[syslog-ng]Maillog to be split

Dave Johnson syslog-ng@lists.balabit.hu
Mon, 10 Jan 2005 14:28:02 -0600 

For more postfix information; you can check out:  
http://logreport.org/doc/gen/email/postfix.php
http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html

Looking at those docs; you could change the filter f_mailout and
f_mailin previously
suggest to look for match ("postfix/smtp")  and match ("postfix/smtpd") 
(respectively) and see what happens.


On Mon, 10 Jan 2005 18:32:49 +0000, JulesF <julesf@the4.co.uk> wrote:
> Thanks Dave. I have not got a clue where to start. I'm running Postfix as
> my MTA. How much more difficult would this be to set up than with Sendmail?
> 
> 
> On 18:20:20 January 10, 2005 Dave Johnson <davejjohnson@gmail.com> wrote:
> > Jules--
> >
> > This is going to be mta specific.  IE: depending on what your running
> > and your requirements are; its possible to have one mta process accept
> > and queue the mail; and another one that send/deliver the mail.  If
> > this is the case; it maybe possible for the mta to have different
> > syslog facilities/priorities for each of these processes.  Again; this
> > is going to be mta specific.
> >
> > The other option is to regex out the lines your want to be seperated.
> > So for example [off the top of my head-- you can try something like
> > this (which I haven't tested:]  on sendmail; only logging inbound
> > accepted messages and outbound attempts:
> > (some errors will not be picked up on these regexes):
> >
> > filter f_mailin { facility (mail); match("daemon=MTA"); };
> > filter f_mailout { facility (mail); match("mailer=esmtp"); };
> > destination maillogin { file ("/var/log/maillog.in" perm(0644); };
> > destination maillogout { file ("/var/log/maillog.out" perm(0644); };
> > log { source(local); filter(f_mailin); destination(maillogin); };
> > log { source(local); filter(f_mailout); destination(maillogout); };
> >
> >
> >
> > On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk> wrote:
> > >  How would I go about splitting the maillog to show both inbound and
> > >  outbound services in different files; what amenedments need to be
> > >  made to syslong-ng.conf?
> > >
> > >  The current maillog entry:
> > >
> > >  destination d_mail { file("/var/log/maillog"); };
> > >
> > >  Thanks. J
> > >
> > >  _______________________________________________
> > >  syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > >  https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > >  Frequently asked questions at http://www.campin.net/syslog-ng/faq.h
> > > tml
> > >
> > >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>