2008.12.03 - 12:36:51 PDT
This was something I wanted for a little while, and never got around to. I use logwatch [logwatch.org] on my servers to send out daily reports, and it's a useful tool to keep an eye on things. Certainly not the magic-server-admin-bullet for monitoring, but it provides a useful daily overview of what's going on. The default postfix reporting it creates is OK, but not that great. Especially with the fact that I use greylisting (currently via postgrey [postgrey.schweikert.ch]...at least until ulppd [ulppd.projects.mifflinet.net] is a little more stable) -- it prints out an ungodly number of lines showing me every time a delivery is tempfailed. Greylisting means that happens quite a bit.
So, in comes pflogsumm [jimsun.linxnet.com]. It's a very nice little perl script that runs through postfix logs and generates a fancy-schmancy report. I wanted to swap out the generic postfix stuff from logwatch with the output from pflogsumm. The following is the fruit of my efforts (only about 15 mins of work, really) -- how to integrate pflogsumm with logwatch.
First, install pflogsumm. The easiest way is probably to grab the script from James at the link above, and put it wherever you like (/usr/local/sbin is a reasonable choice). Don't forget to make it executable. If it's packaged for your distro and you prefer that method, go ahead and install it that way. Note that you'll also need the perl modules (not in my distro's perl) Bit::Vector, Carp::Clan, and Date::Calc.
Install logwatch as well. That's likely packaged for your distribution.
Next, you'll want to make a copy of the pflogsumm.pl script for logwatch to use. I say to make a copy, because you'll edit the file directly instead of passing command-line arguments. Unless I've missed something (quite possible), logwatch doesn't provide a method for giving command-line arguments to the service scripts. Anyway, copy pflogsumm.pl from wherever you've put it to a file named /etc/logwatch/scripts/services/postfix. You will likely need to create the /etc/logwatch/scripts/services directory. Make sure the file is executable.
Determine what command-line switches you would like to use with pflogsumm. I did this by running the script a few times with different flags until I found the output I wanted. You can ignore the -d flag since logwatch will only feed relevant lines to pflogsumm anyway. For me, I wanted to use the switches --mailq and --smtpd_stats. To set these, edit the /etc/logwatch/scripts/services/postfix file directly, and look for the GetOptions call. For me it was around line 464, but may vary depending on the version of pflogsumm you get. The section looks like this (sorry for the ugly formatting):
Set the options you want after the ') || die "$usageMsg\n";' line. Since I was using on/off switches, I just set the options to 1.
Save and close the file.
Next, you'll need to edit the service configuration to remove the call to the *RemoveHeaders shared script. Otherwise, pflogsumm gets confused by the log format, especially since it doesn't contain the date/time info. The easiest way to do that is to copy /usr/share/logwatch/default.conf/services/postfix.conf to /etc/logwatch/conf/services/postfix.conf. Then edit the /etc/logwatch/conf/services/postfix.conf file to comment out the *RemoveHeaders line. For me, the configuration file now looks like this (the commented out line is bolded and underlined):
That's all there is to it. You can check if it's the way you want it to look by running logwatch as "logwatch --print" to print it to STDOUT, and you should see the postfix section replaced with a nice pflogsumm report.
So, in comes pflogsumm [jimsun.linxnet.com]. It's a very nice little perl script that runs through postfix logs and generates a fancy-schmancy report. I wanted to swap out the generic postfix stuff from logwatch with the output from pflogsumm. The following is the fruit of my efforts (only about 15 mins of work, really) -- how to integrate pflogsumm with logwatch.
First, install pflogsumm. The easiest way is probably to grab the script from James at the link above, and put it wherever you like (/usr/local/sbin is a reasonable choice). Don't forget to make it executable. If it's packaged for your distro and you prefer that method, go ahead and install it that way. Note that you'll also need the perl modules (not in my distro's perl) Bit::Vector, Carp::Clan, and Date::Calc.
Install logwatch as well. That's likely packaged for your distribution.
Next, you'll want to make a copy of the pflogsumm.pl script for logwatch to use. I say to make a copy, because you'll edit the file directly instead of passing command-line arguments. Unless I've missed something (quite possible), logwatch doesn't provide a method for giving command-line arguments to the service scripts. Anyway, copy pflogsumm.pl from wherever you've put it to a file named /etc/logwatch/scripts/services/postfix. You will likely need to create the /etc/logwatch/scripts/services directory. Make sure the file is executable.
