thr3ads.net - dovecot - [Dovecot] Logwatch [Apr 2005]

If this information is useful, please help other people find it:
Share via:

Rich West

2005-Apr-15 19:27 UTC

[Dovecot] Logwatch

Having FC3 systems and utilizing Dovecot, I have come to rely on some of 
the information I get from the daily logwatch run.

Logwatch, by default, doesn't properly recognize dovecot's information 
in the messages file, but it is easy to tweak.  The patch below will 
give you some statistics regarding POP3 and IMAP usage.

I believe I grabbed all of the differences in the unified diff below.  
If I missed anything, please post. :)

-Rich



--- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400
+++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400
@@ -20,7 +20,7 @@
 # Only give lines pertaining to courier...
 # I'm not sure if this is complete, especially for the new webmail 
daemon in 0.44.1
 #but you will get at least all currently supported logs
-*OnlyService = (imapd|imapd-ssl)
+*OnlyService = (imap-login|imapd|imapd-ssl)

 *RemoveHeaders 
--- /etc/log.d/conf/services/pop3.conf  2005-04-15 14:51:22.795813799 -0400
+++ /etc/log.d/conf/services/pop3.conf  2005-04-15 15:07:00.837019392 -0400
@@ -15,12 +15,12 @@
 Title = "POP-3"

 # Which logfile group...
-LogFile = messages
+LogFile = maillog

 # Only give lines pertaining to courier...
 # I'm not sure if this is complete, especially for the new webmail 
daemon in 0.44.1
 #but you will get at least all currently supported logs
-*OnlyService = (pop3d-ssl|pop3d|spop3d)
+*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d)

 *RemoveHeaders 
--- /etc/log.d/scripts/services/pop3    2005-04-15 15:15:28.727123168 -0400
+++ /etc/log.d/scripts/services/pop3    2005-04-15 15:03:47.402606350 -0400
@@ -58,6 +58,8 @@
       # Don't care about these...
    } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated 
- (.*)$/ ) ) {
       $Login{$User}{$Host}++;
+   } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) {
+      $Login{$User}{$Host}++;
    } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( 
$ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) {
       $DownloadedMessages{$User} += $Downloaded;
       $DownloadedMessagesSize{$User} += $DownloadSize;
--- /etc/log.d/scripts/services/imapd   2005-04-15 15:15:20.742084824 -0400
+++ /etc/log.d/scripts/services/imapd   2005-04-15 15:04:39.868698875 -0400
@@ -43,6 +43,9 @@
       # Don't care about these...
    } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) 
host=(.* \[.*\])$/ ) ) {
       $Login{$User}{$Host}++;
+    } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) {
+       $ConnectionNonSSL{$Host}++;
+       $Connection{$Host}++;
    } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) 
host=(.* \[.*\])$/ ) ) {
       $Login{$User}{$Host}++;
    } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated 
user=(.*) host=(.*)$/ ) ) {

Steven Joerger

2005-Apr-15 21:03 UTC

head link

[Dovecot] Logwatch

I get the following when doing a dry run:

[steve at fawkes]~> patch --dry-run imapd imapd.patch
patching file imapd
patch: **** malformed patch at line 4: # Only give lines pertaining to
courier...

But, this is my first attempt to patch something, so maybe i'm doing it
wrong?

Steve

On 4/15/05, Rich West <Rich.West at wesmo.com>
wrote:> Having FC3 systems and utilizing Dovecot, I have come to rely on some of
> the information I get from the daily logwatch run.
> 
> Logwatch, by default, doesn't properly recognize dovecot's
information
> in the messages file, but it is easy to tweak.  The patch below will
> give you some statistics regarding POP3 and IMAP usage.
> 
> I believe I grabbed all of the differences in the unified diff below.
> If I missed anything, please post. :)
> 
> -Rich
> 
> --- /etc/log.d/conf/services/imapd.conf 2005-04-15 14:24:52.000000000 -0400
> +++ /etc/log.d/conf/services/imapd.conf 2005-04-15 14:51:52.073609243 -0400
> @@ -20,7 +20,7 @@
>  # Only give lines pertaining to courier...
>  # I'm not sure if this is complete, especially for the new webmail
> daemon in 0.44.1
>  #but you will get at least all currently supported logs
> -*OnlyService = (imapd|imapd-ssl)
> +*OnlyService = (imap-login|imapd|imapd-ssl)
> 
>  *RemoveHeaders > 
> --- /etc/log.d/conf/services/pop3.conf  2005-04-15 14:51:22.795813799 -0400
> +++ /etc/log.d/conf/services/pop3.conf  2005-04-15 15:07:00.837019392 -0400
> @@ -15,12 +15,12 @@
>  Title = "POP-3"
> 
>  # Which logfile group...
> -LogFile = messages
> +LogFile = maillog
> 
>  # Only give lines pertaining to courier...
>  # I'm not sure if this is complete, especially for the new webmail
> daemon in 0.44.1
>  #but you will get at least all currently supported logs
> -*OnlyService = (pop3d-ssl|pop3d|spop3d)
> +*OnlyService = (pop3-login|pop3d-ssl|pop3d|spop3d)
> 
>  *RemoveHeaders > 
> --- /etc/log.d/scripts/services/pop3    2005-04-15 15:15:28.727123168 -0400
> +++ /etc/log.d/scripts/services/pop3    2005-04-15 15:03:47.402606350 -0400
> @@ -58,6 +58,8 @@
>        # Don't care about these...
>     } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated
> - (.*)$/ ) ) {
>        $Login{$User}{$Host}++;
> +   } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) ) {
> +      $Login{$User}{$Host}++;
>     } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = (
> $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) {
>        $DownloadedMessages{$User} += $Downloaded;
>        $DownloadedMessagesSize{$User} += $DownloadSize;
> --- /etc/log.d/scripts/services/imapd   2005-04-15 15:15:20.742084824 -0400
> +++ /etc/log.d/scripts/services/imapd   2005-04-15 15:04:39.868698875 -0400
> @@ -43,6 +43,9 @@
>        # Don't care about these...
>     } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?)
> host=(.* \[.*\])$/ ) ) {
>        $Login{$User}{$Host}++;
> +    } elsif ( ($User, $Host) = ( $ThisLine =~ /Login: (.*?) (\[.*\])/ ) )
{
> +       $ConnectionNonSSL{$Host}++;
> +       $Connection{$Host}++;
>     } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*)
> host=(.* \[.*\])$/ ) ) {
>        $Login{$User}{$Host}++;
>     } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated
> user=(.*) host=(.*)$/ ) ) {
> 
>

Kenneth Porter

2005-Apr-16 02:14 UTC

head link

[Dovecot] Logwatch

--On Friday, April 15, 2005 3:27 PM -0400 Rich West <Rich.West at
wesmo.com>
wrote:
> Logwatch, by default, doesn't properly recognize dovecot's
information in
> the messages file, but it is easy to tweak.  The patch below will give
> you some statistics regarding POP3 and IMAP usage.
>
> I believe I grabbed all of the differences in the unified diff below.  If
> I missed anything, please post. :)
Did you send this to the logwatch-devel list? There's been a lot of 
development going on there recently.

<http://www2.list.logwatch.org:81/lists/listinfo/logwatch-devel>

Reasonably Related Threads

Search for more maybe matching threads

dovecot - Apr 2005 - Logwatch

[Dovecot] Logwatch

[Dovecot] Logwatch

[Dovecot] Logwatch

Reasonably Related Threads