Re: Use different log files

16 May 2022 · *.*


      Robert's answer is a valid approach pending the size of your server
networks etc.
on another note (because i run multiple servers etc)
I run a common syslog file across all servers which is what you appear
to have now.
from there i like everything in one syslog because i am usually looking
for something relative to a user which can occur anywhere. (imap, smtp,
pop3, ssl etc)
that being said i wrote bash scripts that do stuff like
cat /var/log/syslog.log | grep $1
this allows everything from ALL servers going into one file for
simplicity and then it gets seperated out when you go looking for something.
note that syslog can be programmed to divert to other servers in syslog.conf
## cat /etc/syslog.conf
*.* /var/log/all.log
*.* @10.228.0.6
10.228.0.6 is my central internal syslog capture server and all of my
servers, routers, devices etc point to that and i go from there.
if you are having auth issues etc between dovecot & postfix this will
show you everything related to a user, ip address etc.
Again its just a suggestion ... Logging is always relative to network
setup more then anything else and situations vary easily.
I expanded this concept eventually into a database driven logger system
in django, it is probably overkill for you but i am running 20+ servers
and at the end of the day it was just easier to centralize it.
so
ssh 10.220.0.6 -q -tt /usr/home/syslog/log $1 $2 $3 $4 $5 $6 $7 $8 $9
or more spoecifically
log -t paul@hiscomputer.ca (-t was for today's date)
would give me all activity for my accounts

mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976186) [14475]
Header info data: 'hiscomputer.ca@em1.dereksloan.ca',
['paul@hiscomputer.ca'] ((While
Handling File :
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976190) [14475]
rSPF set : Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-
ip=167.89.21.76;
helo=o24.email.nationbuilder.com; envelope-from=bounces+14632821-e4fc-
paul=hiscomputer.ca@em1.dereksloan.ca; receiver=paul@hiscomputer.ca \n
((While Handling File :
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976198) [14475]
Checking for Spam SPF Conditions in rSPF : Received-SPF: Pass (sender
SPF authorized)
identity=mailfrom;
client-ip=167.89.21.76; helo=o24.email.nationbuilder.com; envelope-
from=bounces+14632821-e4fc-paul=hiscomputer.ca@em1.dereksloan.ca;
receiver=paul@hiscomputer.ca \n ((While
Handling File :
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976200) [14475]
processing TO: paul@hiscomputer.ca ((While Handling File :
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976201) [14475]
Checking if user paul@hiscomputer.ca has a mailbox ((While Handling File :
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:26 {smtphandler.py} [14475] (996976202) [14475]
SELECT * FROM email_users WHERE source = $$paul@hiscomputer.ca$$ ((While
Handling File
:
/usr/home/postfix/tmp/936692CC6F0))
mail19      05-16 07:03:28 {MailScanner}    [11525] (996976259) Delivery
of nonspam: message 936692CC6F0.AF475 from bounces+14632821-e4fc-
paul=hiscomputer.ca@em1.dereksloan.ca to paul@hiscomputer.ca with
subject WHO take over!
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976373) [14487]
Header info data: 'hiscomputer.ca@em1.dereksloan.ca',
['paul@hiscomputer.ca'] ((While
Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976377) [14487]
rSPF set : Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-
ip=167.89.21.76;
helo=o24.email.nationbuilder.com; envelope-from=bounces+14632821-e4fc-
paul=hiscomputer.ca@em1.dereksloan.ca; receiver=paul@hiscomputer.ca \n
((While Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976385) [14487]
Checking for Spam SPF Conditions in rSPF : Received-SPF: Pass (sender
SPF authorized)
identity=mailfrom;
client-ip=167.89.21.76; helo=o24.email.nationbuilder.com; envelope-
from=bounces+14632821-e4fc-paul=hiscomputer.ca@em1.dereksloan.ca;
receiver=paul@hiscomputer.ca \n ((While
Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976387) [14487]
processing TO: paul@hiscomputer.ca ((While Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976388) [14487]
Checking if user paul@hiscomputer.ca has a mailbox ((While Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976389) [14487]
SELECT * FROM email_users WHERE source = $$paul@hiscomputer.ca$$ ((While
Handling File
:
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {smtphandler.py} [14487] (996976395) [14487]
Executing tmda : /usr/home/tmda/tmda/bin/rfilter -c paul@hiscomputer.ca -Z
paul@hiscomputer.ca
-Y "hiscomputer.ca@em1.dereksloan.ca" -X
/usr/home/postfix/tmp/75A082CC6FE.txt ((While
Handling File :
/usr/home/postfix/tmp/75A082CC6FE))
mail19      05-16 07:03:42 {tmda}           [14489] (996976399)   To:
paul@hiscomputer.ca
mail19      05-16 07:03:42 {tmda}           [14489] (996976404) Actn: OK
(from-file
/usr/home/tmda/users/paul@hiscomputer.ca/.tmda/lists/whitelist ok)(16751)
mail19      05-16 07:03:42 {dovecot}        [14512] (996976422)
lda(paul@hiscomputer.ca)<14512><Tj6hHo4vgmKwOAAA0dxyZQ>: sieve:
msgid=<62822f72a3ff3_3d1d125af5c60648@asgworker-qmb3-26.nbuild.prd.useast1.3dna.io.mail>:
stored mail into
mailbox 'INBOX'
mail19      05-16 07:03:42 {postfix.local}  [14511] (996976423) May 16
07:03:42 mail19 postfix/pipe[14511]: 5C7222CC701: to=<paul@hiscomputer.ca>,
relay=dovecot,
delay=0.22, delays=0.05/0.02/0/0.14, dsn=2.0.0, status=sent (delivered
via dovecot service)
mail19      05-16 07:23:15 {dovecot}        [88258] (996998697)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15310
mail19      05-16 07:23:26 {dovecot}        [88258] (996998740)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15312
mail19      05-16 07:23:34 {dovecot}        [88258] (996998862)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15316
mail19      05-16 07:25:03 {dovecot}        [88258] (997001016)
imap(paul@hiscomputer.ca)<15316><9yYOQR/fkOOsYYYY>: Disconnected: Logged
out in=178 out=4599
deleted=0
expunged=0 trashed=0 hdr_count=1 hdr_bytes=3112 body_count=0 body_bytes=0
mail19      05-16 07:25:03 {dovecot}        [88258] (997001017)
imap(paul@hiscomputer.ca)<15312><HtunQB/fj+OsYYYY>: Disconnected: Logged
out in=256 out=188246
deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=186678
mail19      05-16 07:25:04 {dovecot}        [88258] (997001025)
imap(paul@hiscomputer.ca)<15310><n2f5Px/fieOsYYYY>: Disconnected: Logged
out in=925 out=7369
deleted=0
expunged=0 trashed=0 hdr_count=1 hdr_bytes=388 body_count=0 body_bytes=0
mail19      05-16 07:38:00 {dovecot}        [88258] (997013528)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15769
mail19      05-16 07:38:00 {dovecot}        [88258] (997013529)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15770
mail19      05-16 07:38:01 {dovecot}        [88258] (997013536)
imap(paul@hiscomputer.ca)<15769><NNzNdB/foeOsYYYY>: Disconnected: Logged
out in=194 out=20374
deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=17324
mail19      05-16 07:38:01 {dovecot}        [88258] (997013537)
imap(paul@hiscomputer.ca)<15770><6+LNdB/foOOsYYYY>: Disconnected: Logged
out in=167 out=783
deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mail19      05-16 07:38:02 {dovecot}        [88258] (997013540)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.134.24,
lip=65.39.148.19,
mpid=15772
mail19      05-16 07:38:15 {dovecot}        [88258] (997013610)
imap(paul@hiscomputer.ca)<15772><NoLpdB/fpOOsYYYY>: Disconnected: Logged
out in=166 out=12321
deleted=0
expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=11147
mail18      05-16 07:41:51 {dovecot}        [51288] (997017656)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.231.82,
lip=65.39.148.18,
mpid=68491
mail18      05-16 07:41:57 {dovecot}        [51288] (997017684)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.231.82,
lip=65.39.148.18,
mpid=68496
mail18      05-16 07:41:57 {dovecot}        [51288] (997017685)
imap-login: Login: user=<paul@hiscomputer.ca>, method=PLAIN,
rip=172.97.231.82,
lip=65.39.148.18,
mpid=68497
peer1       05-16 07:49:25 {su}             [36623] (997022563) HISTORY:
PID=36623 UID=0 log -t paul@hiscomputer.ca
Displayed 350 Records
for example.
Happy Monday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
On 5/16/2022 5:58 AM, Cristiano Deana wrote:
...
Hi,
I have a mailserver with dovecot logging to syslog (by default, to
/var/log/maillog) and my MTA (postfix) is doing the same.
I use dovecot's services imap/pop3, auth and lmtp and now logs files are
hard to read because I havve all together MTA and these services.
Is it possibile to have different log with different services?
Example:
auth logging: /var/log/mail.auth
delivery: /var/log/mail.delivery and so on
Thank you

Re: Use different log files

Paul Kudla (SCOM.CA Internet Services Inc.)