Bill,
> I have been noticing for quite some time that amavisd-new logs test
> results messages to the maillog differently at time. For example:
>
> Feb 27 14:22:06 mail amavis[27931]: (27931-08) Passed CLEAN
> Feb 27 14:22:56 mail ch4-03611-04)[3611]: (03611-04) Passed CLEAN
>
> These are 2 different message that amavisd-new tested and reported to
> the maillog as "Passed CLEAN". However, notice that the first log entry
> clearly shows it came from "amavis", but the second log entry show it
> came from "ch4-03611-04)". Note that there is also a closing ")" is the
> second log entry but no opening "(".
>
> Any ideas why this is happening and what I can do to fix it? I am
> currently running amavisd-new-2.6.4 (20090625).
What syslog variant are you using?
Looks like part of a process name ($0) ends up as a syslog ident.
The $syslog_ident is 'amavis' by default and is never changed
by amavisd itself. It is passed as an argument to openlog(),
so this is the string you should be seing in a syslog.
A custom hook is allowed to change the $syslog_ident
(e.g. in a policy bank), so this would be reflected in a syslog
for entries written when using such a policy bank.
Your string "ch4-03611-04)" looks very much like the process
name ($0), except that it is missing the "amavisd (" prefix.
Could it be that your syslog is being creative and tries to use
a process name in place of a syslog ident?
Mark
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
