maillogs home : internet : mail : toaster : custom programs : maillogs : multilog postprocessing maillogs-FAQ

Multilog postprocessing

Multilog is a fairly nifty little program that is included with djb's daemontools. I recommend reading Dan's multilog page to understand exactly what multilog does. By default, multilog accepts entries fed to it and automatically rotates through the last 10 log files, automatically discarding old log entries. This is just fine if you don't care about log anaylsis.

I you do care about logs (for auditing, performance graphing, etc) then you'll want to use some type of tool to do something with those logs. For this purpose, I wrote maillogs. It does several very import things with multilogs:

archive them

  • Maillogs is controlled by the contents of the file toaster.conf. If logs_archive is set, then logs will be archived to logs_base/YYYY/MM/DD/. Each directory holds one days worth of log files. As multilog rolls the log files, they get fed through maillogs which tees the output to this logging directory.

maintain counters

  • Maillogs understands the logging formats of a number of mail programs, including qmail-send and rblsmtpd. As these logs are parsed, it'll keep track of message statistics in the form of counters stored in logs_base/counters/. These counters can be read in real time by SNMP data collection utilities.

Personalities

There are 4 personalities of maillogs.

1. Maillogs: when called as "maillogs", it expects to report counter values. Run it without any parameters to see what you can do with it.

2. Sendlog: when called "sendlog", it expects logs to be fed in via STDIN. It will process these logs per the setting in toaster.conf. The default is to archive files, saving one months worth of log files. If you want to save more log files, unset logs_archive_purge. It maintains the counter logs_base/counters/send.txt.

3. Smtplog: when called as smtplog, it expects to be run as part of a qmail-smtpd invocation. Since qmail-smtpd doesn't log anything by default, the only logging it will normally see is rblsmtpd logs. Thus, it counts them and maintains a counter file logs_base/counters/smtp_rbl.txt keeping track of which RBLs it sees blocks for and how many.

4. Pop3log: since qmail-pop3 doesn't log anything (by default), we simply count the number of pop3 authentications as recorded by vchkpw in the systems syslog.mail file.

Last modified on 5/18/05.