[syslog-ng] Anyone Using Mailgraph (an RRD based Tool) for Postfix Mail Logs???

wiskbroom at hotmail.com wiskbroom at hotmail.com
Mon Sep 8 14:51:45 CEST 2008 

Hello;

I am in search for a way to graph my logs for four separate mailservers, 
since all four are logging onto the same syslog-ng host, 
I figured I'd use mailgraph, a tool which creates graphs using RRDtools.

I got rrdtools installed and ran mailgraph, and after not receiving any graph data at all in my database
(mailgraph.rrd file), I ran strace and saw:
 
write(2, "WARNING: line not in syslog form"..., 209) = 209
write(2, "WARNING: line not in syslog form"..., 167) = 167
write(2, "WARNING: line not in syslog form"..., 172) = 172
write(2, "WARNING: line not in syslog form"..., 173) = 173
write(2, "WARNING: line not in syslog form"..., 194) = 194
write(2, "WARNING: line not in syslog form"..., 172) = 172

My syslog-ng.conf has the following relevant data for this particular source:

options
  {
    chain_hostnames(no);
    create_dirs (yes);
    dir_perm(0755);
    use_dns (yes);
    dns_cache(yes);
    dns_cache_size(1000);
    dns_cache_expire(604800);
    keep_hostname(yes);
    log_fifo_size(10000);
    log_msg_size(8192);
    long_hostnames(on);
    perm(0644);
    stats(3600);
    sync(0);
    time_reopen (10);
    use_dns(yes);
    use_fqdn(yes);
  };

log { source(S_udp); filter(F_mailservers); destination(D_mailservers); flags(final); };
destination D_mailservers  { file("/var/log/Acme-Hosts/MailServers/$FULLHOST.log"
                             perm(0644)); };


My logs look like:
 
Sep  5 16:31:45 mailserver.example.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 597816CB1E: from=<203176.549962556 at abc.exampletest.com>, size=14602, nrcpt=1 (queue active)
 
Sep  5 16:31:45 mailserver.mailserver.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 3081A6CB1C: removed
 
Sep  5 16:31:45 mailserver.mailserver.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 1C0426CB1D: removed
 
Is there a way that I can tel syslog-ng to output to two locations, on e in the format above, which I need, and another in the format that mailgraph expexts to see?

I assume that mailgraph is not setup to see the HOSTNAME/HOSTNAME entries shown above.

I am using syslog-ng, latest, and am purposely stuffing my data into files named after the host, into a directory named after the same.
I am also using a FIFO to redirect all logged data into a mysql DB, but the script mailgraph is receiving it's data from the flat files above.

Any help appreciated, especially in a way that would not require rewriting the way the data looks now.
 
Thanks all,
 
.vp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080908/3e3246fd/attachment.htm

More information about the syslog-ng mailing list