On 9/12/2009 5:34 AM, ghe wrote:
On Sep 11, 2009, at 7:21 PM, Mike Cappella wrote:
Most log messages in postfix-logwatch are either canonicalized or
summarized. In this case, the message summary change was an attempt at
being a little more clear, (but perhaps its not).
It's great ... when timesSeen > 1.
timesSeen > 1 by who? You or the log *summarizer*? It doesn't know how
many events will occur in the future.
It must stash away canonicalized representations of messages, and store
the variant data as keys.
Otherwise, a) memory consumption would be (more) out of control, and b)
it wouldn't be much of a summarizing.
The canonicalization (and uppercasing of the first word) makes strict
grep'ing fail. Eg., the grep:
grep 'database is older than source file' would fail.
Which is why I always leave off the first char.
Glenn, read more carefully what I wrote. Your strategy would also have
failed. There is no 'atabase is older than source file' either. The
challenge is in removing the words/phrases that vary, so that they can
be summarized minimally in the tree.
From the postfix-logwatch(1):
--
Postfix-logwatch is able to produce a wide range of reports with data
grouped and sorted as much as possible to reduce noise and highlight
patterns. Brief summary reports provide a quick overview of general
Postfix operations and message delivery, calling out warnings that may
require attention. Detailed reports provide easy to scan, hierarchi-
cally-arranged and organized information, with as much or little detail
as desired.
--
I thought the summary message:
Database file needs update
was clearer than the canonicalized:
Database is older than source file
esp. in context of the verbose output. Its best to use the summary
output as a hint to look at more detailed output, and of course the logs.
It is clearer, and I did look. I just looked for the wrong thing. I
first searched for the string, then just "update".
As per the man page, don't do that. :-) Look at the details in the
Detail section. It tells you what too look for :
10 *Warning: Database file needs update -----------------
9 /etc/postfix/virtual
^^^^^^^^^^^^^^^^^^^^
If it had said
"database file 'client_checks' needs updating" I would have found the
messages.
It essentially does. It is just that the *noun* has to be moved into
the hierarchically arranged tree... else no tree, and you might as well
just look at the logs. See above.
OTOH, "older than source file" would have echoed what I see all the time
when I change a file in /etc that postfix keeps in its chroot jail.
If people feel strongly about this, I'm happy to change the summary
header from (a) to (b):
(a) database file needs update
(b) database is older than source file
Please consider and understand that you *others* who don't see these
messages all the time in their log files will be equally confused.
The real problem, I think, came up because this message is so rare. I'm
Rare for you... but, as you stated ("what I see all the time"), perhaps
not! :-) I can't predict how rare/frequent these lines are for the
population of users: I've seen some logs that are littered with
thousands of these.
very used to all the others, and the .db files are 'never' out of date
because I use a shell script to add to them. ... And I didn't know
postfix was always looking out for me. Nice work, Wietse :-)
--
Mike
