[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: question on spamd logging

On Saturday 25 August 2018 13:08:29 Reco wrote:

> 	Hi.
>
> On Sat, Aug 25, 2018 at 12:16:49PM -0400, Gene Heskett wrote:
> > On Saturday 25 August 2018 12:12:09 Reco wrote:
> > > 	Hi.
> > >
> > > On Sat, Aug 25, 2018 at 11:27:32AM -0400, Gene Heskett wrote:
> > > > This is expanding the syslog to the point of drowning out any
> > > > real actionable messages.
> > > >
> > > > I think it used to have a log of its own. How, it this continues
> > > > once stretch is up and running, can we put those spamd messages
> > > > back into spamassassin's own log file? Seems like the logical
> > > > place for them.
> > >
> > > It's definitely possible with rsyslog's filtering feature.
> > > Can you provide a sample of the records that annoy you?
> > >
> > > Reco
> >
> > Aug 25 12:10:01 coyote /USR/SBIN/CRON[20245]: (www-data) CMD ([ -x
> > /usr/share/awstats/tools/update.sh ] &&
> > /usr/share/awstats/tools/update.sh) Aug 25 12:11:33 coyote
> > spamd[4854]: spamd: connection from localhost [127.0.0.1]:43518 to
> > port 783, fd 5 Aug 25 12:11:33 coyote spamd[4854]: spamd: setuid to
> > gene succeeded Aug 25 12:11:33 coyote spamd[4854]: spamd: processing
> > message <[🔎] 20180825161027.eaq2xy65oiar6fqz@p5k.home> aka
> > <AgA_oytFLPE.A.wcD.I-XgbB@bendel> for gene:1000 Aug 25 12:11:34
> > coyote spamd[4854]: spamd: clean message (1.6/5.1) for gene:1000 in
> > 1.1 seconds, 10538 bytes. Aug 25 12:11:34 coyote spamd[4854]: spamd:
> > result: . 1 -
> > BAYES_50,HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,T_DKIM_INVALID
> > scantime=1.1,size=10538,user=gene,uid=1000,required_score=5.1,rhost=
> >localhost,raddr=127.0.0.1,rport=43518,mid=<20180825161027.eaq2xy65oia
> >r6fqz@p5k.home>,rmid=<AgA_oytFLPE.A.wcD.I-XgbB@bendel>,bayes=0.500000
> >,autolearn=no autolearn_force=no
> > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II
> >
> > Several hundred a day...
>
> Try this:
>
> cat > /etc/rsyslog.d/spamd.conf << EOF
>
> :syslogtag, startswith, "spamd" /var/log/spamd.log
> :syslogtag, startswith, "spamd" stop
>
> EOF
>
> service rsyslogd restart
>
no permission

so I cd to e/rs.d sudo -i and made this file
:syslogtag, startswith, "spamd" /var/log/spamd.log
:syslogtag, startswith, "spamd" stop

And had to do the restart as root, which logged this:
Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" 
swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com";] exiting 
on signal 15.
Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" 
swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com";] start
Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name ""

No clue what that error might be, you?

Thanks Reco.

> Consider adding logrotate configuration file for the new
> /var/log/spamd.log.
>
> And, before you ask, documentation for rsyslogd lives in "rsyslog-doc"
> package.

Synaptic says its installed, but its not on /usr/share?

Ahh, found it but no mention of that exact syntax of :syslogtag
>
> Reco



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: