On 4/25/2018 2:08 PM, @lbutlr wrote:
> This might be of use to others out there. I decided that monitoring mail.log
> was too much of a pain with all the postscreen and dnsblog 'noise' from
> obscuring the information that I wanted to see, so I split those log events
> into their own log file using rsyslogd with the following lines in
> rsyslogd.conf (before the lines that log mail.log)
>
> if $syslogtag contains 'postscreen' then /var/log/postscreen.log
> if $syslogtag contains 'postscreen' then ~
> if $syslogtag contains 'dnsblog' then /var/log/postscreen.log
> if $syslogtag contains 'dnsblog' then ~
>
> This lets me keep mail.log for quite a while and rotate off postscreen.log
> very quickly since it is not something I need to check very often at all.
>
> I've been doing this for a week or two now and found it useful enough I
> thought it worth passing along.
I have a similar log strategy but I let postfix do it for me.
For example, my postscreen entry in master.cf is:
smtp inet n - n - 1 postscreen
-o syslog_facility=local2
That sends the postscreen logging to the local2 log facility.
