Apr 17

Qmail logs quite a lot of information about what it’s doing, although it can be daunting to collect it all together. If you’re using daemontools, each daemon has its own set of logs, kept in a rotating set of log files maintained by multilog, usually with a TAI64N timestamp.

The qmail-send process logs each message queued and each delivery attempt. The qmail-smtpd process logs each incoming SMTP connection, although it won’t describe what happened during the connection. tcpserver logs every connection denied due to entries in the connection rules file, and rblsmtpd logs every connection it blocked due to a DNSBL entry. If you use QMAILQUEUE to run other programs at SMTP time, anything they send to stderr is logged, and if you’ve added other patches to qmail-smtpd, anything they write to stderr is logged, too.

A system can be set up to do logs analysis on the fly, every time multilog switches to a new log file or once a day in a batch. It often makes sense to combine the two, doing some work at switching time and the rest daily. Although it’s usually more convenient to keep the logs for each application separate, it’s not hard to create combined logs for analysis or just to keep around in case someone needs to look at them later. If a set of logs from different programs all have TAI64N timestamps, merge them using the standard sort program sort -m. TAI64N timestamps are fixed-length hex strings, so merging them in alphanumeric order is the same as date order. Once they’re merged, tai64local can make the timestamps readable by people. So to merge a set of log files, all of which have the standard multilog TAI64N names that start with an at-sign:

sort -m \@* | tai64nlocal > merged-log

Run command above in one of your log directories.

See http://cr.yp.to/libtai/tai64.html for more detail.

written by MG \\ tags: ,

Leave a Reply