Quoting Marten Lehmann (from 11/05/10 23:50): >> display: >> exipick --show-vars h_Subject,received_time 'authenticated_id eq X' >> > searching is not based an indices. So when you have a queue of 50.000 > messages, then each one has to be looked through, each header file has > to be parsed for the structure and that takes so long, that you cannot > easily decrease or extended retry times for certain messages. > > The question is: Would it be easier to establish an abstraction layer > into exim or develop a new MTA that only does what we actually need (a > small subset of exims features)?
I'd go for the other option: keep the existing logging, and *also* copy it into a database, and then query that database. This could be real-time (by extending your syslog) or near-real-time (by having log-file watchers), or batched in cron every n minutes ... This is the approach used by Splunk, for example (which I've only run in test, and not in production). -jim -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
