ken
2015-Mar-13 16:36 UTC
[CentOS] Apparent bug in logwatch's reporting of number of email by sendmail
# rpm -q sendmail logwatch sendmail-8.13.8-8.1.el5_7 logwatch-7.3-10.el5 One host sends just one email per day, the daily logwatch report. Here's /var/log/maillog entries from yesterday (hostnames are changed to make designations in this conversation more intuitive): Mar 12 04:02:18 srchost sendmail[27151]: t2C82Bjr027151: from=root, size=2485, class=0, nrcpts=1, msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, relay=root at localhost Mar 12 04:02:19 srchost sendmail[27383]: t2C82IiB027383: from=<root at localhost.localdomain>, size=2756, class=0, nrcpts=1, msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=srchost [127.0.0.1] Mar 12 04:02:19 srchost sendmail[27151]: t2C82Bjr027151: to=recip at dest, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:01, mailer=relay, pri=32485, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2C82IiB027383 Message accepted for delivery) Mar 12 04:02:20 srchost sendmail[27385]: t2C82IiB027383: to=<recip at dest.com>, ctladdr=<root at localhost.localdomain> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=122756, relay=dellap.mousecar.net. [192.168.0.26], dsn=2.0.0, stat=Sent (t2C82Jh3016227 Message accepted for delivery) Mar 13 04:02:13 srchost sendmail[30541]: t2D82ATM030541: from=root, size=2589, class=0, nrcpts=1, msgid=<201503130802.t2D82ATM030541 at localhost.localdomain>, relay=root at localhost These four lines describe the sending of just one email. (The loglevel for sendmail is set at 9, the default.) I don't know why, but logwatch reports that two emails were sent yesterday. Could it be because there are two distinct msgids? Here's the relevant section of the logwatch report: --------------------- sendmail Begin ------------------------ STATISTICS ---------- Bytes Transferred: 5241 Messages Processed: 2 Addressed Recipients: 2 ---------------------- sendmail End ------------------------- I'd also like to know where/how logwatch is getting the number for "Bytes Transferred"; it doesn't seem to correspond to anything. So, unless I'm missing something, that's two problems. Does anyone see any others...? or have a plausible explanation for these inconsistencies? tia.
Blake Hudson
2015-Mar-13 17:06 UTC
[CentOS] Apparent bug in logwatch's reporting of number of email by sendmail
ken wrote on 3/13/2015 11:36 AM:> # rpm -q sendmail logwatch > sendmail-8.13.8-8.1.el5_7 > logwatch-7.3-10.el5 > > One host sends just one email per day, the daily logwatch report. > Here's /var/log/maillog entries from yesterday (hostnames are changed > to make designations in this conversation more intuitive): > > Mar 12 04:02:18 srchost sendmail[27151]: t2C82Bjr027151: from=root, > size=2485, class=0, nrcpts=1, > msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, > relay=root at localhost > Mar 12 04:02:19 srchost sendmail[27383]: t2C82IiB027383: > from=<root at localhost.localdomain>, size=2756, class=0, nrcpts=1, > msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, > proto=ESMTP, daemon=MTA, relay=srchost [127.0.0.1] > Mar 12 04:02:19 srchost sendmail[27151]: t2C82Bjr027151: > to=recip at dest, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:01, > mailer=relay, pri=32485, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, > stat=Sent (t2C82IiB027383 Message accepted for delivery) > Mar 12 04:02:20 srchost sendmail[27385]: t2C82IiB027383: > to=<recip at dest.com>, ctladdr=<root at localhost.localdomain> (0/0), > delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=122756, > relay=dellap.mousecar.net. [192.168.0.26], dsn=2.0.0, stat=Sent > (t2C82Jh3016227 Message accepted for delivery) > Mar 13 04:02:13 srchost sendmail[30541]: t2D82ATM030541: from=root, > size=2589, class=0, nrcpts=1, > msgid=<201503130802.t2D82ATM030541 at localhost.localdomain>, > relay=root at localhost > > These four lines describe the sending of just one email. (The > loglevel for sendmail is set at 9, the default.) I don't know why, > but logwatch reports that two emails were sent yesterday. Could it be > because there are two distinct msgids? > Here's the relevant section of the logwatch report: > > --------------------- sendmail Begin ------------------------ > > STATISTICS > ---------- > > Bytes Transferred: 5241 > Messages Processed: 2 > Addressed Recipients: 2 > > ---------------------- sendmail End ------------------------- > > I'd also like to know where/how logwatch is getting the number for > "Bytes Transferred"; it doesn't seem to correspond to anything. > > So, unless I'm missing something, that's two problems. Does anyone > see any others...? or have a plausible explanation for these > inconsistencies? > > tia.Ken, the bytes transferred looks to be the size of the first two log entries (2485 + 2756 = 5241). I'm not sure what logwatch considers individual messages in its sendmail stats, but a unique message ID does indicate a unique message. I also want to point out that if your logwatch is generating an email, this may be counted in the stats also (how, I'm not sure). If logwatch is running at 4AM, when these emails are being sent, I could also anticipate some problems, depending on the timing involved and when log entries are committed to the log. Overall, I wouldn't be concerned. --Blake
