excluding mailrelay in lire's sendmail report ?

Joost van Baal joostvb at logreport.org
Tue Oct 3 15:59:45 CEST 2006 

Hi Tom,

Op di 26 sep 2006 om 09:49:11 +0200 schreef tomvo at absi.be:
> 
> I have a difficult problem to solve with lire and sendmail reports.
> Our customer has 2 mailrelays, in the past one handled inbound mail, the 
> other outbound mail.
> As the customer wants to have separate reports on what his customers are 
> doing with their mail (outbound mail), and what comes in from the internet 
> (inbound), this was quite easy. each instance of sendmail logged to its 
> own syslog file, and lire could parse each file separately and produce 
> separate reports.
> 
> As the mail flow has become too big, we're forced to spread inbound mail 
> over both mailrelays. This causes the problem that we no longer have 
> separate mail reports for in- and outbound, as the sendmail logfile now 
> contains entries for both mail directions.
> 
> What we tried to do, was send via syslog all mail.* to one central 
> logfile, write a script that, based on the relay= line in the first 
> logfile entry of each new mail, will split the mail logfile in an inbound 
> and an outbound mail file.
> The idea was, that we lookup the sendmail queue id for each new mail entry 
> in the logfile, grep all queue id entries and write them to another file. 
> this works, but because we need to first generate a list of queue id's, 
> and then grep per queue id through the entire file, parsing the file takes 
> 20 hours ! So it's just not feasible.
> 
> What I was wondering is, if we can manipulate lire in such a way, that it 
> can both exclude and include log entries that come from a specific mail 
> relay, then we could have lire run through the same sendmail file twice, 
> each run with different config, and we would have the reports like we want 
> them to.
> 
> Is this possible, or do you have other suggestions to solve my problem ?

I believe your idea would be the way to go for it.

(The sendmail service has not yet been converted to the Perl module
style setup: there still is sendmail2dlf(1), and not
/etc/lire/plugins/sendmail_init.

This means you can easily generate a DLF ascii dump for a logfile.

However, it is _not_ easy to import this dump in a Lire store, nor is it
easy to dump a DLF from a store in it's ASCII representation.)

Anyway, when generating a report, you can specify a filter.  The one in
/usr/share/lire/filters/email/select-client-ip.xml could serve as an
example.  You can stick such a filter in a report template (based upon
e.g. /usr/share/lire/templates/email_default.xml), and pass this
template to e.g. the lr_log2report command line.

Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20061003/3ed8805f/attachment.bin

More information about the Questions mailing list