What's new in log file parsers? Anything better than pflogsumm?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

What's new in log file parsers? Anything better than pflogsumm?

Jim Rice
I'm looking for a postfix log file parser that can provide the number of
messages delivered,
broken down by sending domain, and per hour counts on a daily basis.

I have looked at pflogsumm, but it seems a bit dated, and isn't as flexible
as I had hoped.

Can someone suggest any alternatives?




--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: What's new in log file parsers? Anything better than pflogsumm?

Viktor Dukhovni
> On Mar 25, 2019, at 1:13 PM, Jim Rice <[hidden email]> wrote:
>
> I'm looking for a postfix log file parser that can provide the number of
> messages delivered,
> broken down by sending domain, and per hour counts on a daily basis.

Make sure you have a clear definition of "messages delivered"?  Is it
messages accepted, or envelopes sent?  A multi-recipient message can
split into multiple downstream "envelopes", each carrying a subset of
the (possibly rewritten) recipients.

Also, a single message might not be delivered in a short time interval,
recipients might be deferred, and delivered hours or days later.

For custom reporting, you might end up rolling your own.  For inspiration,
you can take a look at the "collate" Perl script bundled with recent
Postfix source releases (auxiliary/collate/collate.pl).

One thing that script does not address is maintaining state for messages
not yet fully processed across multiple log files as they roll over.  It
should not be too difficult to modify it to run non-stop and track log
file rollover, producing a stream of output.  Or to checkpoint state to
a file and and resume with that state with the next batch of logs.

--
        Viktor.