[Dovecot] how to handle logging
Hello,
I plan a migration to dovecot and have concerns about the amount of logged data. On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions.
The current server log to STDOUT which is connected to multilog (circular buffer, http://cr.yp.to/daemontools/multilog.html) That way I can have a look at the last activities to any time.
I like to have that in dovecot too. But since dovecot uses syslog it's not possible to adopt 1:1
Any ideas? Thanks
-- Andreas Schulze Internetdienste | P252
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On 14/10/2013 12:41, Andreas Schulze wrote:
Hello,
I plan a migration to dovecot and have concerns about the amount of logged data. On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions.
The current server log to STDOUT which is connected to multilog (circular buffer, http://cr.yp.to/daemontools/multilog.html) That way I can have a look at the last activities to any time.
I like to have that in dovecot too. But since dovecot uses syslog it's not possible to adopt 1:1
Any ideas? Thanks
What's wrong with good old sysslog, or why don't you use Splunk or some other proper grown-up logging tool ? Relying on STDOUT sounds like a recipe for disaster.
Am 14.10.2013 12:45 schrieb Ben:
The current server log to STDOUT which is connected to multilog (circular buffer, http://cr.yp.to/daemontools/multilog.html) That way I can have a look at the last activities to any time.
What's wrong with good old sysslog, or why don't you use Splunk or some other proper grown-up logging tool ? Relying on STDOUT sounds like a recipe for disaster.
writing >1 TB per day sounds not wise. At least not if I mostly will not read it. The interesting part is allways at the end...
-- Andreas Schulze Internetdienste | P252
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
Hi,
writing >1 TB per day sounds not wise.
Use syslog-ng or similar to define log destinations to STDOUT / STDIN like multilog and omitting the "write to disk" part.
E.g., using syslog-ng with the MongoDB target and a capped collection enables a similar circular buffer with the search techniques of MongoDB.
Best,
Anton
--
ADIT Systems Anton Dollmaier, M.Sc. Im Moos 22 84323 Massing Telefon: +49-8724-3949990 (Mo-Sa, 10:00-20:00 Uhr, dt. Festnetz) Telefax: +49-8724-3949999
Umsatzsteuer-ID: DE221493781
Twitter: http://twitter.com/ADITSystems Blog: http://blog.aditsystems.de/ Facebook: http://www.facebook.com/ADITSystems
KundenCenter: https://kunden.aditsystems.de/kc/ Wiki: https://kunden.aditsystems.de/wiki/
Am 14.10.2013 13:57 schrieb Anton Dollmaier:
Use syslog-ng or similar to define log destinations to STDOUT / STDIN like multilog and omitting the "write to disk" part. solved by changing syslog-ng.conf:
- destination pop3 { file("/path/to/pop3.log"); };"
- destination pop3 { program("multilog t /path/to/logdir"); };
Thanks for the pointer to syslog-ng configuration :-)
-- Andreas Schulze Internetdienste | P252
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On Mon Oct 14 13:41:40 2013, Andreas Schulze wrote:
I plan a migration to dovecot and have concerns about the amount of logged data. On a testsystem dovecot produced 1TB syslog per day with a comparable amount of pop3 sessions.
The current server log to STDOUT which is connected to multilog (circular buffer, http://cr.yp.to/daemontools/multilog.html) That way I can have a look at the last activities to any time.
I like to have that in dovecot too. But since dovecot uses syslog it's not possible to adopt 1:1
I'm a bit late, but what's wrong with
log_path = /dev/stderr
We have been using multilog for dovecot for a long time. One problem, though: delivery logs will probably land somewhere else than server logs.
Yours Jost Krieger
| Jost.Krieger+sig@ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machine at RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere. | | Lao Tse, Tao Te King 81 |
participants (4)
-
Andreas Schulze
-
Anton Dollmaier
-
Ben
-
Jost Krieger