Hi,
On Thu, Apr 26, 2018 at 8:46 AM, Mike wrote:
> On 4/25/2018 2:08 PM, @lbutlr wrote:
>> This might be of use to others out there. I decided that monitoring mail.log
>> was too much of a pain with all the postscreen and dnsblog 'noise' from
>> obscuring the information that I wanted to see, s
On 4/26/2018 3:08 PM, @lbutlr wrote:
> On 2018-04-26 (06:46 MDT), Mike wrote:
>>
>> I have a similar log strategy but I let postfix do it for me.
>>
>> For example, my postscreen entry in master.cf is:
>>
>>
>> smtp inet n - n - 1 postscreen
>> -o syslog_fa
>
While on the topic of rsyslogd, I have v8.16.0 and use these two lines
in rsyslogd.conf to get datetime -MM-DD HH:MM:SS formatting:
$template
CustomFormat,"%timegenerated:::date-year%-%timegenerated:::date-month%-%timegenerated:::date-day%
%timegenerated:
::date-hour%:%timegenerated:::date
Here's what I use for Shorewall messages:
/etc/rsyslog.d/00-shorewall.conf:
if $msg contains 'Shorewall' then {
action(type="omfile" file="/var/log/shorewall.log")
# if ($syslogfacility == 0 and $syslogseverity >= 4) then stop # warning
# if ($syslogfacility == 0 and $syslogseverity >= 5) then
On 2018-04-26 (06:46 MDT), Mike wrote:
>
> I have a similar log strategy but I let postfix do it for me.
>
> For example, my postscreen entry in master.cf is:
>
>
> smtp inet n - n - 1 postscreen
> -o syslog_facility=local2
>
>
>
> That sends the po
On 4/25/2018 2:08 PM, @lbutlr wrote:
> This might be of use to others out there. I decided that monitoring mail.log
> was too much of a pain with all the postscreen and dnsblog 'noise' from
> obscuring the information that I wanted to see, so I split those log events
> into their own log file us
This might be of use to others out there. I decided that monitoring mail.log
was too much of a pain with all the postscreen and dnsblog 'noise' from
obscuring the information that I wanted to see, so I split those log events
into their own log file using rsyslogd with the following lines in
rsy
