pflogsum per domain report

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

pflogsum per domain report

Scappatura Rocco
Hello,

I would like to get a report from pflogsum that summarize only statistic
for the domain 'domain.tld' and all its subdomains.

I have no bettere idea that filter maillog with the following command:

egrep
"to=<[a-zA-Z0-9\-_\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>|from=<[a-zA-Z0-9\-
_\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>" >

and give the result as the argument of pflogsum.

But Im not persuased that the report is truthful. Infact I have a
certain number of delivered email but I have no 'received' email.

Please keep in mind that the maillog is relative to my SMTP gateway and
that the messages for that domain, is then forwarded to the downstream
Post-office server.

Thanks a lot,

rocsca
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

MrC-7


Rocco Scappatura wrote:

> Hello,
>
> I would like to get a report from pflogsum that summarize only statistic
> for the domain 'domain.tld' and all its subdomains.
>
> I have no bettere idea that filter maillog with the following command:
>
> egrep
> "to=<[a-zA-Z0-9\-_\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>|from=<[a-zA-Z0-9\-
> _\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>" >
>
> and give the result as the argument of pflogsum.
>
> But Im not persuased that the report is truthful. Infact I have a
> certain number of delivered email but I have no 'received' email.
>
pflogsumm (and postfix-logwatch, and other's) use other related log
lines to correlate various entries.  The problem cannot be solved with
simple greps.

I have some tasks on my To Do list, one of them is your request.

> Please keep in mind that the maillog is relative to my SMTP gateway and
> that the messages for that domain, is then forwarded to the downstream
> Post-office server.
>
> Thanks a lot,
> rocsca


Reply | Threaded
Open this post in threaded view
|

RE: pflogsum per domain report

Scappatura Rocco
> > I would like to get a report from pflogsum that summarize only
> statistic
> > for the domain 'domain.tld' and all its subdomains.
> >
> > I have no bettere idea that filter maillog with the following
> command:
> >
> > egrep
> >
"to=<[a-zA-Z0-9\-_\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>|from=<[a-zA-Z0-

> 9\-
> > _\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>" >
> >
> > and give the result as the argument of pflogsum.
> >
> > But Im not persuased that the report is truthful. Infact I have a
> > certain number of delivered email but I have no 'received' email.
> >
> pflogsumm (and postfix-logwatch, and other's) use other related log
> lines to correlate various entries.  The problem cannot be solved with
> simple greps.
>
> I have some tasks on my To Do list, one of them is your request.
>

Ok. Thanks. BTW, do you have any workaround so that I can pull out the
report I need?

rocsca
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

mouss-2
Rocco Scappatura wrote:

>>> I would like to get a report from pflogsum that summarize only
>>>      
>> statistic
>>    
>>> for the domain 'domain.tld' and all its subdomains.
>>>
>>> I have no bettere idea that filter maillog with the following
>>>      
>> command:
>>    
>>> egrep
>>>
>>>      
> "to=<[a-zA-Z0-9\-_\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>|from=<[a-zA-Z0-
>  
>> 9\-
>>    
>>> _\.]+@[a-zA-Z0-9\-_\.]+\.domain.tld>" >
>>>
>>> and give the result as the argument of pflogsum.
>>>
>>> But Im not persuased that the report is truthful. Infact I have a
>>> certain number of delivered email but I have no 'received' email.
>>>
>>>      
>> pflogsumm (and postfix-logwatch, and other's) use other related log
>> lines to correlate various entries.  The problem cannot be solved with
>> simple greps.
>>
>> I have some tasks on my To Do list, one of them is your request.
>>
>>    
>
> Ok. Thanks. BTW, do you have any workaround so that I can pull out the
> report I need?
>
>  

Try something like:

egrep "(from|to)=<[^>]+@example\.com>" /var/log/maillog | \
    awk '{print $6}' | \
    sed 's/:$//' | \
    grep -f - /var/log/maillog |  \
    pflogsumm







Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

MrC-7


mouss wrote:
> Rocco Scappatura wrote:
>>>> I would like to get a report from pflogsum that summarize only
>>>>      
>>> statistic
>>>    
>>>> for the domain 'domain.tld' and all its subdomains.

>
> Try something like:
>
> egrep "(from|to)=<[^>]+@example\.com>" /var/log/maillog | \
>    awk '{print $6}' | \
>    sed 's/:$//' | \
>    grep -f - /var/log/maillog |  \
>    pflogsumm
>

This is useful.  It of course cannot pick up various access actions,
warning/fatals/panics or work with --smtpd_stats.  But the most
problematic, is that it unfortunately does pickup every reject in the
log (due to qid "NOQUEUE" ) if the user's domain had a single reject.

Ah the travails of logging...

MrC
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

mouss-2
MrC wrote:

> mouss wrote:
>  
>> Rocco Scappatura wrote:
>>    
>>>>> I would like to get a report from pflogsum that summarize only
>>>>>      
>>>>>          
>>>> statistic
>>>>    
>>>>        
>>>>> for the domain 'domain.tld' and all its subdomains.
>>>>>          
>
>  
>> Try something like:
>>
>> egrep "(from|to)=<[^>]+@example\.com>" /var/log/maillog | \
>>    awk '{print $6}' | \
>>    sed 's/:$//' | \
>>    grep -f - /var/log/maillog |  \
>>    pflogsumm
>>
>>    
>
> This is useful.  It of course cannot pick up various access actions,
> warning/fatals/panics or work with --smtpd_stats.  But the most
> problematic, is that it unfortunately does pickup every reject in the
> log (due to qid "NOQUEUE" ) if the user's domain had a single reject.
>  

I indeed missed the NOQUEUE case (I did the tests with postfix.org,
which of course has no NOQUEUE!). The following is a little better

egrep "(from|to)=<[^>]+@example\.com>" /var/log/maillog | \
   awk '{print $6}' | \
   sed 's/:$//' | \
   grep -v NOQUEUE:
   grep -f - /var/log/maillog  | \
   pflogsumm

catching rejected connections is easier with perl (at least for me).
Otherwise, it's hard to get one "connect from" for each NOQUEUE.
> Ah the travails of logging...
>  

Indeed.


Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

Ed Wildgoose-2
In reply to this post by MrC-7
MrC wrote:
> Ah the travails of logging...
>
> MrC
>  

Are you the maintainer of pflogsum?

I saw a report which came from (I think) qmail which flattens the log
output into a single line per message (per recipient?) giving something
like the message_id, date, some other interesting information, and a
final destination.  This is then very condusive to popping into a
database and is very easy to query to find out what happened to a
certain message, etc

Any chance that we might see something like that coming out of pflogsum?

Ed W
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum per domain report

MrC-7
Ed W wrote:
> MrC wrote:
>> Ah the travails of logging...
>>
>> MrC
>>  
>
> Are you the maintainer of pflogsum?

No, sorry, that is the esteemed Jim Seymour.

>
> I saw a report which came from (I think) qmail which flattens the log
> output into a single line per message (per recipient?) giving something
> like the message_id, date, some other interesting information, and a
> final destination.  This is then very condusive to popping into a
> database and is very easy to query to find out what happened to a
> certain message, etc
>
> Any chance that we might see something like that coming out of pflogsum?

I am working on a similar track in postfix-logwatch.

Mike

>
> Ed W