I just launched a new mailserver that is using dovecot. My previous
mailserver used courier-mail. I am expecting better things with this
new server, but I was use to some login information in logwatch that I
am not seeing now. For example I would get:
[IMAPd] Logout stats:
=================== User | Logouts |
Downloaded | Mbox Size
--------------------------------------- | ------- | ---------- | ----------
user1 at htt-consult.com | 55 | 219571 |
0
user2 at htt-consult.com | 285 | 221681 |
0
user3 at labs.htt-consult.com | 32 | 15183 |
0
---------------------------------------------------------------------------
372 | 456435 | 0
**Unmatched Entries**
Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 Time(s)
---------------------- IMAP End -------------------------
--------------------- POP-3 Begin ------------------------
[POP3] Logout stats (in MB):
=========================== User | Logouts
| Downloaded | Mbox Size
--------------------------------------- | ------- | ---------- | ----------
user1 at htt-consult.com | 78 | 5.96 |
0
user2 at communaljob.com | 215 | 9.24 |
0
user3 at htt-consult.com | 1 | 7.47 |
0
user4 at htt-consult.com | 1 | 2.34 |
0
user5 at htt-consult.com | 301 | 31.08 |
0
user6 at labs.htt-consult.com | 201 | 4.98 |
0
---------------------------------------------------------------------------
797 | 61.06 | 0.00
**Unmatched Entries**
Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s)
Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s)
Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s)
LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s)
LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s)
LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
....
LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s)
Maximum connection limit reached for ::ffff:172.245.45.20: 509 Time(s)
---------------------- POP-3 End -------------------------
Whereas dovecot is only reporting:
--------------------- Dovecot Begin ------------------------
Dovecot disconnects:
Inactivity: 1 Time(s)
Logged out: 379 Time(s)
no auth attempts: 5 Time(s)
no reason: 1 Time(s)
tried to use disabled plaintext auth: 1 Time(s)
**Unmatched Entries**
dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s)
---------------------- Dovecot End -------------------------
How can I get more detailed user activity reporting to logwatch?
And why is connection to mysql under Unmatched Entries?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Nov 2014, Robert Moskowitz wrote:> Whereas dovecot is only reporting:> > --------------------- Dovecot Begin ------------------------ > > Dovecot disconnects: > Inactivity: 1 Time(s) > Logged out: 379 Time(s) > no auth attempts: 5 Time(s) > no reason: 1 Time(s) > tried to use disabled plaintext auth: 1 Time(s) > **Unmatched Entries** > dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) > ---------------------- Dovecot End ------------------------- > > > How can I get more detailed user activity reporting to logwatch? > > And why is connection to mysql under Unmatched Entries?nobody cared to create a logwatch script for Dovecot that aggregates the information as you used to see for Courier. If you check out Dovecots logfile, you'll see that it does log the username and, thus, logwatch could aggregate that information. You could update logwatch or switch to http://wiki2.dovecot.org/Statistics - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVG74T3z1H7kL/d9rAQIicAgApa1DVNBXnRqT4ahUZlywtfT102g+okff VgseS923LjtqNT4hXlJLNiLuBo4zXXztR/+0Q23PQPUkfrPjLoAsfZn4tEjLikjS 9a42IN3T9VBWFUOLCNjx+EUAws8RYc4Jl44Km5DGjE3TvuIi284toMGtenIa+GD/ qv7ZXPc54UM9sXqAlSYqenZZsIaHbMSrHCiZwfipkRFunL8G1VghK5enHsPJpPSn Gfm/r1w0cL3G8TDmoKX97c6zhZ0g3NOs+qCwvNKhq3K8XJ+Jc9tzZB4x5wd+pF2d SCOra3ElM+8ptsJotH24UI7sqYB0u/Q4iegN+1FQQEvLOzxQxI5Qbw==F6xC -----END PGP SIGNATURE-----
Robert Moskowitz wrote on 20.11.2014 20:41:> I just launched a new mailserver that is using dovecot. My previous > mailserver used courier-mail. I am expecting better things with this > new server, but I was use to some login information in logwatch that I > am not seeing now. For example I would get: > > > > [IMAPd] Logout stats: > ===================> User | Logouts | Downloaded | Mbox > Size > --------------------------------------- | ------- | ---------- | > ---------- > user1 at htt-consult.com | 55 | 219571 > | 0 > user2 at htt-consult.com | 285 | 221681 > | 0 > user3 at labs.htt-consult.com | 32 | 15183 > | 0 > --------------------------------------------------------------------------- > > 372 | 456435 > | 0 > > > > **Unmatched Entries** > Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2 > Time(s) > > ---------------------- IMAP End ------------------------- > > > --------------------- POP-3 Begin ------------------------ > > > [POP3] Logout stats (in MB): > ===========================> User | Logouts | Downloaded | Mbox > Size > --------------------------------------- | ------- | ---------- | > ---------- > user1 at htt-consult.com | 78 | 5.96 > | 0 > user2 at communaljob.com | 215 | 9.24 > | 0 > user3 at htt-consult.com | 1 | 7.47 > | 0 > user4 at htt-consult.com | 1 | 2.34 > | 0 > user5 at htt-consult.com | 301 | 31.08 > | 0 > user6 at labs.htt-consult.com | 201 | 4.98 > | 0 > --------------------------------------------------------------------------- > > 797 | 61.06 > | 0.00 > > > > **Unmatched Entries** > Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s) > Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s) > Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s) > LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s) > LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s) > LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) > .... > LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s) > LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s) > Maximum connection limit reached for ::ffff:172.245.45.20: 509 > Time(s) > > ---------------------- POP-3 End ------------------------- > > > Whereas dovecot is only reporting: > > --------------------- Dovecot Begin ------------------------ > > > > Dovecot disconnects: > Inactivity: 1 Time(s) > Logged out: 379 Time(s) > no auth attempts: 5 Time(s) > no reason: 1 Time(s) > tried to use disabled plaintext auth: 1 Time(s) > > **Unmatched Entries** > dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) > > ---------------------- Dovecot End ------------------------- > > > How can I get more detailed user activity reporting to logwatch? > > And why is connection to mysql under Unmatched Entries?What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail.