Am 18.09.2014 um 16:18 schrieb James Bailey: > On 2014-09-18 14:52, li...@rhsoft.net wrote: >> Am 18.09.2014 um 15:23 schrieb James Bailey: >>> On 2014-09-18 13:42, li...@rhsoft.net wrote: >>>> Am 18.09.2014 um 14:36 schrieb James Bailey: >>>>> I have postfix logging certain X-headers but they are entered as a >>>>> separate >>>>> line under postfix/cleanup. Is it possible to log X-header info to >>>>> the postfix/smtp lines? >>>> >>>> smtp_header_checks = outgoing = smtpd >>>> header_checks = incoming = cleanup >>>> >>>> you can even log the same header twice to see the >>>> difference of incoming and outgoing in case spamd >>>> adds a spam-mark to the subject >>>> >>>> but keep in mind "smtp_header_checks" will only contain >>>> the ID and the header itself while "header_checks" also >>>> conatin From, To, Helo >>>> >>>> anyways, it will unconditional result in a separated line >>> >>> This has worked thank you but I am still struggling to get the X-header >>> into the same line of the log as the >>> response codes. I really want to be able to track X-header and response >>> codes on the same line >> >> no way - different parts of code responsible for the loglines >> even if one could manage - i saw logfile-analyzers breaking in so many ways >> >> frankly you need to point them to a seperate logfile if you don't want >> "logwatch" flooded each day > > Log flooding isn't a problem running a multi node ELK cluster in Rackspace > cloud that I can auto scale at will. > Logs will be kept for around 1-3 months then purged
you did not understand what i wrote above http://sourceforge.net/projects/logwatch/files/ is a tool which creates daily logfile summarize from all sort of daemons and tends to insert in case of some applications (postfix is affected) each line as "**Unmatched Entries**" into the reporting inseat just count things that leads in pump the whole header-log of the last day into that mails below an example, look at the bottom, you would *all* that lines and after that informations about disk-usage and other stats from several daemons (if you are lucky and the resulting mail is not too large because of the "complete maillog") --------------------- pam_unix Begin ------------------------ su: Sessions Opened: root -> wwwcron: 20 Time(s) root -> sa-milt: 12 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 *Fatal: General fatal 1 *Warning: Startup error 1 Process exited 176 Miscellaneous warnings 615.454M Bytes accepted 645,350,464 631.655M Bytes sent via SMTP 662,338,259 ======== ================================================== 3189 Accepted 71.50% 1271 Rejected 28.50% -------- -------------------------------------------------- 4460 Total 100.00% ======== ================================================== 2 5xx Reject relay denied 0.16% 63 5xx Reject HELO/EHLO 4.96% 501 5xx Reject unknown user 39.42% 15 5xx Reject recipient address 1.18% 205 5xx Reject sender address 16.13% 125 5xx Reject unknown reverse client host 9.83% 14 5xx Reject header 1.10% 346 5xx Reject milter 27.22% -------- -------------------------------------------------- 1271 Total 5xx Rejects 100.00% ======== ================================================== 7 4xx Reject recipient address 77.78% 2 4xx Reject sender address 22.22% -------- -------------------------------------------------- 9 Total 4xx Rejects 100.00% ======== ================================================== 4068 Connections 201 Connections lost (inbound) 4067 Disconnections 2979 Removed from queue 2824 Sent via SMTP 3 Resent 122248 Postscreen 45 Warned 4951 Policy SPF 16 Timeouts (inbound) 6 Illegal address syntax in SMTP command 7 DNS lookup errors 38 Hostname verification errors (FCRDNS) 13 SMTP protocol violations 204 Deliverable (address verification) 15 Undeliverable (address verification) 1824 TLS connections (server) 1 Postfix start 1 Postfix stop 16 Postfix refresh **Unmatched Entries** 1 Sep 17 18:04:08 localhost postfix/cleanup[24226]: 3hymMX07dSz1l: info: header subject......
