Including the service name in logging

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Including the service name in logging

Wietse Venema
This weekend I added a service_name feature that is documented
as follows:

[begin quote]
service_name (read-only)

    The master.cf service name of a Postfix daemon process. This
    can be used to distinguish the logging from different services
    that use the same program name.

    Example master.cf entries:

    # Distinguish inbound MTA logging from submission and smtps logging.
    smtp      inet  n       -       n       -       -       smtpd
    submission inet n       -       n       -       -       smtpd
        -o syslog_name=postfix/$service_name
    smtps     inet  n       -       n       -       -       smtpd
        -o syslog_name=postfix/$service_name

But there are more Postfix services that could benefit from having
the service name in the logging:

- The "relay" and "scan" service, which currently log as "postfix/smtp"
  because they use the same program as the default Postfix SMTP client.

- The "retry" service, which currently logs as "postfix/error"
  because it uses the same program as the "error" service.

- Any time when someone adds an extra service instance (maybe an
  SMTP server on a special port or IP address), the same potential
  for logging confusion will exist when they don't explicitly also
  add a syslog_name override.

Now, we could avoid the need for explicit syslog_name settings if
the Postfix daemons were to automatically log the service name in
such cases.

What about:

* Postfix daemons log postfix/program if master.cf service name
  and program name are equal.

  Examples: postfix/smtp, postfix/local, postfix/qmgr, postfix/error

* Postfix daemons log postfix/service/program if master.cf service
  name and program name differ.

  Examples: postfix/smtp/smtpd, postfix/submission/smtpd,
  postfix/smtps/smtpd, postfix/relay/smtp, postfix/scan/smtp,
  postfix/retry/error

On the plus side, Postfix support would be easier if Postfix daemons
automaticlly had unambiguous logging.

On the negative side it would add non-obvious behavior, and possibly
break compatibility with logfile analyzers that expect "postfix/smtpd"
instead of "postfix/smtp/smtpd".

All this should be possible by changing the syslog_name default
into some ungodly mess of curly braces which I won't present here.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Including the service name in logging

Bill Shirley
More information = more betterĀ  :-)

This should give the fail2ban users/developers something to do.

Thanks,
Bill

On 1/14/2018 2:08 PM, Wietse Venema wrote:

> This weekend I added a service_name feature that is documented
> as follows:
>
> [begin quote]
> service_name (read-only)
>
>      The master.cf service name of a Postfix daemon process. This
>      can be used to distinguish the logging from different services
>      that use the same program name.
>
>      Example master.cf entries:
>
>      # Distinguish inbound MTA logging from submission and smtps logging.
>      smtp      inet  n       -       n       -       -       smtpd
>      submission inet n       -       n       -       -       smtpd
> -o syslog_name=postfix/$service_name
>      smtps     inet  n       -       n       -       -       smtpd
> -o syslog_name=postfix/$service_name
>
> But there are more Postfix services that could benefit from having
> the service name in the logging:
>
> - The "relay" and "scan" service, which currently log as "postfix/smtp"
>    because they use the same program as the default Postfix SMTP client.
>
> - The "retry" service, which currently logs as "postfix/error"
>    because it uses the same program as the "error" service.
>
> - Any time when someone adds an extra service instance (maybe an
>    SMTP server on a special port or IP address), the same potential
>    for logging confusion will exist when they don't explicitly also
>    add a syslog_name override.
>
> Now, we could avoid the need for explicit syslog_name settings if
> the Postfix daemons were to automatically log the service name in
> such cases.
>
> What about:
>
> * Postfix daemons log postfix/program if master.cf service name
>    and program name are equal.
>
>    Examples: postfix/smtp, postfix/local, postfix/qmgr, postfix/error
>
> * Postfix daemons log postfix/service/program if master.cf service
>    name and program name differ.
>
>    Examples: postfix/smtp/smtpd, postfix/submission/smtpd,
>    postfix/smtps/smtpd, postfix/relay/smtp, postfix/scan/smtp,
>    postfix/retry/error
>
> On the plus side, Postfix support would be easier if Postfix daemons
> automaticlly had unambiguous logging.
>
> On the negative side it would add non-obvious behavior, and possibly
> break compatibility with logfile analyzers that expect "postfix/smtpd"
> instead of "postfix/smtp/smtpd".
>
> All this should be possible by changing the syslog_name default
> into some ungodly mess of curly braces which I won't present here.
>
> Wietse