John Peacock said the following on 21/11/2005 14:32:
> Robin Bowes wrote:
>
>> Am I right in thinking that to recreate denylog using adaptive I just
>> need to add code to the sub hook_deny?
>
>
> Yes, I believe that should be sufficient. If you do this, send it to
> the list and I'll add it to the core plugin (since it might be useful
> for other people as well).
I will of course do that.
However, I'll need a bit of help to get started... :)
Firstly, the defined log levels will need to change.
Currently, there is a maxlevel and minlevel:
- Accepted messages are logged if trace <= minlevel;
- All messages are logged if trace <= maxlevel
I propose that these should change to accept_level, max_level and a new
setting, reject_level:
- Accepted messages are logged if trace <= accept_level;
- All messages are logged if trace <= max_level
- Rejected messages are logged if trace <= reject_level
Next, there'll need to be an additional prefix for rejected messages.
Currently, there is a prefix setting:
- prefix is prepended to all accepted lines
I propose that this changes to accept_prefix and a new setting,
reject_prefix:
- accept_prefix is prepended to all accepted lines
- reject_prefix is prepended to all rejected lines
I'd also suggest that the default prefix values are changed to:
accept_prefix: ++
reject_prefix: --
This requires multilog filter lines as follows:
exec /usr/local/bin/setuidgid qmaill multilog t n20 s10485760 \
'-*++ *' '-*-- *' $LOGDIR/detailed \
'-*' '+*++ *' $LOGDIR/accepted \
'-*' '+*-- *' $LOGDIR/rejected
So, the only thing left is to get the rejected lines in to the log.
The denylog plugin produces output like this:
tcp client: 12-208-227-30.client.insightbb.com [12.208.227.30]
relay client: no
denied by: require_resolvable_fromhost
denial code: 902
denial text: Could not resolve mcmail.cis.mcmaster.ca
I'd like to produce similar output.
denylog uses the following attributes of the transaction:
$transaction->sender->format
$transaction->recipients
$transaction->bodysize
$self->qp->connection->remote_host
$self->qp->connection->remote_ip
$transaction->{_relaying}
$self->qp->connection->notes('authmethod')
$plugin
$code
$message
Are all these still available with the new plugin logging architecture?
e.g. I can't see $code or $message. Are they inside some other object?
The next thing is what do I need to do to write this to the log?
I'm guessing I need to use code similar to:
if ( defined $self->{_maxlevel} && $trace <= $self->{_maxlevel} ) {
warn join(
" ", $$.
(
defined $plugin ? " $plugin plugin:"
: defined $hook ? " running plugin ($hook):"
: ""
),
@log
),
"\n"
unless $log[0] =~ /logging::adaptive/;
push @{ $transaction->{_log} }, [ $trace, $hook, $plugin, @log ]
if ( defined $self->{_minlevel} && $trace <= $self->{_minlevel} );
}
I'm not entirely clear what objects I need to modify/add to.
Do I need to use all of this code? Where would I add the new log output?
Cheers,
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
