On Tue, Sep 21, 2021 at 08:49:24PM -0400, Alex <mysqlstud...@gmail.com> wrote:
> Hi, > > I'm interested in having postfix log directly to a mariadb or mongodb > database so I can then query it for different info like sender, > recipient and subject, etc. Does anyone know the best way to go about > doing this? By default, postfix logs via the syslog protocol, so using a syslog-compatible logging service that can send log messages to a database would be the way to go. I searched for "syslog to database" and found: Writing syslog messages to MySQL, PostgreSQL or any other supported Database https://www.rsyslog.com/doc/v8-stable/tutorials/database.html The default syslog facility is "mail". You might want to change it to something like "local7" (or something you're not already using) with Postfix's syslog_facility parameter so that only postfix's log messages are sent to the database, rather than all mail-related log messages. Mind you, I also found this: Why you shouldn’t log into db https://medium.com/@marton.waszlavik/why-you-shouldnt-log-into-db-e700c2cb0c8c I'm not suggesting that this person is correct, just mentioning it. After all, there are many successful companies with products that put staggering quantities of log data into some kind of database for operational analysis. They can't all be wrong, but they won't be using SQL databases. > Any particular reason output to sql hasn't been implemented in postfix > already? Probably because it's a job best suited to a logging service. And SQL databases are only one of many possible destinations. What if someone preferred e.g. elasticsearch, and wanted to use something like logstash, fluentd, flume, splunk, graylog, etc. The only practical way for Postfix to support all of these things is to do what it's doing, and use the well-known syslog protocol, knowing that all logging systems will almost certainly support that protocol. Postfix can also log directly to file (mainly for use in containers), and many logging systems can probably(?) handle grabbing logs from a file as well. > I see there are several github projects available, but many haven't > been updated in many years. Any guidance on the best implementation, > pros/cons, and perhaps even an existing web front-end to do this would > be greatly appreciated. Rsyslog is probably fine. I'm not aware of any web front-end, but I doubt that one is really needed. If your database is ready, it's probably just a matter of adding a few lines to its configuration file. If you are referring to a web front-end for examining the logs in the SQL database, you might want to rethink that and investigate the ELK Stack instead (Elasticsearch, Logstash, Kibana). It'll be overkill, but well worth learning, as it will be useful for all manner of log analysis needs. > Thanks, > Alex cheers, raf
