On 2.6.2021 11.41, @lbutlr wrote:
On 02 Jun 2021, at 02:10, Plutocrat <plutocrat@gmail.com> wrote:
Its here if anyone can use it. Any suggestions for improvement welcome. Use at your own risk etc.
https://gist.github.com/plutocrat/8a2033923e14670dd13611fc0b51fc0f This looks good. My only comment is the script doesn't account for compressed logs.
LOG1="/var/log/dovecot.log.0.bz2" LOG2="/var/log/dovecot.log" bzcat $LOG1 | sed "0,/^$STARTTIME/d" > $TEMPFILE cat $LOG2 >> $TEMPFILE
Well, another comment, I think you meant these tow lines to read like this:
STARTDATE=$(head -n 1 $TEMPFILE | awk '{print $1 " " $2 " " $3 }') ENDDATE=$(tail -n 1 $TEMPFILE | awk '{print $1 " " $2 " " $3 }')
Though I don't think the awk is necessary, the first 15 characters of the first and last lines contain the info you want to display.
Of course, it would begetter to handle this all transparently, but … meh.
In case one happens to use dovecot v2.3.12+ you can do some of this with the new metrics (some of it works before that too, but 2.3.12+ all of below should work):
## puts events json formatted into dovecot log for easier parsing event_exporter log { transport = log format = json format_args = time-unix }
metric auth_failures { filter=event=auth_request_finished AND (NOT success=yes) exporter = log }
metric auth_successes { filter=event=auth_request_finished AND success=yes exporter = log }
## generates logins_service (as total of succeeded) ## generates logins_service_pop3, logins_service_imap etc. (for the first level) ## also generates logins_service_pop3_110, login_service_pop3_990 etc. (as the last level) metric logins_service { filter=event=auth_request_finished AND success=yes group_by=service port }