Hi. On Sat, Aug 25, 2018 at 12:16:49PM -0400, Gene Heskett wrote: > On Saturday 25 August 2018 12:12:09 Reco wrote: > > > Hi. > > > > On Sat, Aug 25, 2018 at 11:27:32AM -0400, Gene Heskett wrote: > > > This is expanding the syslog to the point of drowning out any real > > > actionable messages. > > > > > > I think it used to have a log of its own. How, it this continues > > > once stretch is up and running, can we put those spamd messages back > > > into spamassassin's own log file? Seems like the logical place for > > > them. > > > > It's definitely possible with rsyslog's filtering feature. > > Can you provide a sample of the records that annoy you? > > > > Reco > > Aug 25 12:10:01 coyote /USR/SBIN/CRON[20245]: (www-data) CMD ([ -x > /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh) > Aug 25 12:11:33 coyote spamd[4854]: spamd: connection from localhost > [127.0.0.1]:43518 to port 783, fd 5 > Aug 25 12:11:33 coyote spamd[4854]: spamd: setuid to gene succeeded > Aug 25 12:11:33 coyote spamd[4854]: spamd: processing message > <20180825161027.eaq2xy65oiar6...@p5k.home> aka > <AgA_oytFLPE.A.wcD.I-XgbB@bendel> for gene:1000 > Aug 25 12:11:34 coyote spamd[4854]: spamd: clean message (1.6/5.1) for > gene:1000 in 1.1 seconds, 10538 bytes. > Aug 25 12:11:34 coyote spamd[4854]: spamd: result: . 1 - > BAYES_50,HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,T_DKIM_INVALID > scantime=1.1,size=10538,user=gene,uid=1000,required_score=5.1,rhost=localhost,raddr=127.0.0.1,rport=43518,mid=<20180825161027.eaq2xy65oiar6...@p5k.home>,rmid=<AgA_oytFLPE.A.wcD.I-XgbB@bendel>,bayes=0.500000,autolearn=no > > autolearn_force=no > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II > > Several hundred a day...
Try this: cat > /etc/rsyslog.d/spamd.conf << EOF :syslogtag, startswith, "spamd" /var/log/spamd.log :syslogtag, startswith, "spamd" stop EOF service rsyslogd restart Consider adding logrotate configuration file for the new /var/log/spamd.log. And, before you ask, documentation for rsyslogd lives in "rsyslog-doc" package. Reco
