grep in Postfix logfiles

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

grep in Postfix logfiles

rog7993
Hello,

I'm looking for a search tool to analyze Postfix logfiles. It should be
something like a multiline grep application which is able to show all
lines, which are related to one incoming mail. Mainly I want to search
for the sender and the recipient at the same time. E.g. something like that:

mailgrep "from=<local1@domain1>.*to=<local2@domain2>" /var/log/mail.log

I assume, that I'm not the first Postfix user with this requirement. But
I couldn't find a suitable tool. Does somebody know an adequate
application or do I have to write it for my own?

Ingo
Reply | Threaded
Open this post in threaded view
|

Re: grep in Postfix logfiles

Bill Cole-3
On 13 Jul 2018, at 13:39, [hidden email] wrote:

> Hello,
>
> I'm looking for a search tool to analyze Postfix logfiles. It should
> be something like a multiline grep application which is able to show
> all lines, which are related to one incoming mail. Mainly I want to
> search for the sender and the recipient at the same time. E.g.
> something like that:
>
> mailgrep "from=<local1@domain1>.*to=<local2@domain2>"
> /var/log/mail.log
>
> I assume, that I'm not the first Postfix user with this requirement.
> But I couldn't find a suitable tool. Does somebody know an adequate
> application or do I have to write it for my own?

If you haven't looked at the list of tools at
http://www.postfix.org/addon.html#logfile then you should start there.
The only one I've used is pflogsumm, but it isn't what you're looking
for.

I address this by having a milter I already use for other things
(MIMEDefang) log a suitable summary line for every message.
Reply | Threaded
Open this post in threaded view
|

Re: grep in Postfix logfiles

Noel Jones-2
In reply to this post by rog7993
On 7/13/2018 12:39 PM, [hidden email] wrote:

> Hello,
>
> I'm looking for a search tool to analyze Postfix logfiles. It should
> be something like a multiline grep application which is able to show
> all lines, which are related to one incoming mail. Mainly I want to
> search for the sender and the recipient at the same time. E.g.
> something like that:
>
> mailgrep "from=<local1@domain1>.*to=<local2@domain2>" /var/log/mail.log
>
> I assume, that I'm not the first Postfix user with this requirement.
> But I couldn't find a suitable tool. Does somebody know an adequate
> application or do I have to write it for my own?
>
> Ingo


Look at the collate.pl tool included with postfix source in the
./auxiliary directory.


Alternatives for next time:

Using the the header_checks INFO action will log the matching header
along with sender and recipient, making an easy grep target.
(Single-recipient mail only. Multi-recipient mail will log the
sender and the last recipient.)
http://www.postfix.org/header_checks.5.html

It should be pretty easy to convince the postfwd policy service to
log a line for each sender/recipient/QUEUEID.
http://www.postfix.org/SMTPD_POLICY_README.html
http://www.postfwd.org/



  -- Noel Jones