[LogReport Questions] Qmail Log Format

Joost van Baal joostvb at logreport.org
Tue Nov 20 01:17:06 CET 2007 

Hi,

Op Wed  7 Nov 2007 om 06:31:09 -0500 schreef Art Mandler:
> Hi Folks - Trying to use lire with my qmail logs (generated by Plesk 
> implementation of qmail).  the command
> # lr_log2report qmail maillog
> results in a report with no content (0's for everything).  I suspect I 
> need a different dlf to parse my log.  Following is a sanitized sample 
> of my maillog content.  Any assistance would be much appreciated.
> 
> Art Mandler
> Asheville, NC
> 
> root at host0:/opt/psa/var/log# less maillog
> Nov  6 12:12:59 host0 pop3d:
> Nov  6 12:12:59 host0 pop3d: LOGIN, user=xxxx, ip=[xxx.147.222.211]
> Nov  6 12:12:59 host0 pop3d: LOGIN, user=xxxx.keen, ip=[xxx.147.222.211]
> Nov  6 12:12:59 host0 pop3d: Connection, ip=[xxxx.211.138.254]
> Nov  6 12:12:59 host0 pop3d: IMAP connect from @ [xxxx.211.138.254]INFO: 
> LOGIN, user=business, ip=[204.211.138.254]
> Nov  6 12:12:59 host0 pop3d:
> Nov  6 12:13:00 host0 pop3d:
> Nov  6 12:13:00 host0 relaylock: /var/qmail/bin/relaylock: mail from 
> 80.94.95.17:2230 (plejed17.desumetrestle.net)
> Nov  6 12:13:00 host0 spamd[13913]: spamd: result: Y 23 - 
> BAYES_99,DATE_IN_PAST_12_24,HELO_DYNAMIC_DIALIN,HTML_40_50,HTML_MES
> SAGE,MIME_BOUND_NEXTPART,RCVD_IN_SORBS_DUL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL 
> scantime=6.1,size=3919
> ,user=xxxxxxxxxx at xxxxxxxx.com,uid=110,required_score=7.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<
> 4c7f01c81fcf$f5dc0e70$94ea055b at Sheila>,bayes=0.999999999587505,autolearn=spam
> Nov  6 12:13:00 host0 pop3d:
> Nov  6 12:13:00 host0 spamd[16453]: prefork: child states: BBIII
> Nov  6 12:13:00 host0 spamd[16453]: prefork: child states: BBIIK
> Nov  6 12:13:00 host0 spamd[16453]: spamd: handled cleanup of child pid 
> 13913 due to SIGCHLD
> Nov  6 12:13:00 host0 spamd[16453]: prefork: select returned error on 
> server filehandle:
> Nov  6 12:13:00 host0 pop3d:
> Nov  6 12:13:00 host0 pop3d:
> Nov  6 12:13:00 host0 relaylock: /var/qmail/bin/relaylock: mail from 
> 200.161.200.35:3531 (200-161-200-35.speedyterra.com.br)
> Nov  6 12:13:01 host0 relaylock: /var/qmail/bin/relaylock: mail from 
> 67.214.161.46:37811 (maisie.idellkeppersservers.net)
> Nov  6 12:13:01 host0 qmail: 1194369181.671019 starting delivery 
> 1850899: msg 2212960 to local 11-xxxxxxxx at xxxxxxxx.com
> Nov  6 12:13:01 host0 qmail: 1194369181.671137 status: local 7/200 
> remote 6/200
> Nov  6 12:13:01 host0 qmail: 1194369181.682275 starting delivery 
> 1850900: msg 2213349 to remote ln98k5 at rro.net
> Nov  6 12:13:01 host0 qmail: 1194369181.682375 status: local 7/200 
> remote 7/200
> Nov  6 12:13:01 host0 qmail: 1194369181.682610 new msg 2213008
> Nov  6 12:13:01 host0 qmail: 1194369181.682721 info msg 2213008: bytes 
> 1190 from <odomfv at cma-cgm.com> qp 14282 uid 2020
<snip>

Running

 lr_desyslog qmail < /opt/psa/var/log/maillog | lr_log2report qmail

should do the trick.  See qmail2dlf(1).

Bye,

Joost

-- 
.    .                           Log Analysis and Report Generation
| '.|        /^LogReport$/
| Lire                                    http://www.logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20071120/a204aa04/attachment.bin

More information about the Questions mailing list