[LogReport Questions] Qmail Log Format

Art Mandler art at skyrunner.net
Wed Nov 7 12:31:09 CET 2007 

Hi Folks - Trying to use lire with my qmail logs (generated by Plesk 
implementation of qmail).  the command
# lr_log2report qmail maillog
results in a report with no content (0's for everything).  I suspect I 
need a different dlf to parse my log.  Following is a sanitized sample 
of my maillog content.  Any assistance would be much appreciated.

Art Mandler
Asheville, NC

root at host0:/opt/psa/var/log# less maillog
Nov  6 12:12:59 host0 pop3d:
Nov  6 12:12:59 host0 pop3d: LOGIN, user=xxxx, ip=[xxx.147.222.211]
Nov  6 12:12:59 host0 pop3d: LOGIN, user=xxxx.keen, ip=[xxx.147.222.211]
Nov  6 12:12:59 host0 pop3d: Connection, ip=[xxxx.211.138.254]
Nov  6 12:12:59 host0 pop3d: IMAP connect from @ [xxxx.211.138.254]INFO: 
LOGIN, user=business, ip=[204.211.138.254]
Nov  6 12:12:59 host0 pop3d:
Nov  6 12:13:00 host0 pop3d:
Nov  6 12:13:00 host0 relaylock: /var/qmail/bin/relaylock: mail from 
80.94.95.17:2230 (plejed17.desumetrestle.net)
Nov  6 12:13:00 host0 spamd[13913]: spamd: result: Y 23 - 
BAYES_99,DATE_IN_PAST_12_24,HELO_DYNAMIC_DIALIN,HTML_40_50,HTML_MES
SAGE,MIME_BOUND_NEXTPART,RCVD_IN_SORBS_DUL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL 
scantime=6.1,size=3919
,user=xxxxxxxxxx at xxxxxxxx.com,uid=110,required_score=7.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<
4c7f01c81fcf$f5dc0e70$94ea055b at Sheila>,bayes=0.999999999587505,autolearn=spam
Nov  6 12:13:00 host0 pop3d:
Nov  6 12:13:00 host0 spamd[16453]: prefork: child states: BBIII
Nov  6 12:13:00 host0 spamd[16453]: prefork: child states: BBIIK
Nov  6 12:13:00 host0 spamd[16453]: spamd: handled cleanup of child pid 
13913 due to SIGCHLD
Nov  6 12:13:00 host0 spamd[16453]: prefork: select returned error on 
server filehandle:
Nov  6 12:13:00 host0 pop3d:
Nov  6 12:13:00 host0 pop3d:
Nov  6 12:13:00 host0 relaylock: /var/qmail/bin/relaylock: mail from 
200.161.200.35:3531 (200-161-200-35.speedyterra.com.br)
Nov  6 12:13:01 host0 relaylock: /var/qmail/bin/relaylock: mail from 
67.214.161.46:37811 (maisie.idellkeppersservers.net)
Nov  6 12:13:01 host0 qmail: 1194369181.671019 starting delivery 
1850899: msg 2212960 to local 11-xxxxxxxx at xxxxxxxx.com
Nov  6 12:13:01 host0 qmail: 1194369181.671137 status: local 7/200 
remote 6/200
Nov  6 12:13:01 host0 qmail: 1194369181.682275 starting delivery 
1850900: msg 2213349 to remote ln98k5 at rro.net
Nov  6 12:13:01 host0 qmail: 1194369181.682375 status: local 7/200 
remote 7/200
Nov  6 12:13:01 host0 qmail: 1194369181.682610 new msg 2213008
Nov  6 12:13:01 host0 qmail: 1194369181.682721 info msg 2213008: bytes 
1190 from <odomfv at cma-cgm.com> qp 14282 uid 2020
Nov  6 12:13:01 host0 relaylock: /var/qmail/bin/relaylock: mail from 
209.60.128.10:4741 (mail.kennedycovington.com)
Nov  6 12:13:02 host0 spamd[2252]: spamd: result: Y  3 - BAYES_95 
scantime=4.2,size=1242,user=xxxxx at xxxxxxxx.com,uid=11
0,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<78328969415399.Q9Tk1bLRXi at doubleton>,bay
es=0.978712927883203,autolearn=no
Nov  6 12:13:02 host0 relaylock: /var/qmail/bin/relaylock: mail from 
69.15.66.166:45385 (mail.shakenbaby.com)
Nov  6 12:13:02 host0 relaylock: /var/qmail/bin/relaylock: mail from 
194.44.23.40:1275 (not defined)
Nov  6 12:13:02 host0 relaylock: /var/qmail/bin/relaylock: mail from 
194.44.23.40:1277 (not defined)
Nov  6 12:13:02 host0 spamd[16453]: prefork: child states: BIBI
Nov  6 12:13:02 host0 spamd[628]: spamd: result: Y 11 - 
FORGED_MUA_OIMO,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL
_JP_SURBL,URIBL_OB_SURBL 
scantime=8.2,size=3120,user=xxxxx at xxxxxxx.org,uid=110,required_score=4.0,rhost=localhost,raddr=1
27.0.0.1,rport=/tmp/spamd_full.sock,mid=<01c82065$0ed33e90$1d8a8dc9 at shmachinem>,autolearn=spam
Nov  6 12:13:02 host0 spamd[16453]: prefork: child states: IIBI
Nov  6 12:13:02 host0 spamd[16453]: prefork: child states: IIBK
Nov  6 12:13:02 host0 spamd[16453]: spamd: handled cleanup of child pid 
13892 due to SIGCHLD
Nov  6 12:13:02 host0 spamd[16453]: prefork: select returned error on 
server filehandle:
Nov  6 12:13:02 host0 qmail: 1194369182.259248 delivery 1850886: 
success: did_0+0+1/

More information about the Questions mailing list