On 2/3/11 11:52 AM, Reindl Harald wrote: >> When someone reports a problem with mail from a given server, I can >> grep for the ip address of the server, then re-grep for the connection >> ids associated with that address and get everything that was ever logged >> about mail from that server. > > what is the benefit? > > connection id = one id for each connection > so hwat would be the difference grep the ip oder id?
The most common question is "where did my email go?" To answer it, you ask "from, to, when?" Find the log file for the when Ideally, you could grep "fromaddr.*toaddr" but in reality, it's grep fromaddr, get list of message ids, grep them | grep toaddr. that gives you a final list of message ids to grep for. currently, that actually doesn't give you all the log messages: you have to find the ip address and smtpd process id from the initial client= log message, then go back and grep for them to see the actual connect/disconnect, TLS setup and who knows what else messages that are connection related. And then try to match them back up to any actual messages. if every connection has an id that is in every log message, if you have a message id, you grep for the connection part and get everything related to it. If you have an ip address, you get a list of all the connections it made and again, you do one more search to get everything related to that server. It just makes life simpler. It's not terribly difficult to do this stuff, but when you have order gigabyte daily logfiles, the fewer and easier searches you have to do, the better...
smime.p7s
Description: S/MIME Cryptographic Signature
