logwatch reporting

Robert Moskowitz rgm at htt-consult.com
Thu Nov 20 13:41:30 UTC 2014 

I just launched a new mailserver that is using dovecot.  My previous 
mailserver used courier-mail.  I am expecting better things with this 
new server, but I was use to some login information in logwatch that I 
am not seeing now.  For example I would get:


  
  [IMAPd] Logout stats:
  ====================
                                     User | Logouts | Downloaded |  Mbox Size
  --------------------------------------- | ------- | ---------- | ----------
                    user1 at htt-consult.com  |      55 |     219571 |          0
                    user2 at htt-consult.com  |     285 |     221681 |          0
               user3 at labs.htt-consult.com  |      32 |      15183 |          0
  ---------------------------------------------------------------------------
                                                372 |     456435 |          0
  
  
  
  **Unmatched Entries**
     Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 Time(s)
  
  ---------------------- IMAP End -------------------------


--------------------- POP-3 Begin ------------------------

  
  [POP3] Logout stats (in MB):
  ============================
                                     User | Logouts | Downloaded |  Mbox Size
  --------------------------------------- | ------- | ---------- | ----------
                    user1 at htt-consult.com  |      78 |       5.96 |          0
                    user2 at communaljob.com  |     215 |       9.24 |          0
                    user3 at htt-consult.com  |       1 |       7.47 |          0
                    user4 at htt-consult.com  |       1 |       2.34 |          0
                    user5 at htt-consult.com  |     301 |      31.08 |          0
               user6 at labs.htt-consult.com  |     201 |       4.98 |          0
  ---------------------------------------------------------------------------
                                                797 |      61.06 |       0.00
  
  
  
  **Unmatched Entries**
     Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s)
     Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s)
     Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s)
     LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s)
     LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s)
     LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
....
     LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
     LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s)
     Maximum connection limit reached for ::ffff:172.245.45.20: 509 Time(s)
  
  ---------------------- POP-3 End -------------------------


Whereas dovecot is only reporting:

--------------------- Dovecot Begin ------------------------

  
  
  Dovecot disconnects:
     Inactivity: 1 Time(s)
     Logged out: 379 Time(s)
     no auth attempts: 5 Time(s)
     no reason: 1 Time(s)
     tried to use disabled plaintext auth: 1 Time(s)
  
  **Unmatched Entries**
     dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s)
  
  ---------------------- Dovecot End -------------------------


How can I get more detailed user activity reporting to logwatch?

And why is connection to mysql under Unmatched Entries?

More information about the dovecot mailing list