Bug#316619: [Logcheck-devel] Bug#316619: exim logs?
maximilian attems
debian at sternwelten.at
Tue Jul 5 18:46:12 UTC 2005
hello,
On Sat, 02 Jul 2005, Rainer Zocholl wrote:
> (Why)Can't exim log file not be checked by logcheck?
good question,
seems like all the logcheck maintainers prefer postfix.
but there is nothing to stop you or anyone else to submit
nice exim rules for further inclusion.
> In logcheck.logfiles i found a nasty
>
> #/var/log/exim/mainlog
that must by old, current doesnt mention that file afair.
> as i installed exim4 (debian 3.1)
> i removed the "#" and got an hourly 1:1 copy of the "mainlog" file ;-)
> (Lukly that were only some few local system mails).
sure,
current logcheck has no rules to deal with exim.
> Is exims not supported by exim, if why?
> If not, where could i find an "ignore.server" file? (The exim log
> format seems not fit to any other rules ).
you need to create your own local-exim inside of ignore.d.server
> Or has exim an own logchecker? If what its name?
> Or don't i have to logcheck mainlog at all, because that's all
> is syslog(?) too?
depends on your goal.
> Google finds that question serveral times,
> but no "answer"/solution.
yes i guess it is worthwile to spend some time on that,
so i did some rules to get started, find an attached local-exim4
will commit these to logcheck cvs soon.
it is based on just a small and quick mail usage of mine,
so i guess it will still miss a _lot_ of exim log messages.
would be great if you would post yours, so that rules can be enhanced.
> #tail /var/log/exim/mainlog
>
> 2003-12-21 20:18:45 Start queue run: pid=8976
> 2003-12-21 20:18:45 End queue run: pid=8976
> 2003-12-21 20:20:01 1AY97R-0002LU-00 <= root at msi U=root P=local S=535
please post some newer logs that are not catched by attached rules.
thanks
--
maks
-------------- next part --------------
^[-0-9]{10} [0-9:]{8} (Start|End) queue run: pid=[0-9]+$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ Completed$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [_[:alnum:]-]+ <[@._[:alnum:]-]+> R=local_user T=mail_spool$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ <[@._[:alnum:]-]+> R=dnslookup T=remote_smtp H=[._[:alnum:]-]+ \[[.0-9]{7,15}\]$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ R=dnslookup T=remote_smtp H=[._[:alnum:]-]+ \[[.0-9]{7,15}\] X=TLS-1.0:RSA_AES_256_CBC_SHA:32$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= [@._[:alnum:]-]+ U=[_[:alnum:]-]+ P=local S=[0-9]+( id=[@._[:alnum:]-]+)?$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= [@._[:alnum:]-]+ H=[._[:alnum:]-]+ \[[.0-9]{7,15}\] P=esmtp S=[0-9]+ id=[@._[:alnum:]-]+$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= <> R=[_[:alnum:]-]+ U=[_[:alnum:]-]+ P=local S=[0-9]+$
More information about the Logcheck-devel
mailing list