-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 19-06-15 16:19, Axb wrote: > On 19.06.2015 16:01, Reindl Harald wrote: >> >> Am 19.06.2015 um 15:56 schrieb Reindl Harald: >>>>> envelope=_SENDERDOMAIN_, from=_AUTHORDOMAIN_ >>>> >>>> syslog to SQL and you can xref all the info you need >>> >>> that's a workaround and not a solution, there's a reason why >>> the spamfirewall is the *only* machine not logging to mysql >>> because you really don't want a dozen millions of sql-inserts >>> each month > > *YOU* don't want them. If you have a cluster of more than the one > "spamfirewall" it can be very practical to have central SQL > logging. > >> and for messages without a MID you have currently no way at all >> to xfer anything since you only see the rules and the result with >> *nothing* to grep for > > Postfix/MTA/Glue Session IDs, etc... having the data in a DB also > allows all kinds of stats. > > Of course you are free to hack SA's logging and write out all you > want and then filter it out via syslog/regex.. now if that is more > efficient I/O-wise.... >
I send all my logs to logstash + elasticsearch. Works like a charm, but when there's nothing (message-id, sender recipient(s)) to search on you're still screwed... Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVhCXVAAoJEJPfMZ19VO/1O6sP/3tBqFPS9KhuUOH89cqXGb7W bOdomyNJLwulqhdCrDlTjgRK6Nn9GEcIAG+BNoN4CA+naEa3n7VIL89aFKbZ0Nb2 3y/QrQ61RY5rmkgmd5Fr/xi98n1sQriygJP/+ckBcE0wbex6A7LmKESE6X2WMCAZ DhjPvcfEAYhzAMdhbS7dNzNFNlblwsq+PdGr0BTbf+wf/baVA/UeBCVOXemp/ltC 7hmTtdapwpL+LGWRd6Vr53oJR+yvJpq00cG7qQuTr9RJa1U/qCVG22VyemvuwlzN Mr5sqOvPy7yiuGbuqQKLK43qiZ9jcvfKgFt6CFl8OBt51Hc9+Jpdai/nuzlZSbpl DC0EWBfXQJBqdbXAQiDeCgfS375cieGFDyn62Mq73nZK2EPnaYw2MM95v7jqGXV1 q9B7FoEG2esGBU6+qpYW8Dw96HOSisU3hGIlJ20NJ2rFYa0V3hdxxYknsiOMFcfT QlpoAonhFeKfrkThHeBuCLVGY9j13fwNYnLsTOalfHAAApPzwv41Aisphevn4W2u h3391Q5KMSfKMXkmnzEHqjRfIfcfjtrS2n9VEKSc3xw1z0o5F72n6UVxkeM28JiK yxNzR1bB/jzG36042QTu4HW2y4U2S41hbzXlziiaQRZ6Ou5+SyMYEOY0enrX5AC/ JgQMiCs5092wBQUppba7 =rthH -----END PGP SIGNATURE-----
