Having FC3 systems and utilizing Dovecot, I have come to rely on some of the information I get from the daily logwatch run. Logwatch, by default, doesn't properly recognize dovecot's information in the messages file, but it is easy to tweak. The patch below will give you some statistics regarding POP3 and IMAP usage. I believe I grabbed all of the differences in the unified diff below. If I missed anything, please post. :) -Rich --- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400 +++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400 @@ -20,7 +20,7 @@ # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (imapd|imapd-ssl) +*OnlyService = (imap-login|imapd|imapd-ssl) *RemoveHeaders --- /etc/log.d/conf/services/pop3.conf 2005-04-15 14:51:22.795813799 -0400 +++ /etc/log.d/conf/services/pop3.conf 2005-04-15 15:07:00.837019392 -0400 @@ -15,12 +15,12 @@ Title = "POP-3" # Which logfile group... -LogFile = messages +LogFile = maillog # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs -*OnlyService = (pop3d-ssl|pop3d|spop3d) +*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d) *RemoveHeaders --- /etc/log.d/scripts/services/pop3 2005-04-15 15:15:28.727123168 -0400 +++ /etc/log.d/scripts/services/pop3 2005-04-15 15:03:47.402606350 -0400 @@ -58,6 +58,8 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $Login{$User}{$Host}++; } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { $DownloadedMessages{$User} += $Downloaded; $DownloadedMessagesSize{$User} += $DownloadSize; --- /etc/log.d/scripts/services/imapd 2005-04-15 15:15:20.742084824 -0400 +++ /etc/log.d/scripts/services/imapd 2005-04-15 15:04:39.868698875 -0400 @@ -43,6 +43,9 @@ # Don't care about these... } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { + $ConnectionNonSSL{$Host}++; + $Connection{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) host=(.* \[.*\])$/ ) ) { $Login{$User}{$Host}++; } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated user=(.*) host=(.*)$/ ) ) {
I get the following when doing a dry run: [steve at fawkes]~> patch --dry-run imapd imapd.patch patching file imapd patch: **** malformed patch at line 4: # Only give lines pertaining to courier... But, this is my first attempt to patch something, so maybe i'm doing it wrong? Steve On 4/15/05, Rich West <Rich.West at wesmo.com> wrote:> Having FC3 systems and utilizing Dovecot, I have come to rely on some of > the information I get from the daily logwatch run. > > Logwatch, by default, doesn't properly recognize dovecot's information > in the messages file, but it is easy to tweak. The patch below will > give you some statistics regarding POP3 and IMAP usage. > > I believe I grabbed all of the differences in the unified diff below. > If I missed anything, please post. :) > > -Rich > > --- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400 > +++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400 > @@ -20,7 +20,7 @@ > # Only give lines pertaining to courier... > # I'm not sure if this is complete, especially for the new webmail > daemon in 0.44.1 > #but you will get at least all currently supported logs > -*OnlyService = (imapd|imapd-ssl) > +*OnlyService = (imap-login|imapd|imapd-ssl) > > *RemoveHeaders > > --- /etc/log.d/conf/services/pop3.conf 2005-04-15 14:51:22.795813799 -0400 > +++ /etc/log.d/conf/services/pop3.conf 2005-04-15 15:07:00.837019392 -0400 > @@ -15,12 +15,12 @@ > Title = "POP-3" > > # Which logfile group... > -LogFile = messages > +LogFile = maillog > > # Only give lines pertaining to courier... > # I'm not sure if this is complete, especially for the new webmail > daemon in 0.44.1 > #but you will get at least all currently supported logs > -*OnlyService = (pop3d-ssl|pop3d|spop3d) > +*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d) > > *RemoveHeaders > > --- /etc/log.d/scripts/services/pop3 2005-04-15 15:15:28.727123168 -0400 > +++ /etc/log.d/scripts/services/pop3 2005-04-15 15:03:47.402606350 -0400 > @@ -58,6 +58,8 @@ > # Don't care about these... > } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated > - (.*)$/ ) ) { > $Login{$User}{$Host}++; > + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { > + $Login{$User}{$Host}++; > } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( > $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { > $DownloadedMessages{$User} += $Downloaded; > $DownloadedMessagesSize{$User} += $DownloadSize; > --- /etc/log.d/scripts/services/imapd 2005-04-15 15:15:20.742084824 -0400 > +++ /etc/log.d/scripts/services/imapd 2005-04-15 15:04:39.868698875 -0400 > @@ -43,6 +43,9 @@ > # Don't care about these... > } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) > host=(.* \[.*\])$/ ) ) { > $Login{$User}{$Host}++; > + } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) { > + $ConnectionNonSSL{$Host}++; > + $Connection{$Host}++; > } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) > host=(.* \[.*\])$/ ) ) { > $Login{$User}{$Host}++; > } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated > user=(.*) host=(.*)$/ ) ) { > >
--On Friday, April 15, 2005 3:27 PM -0400 Rich West <Rich.West at wesmo.com> wrote:> Logwatch, by default, doesn't properly recognize dovecot's information in > the messages file, but it is easy to tweak. The patch below will give > you some statistics regarding POP3 and IMAP usage. > > I believe I grabbed all of the differences in the unified diff below. If > I missed anything, please post. :)Did you send this to the logwatch-devel list? There's been a lot of development going on there recently. <http://www2.list.logwatch.org:81/lists/listinfo/logwatch-devel>