Fourhundred Thecat:
> Hello,
>
> I am processing mail logs, where each new connection usually looks like
> this:
>
> connect from
> ...
> disconnect from
>
> But occasionally I notice there is no matching "connect from ..", and I
> only have:
>
> postfix/smtpd: lost connection after CONNECT from unknown[103.47.82.188]
> postfix/smtpd: disconnect from unknown[103.47.82.188] commands=0/0
>
> Any idea why the initial "connect from .." line would be missing?
Possible causes:
- systemd rate limit (RateLimitBurst, RateLimitIntervalSec)
- rsyslogd rate limit ($imjournalRatelimitBurst, $imjournalRatelimitInterval)
- Buggy logfile rotation procedure that rotates a file while it is open.
Wietse
