Re: Including the service name in logging

Sun, 14 Jan 2018 18:36:24 -0800 

More information = more betterĀ  :-)

This should give the fail2ban users/developers something to do.

Thanks,
Bill

On 1/14/2018 2:08 PM, Wietse Venema wrote:

This weekend I added a service_name feature that is documented
as follows:

[begin quote]
service_name (read-only)

     The master.cf service name of a Postfix daemon process. This
     can be used to distinguish the logging from different services
     that use the same program name.

     Example master.cf entries:

     # Distinguish inbound MTA logging from submission and smtps logging.
     smtp      inet  n       -       n       -       -       smtpd
     submission inet n       -       n       -       -       smtpd
        -o syslog_name=postfix/$service_name
     smtps     inet  n       -       n       -       -       smtpd
        -o syslog_name=postfix/$service_name

But there are more Postfix services that could benefit from having
the service name in the logging:

- The "relay" and "scan" service, which currently log as "postfix/smtp"
   because they use the same program as the default Postfix SMTP client.

- The "retry" service, which currently logs as "postfix/error"
   because it uses the same program as the "error" service.

- Any time when someone adds an extra service instance (maybe an
   SMTP server on a special port or IP address), the same potential
   for logging confusion will exist when they don't explicitly also
   add a syslog_name override.

Now, we could avoid the need for explicit syslog_name settings if
the Postfix daemons were to automatically log the service name in
such cases.

What about:

* Postfix daemons log postfix/program if master.cf service name
   and program name are equal.

   Examples: postfix/smtp, postfix/local, postfix/qmgr, postfix/error

* Postfix daemons log postfix/service/program if master.cf service
   name and program name differ.

   Examples: postfix/smtp/smtpd, postfix/submission/smtpd,
   postfix/smtps/smtpd, postfix/relay/smtp, postfix/scan/smtp,
   postfix/retry/error

On the plus side, Postfix support would be easier if Postfix daemons
automaticlly had unambiguous logging.

On the negative side it would add non-obvious behavior, and possibly
break compatibility with logfile analyzers that expect "postfix/smtpd"
instead of "postfix/smtp/smtpd".

All this should be possible by changing the syslog_name default
into some ungodly mess of curly braces which I won't present here.

        Wietse

Reply via email to