Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 10344 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage on Unix - Question about logsearch

Codger

logsearch will return the information about a message as enters and exits the milter.


Our Help Desk would also like to see information about what happened to message after that.  The only way I've found to do that is to do a grep of the message ID on the appropriate /var/log/maillog

 
Is there any way to have logsearch track that information as well?

Thanks,

Bob Shafer
University of Denve r

:18689


This thread was automatically locked due to age.
  • 0

    Bob,

    There is two possible options that you can do.  I assume that the Help Desk is issuing the groups interface to do logsearch.  If they are, then the complete message action will be in the details of the log entry if clicked on (subject line) in the search results.  The other option is to do a pmx-logsearch from the command-line with the fetchkey to obtain the same results that the UI displays.

    The message details pop-up in the groups ui has a tab called raw logs, this will show all the information that is recorded in the maillog and the message_log traced pre and post milter.

    -Jason

    :18699
  • 0
    The output from the raw logs and pmx-logsearch show only the information for the milter interaction:
    MTA Incoming

    2011-11-09 05:56:18 potato postfix/smtpd[25423]: D625F858145: client=localhost.localdomain[127.0.0.1]

    2011-11-09 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>

    2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: from=<pmx@du.edu>, size=2292, nrcpt=1 (queue active)

    2011-11-09 05:56:18 potato postfix/smtp[25426]: D625F858145: to=<bshafer@du.edu>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.16, delays=0.1/0/0/0.06, dsn=2.0.0, status=sent (250 OK, sent 4EBA7872_12153_13078_1 E7160858147)

    2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: removed

    Message Log

    2011-11-09T05:56:18 q=4EBA7872_12153_13078_1 f=<pmx@du.edu> t=<bshafer@du.edu> at=1, 28, text/plain s=?q?Test_through_potato pmx_action=keep, -, -, bshafer@du.edu, 870026533@du.edu vs fur=130.253.1.27 i Size=2292 r=localhost.localdomain tm=0.02 a=a/eom

    MTA Outgoing

    2011-11-09 05:56:18 potato postfix/smtpd[25427]: E7160858147: client=localhost.localdomain[127.0.0.1]

    2011-11-09 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>

    2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: from=<pmx@du.edu>, size=2515, nrcpt=1 (queue active)

    2011-11-09 05:56:18 potato postfix/local[25428]: E7160858147: to=<bshafer@du.edu>, relay=local, delay=0.05, delays=0.04/0/0/0, dsn=2.0.0, status=sent (forwarded as F2345858145)

    2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: removed

    Doing a grep on the message ID shows the final action:

    $ grep 4EBA71DB.5060100@quillweb.com /var/log/maillog
    Nov  9 05:28:50 potato postfix/cleanup[24351]: 1B2CE858145: message-id=<4EBA71DB.5060100@quillweb.com>
    Nov  9 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>
    Nov  9 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
    Nov  9 05:56:18 potato postfix/cleanup[25425]: F2345858145: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
    Nov  9 05:56:19 potato postfix/smtp[25429]: F2345858145: to=<bshafer@uts.du.edu>, orig_to=<bshafer@du.edu>, relay=splitter.du.edu[130.253.1.204]:25, delay=0.13, delays=0/0/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0 <12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com> Queued mail for delivery)
    $

    We'd like to see both.

    Bob

    :18701
  • 0

    Hi Bob,

    I understand what is missing, can you send in a feature request to our support team so that they can file that with product management.

    Thanks

    -Jason

    :18835
Unfiltered HTML