Hi! i just want known how you track linux maillog file. Yes, i know old scool way, that looking /var/log/maillog file. But non unix technical users have trouble to reading. Endian offer web log viewer but filter function not the best. however Live log is cool, if you want to see whats happening on SMTP in realtime.
So we tried to find log tracking/watching/parse/analyze :) tool that good for postfix log. usable tool does not exist. We only find usable maybe http://mailwatch.sourceforge.net but that not able to install in endian and running by php daemon, ohh.. After we found splunk(www.splunk.com, limited freeware version). I installed splunk server on windows and splunk lightweight on endian linux. (but not necessary install lightweight agent, can gather data from syslogd(via tcp) I set splunk on endian that push maillog file to server. Splunk recognise postfix log, but not handle perfectly multi QUEUE ID, because when postfix send email to amavis generate a new QUEUE id. I write a search that put queueid to qid field and same qid group together. ("queued_as" amavis line.) List all mail: host="BIGENDIAN" | rex field=_raw "postfix/[a-z]{1,6}\[\d+\]: (?<qid>[A-Z0-9]{1,11}):" | rex field=_raw "queued_as: (?<qid>.*)," | transaction qid List all mail that contain john: host="BIGENDIAN" | rex field=_raw "postfix/[a-z]{1,6}\[\d+\]: (?<qid>[A-Z0-9]{1,11}):" | rex field=_raw "queued_as: (?<qid>.*)," | transaction qid | search john or recipient j...@foo.com host="BIGENDIAN" | rex field=_raw "postfix/[a-z]{1,6}\[\d+\]: (?<qid>[A-Z0-9]{1,11}):" | rex field=_raw "queued_as: (?<qid>.*)," | transaction qid | search to=j...@foo.com Now easy to tracking whats happend the mail. Pre definied search can be saved to macro etc. Of couse the search and outline can be better, example highlights etc. but this is one of the reasons to post this email this list :) If anybody tried this OR has a better soulutions plz. share. Thank you. If you need help in splunk, write email to me. Zola ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
