Am Mittwoch, den 15.06.2016, 17:01 +0100 schrieb Rob Maidment: > I am intending to replace Sendmail with Postfix as the MTA component > in a secure email appliance. One of the features of the appliance is > the ability to search for messages by subject, sender, etc, and show > the progress of those messages through the appliance. To this end a > customised version of Sendmail writes key events to a FIFO e.g. > message accepted, message deferred, message delivered. (The main > use-case for this is when a message goes missing - the admin can run > the report to see whether the message was received, held, delivered, > etc.) > > I would like to find a way of achieving something similar with > Postfix, but without customising the Postfix source code (because > that becomes a barrier to upgrading). All I can come up with is to > parse the Postfix logging output and to generate the events when key > messages appear, but this is a fragile solution because it's > vulnerable to changes in logging output in future Postfix releases.
Hi Rob, I wrote a logfile analyser for postfix: https://github.com/benningm/saftpresse/ It was based on pflogsumm(a postfix log analyzer) but is now a general purpose log analyzer with still postfix as its main scope. The daemon 'saftpresse' reads inputs, processes them with plugins and outputs logs and counter to output plugins. You could send your logs from (r)syslog to the saftsumm daemon and output the analyzed log lines to elasticsearch and graphit. Similar to logstash if you know that. With the log data in an elasticsearch it should be easy to provide a search interface on it. Or you may just use kibana. In the last version I added a tracking feature which tries to assign a unique identifier to all logs related to a message. It does so by keeping track of pids/port/queueid etc. Markus
