[PLUG] Monitor Postfix logs with 'pflogsumm'

JP Vossen on 17 Oct 2017 15:13:01 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Monitor Postfix logs with 'pflogsumm'

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Monitor Postfix logs with 'pflogsumm'
Date: Tue, 17 Oct 2017 18:12:55 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

For those of us who run our out Postfix servers, log monitoring iscritical. I've been doing this since I've been running Postfix, but Iwas adding it to internal/infrastructure servers at $WORK today andthought it might be good to share.


* sudo apt-get install pflogsumm \
    || sudo yum install postfix-perl-scripts
* man pflogsumm
* Create and refine the command you want
* vi /etc/cron.d/pflogsumm
* chmod 0644 /etc/cron.d/pflogsumm

Sample /etc/cron.d/pflogsumm (but some lines are gonna get broken myMTAs/MUAs):

----
# pflogsumm--Run the `pflogsumm` log analyzer/summarizer for Postfix
# Path: /etc/cron.d/pflogsumm (must be mode 0644!)
# Called from: Cron
# Calls: /usr/sbin/pflogsumm
#_________________________________________________________________________
# Min  Hour DoM  Mnth DoW User Program
# 0-59 0-23 1-31 1-12 0-7

MAILTO='you@example.com'

05 00 * * * root /usr/sbin/pflogsumm -d yesterday --iso_date_time--problems_first -q --no_no_msg_size --ignore_case /var/log/mail.log


# There are more options, see `man pflogsumm`
# -d yesterday          generate report for just "yesterday"

# --problems_first Emit "problems" reports (bounces, defers,warnings, etc.) before "normal" stats.

# -q                    quiet - don’t print headings for empty reports
# --no_no_msg_size      Do not emit report on "Messages with no size data".

# --ignore_case Handle complete email address in acase-insensitive manner.

# --iso_date_time       use ISO 8601 standard formats (CCYY-MM-DD and HH:MM)

# -h 0 top <cnt> to display in host/domain reports. 0== none.

# -u 0                  top <cnt> to display in user reports. 0 == none.
# <LOG>                 Duh...
----

That's it, you're finished.

Bonus tip, every server should be able to send mail, at least for cronerrors, but you do NOT need a full Postfix (or Exim, or <shudder>Sendmail) MTA on every server!

* sudo apt-get install nullmailer || sudo yum install ssmtp
* Make sure the old/full MTA was removed (it may or may not be)
* Configure whichever one you installed

Nullmailer:
----
==> /etc/nullmailer/adminaddr <==
mail-goes-to-me@example.com

==> /etc/nullmailer/defaultdomain <==
example.com

==> /etc/nullmailer/pausetime <==  Optional
3600

==> /etc/nullmailer/remotes <==
smtp.example.com smtp --port=5587
----

SSMTP: vi /etc/ssmtp/ssmtp.conf
----
root=mail-goes-to-me@example.com
mailhub=smtp.example.com:587
----

Enjoy,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Microsoft Bug Tracking hacked
Next by Date: Re: [PLUG] Wpa2 oops - cell phones
Previous by thread: Re: [PLUG] Microsoft Bug Tracking hacked
Next by thread: [PLUG] 24" monitors for sale
Index(es):
- Date
- Thread