[pfx] Re: Adding extra fields to smtpd log

[Wietse Venema via Postfix-users]

Wietse Venema via Postfix-users:
> Pedro David Marco via Postfix-users:
> > Hi everybody...
> > is there anyway to make smtpd and/or qmgr be slighty more verbose?
> > i would like to have more info pero line about "from" and "to", something 
> > like this:
> > Feb 13 12:34:56 mailserver postfix/smtpd[12345]: 6F84B1A241: 
> > client=mail.example.com[192.168.0.1], from=<sen...@example.com>, 
> > to=<recipi...@example.com>, size=1234, nrcpt=1 (queue active)
> 
> Use the collate script, provided with Postfix source code.

"perl collate.pl /var/log/maillog" produces blocks of output like this:

    Feb 14 00:56:50 spike postfix/smtpd[84012]: connect from ...
    Feb 14 00:56:50 spike postfix/smtpd[84012]: Anonymous TLS connection 
established from ...
    Feb 14 00:56:50 spike postfix/smtpd[84012]: 4YvLsZ4ZYqzJrP4: client=...
    Feb 14 00:56:50 spike postfix/cleanup[84016]: 4YvLsZ4ZYqzJrP4: 
message-id=...
    Feb 14 00:56:50 spike postfix/smtpd[84012]: disconnect from ...
    Feb 14 00:56:50 spike postfix/qmgr[77364]: 4YvLsZ4ZYqzJrP4: 
from=<sender-address>...
    Feb 14 00:56:50 spike postfix/local[84017]: 4YvLsZ4ZYqzJrP4: 
to=<recipient-1-address>, ...
    Feb 14 00:56:50 spike postfix/local[84017]: 4YvLsZ4ZYqzJrP4: 
to=<recipient-2-address>, ...
    Feb 14 00:56:50 spike postfix/qmgr[77364]: 4YvLsZ4ZYqzJrP4: removed

Which can be processed to extract from-and to= information. The attached
perl script produces output like this:

    from=<sender-address>, to=<recipient-1-address>
    from=<sender-address>, to=<recipient-2-address>

This was used as "perl collate.pl /var/log/maillog | perl print-from-to.pl".

My perl skills are a bit rusty, and this script was cargo-culted
together.  Viktor may be able to do it in half the space.  Other
languages may look more readable than the keyboard noise below.

Why not log every recipient in the queue manager? That does not
scale to messages with thousands of recipients and would make qmgr
logging a performance bottleneck, especially on systems blessed
with systemd bottleneck logging.  

Why not log every recipient in smtpd? Logging every recipient in
one process makes that process a bottleneck, again, especially on
systems blessed with systemd bottleneck logging.

        Wietse

#!/usr/bin/perl

$/ = '';
while (my $line = <ARGV>) {
    my($from, @rcpts, $rcpt);
    if ($line =~ / from=(<[^>]*>), /) { $from=$1; }
    @rcpts = $line =~ / to=(<[^>]*>), /smg;
    foreach $rcpt (@rcpts) { print "from=$from, to=$rcpt\n"; }
}
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org