On Fri, 18 Jun 1999 09:24:06 +0300, Anand Buddhdev wrote:
>> cyclog rotates itself when a log reaches a certain size, which is fine, but
>> what's the right way to collect them and do a daily scan and crunch?
I use this in /etc/rc.d/init.d/qmail:
supervise /var/run/qmail qmail-start ./Maildir/ /usr/bin/accustamp | \
/usr/bin/setuser qmaill \
/usr/bin/cyclog -n4 -s2500000 /var/log/qmail /var/qmail/bin/analog
&
Where "/var/qmail/bin/analog" is:
cat /var/log/qmaillog/log.pend "$1" | \
/var/qmail/bin/matchup > /var/log/qmaillog/log.tmp \
5>/var/log/qmaillog/log.pend.tmp
if [ $? != 0 ]; then
exit 1
fi
mv -f /var/log/qmaillog/log.pend.tmp /var/log/qmaillog/log.pend
cat /var/log/qmaillog/log.tmp >> /var/log/qmaillog/log
rm -f "$1"
Then use qmailanalog stats on "log" and regular log rotation of "log".
The cyclog part requires Bruce Guenter's patch. The 2500000 cyclog
files correspond to about one hour. [I wish there was an option to
process the just finished cyclog file instead]. The nice thing is that
I almost only look at matchup:ed logs instead of raw logs to track
problems. BTW - the "analog" log extension part isn't crash safe, but
IMHO good enough.
Improvements/suggestions welcome!
What I also would like is a tool on top of this that extracts info from
the logs to send messages to postmasters of defunct systems. There are
a lot of MX that say "relaying denied" even though the are MX for that
host, hosts that 5xx reject mail when lookup of the sender domain times
out, etc, for whom it would be nice to generate automatic mail.
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