Determine what command-line switches you would like to use with pflogsumm. I did this by running the script a few times with different flags until I found the output I wanted. You can ignore the -d flag since logwatch will only feed relevant lines to pflogsumm anyway. For me, I wanted to use the switches --mailq and --smtpd_stats. To set these, edit the /etc/logwatch/scripts/services/postfix file directly, and look for the GetOptions call. For me it was around line 464, but may vary depending on the version of pflogsumm you get. The section looks like this (sorry for the ugly formatting):
GetOptions(
"d=s" => \$opts{'d'},
"e" => \$opts{'e'},
"help" => \$opts{'help'},
"h=i" => \$opts{'h'},
"i" => \$opts{'i'},
"ignore_case" => \$opts{'i'},
"iso_date_time" => \$isoDateTime,
"m" => \$opts{'m'},
"uucp_mung" => \$opts{'m'},
"mailq" => \$opts{'mailq'},
"no_bounce_detail" => \$opts{'noBounceDetail'},
"no_deferral_detail" => \$opts{'noDeferralDetail'},
"no_reject_detail" => \$opts{'noRejectDetail'},
"no_no_msg_size" => \$opts{'noNoMsgSize'},
"no_smtpd_warnings" => \$opts{'noSMTPDWarnings'},
"problems_first" => \$opts{'pf'},
"q" => \$opts{'q'},
"rej_add_from" => \$opts{'rejAddFrom'},
"smtpd_stats" => \$opts{'smtpdStats'},
"syslog_name=s" => \$opts{'syslogName'},
"u=i" => \$opts{'u'},
"verbose_msg_detail" => \$opts{'verbMsgDetail'},
"verp_mung:i" => \$opts{'verpMung'},
"version" => \$opts{'version'},
"zero_fill" => \$opts{'zeroFill'}
) || die "$usageMsg\n";
"d=s" => \$opts{'d'},
"e" => \$opts{'e'},
"help" => \$opts{'help'},
"h=i" => \$opts{'h'},
"i" => \$opts{'i'},
"ignore_case" => \$opts{'i'},
"iso_date_time" => \$isoDateTime,
"m" => \$opts{'m'},
"uucp_mung" => \$opts{'m'},
"mailq" => \$opts{'mailq'},
"no_bounce_detail" => \$opts{'noBounceDetail'},
"no_deferral_detail" => \$opts{'noDeferralDetail'},
"no_reject_detail" => \$opts{'noRejectDetail'},
"no_no_msg_size" => \$opts{'noNoMsgSize'},
"no_smtpd_warnings" => \$opts{'noSMTPDWarnings'},
"problems_first" => \$opts{'pf'},
"q" => \$opts{'q'},
"rej_add_from" => \$opts{'rejAddFrom'},
"smtpd_stats" => \$opts{'smtpdStats'},
"syslog_name=s" => \$opts{'syslogName'},
"u=i" => \$opts{'u'},
"verbose_msg_detail" => \$opts{'verbMsgDetail'},
"verp_mung:i" => \$opts{'verpMung'},
"version" => \$opts{'version'},
"zero_fill" => \$opts{'zeroFill'}
) || die "$usageMsg\n";
Set the options you want after the ') || die "$usageMsg\n";' line. Since I was using on/off switches, I just set the options to 1.
...
"version" => \$opts{'version'},
"zero_fill" => \$opts{'zeroFill'}
) || die "$usageMsg\n";
$opts{mailq} = 1;
$opts{smtpd_stats} = 1;
"version" => \$opts{'version'},
"zero_fill" => \$opts{'zeroFill'}
) || die "$usageMsg\n";
$opts{mailq} = 1;
$opts{smtpd_stats} = 1;
Save and close the file.
Next, you'll need to edit the service configuration to remove the call to the *RemoveHeaders shared script. Otherwise, pflogsumm gets confused by the log format, especially since it doesn't contain the date/time info. The easiest way to do that is to copy /usr/share/logwatch/default.conf/services/postfix.conf to /etc/logwatch/conf/services/postfix.conf. Then edit the /etc/logwatch/conf/services/postfix.conf file to comment out the *RemoveHeaders line. For me, the configuration file now looks like this (the commented out line is bolded and underlined):
###########################################################################
# $Id: postfix.conf,v 1.6 2005/02/24 17:05:20 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = postfix
# Which logfile group...
LogFile = maillog
# Only give lines pertaining to the postfix service...
*OnlyService = "postfix/[a-zA-Z0-9]*"
# *OnlyService = "postfix/smtpd"
#*RemoveHeaders =
########################################################
# This was written and is maintained by:
# Kenneth Porter <shiva@well.com>
#
# Please send all comments, suggestions, bug reports,
# etc, to shiva@well.com.
#
########################################################
# vi: shiftwidth=3 tabstop=3 et
# $Id: postfix.conf,v 1.6 2005/02/24 17:05:20 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = postfix
# Which logfile group...
LogFile = maillog
# Only give lines pertaining to the postfix service...
*OnlyService = "postfix/[a-zA-Z0-9]*"
# *OnlyService = "postfix/smtpd"
#*RemoveHeaders =
########################################################
# This was written and is maintained by:
# Kenneth Porter <shiva@well.com>
#
# Please send all comments, suggestions, bug reports,
# etc, to shiva@well.com.
#
########################################################
# vi: shiftwidth=3 tabstop=3 et
That's all there is to it. You can check if it's the way you want it to look by running logwatch as "logwatch --print" to print it to STDOUT, and you should see the postfix section replaced with a nice pflogsumm report.