How would I go about splitting the maillog to show both inbound and outbound services in different files; what amenedments need to be made to syslong-ng.conf? The current maillog entry: destination d_mail { file("/var/log/maillog"); }; Thanks. J
Jules-- This is going to be mta specific. IE: depending on what your running and your requirements are; its possible to have one mta process accept and queue the mail; and another one that send/deliver the mail. If this is the case; it maybe possible for the mta to have different syslog facilities/priorities for each of these processes. Again; this is going to be mta specific. The other option is to regex out the lines your want to be seperated. So for example [off the top of my head-- you can try something like this (which I haven't tested:] on sendmail; only logging inbound accepted messages and outbound attempts: (some errors will not be picked up on these regexes): filter f_mailin { facility (mail); match("daemon=MTA"); }; filter f_mailout { facility (mail); match("mailer=esmtp"); }; destination maillogin { file ("/var/log/maillog.in" perm(0644); }; destination maillogout { file ("/var/log/maillog.out" perm(0644); }; log { source(local); filter(f_mailin); destination(maillogin); }; log { source(local); filter(f_mailout); destination(maillogout); }; On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
How would I go about splitting the maillog to show both inbound and outbound services in different files; what amenedments need to be made to syslong-ng.conf?
The current maillog entry:
destination d_mail { file("/var/log/maillog"); };
Thanks. J
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Thanks Dave. I have not got a clue where to start. I'm running Postfix as my MTA. How much more difficult would this be to set up than with Sendmail? On 18:20:20 January 10, 2005 Dave Johnson <davejjohnson@gmail.com> wrote:
Jules--
This is going to be mta specific. IE: depending on what your running and your requirements are; its possible to have one mta process accept and queue the mail; and another one that send/deliver the mail. If this is the case; it maybe possible for the mta to have different syslog facilities/priorities for each of these processes. Again; this is going to be mta specific.
The other option is to regex out the lines your want to be seperated. So for example [off the top of my head-- you can try something like this (which I haven't tested:] on sendmail; only logging inbound accepted messages and outbound attempts: (some errors will not be picked up on these regexes):
filter f_mailin { facility (mail); match("daemon=MTA"); }; filter f_mailout { facility (mail); match("mailer=esmtp"); }; destination maillogin { file ("/var/log/maillog.in" perm(0644); }; destination maillogout { file ("/var/log/maillog.out" perm(0644); }; log { source(local); filter(f_mailin); destination(maillogin); }; log { source(local); filter(f_mailout); destination(maillogout); };
On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
How would I go about splitting the maillog to show both inbound and outbound services in different files; what amenedments need to be made to syslong-ng.conf?
The current maillog entry:
destination d_mail { file("/var/log/maillog"); };
Thanks. J
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.h tml
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
For more postfix information; you can check out: http://logreport.org/doc/gen/email/postfix.php http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html Looking at those docs; you could change the filter f_mailout and f_mailin previously suggest to look for match ("postfix/smtp") and match ("postfix/smtpd") (respectively) and see what happens. On Mon, 10 Jan 2005 18:32:49 +0000, JulesF <julesf@the4.co.uk> wrote:
Thanks Dave. I have not got a clue where to start. I'm running Postfix as my MTA. How much more difficult would this be to set up than with Sendmail?
On 18:20:20 January 10, 2005 Dave Johnson <davejjohnson@gmail.com> wrote:
Jules--
This is going to be mta specific. IE: depending on what your running and your requirements are; its possible to have one mta process accept and queue the mail; and another one that send/deliver the mail. If this is the case; it maybe possible for the mta to have different syslog facilities/priorities for each of these processes. Again; this is going to be mta specific.
The other option is to regex out the lines your want to be seperated. So for example [off the top of my head-- you can try something like this (which I haven't tested:] on sendmail; only logging inbound accepted messages and outbound attempts: (some errors will not be picked up on these regexes):
filter f_mailin { facility (mail); match("daemon=MTA"); }; filter f_mailout { facility (mail); match("mailer=esmtp"); }; destination maillogin { file ("/var/log/maillog.in" perm(0644); }; destination maillogout { file ("/var/log/maillog.out" perm(0644); }; log { source(local); filter(f_mailin); destination(maillogin); }; log { source(local); filter(f_mailout); destination(maillogout); };
On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
How would I go about splitting the maillog to show both inbound and outbound services in different files; what amenedments need to be made to syslong-ng.conf?
The current maillog entry:
destination d_mail { file("/var/log/maillog"); };
Thanks. J
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.h tml
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Dave Johnson
-
JulesF