logwatch reporting

Robert Moskowitz rgm at htt-consult.com
Fri Nov 21 13:48:45 UTC 2014


On 11/21/2014 04:13 AM, Tamsy wrote:
> Robert Moskowitz wrote on 20.11.2014 20:41:
>> I just launched a new mailserver that is using dovecot.  My previous 
>> mailserver used courier-mail.  I am expecting better things with this 
>> new server, but I was use to some login information in logwatch that 
>> I am not seeing now. For example I would get:
>>
>>
>>
>>  [IMAPd] Logout stats:
>>  ====================
>>                                     User | Logouts | Downloaded | 
>> Mbox Size
>>  --------------------------------------- | ------- | ---------- | 
>> ----------
>>                    user1 at htt-consult.com  |      55 |     219571 
>> |          0
>>                    user2 at htt-consult.com  |     285 |     221681 
>> |          0
>>               user3 at labs.htt-consult.com  |      32 |      15183 
>> |          0
>>  --------------------------------------------------------------------------- 
>>
>>                                                372 |     456435 
>> |          0
>>
>>
>>
>>  **Unmatched Entries**
>>     Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 
>> Time(s)
>>
>>  ---------------------- IMAP End -------------------------
>>
>>
>> --------------------- POP-3 Begin ------------------------
>>
>>
>>  [POP3] Logout stats (in MB):
>>  ============================
>>                                     User | Logouts | Downloaded | 
>> Mbox Size
>>  --------------------------------------- | ------- | ---------- | 
>> ----------
>>                    user1 at htt-consult.com  |      78 |       5.96 
>> |          0
>>                    user2 at communaljob.com  |     215 |       9.24 
>> |          0
>>                    user3 at htt-consult.com  |       1 |       7.47 
>> |          0
>>                    user4 at htt-consult.com  |       1 |       2.34 
>> |          0
>>                    user5 at htt-consult.com  |     301 |      31.08 
>> |          0
>>               user6 at labs.htt-consult.com  |     201 |       4.98 
>> |          0
>>  --------------------------------------------------------------------------- 
>>
>>                                                797 |      61.06 
>> |       0.00
>>
>>
>>
>>  **Unmatched Entries**
>>     Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s)
>>     Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s)
>>     Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s)
>>     LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s)
>>     LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s)
>>     LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
>> ....
>>     LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
>>     LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s)
>>     Maximum connection limit reached for ::ffff:172.245.45.20: 509 
>> Time(s)
>>
>>  ---------------------- POP-3 End -------------------------
>>
>>
>> Whereas dovecot is only reporting:
>>
>> --------------------- Dovecot Begin ------------------------
>>
>>
>>
>>  Dovecot disconnects:
>>     Inactivity: 1 Time(s)
>>     Logged out: 379 Time(s)
>>     no auth attempts: 5 Time(s)
>>     no reason: 1 Time(s)
>>     tried to use disabled plaintext auth: 1 Time(s)
>>
>>  **Unmatched Entries**
>>     dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s)
>>
>>  ---------------------- Dovecot End -------------------------
>>
>>
>> How can I get more detailed user activity reporting to logwatch?
>>
>> And why is connection to mysql under Unmatched Entries?
>
>
>
> What version of Logwatch is installed on the server and on which distro?
> We are using Logwatch here too and the summary for Dovecot is very 
> detailed; even more detailed compared to what you got with courier-mail.
>
I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its 
logwatch is:

logwatch-7.3.6-52.el6.noarch

Oh, and dovecot is:

dovecot-2.0.9-7.el6.armv5tel




More information about the dovecot mailing list