-
Notifications
You must be signed in to change notification settings - Fork 75
When zero logging plugins are configured, logs are directed to STDERR. This is the 'default' logging and logs are piped to multilog and stored in log/main/current.
When more than zero logging plugins are enabled, builtin logging is disabled and logs are sent to every logging plugin configured in config/plugins.
The easiest way is with the log watching script:
~smtpd/log/watch
The log watch script is comparable to the last tail command shown below. The log files will produce output that looks like the sample qpsmtpd log entries.
tail -F ~smtpd/log/main/current
tail -F ~smtpd/log/main/current | tai64nlocal
tail -F ~smtpd/log/main/current | cut -d' ' -f2-3
The first invocation just watches the current file. The second converts the tai timestamps to human readable form. The last strips the dates from the output.
When the logs are scrolling by faster than you can make sense of them, open up a new terminal window, stretch it all the way across your screen, and run this script:
~smtpd/log/summarize
Each connection is a single row, and every plugin you have enabled will be represented in a column. The output has several symbols with special meaning:
- o passed the test
- x failed the test
- ! an error occurred
- - tests skipped (authentication, relay permission, naughty, etc)
This can be done by adding the following lines to config/plugins:
logging/syslog loglevel LOGERROR
logging/warn LOGINFO
The warn logging plugin replicates the builtin logging, directing log messages to STDERR. The syslog plugin directs errors to syslog where standard monitoring tools can pick them up and act on them.
With these settings, errors will still get sent to STDERR as well. Use your favorite monitoring tool (Nagios, Splunk, Puppet, etc) to filter those errors up to you.
In the meantime, have a look at ~smtpd/log/log2sql. It parses the log files and inserts the log entries into a SQL database.