Hi, i want to track bad login attemps on our mail server running on postfix at redhat.
when i look to our syslog messages i see mail saslauthd[5345]: do_auth : auth failure: [user=********] [service=smtp] [realm=our domain] [mech=ldap] [reason=Unknown] lines, is it technically posibble include this line remote ip address? Actually i can show ip address in maillog file but i can match these lines only using date & time thanks in advance -- Selçuk YAZAR
