Re: Informazioni Log Analyzer Postfix

To: debian-user@lists.debian.org, debian-security@lists.debian.org
Subject: Re: Informazioni Log Analyzer Postfix
From: Gilles Mocellin <gilles.mocellin@nuagelibre.org>
Date: Tue, 04 Dec 2012 14:42:39 +0100
Message-id: <[🔎] 50BDFDCF.6020001@nuagelibre.org>
In-reply-to: <[🔎] 1354625106.1559.3.camel@localhost.localdomain>
References: <03557be40281bbd01898bfa4911605bf@zattara.org> <[🔎] 50BDD1E0.3090607@nuagelibre.org> <[🔎] 1354625106.1559.3.camel@localhost.localdomain>

Le 04/12/2012 13:45, Jason Fergus a écrit :

On Tue, 2012-12-04 at 11:35 +0100, Gilles Mocellin wrote:

Le 27/11/2012 11:53, Zattara Stefano a écrit :

Buongiorno a tutta la lista,
vi chiedo un consiglio riguardo un log analyzer per postfix.
Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in
python.
Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di
una mail
dall'ingresso alla consegna o allo scarto per qualche motivo
( ingresso->postfix->antispam->filtri->consegna )

Qualunco ha qualche dritta da darmi in merito?

>Le 04/12/2012 07:36, Felix Berlakovich a écrit :
>> He is asking the following: Stefano needs advice regarding a log analyzer for postfix. He already looked at pflogsum and various similar tools in written in python. But he is interested in reconstructing the 'life' of an email, from recieving up to the point of delivery, or rejecting for some reason (so recieving -> postifix -> antispam -> filters -> delivery)

>> He asks if someone can give hime hints to some direction.

Hello,

This is really a must have tool.
The best I found is a two step procedure.

The script is postfix.transform.log that I found here (there is other
nice scripts) :
http://www.arschkrebs.de/postfix/scripts/

First step, Have a hash of the conversation :
# postfix.transform.log /var/log/mail.info | grep email@dom.tld

[...]

Second step, Show all log entries with that hash :
# postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg

[...]


As you can see, it handles well amavisd-new intermediate delivery.
We also have policyd-weight, but it does show it. Not so bad, because
mails that are refused by policyd-weight don't have many lines in the logs.

Hope it helps.

I generally just use 'less /var/log/mail.log' for the times that I need
to dive into a log to find the 'life' of it.  I guess the 'analyzer' is
my brain.  I do this for a living, and it's always served me well.  Sure
I also have summaries, and awstats, etc.  But when it comes to tracing
where an email went and if it was blocked by spam, or rejected from our
email server or from the destination, there really isn't much better
than less.  You can even pipe less through the syntax highlighting
program to 'colorize' the logs.  Though this seems to break the follow
functionality of less.

Of course the brain is always better.
But,

Especially when you have a lot of incoming connections, log lines areall messed up.

A tool is really useful, and needed.

Also, if you want to delegate level 1 support to non-engineer people,you can't ask them to understand what's happening in the postfix logs...


PS:
I've just seen that we're on the debian-security list.
I don't think it's the place to discuss that.
I cross post to debian-user, please respond here in case.

Reply to:

References:
- Re: Informazioni Log Analyzer Postfix
  - From: Gilles Mocellin <gilles.mocellin@nuagelibre.org>
- Re: Informazioni Log Analyzer Postfix
  - From: Jason Fergus <leech@thefnords.org>

Prev by Date: Re: Informazioni Log Analyzer Postfix
Next by Date: Re: Zero Day MySQL Buffer Overflow
Previous by thread: Re: Informazioni Log Analyzer Postfix
Next by thread: lead products offer
Index(es):
- Date
- Thread