[syslog-ng]Maillog to be split

JulesF syslog-ng@lists.balabit.hu
Mon, 10 Jan 2005 23:30:11 +0000 

Dave have tried your suggestion, but Syslog does not seem to like it. The
strange this is, that the statements you have quoted are not dissimilar
from the original ones already present.


On 20:28:02 January 10, 2005 Dave Johnson <davejjohnson@gmail.com> wrote:
> For more postfix information; you can check out:
> http://logreport.org/doc/gen/email/postfix.php
> http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html
>
> Looking at those docs; you could change the filter f_mailout and
> f_mailin previously
> suggest to look for match ("postfix/smtp")  and match
> ("postfix/smtpd") (respectively) and see what happens.
>
>
> On Mon, 10 Jan 2005 18:32:49 +0000, JulesF <julesf@the4.co.uk> wrote:
> >  Thanks Dave. I have not got a clue where to start. I'm running
> >  Postfix as my MTA. How much more difficult would this be to set up
> >  than with Sendmail?
> >
> >  On 18:20:20 January 10, 2005 Dave Johnson <davejjohnson@gmail.com>
> > >  wrote: Jules--
> > >
> > >  This is going to be mta specific.  IE: depending on what your
> > >  running and your requirements are; its possible to have one mta
> > >  process accept and queue the mail; and another one that
> > >  send/deliver the mail.  If this is the case; it maybe possible
> > >  for the mta to have different syslog facilities/priorities for
> > >  each of these processes.  Again; this is going to be mta
> > > specific.
> > >  The other option is to regex out the lines your want to be
> > >  separated. So for example [off the top of my head-- you can try
> > >  something like this (which I haven't tested:]  on sendmail; only
> > >  logging inbound accepted messages and outbound attempts:
> > >  (some errors will not be picked up on these regexes):
> > >
> > >  filter f_mailin { facility (mail); match("daemon=MTA"); };
> > >  filter f_mailout { facility (mail); match("mailer=esmtp"); };
> > >  destination maillogin { file ("/var/log/maillog.in" perm(0644);
> > >  }; destination maillogout { file ("/var/log/maillog.out"
> > >  perm(0644); }; log { source(local); filter(f_mailin);
> > >  destination(maillogin); }; log { source(local);
> > > filter(f_mailout); destination(maillogout); };
> > >
> > >
> > >  On Mon, 10 Jan 2005 17:11:07 +0000, JulesF <julesf@the4.co.uk>
> > > >   wrote: How would I go about splitting the maillog to show
> > > >   both inbound and outbound services in different files; what
> > > >   amendments need to be made to syslong-ng.conf?
> > > >
> > > >   The current maillog entry:
> > > >
> > > >   destination d_mail { file("/var/log/maillog"); };
> > > >
> > > >   Thanks. J
> > > >
> > > >   _______________________________________________
> > > >   syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > >   https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > >   Frequently asked questions at http://www.campin.net/syslog-ng/
> > > > faq.h
> > > >  tml
> > > >
> > > >
> > >  _______________________________________________
> > >  syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > >  https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > >  Frequently asked questions at http://www.campin.net/syslog-ng/faq
> > > .html
> > >
> >
> >  _______________________________________________
> >  syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> >  https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >  Frequently asked questions at http://www.campin.net/syslog-ng/faq.h
> > tml
> >
> >
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>