[dovecot] Re: Logging suggestions?

Thu Jan 9 00:54:49 EET 2003

On Wed, 2003-01-08 at 19:50, David Champion wrote:
> I like things that are easy to parse with shell and awk scripts. E.g.:
> 
> Login: username 1.2.3.4:1025 5.6.7.8:143 imaps,compressed
> Logout: username 1.2.3.4:1025 5.6.7.8:143 imaps,compressed in:1000 out:1000000 [whatever SSL summary data is available]
> 
> I like seeing both the source and destination sockaddrs. (Why not run
> two instances on different interfaces?) In fact, I like seeing both
> hostname and ip address, and an indicator if a reverse map doesn't
> match, but that's probably just me.

Hmm. I'm not sure about the destination address. Destination port would
be useful, but I don't personally care about seeing the address.
Probably not worth doing it optionally either. Guess I'd add it then.

DNS lookups then .. Not by default, and rather not with having to
distribute some DNS library. I don't see any simple way to do that. Also
only IPv6 capable async DNS library I know of is patched libadns.

> It would also
> be nice for perf. anal. to know how much I/O to storage (disk) was
> performed by the imap process, but I don't imagine those figures are
> presently available anyway.

Not very easily, especially about the indexes since they're just
mmap()ed and accessed randomly. Reading the mailbox files is more
possible, but probably not worth the trouble. Maybe that could be done
in OS-level by some existing patch?

> That's just an illustration; it doesn't matter to me whether it's like
> that particularly. I just want to show what I mean by ease of parsing
> -- whitespace-separated fields, well-known field values, related flags
> and such compounded within fields. The whole line structure should be
> well-known and not require perl or sscanf()s or such; scripts should be
> able to extract a lot of data from these quickly.

Yes, agreed. I just tend to forget this :)

> > I think the only configuration needed would be if to log login, logout
> > or both.
> 
> That's generous. :) I'd always want both, and can't imagine not wanting
> both, but I suppose some might prefer less.

I don't care about the I/O or time used in those small systems that I
use. Login might not be very useful to others who only wish to see the
stats, not who has most recently logged in. Of course disabling logins
could hide some of them if the process crashes.

> I actually wouldn't mind seeing more optional logs -- for example,
> logout-like summaries for folder accesses (when users change folders).
> This can help in balancing storage devices when folders can reside on
> multiple devices.
> 
> In an ideal world, everything would be loggable, but not everything
> would be logged.

Want to give a larger list that you'd think would be useful to log? I
can't think of many user actions that'd be worth logging. There's
already rawlog for logging _everything_ :)