Re: Help me understand adaptive logging

Tue, 22 Nov 2005 08:33:52 -0800 

Robin Bowes said the following on 21/11/2005 16:40:
> John Peacock said the following on 21/11/2005 14:32:
> 
>>Robin Bowes wrote:
>>
>>
>>>Am I right in thinking that to recreate denylog using adaptive I just
>>>need to add code to the sub hook_deny?
>>
>>
>>Yes, I believe that should be sufficient.  If you do this, send it to
>>the list and I'll add it to the core plugin (since it might be useful
>>for other people as well).
> 
> 
> I will of course do that.
> 
> However, I'll need a bit of help to get started... :)
> 
> Firstly, the defined log levels will need to change.
> 
> Currently, there is a maxlevel and minlevel:
>  - Accepted messages are logged if trace <= minlevel;
>  - All messages are logged if trace <= maxlevel
> 
> I propose that these should change to accept_level, max_level and a new
> setting, reject_level:
>  - Accepted messages are logged if trace <= accept_level;
>  - All messages are logged if trace <= max_level
>  - Rejected messages are logged if trace <= reject_level
> 
> Next, there'll need to be an additional prefix for rejected messages.
> 
> Currently, there is a prefix setting:
>  - prefix is prepended to all accepted lines
> 
> I propose that this changes to accept_prefix and a new setting,
> reject_prefix:
>  - accept_prefix is prepended to all accepted lines
>  - reject_prefix is prepended to all rejected lines
> 
> I'd also suggest that the default prefix values are changed to:
> 
> accept_prefix: ++
> reject_prefix: --
> 
> This requires multilog filter lines as follows:
> 
> exec /usr/local/bin/setuidgid qmaill multilog t n20 s10485760 \
>     '-*++ *' '-*-- *' $LOGDIR/detailed \
>     '-*' '+*++ *' $LOGDIR/accepted \
>     '-*' '+*-- *' $LOGDIR/rejected

OK, I've changed everything as listed above

> So, the only thing left is to get the rejected lines in to the log.

And I've done most of this as follows:

# log mail sender (if present)
warn "$self->{_rejectprefix} mail from: $transaction->sender->format\n"
    if (defined( $transaction->sender ));

etc.

However, the following doesn't work:

 warn "$self->{_rejectprefix} tcp client:
$self->qp->connection->remote_host [$self->qp->connection->remote_ip]\n";

Is the remote host/ip information no longer in $self->qp->connection ?

Thanks,

R.
-- 
http://robinbowes.com

If a man speaks in a forest,
and his wife's not there,
is he still wrong?

Reply via email to