Having FC3 systems and utilizing Dovecot, I have come to rely on some of the information I get from the daily logwatch run. Logwatch, by default, doesn't properly recognize dovecot's information in the messages file, but it is easy to tweak. The patch below will give you some statistics regarding POP3 and IMAP usage. I believe I grabbed all of the differences in the unified diff below. If I missed anything, please post. :) -Rich --- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400 +++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400 @@ -20,7 +20,7 @@ # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (imapd|imapd-ssl) +*OnlyService = (imap-login|imapd|imapd-ssl) *RemoveHeaders = --- /etc/log.d/conf/services/pop3.conf 2005-04-15 14:51:22.795813799 -0400 +++ /etc/log.d/conf/services/pop3.conf 2005-04-15 15:07:00.837019392 -0400 @@ -15,12 +15,12 @@ Title = "POP-3" # Which logfile group... -LogFile = messages +LogFile = maillog # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (pop3d-ssl|pop3d|spop3d) +*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d) *RemoveHeaders = --- /etc/log.d/scripts/services/pop3 2005-04-15 15:15:28.727123168 -0400 +++ /etc/log.d/scripts/services/pop3 2005-04-15 15:03:47.402606350 -0400 @@ -58,6 +58,8 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $Login{$User}{$Host}++; } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { $DownloadedMessages{$User} += $Downloaded; $DownloadedMessagesSize{$User} += $DownloadSize; --- /etc/log.d/scripts/services/imapd 2005-04-15 15:15:20.742084824 -0400 +++ /etc/log.d/scripts/services/imapd 2005-04-15 15:04:39.868698875 -0400 @@ -43,6 +43,9 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $ConnectionNonSSL{$Host}++; + $Connection{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated user=(.*) host=(.*)$/ ) ) {
I get the following when doing a dry run: [steve@fawkes]~> patch --dry-run imapd imapd.patch patching file imapd patch: **** malformed patch at line 4: # Only give lines pertaining to courier... But, this is my first attempt to patch something, so maybe i'm doing it wrong? Steve On 4/15/05, Rich West <Rich.West@wesmo.com> wrote:
Having FC3 systems and utilizing Dovecot, I have come to rely on some of the information I get from the daily logwatch run.
Logwatch, by default, doesn't properly recognize dovecot's information in the messages file, but it is easy to tweak. The patch below will give you some statistics regarding POP3 and IMAP usage.
I believe I grabbed all of the differences in the unified diff below. If I missed anything, please post. :)
-Rich
--- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400 +++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400 @@ -20,7 +20,7 @@ # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (imapd|imapd-ssl) +*OnlyService = (imap-login|imapd|imapd-ssl)
*RemoveHeaders =
--- /etc/log.d/conf/services/pop3.conf 2005-04-15 14:51:22.795813799 -0400 +++ /etc/log.d/conf/services/pop3.conf 2005-04-15 15:07:00.837019392 -0400 @@ -15,12 +15,12 @@ Title = "POP-3"
# Which logfile group... -LogFile = messages +LogFile = maillog
# Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (pop3d-ssl|pop3d|spop3d) +*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d)
*RemoveHeaders =
--- /etc/log.d/scripts/services/pop3 2005-04-15 15:15:28.727123168 -0400 +++ /etc/log.d/scripts/services/pop3 2005-04-15 15:03:47.402606350 -0400 @@ -58,6 +58,8 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $Login{$User}{$Host}++; } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { $DownloadedMessages{$User} += $Downloaded; $DownloadedMessagesSize{$User} += $DownloadSize; --- /etc/log.d/scripts/services/imapd 2005-04-15 15:15:20.742084824 -0400 +++ /etc/log.d/scripts/services/imapd 2005-04-15 15:04:39.868698875 -0400 @@ -43,6 +43,9 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $ConnectionNonSSL{$Host}++; + $Connection{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated user=(.*) host=(.*)$/ ) ) {
Typically, you'd do: cd / patch --dry-run -p1 < /tmp/imapd.patch
As a note, I found that I had to update my /etc/log.d/logwatch.conf so that it the logging level was at 5 (Medium) in order to get the nicely formatted IMAP and POP output.
-Rich
I get the following when doing a dry run:
[steve@fawkes]~> patch --dry-run imapd imapd.patch patching file imapd patch: **** malformed patch at line 4: # Only give lines pertaining to courier...
But, this is my first attempt to patch something, so maybe i'm doing it wrong?
Steve
--On Friday, April 15, 2005 3:27 PM -0400 Rich West <Rich.West@wesmo.com> wrote:
Logwatch, by default, doesn't properly recognize dovecot's information in the messages file, but it is easy to tweak. The patch below will give you some statistics regarding POP3 and IMAP usage.
I believe I grabbed all of the differences in the unified diff below. If I missed anything, please post. :)
Did you send this to the logwatch-devel list? There's been a lot of development going on there recently.
<http://www2.list.logwatch.org:81/lists/listinfo/logwatch-devel>
participants (3)
-
Kenneth Porter
-
Rich West
-
Steven Joerger