postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Logfile condenser

Re: Logfile condenser

From: Jeroen Geilman <jeroen_at_nospam>
Date: Tue Oct 19 2010 - 17:42:52 GMT
To: postfix-users@postfix.org

On 10/19/2010 12:37 PM, Dom Latter wrote:
> On 19/10/10 11:55, Mark Scholten wrote:
>
>> From here there is interest in it. I would edit it to include the
>
> Encouraging!
>
>> client/destination server and message ID, but for the rest it sounds
>> great.
>
> Configurable as follows, e.g.:
> $output = array ('time', 'meat', 'from', 'to', 'hits', 'size');
>

How does it deal with address rewriting and alias expansion, which is
the routing core of postfix ?

There's a good reason you need more than one line to log an email
message - the envelope coming in isn't always the one going out.

I use awstats with the (provided) postfix logging method to get
one-sided (i.e. one fact per line) stats, but the nature of mail is such
that each message yields at least two relevant log lines: one coming in
and one going out.
That unfortunately can't show me the correlation between incoming and
outgoing mail, because you'd have to do heuristics on the queue-IDs to
match them together.

If I had to name the log fields I want to see (and consider that these
come from - possibly wildly - different log entries) it would be:

"timestamp - client IP [hostname] - orig_envelope_from >
orig_envelope_to - Queue ID - final_envelope_from > final_envelope_to -
transport:nexthop - server IP [hostname] - delays"

And that's probably not even complete yet, I thought it up just now.

I guess we'd like to see a small sample :)

Can you share the script ?

-- J.