ken
2015-Mar-13 18:13 UTC
[CentOS] Apparent bug in logwatch's reporting of number of email by sendmail
On 03/13/2015 01:06 PM, Blake Hudson wrote:> ken wrote on 3/13/2015 11:36 AM: >> # rpm -q sendmail logwatch >> sendmail-8.13.8-8.1.el5_7 >> logwatch-7.3-10.el5 >> >> One host sends just one email per day, the daily logwatch report. >> Here's /var/log/maillog entries from yesterday (hostnames are changed >> to make designations in this conversation more intuitive): >> >> Mar 12 04:02:18 srchost sendmail[27151]: t2C82Bjr027151: from=root, >> size=2485, class=0, nrcpts=1, >> msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, >> relay=root at localhost >> Mar 12 04:02:19 srchost sendmail[27383]: t2C82IiB027383: >> from=<root at localhost.localdomain>, size=2756, class=0, nrcpts=1, >> msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>, >> proto=ESMTP, daemon=MTA, relay=srchost [127.0.0.1] >> Mar 12 04:02:19 srchost sendmail[27151]: t2C82Bjr027151: >> to=recip at dest, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:01, >> mailer=relay, pri=32485, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, >> stat=Sent (t2C82IiB027383 Message accepted for delivery) >> Mar 12 04:02:20 srchost sendmail[27385]: t2C82IiB027383: >> to=<recip at dest.com>, ctladdr=<root at localhost.localdomain> (0/0), >> delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=122756, >> relay=dellap.mousecar.net. [192.168.0.26], dsn=2.0.0, stat=Sent >> (t2C82Jh3016227 Message accepted for delivery) >> Mar 13 04:02:13 srchost sendmail[30541]: t2D82ATM030541: from=root, >> size=2589, class=0, nrcpts=1, >> msgid=<201503130802.t2D82ATM030541 at localhost.localdomain>, >> relay=root at localhost >> >> These four lines describe the sending of just one email. (The >> loglevel for sendmail is set at 9, the default.) I don't know why, >> but logwatch reports that two emails were sent yesterday. Could it be >> because there are two distinct msgids? >> Here's the relevant section of the logwatch report: >> >> --------------------- sendmail Begin ------------------------ >> >> STATISTICS >> ---------- >> >> Bytes Transferred: 5241 >> Messages Processed: 2 >> Addressed Recipients: 2 >> >> ---------------------- sendmail End ------------------------- >> >> I'd also like to know where/how logwatch is getting the number for >> "Bytes Transferred"; it doesn't seem to correspond to anything. >> >> So, unless I'm missing something, that's two problems. Does anyone >> see any others...? or have a plausible explanation for these >> inconsistencies? >> >> tia. > > Ken, the bytes transferred looks to be the size of the first two log > entries (2485 + 2756 = 5241). I'm not sure what logwatch considers > individual messages in its sendmail stats, but a unique message ID does > indicate a unique message. I also want to point out that if your > logwatch is generating an email, this may be counted in the stats also > (how, I'm not sure). If logwatch is running at 4AM, when these emails > are being sent, I could also anticipate some problems, depending on the > timing involved and when log entries are committed to the log. Overall, > I wouldn't be concerned. > > --BlakeMy major concern is accuracy. I mean, there's not much sense in using logwatch if what it's telling me is wrong. The fact that logwatch runs at 4am shouldn't be the problem here, as logwatch is culling data from the previous day. So no conflict there (if that's what you were implying). You're right about the Bytes Transferred number. "size" is mentioned *three* times in maillog. It's just another curiosity how logwatch picked the two numbers that it did. However it did it, obviously it's double-counting, so logwatch is getting that number wrong as well.
Possibly Parallel Threads
- Apparent bug in logwatch's reporting of number of email by sendmail
- Apparent bug in logwatch's reporting of number of email by sendmail
- Apparent bug in logwatch's reporting of number of email by sendmail
- Apparent bug in logwatch's reporting of number of email by sendmail
- --delete-during acts like --delete-before