logwatch reporting
Robert Moskowitz
rgm at htt-consult.com
Fri Nov 21 13:48:45 UTC 2014
On 11/21/2014 04:13 AM, Tamsy wrote:
> Robert Moskowitz wrote on 20.11.2014 20:41:
>> I just launched a new mailserver that is using dovecot. My previous
>> mailserver used courier-mail. I am expecting better things with this
>> new server, but I was use to some login information in logwatch that
>> I am not seeing now. For example I would get:
>>
>>
>>
>> [IMAPd] Logout stats:
>> ====================
>> User | Logouts | Downloaded |
>> Mbox Size
>> --------------------------------------- | ------- | ---------- |
>> ----------
>> user1 at htt-consult.com | 55 | 219571
>> | 0
>> user2 at htt-consult.com | 285 | 221681
>> | 0
>> user3 at labs.htt-consult.com | 32 | 15183
>> | 0
>> ---------------------------------------------------------------------------
>>
>> 372 | 456435
>> | 0
>>
>>
>>
>> **Unmatched Entries**
>> Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2
>> Time(s)
>>
>> ---------------------- IMAP End -------------------------
>>
>>
>> --------------------- POP-3 Begin ------------------------
>>
>>
>> [POP3] Logout stats (in MB):
>> ============================
>> User | Logouts | Downloaded |
>> Mbox Size
>> --------------------------------------- | ------- | ---------- |
>> ----------
>> user1 at htt-consult.com | 78 | 5.96
>> | 0
>> user2 at communaljob.com | 215 | 9.24
>> | 0
>> user3 at htt-consult.com | 1 | 7.47
>> | 0
>> user4 at htt-consult.com | 1 | 2.34
>> | 0
>> user5 at htt-consult.com | 301 | 31.08
>> | 0
>> user6 at labs.htt-consult.com | 201 | 4.98
>> | 0
>> ---------------------------------------------------------------------------
>>
>> 797 | 61.06
>> | 0.00
>>
>>
>>
>> **Unmatched Entries**
>> Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s)
>> Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s)
>> Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s)
>> LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s)
>> LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s)
>> LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
>> ....
>> LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
>> LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s)
>> Maximum connection limit reached for ::ffff:172.245.45.20: 509
>> Time(s)
>>
>> ---------------------- POP-3 End -------------------------
>>
>>
>> Whereas dovecot is only reporting:
>>
>> --------------------- Dovecot Begin ------------------------
>>
>>
>>
>> Dovecot disconnects:
>> Inactivity: 1 Time(s)
>> Logged out: 379 Time(s)
>> no auth attempts: 5 Time(s)
>> no reason: 1 Time(s)
>> tried to use disabled plaintext auth: 1 Time(s)
>>
>> **Unmatched Entries**
>> dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s)
>>
>> ---------------------- Dovecot End -------------------------
>>
>>
>> How can I get more detailed user activity reporting to logwatch?
>>
>> And why is connection to mysql under Unmatched Entries?
>
>
>
> What version of Logwatch is installed on the server and on which distro?
> We are using Logwatch here too and the summary for Dovecot is very
> detailed; even more detailed compared to what you got with courier-mail.
>
I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its
logwatch is:
logwatch-7.3.6-52.el6.noarch
Oh, and dovecot is:
dovecot-2.0.9-7.el6.armv5tel
More information about the dovecot
mailing list