sendmail syslog files ?
Joost van Baal
joostvb at logreport.org
Wed Nov 7 10:32:56 CET 2001
Hi Faruk,
On Tue, Nov 06, 2001 at 10:54:46PM -0800, Faruk Celik wrote:
>
> I'm trying to analyze our Sendmail SMTP logs.
> I'm using Sendmail on Solaris 2.7 and
> lire-full-20011017.tar.gz.
That should work.
> And my Sendmail logs are in these files:
>
> /var/log/syslog
> /var/log/syslog.0
> /var/log/syslog.1
> /var/log/syslog.2
> ..
> ..
> ..
>
> And one example line:
> Nov 4 03:11:10 mymachine sendmail[5724]: MAA14869:
> to=somebody at something.com, ctladdr=myusernamel
> (1013/1), delay=3+14:21:3
> 3, xdelay=00:07:57, mailer=esmtp, relay=m.dnsix.com.
> [216.34.13.242], stat=Deferred: 450
> <myusername at mymachine.mydomain.com>: Sender address
> rejected: Domain not found
That looks like a valid sendmail log file.
> I tried that command:
>
> cat /var/log/syslog| ./lr_run ./lr_log2report
> /tmp/error email sendmail > /tmp/report.txt
Looks ok.
> and LIRE created an empty /tmp/report.txt and created
> a file in /tmp/error/ saying
> ------------------------------
> "lines of information from the 37458 lines in the log.
> This may be because you sent a log file that doesn't
> strictly contains
> sendmail logs. This is probable if you sent a syslog
> log file without
> filtering it to keep only the logs relevant to the
> sendmail service.
> It could also be because you sent a log file in the
> wrong format or
> that isn't a sendmail log file.
> A report was generated for the 0 lines that could be
> extracted
> from your log file."
> ------------------------------
You snipped the top of that file, I guess.
> I tried also: (check out "grep sendmail")
>
> cat /var/log/syslog|grep sendmail | ./lr_run
> ./lr_log2report /tmp/error email sendmail >
> /tmp/report.txt
That's better indeed. You could also try a
grep 'sendmail\[' /var/log/syslog | lr_run lr_log2report /tmp/error email sendmail \
> /tmp/report.txt
(There might be occurences of the string 'sendmail' in your log which do
not correspond to a sendmail logline.)
> It gave the same result (except number of lines in
> /tmp/error file).
>
> What should I send to lr_log2report from my syslog
> files to get sendmail reports?
Well, I can't see what's wrong on your part. You might want to go
running Lire in debug mode, by creating a file
${prefix}/etc/lire/defaults.local
which features
KEEP=1
DEBUG=1
ARCHIVE=1
LOGGING=stderr
where ${prefix} is whatever you gave as argument to ./configure before
installing Lire.
This will produce a _lot_ of debug output. If this output doesn't help
you, feel free to sent it to the list (if it's not very big) or to me
(if it would be annoying for the list subscribers to receive such a big
email message.)
I'm very curious what's going on on your Lire installation, it might be
caused by a bug (in the code or the documentation), so please don't give
up ;-)
Bye,
Joost
[PS: I'm sorry for not responding to your sourceforge bugsubmit yet. I
had no time yet (and I prefer to use the logreport lists for this,
actually.)]
--
Joost van Baal . . http://www.logreport.org/
. .
/^LogReport$/ . . joostvb at logreport.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.logreport.org/pipermail/questions/attachments/20011107/a93b0867/attachment.bin
More information about the Questions
mailing list