This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage on Unix - Question about logsearch

logsearch will return the information about a message as enters and exits the milter.

Our Help Desk would also like to see information about what happened to message after that. The only way I've found to do that is to do a grep of the message ID on the appropriate /var/log/maillog

Is there any way to have logsearch track that information as well?

Thanks,

Bob Shafer
University of Denve r

This thread was automatically locked due to age.

Parents

0 Codger over 13 years ago

The output from the raw logs and pmx-logsearch show only the information for the milter interaction:
MTA Incoming
2011-11-09 05:56:18 potato postfix/smtpd[25423]: D625F858145: client=localhost.localdomain[127.0.0.1]
2011-11-09 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>
2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: from=<pmx@du.edu>, size=2292, nrcpt=1 (queue active)
2011-11-09 05:56:18 potato postfix/smtp[25426]: D625F858145: to=<bshafer@du.edu>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.16, delays=0.1/0/0/0.06, dsn=2.0.0, status=sent (250 OK, sent 4EBA7872_12153_13078_1 E7160858147)
2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: removed
Message Log
2011-11-09T05:56:18 q=4EBA7872_12153_13078_1 f=<pmx@du.edu> t=<bshafer@du.edu> at=1, 28, text/plain s=?q?Test_through_potato pmx_action=keep, -, -, bshafer@du.edu, 870026533@du.edu vs fur=130.253.1.27 i Size=2292 r=localhost.localdomain tm=0.02 a=a/eom
MTA Outgoing
2011-11-09 05:56:18 potato postfix/smtpd[25427]: E7160858147: client=localhost.localdomain[127.0.0.1]
2011-11-09 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: from=<pmx@du.edu>, size=2515, nrcpt=1 (queue active)
2011-11-09 05:56:18 potato postfix/local[25428]: E7160858147: to=<bshafer@du.edu>, relay=local, delay=0.05, delays=0.04/0/0/0, dsn=2.0.0, status=sent (forwarded as F2345858145)
2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: removed
Doing a grep on the message ID shows the final action:
$ grep 4EBA71DB.5060100@quillweb.com /var/log/maillog
Nov 9 05:28:50 potato postfix/cleanup[24351]: 1B2CE858145: message-id=<4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: F2345858145: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:19 potato postfix/smtp[25429]: F2345858145: to=<bshafer@uts.du.edu>, orig_to=<bshafer@du.edu>, relay=splitter.du.edu[130.253.1.204]:25, delay=0.13, delays=0/0/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0 <12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com> Queued mail for delivery)
$
We'd like to see both.
Bob
:18701
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Codger over 13 years ago

The output from the raw logs and pmx-logsearch show only the information for the milter interaction:
MTA Incoming
2011-11-09 05:56:18 potato postfix/smtpd[25423]: D625F858145: client=localhost.localdomain[127.0.0.1]
2011-11-09 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>
2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: from=<pmx@du.edu>, size=2292, nrcpt=1 (queue active)
2011-11-09 05:56:18 potato postfix/smtp[25426]: D625F858145: to=<bshafer@du.edu>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.16, delays=0.1/0/0/0.06, dsn=2.0.0, status=sent (250 OK, sent 4EBA7872_12153_13078_1 E7160858147)
2011-11-09 05:56:18 potato postfix/qmgr[7999]: D625F858145: removed
Message Log
2011-11-09T05:56:18 q=4EBA7872_12153_13078_1 f=<pmx@du.edu> t=<bshafer@du.edu> at=1, 28, text/plain s=?q?Test_through_potato pmx_action=keep, -, -, bshafer@du.edu, 870026533@du.edu vs fur=130.253.1.27 i Size=2292 r=localhost.localdomain tm=0.02 a=a/eom
MTA Outgoing
2011-11-09 05:56:18 potato postfix/smtpd[25427]: E7160858147: client=localhost.localdomain[127.0.0.1]
2011-11-09 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: from=<pmx@du.edu>, size=2515, nrcpt=1 (queue active)
2011-11-09 05:56:18 potato postfix/local[25428]: E7160858147: to=<bshafer@du.edu>, relay=local, delay=0.05, delays=0.04/0/0/0, dsn=2.0.0, status=sent (forwarded as F2345858145)
2011-11-09 05:56:18 potato postfix/qmgr[7999]: E7160858147: removed
Doing a grep on the message ID shows the final action:
$ grep 4EBA71DB.5060100@quillweb.com /var/log/maillog
Nov 9 05:28:50 potato postfix/cleanup[24351]: 1B2CE858145: message-id=<4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: D625F858145: message-id=<4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: E7160858147: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:18 potato postfix/cleanup[25425]: F2345858145: message-id=<12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com>
Nov 9 05:56:19 potato postfix/smtp[25429]: F2345858145: to=<bshafer@uts.du.edu>, orig_to=<bshafer@du.edu>, relay=splitter.du.edu[130.253.1.204]:25, delay=0.13, delays=0/0/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0 <12153_1320843378_4EBA7872_12153_13078_1_4EBA71DB.5060100@quillweb.com> Queued mail for delivery)
$
We'd like to see both.
Bob
:18701
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data