[Logwatch] POP3 and IMAP logs have gotten really long

Mike Brandonisio mbrando at techone.org
Sat May 3 17:57:48 MST 2008


Hi Mike

On May 3, 2008, at 9:28 AM, Mike Tremaine wrote:
>>
>
> Here is my advice.
>
> 1) Upgrade to 7.3.6 release you can get the RPM from the logwatch.org
> site or you can pull one from the Fedora 8 or Centos 5 updates.
>
> 2) Post a log snip for an entry that is getting messed up. Tell me  
> what
> Imap/Pop server you are using I'm guessing Dovecot if you are running
> Centos 4.6... You should have version 1.6 of the dovecot filter there
> are some important patches at 1.4 and 1.5
>
> # Revision 1.4  2006/08/13 22:02:31  bjorn
> # IPv4 addresses displayed in native format, and don't display user  
> totals
> # if user connects from only one IP address; changes by Patrick  
> Vande Walle.
>
> My guess is that is the problem.
>
> -Mike
>
> To test it all alone run as root this command
>
> "logwatch --service dovecot --detail 10 --print"
>
> -Mike
> _______________________________________________
>

I did step one All servers are running 7.3.6 release of logwatch. I'm  
running cPanel servers with Courier being user for both POP3 and  
IMAP. Here is the cPanel info WHM 11.15.0 cPanel 11.18.5-S23897 |  
CENTOS Enterprise 4.6 i686 on virtuozzo - WHM X v3.1.0

Snip from log.

  ################### Logwatch 7.3.6 (05/19/07) ####################
         Processing Initiated: Sat May  3 19:54:45 2008
         Date Range Processed: yesterday
                               ( 2008-May-02 )
                               Period is day.
       Detail Level of Output: 10
               Type of Output: unformatted
            Logfiles for Host: host.example.com
   ##################################################################

  --------------------- courier mail services Begin  
------------------------

  Logins: 3974 Times
    Protocol POP3 - 1790 Times, 50373597 Bytes
       User user1 at example.com - 2 Times, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
       User use at example.com - 68 Times, 7092568 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 56228 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 6948758 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 6608 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 7170 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 2155 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 53040 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 5127 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 8518 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 4964 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes
          Host xx.xxx.xx.xxx - 1 Time, 0 Bytes

  [IMAPd] Successful Logins:
    User user4 at example.com:
      From ::ffff:127.0.0.1], port=[46662: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45636: 1 Time(s)
      From ::ffff:127.0.0.1], port=[46458: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45618: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45693: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45548: 1 Time(s)
      From ::ffff:127.0.0.1], port=[46268: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45665: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45546: 1 Time(s)
      From ::ffff:127.0.0.1], port=[46577: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45596: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45940: 1 Time(s)
      From ::ffff:127.0.0.1], port=[46039: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45544: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45615: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45623: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45595: 1 Time(s)
      From ::ffff:127.0.0.1], port=[46138: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45547: 1 Time(s)
      From ::ffff:127.0.0.1], port=[45816: 1 Time(s)
    Total 20 Time(s)


Sincerely,
Mike
-- 
Mike Brandonisio          *    Web Hosting
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283        *    e-Commerce
mbrando at jikometrix.net    *    www.jikometrix.net

     JIKOmetrix - Reliable web hosting



More information about the Logwatch mailing list