You are not logged in.
- Topics: Active | Unanswered
#1 2009-03-20 05:59:58
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
[SOLVED] Logwatch not processing postfix logs
I have Logwatch installed from the repos, but it refuses to display any Postfix output:
root@dingo ! # logwatch --print
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Mar 20 16:47:17 2009
Date Range Processed: yesterday
( 2009-Mar-19 )
Period is day.
Detail Level of Output: 5
Type of Output: unformatted
Logfiles for Host: dingo.wandin.net
##################################################################
--------------------- httpd Begin ------------------------
<SNIP>
---------------------- httpd End -------------------------
--------------------- Disk Space Begin ------------------------
<SNIP>
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################My 'service' line is set to 'all' as per the default:
root@dingo ~ # grep '^Service' /usr/share/logwatch/default.conf/logwatch.conf
Service = All
Service = "-zz-network" # Prevents execution of zz-network service, which
Service = "-zz-sys" # Prevents execution of zz-sys service, which
Service = "-eximstats" # Prevents execution of eximstats service, whichMy postfix definately has data:
root@dingo ~ # tail /var/log/mail.log
2009-03-20T16:35:46+11:00 dingo postfix/smtpd[5090]: connect from wf-out-1314.google.com[209.85.200.168]
2009-03-20T16:35:46+11:00 dingo postfix/smtpd[5090]: 893C31C88: client=wf-out-1314.google.com[209.85.200.168]
2009-03-20T16:35:46+11:00 dingo postfix/cleanup[5109]: 893C31C88: message-id=<f9f9bf9a0903192235y7ab7e22cg2c7e6a66cff93bff@mail.gmail.com>
2009-03-20T16:35:46+11:00 dingo postfix/qmgr[10274]: 893C31C88: from=<CENSORED-EMAIL-ADDRESS>, size=8523, nrcpt=1 (queue active)
2009-03-20T16:35:48+11:00 dingo postfix/qmgr[10274]: 893C31C88: removed
2009-03-20T16:35:48+11:00 dingo postfix/smtp[5111]: 893C31C88: to=<CENSORED-EMAIL-ADDRESS>, orig_to=<CENSORED-EMAIL-ADDRESS>, relay=gmail-smtp-in.l.google.com[74.125.45.114]:25, delay=2.4, delays=0.38/0.01/0.33/1.7, dsn=2.0.0, status=sent (250 2.0.0 OK 1237527348 9si4841371yxs.36)
2009-03-20T16:36:16+11:00 dingo postfix/smtpd[5090]: disconnect from wf-out-1314.google.com[209.85.200.168]
2009-03-20T16:38:33+11:00 dingo pop3d: Connection, ip=[::ffff:118.208.137.186]
2009-03-20T16:38:33+11:00 dingo pop3d: LOGOUT, ip=[::ffff:118.208.137.186]
2009-03-20T16:38:33+11:00 dingo pop3d: Disconnected, ip=[::ffff:118.208.137.186]
2009-03-20T16:39:36+11:00 dingo postfix/anvil[5094]: statistics: max connection rate 1/60s for (smtp:202.14.166.251) at Mar 20 16:35:05
2009-03-20T16:39:36+11:00 dingo postfix/anvil[5094]: statistics: max connection count 1 for (smtp:202.14.166.251) at Mar 20 16:35:05
2009-03-20T16:39:36+11:00 dingo postfix/anvil[5094]: statistics: max cache size 2 at Mar 20 16:35:46
2009-03-20T16:42:39+11:00 dingo pop3d: LOGIN, user=CENSORED-EMAIL-ADDRESS, ip=[::ffff:118.208.137.186], port=[41773]
2009-03-20T16:42:39+11:00 dingo pop3d: LOGIN, user=CENSORED-EMAIL-ADDRESS, ip=[::ffff:118.208.137.186], port=[41774]
2009-03-20T16:42:40+11:00 dingo pop3d: LOGOUT, user=CENSORED-EMAIL-ADDRESS, ip=[::ffff:118.208.137.186], port=[41773], top=0, retr=0, rcvd=12, sent=39, time=1
2009-03-20T16:42:40+11:00 dingo pop3d: LOGOUT, user=CENSORED-EMAIL-ADDRESS, ip=[::ffff:118.208.137.186], port=[41774], top=0, retr=0, rcvd=12, sent=39, time=1Should Logwatch and Postfix work 'out of the box' on Arch? Am I doing something wrong?
EDIT: Explicitly running logwatch with --service options doesn't even work 
root@dingo ~ # logwatch --service postfix --range all --detail high --print --archives
root@dingo ~ #Last edited by fukawi2 (2009-03-23 01:31:25)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#2 2009-03-20 10:44:21
- byte
- Member
- From: Düsseldorf (DE)
- Registered: 2006-05-01
- Posts: 2,046
Re: [SOLVED] Logwatch not processing postfix logs
I've never used logwatch so far, but I've noticed that /usr/share/logwatch/scripts/services/postfix references /usr/local/etc/${progname_prefix}-logwatch.conf instead of /usr/share/logwatch/default.conf/services/postfix.conf.
edit: well, I didn't configure anything, but your last command works fine for me... no idea.
Last edited by byte (2009-03-20 10:46:18)
1000
Offline
#3 2009-03-20 23:04:31
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: [SOLVED] Logwatch not processing postfix logs
Yeah, I looked at that too, but that's in an IF block that only get executed if the script is running in "standalone" mode.
I wonder what I've buggered up then
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#4 2009-03-23 01:28:43
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,224
- Website
Re: [SOLVED] Logwatch not processing postfix logs
SOLVED: I've been logging using ISO format timestamps. Logwatch can't handle these at the moment, so it's an upstream issue solved by changing logging format back to 'normal' and waiting for upstream to support ISO 
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline