| Main Archive Page > Month Archives > postfix-users archives |
Flexible formatting of Postfix log entries?
From: <karf96_at_nospam>Date: Sat Apr 28 2012 - 15:30:54 GMT
To: postfix-users@postfix.org
I've been writing scripts for my loganalysis chores. A typical log
entry for a mail transaction looks like,
Apr 28 07:01:28 liam postfix/smtpd[17751]: connect from
out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/smtpd[17751]: 447FC600E1:
client=out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/qmgr[899]: 447FC600E1:
from=<some.body@somewhere.com>, size=3219, nrcpt=1 (queue
active)
Apr 28 07:01:29 liam postfix/smtpd[17751]: disconnect from
out.somewhere.com[99.99.99.99]
Apr 28 07:01:33 liam postfix/qmgr[899]: 286E0601B5:
from=<some.body@somewhere.com>, size=3904, nrcpt=1 (queue
active)
Apr 28 07:01:33 liam postfix/smtp[17758]: 447FC600E1:
to=<me@mydomain.com>, orig_to=<me.alias@mydomain.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=5,
delays=0.79/0.02/0.02/4.2, dsn=2.0.0, status=sent (250 2.0.0
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 286E0601B5)
Apr 28 07:01:33 liam postfix/lmtp[17767]: 286E0601B5:
to=<me@mydomain.com>,
relay=mail.mydomain.com[192.168.1.100]:7025, delay=0.57,
delays=0.38/0.02/0/0.17, dsn=2.1.5, status=sent (250 2.1.5
Delivery OK)
Personally, I find that difficult to parse at a glance. Although it's
certainly a matter of personal taste, I prefer a bit more columnar
structre. Something like (using monospaced fonts),
Apr 28 07:01:28 liam postfix/smtpd[17751]: connect
from out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/smtpd[17751]: 447FC600E1:
client=out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/qmgr[899]: 447FC600E1:
from=<some.body@somewhere.com>,
size=3219, nrcpt=1 (queue active)
Apr 28 07:01:29 liam postfix/smtpd[17751]:
disconnect from out.somewhere.com[99.99.99.99]
Apr 28 07:01:33 liam postfix/qmgr[899]: 286E0601B5:
from=<some.body@somewhere.com>,
size=3904, nrcpt=1 (queue active)
Apr 28 07:01:33 liam postfix/smtp[17758]: 447FC600E1:
to=<me@mydomain.com>, orig_to=<me.alias@mydomain.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=5,
delays=0.79/0.02/0.02/4.2, dsn=2.0.0,
status=sent
(250
2.0.0
from
MTA([127.0.0.1]:10025):
250
2.0.0
Ok:
queued
as
286E0601B5)
Apr 28 07:01:33 liam postfix/lmtp[17767]: 286E0601B5: to=<me@mydomain.com>,
relay=mail.mydomain.com[192.168.1.100]:7025, delay=0.57, delays=0.38/0.02/0/0.17,
dsn=2.1.5,
status=sent
(250
2.1.5
Delivery
OK)
for a start.
I can write scripts to parse & format the logs after the fact. Doing so for live log tailing is a little more challenging,
but still can be done.
Since it's Postfix doing the writing to the logs in the 1st place, is it possible to config Postfix to (free)format those
log entries? I suppose I can find the code in Postfix and patch, but that seems unwise. Ideally, a configuration --
somewhere. If not, do any of the Postfix-specific log analysis tools do this already?
I'm looking for the flexibitly to customize, not a fixed change in the current way of doing things.
-- Thanks, Karen