org:81/mailman/listinfo/logwatch

_________________________________________________________________
Need a brain boost? Recharge with a stimulating game. Play now!  
http://club.live.com/home.aspx?icid=club_hotmailtextlink1



More information about the Logwatch mailing list