Hello, I am running Leap 42.2. Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that. -- Yours, Mikhail Ramendik Unless explicitly stated, all opinions in my mail are my own and do not reflect the views of any organization -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Quoting Mikhail Ramendik <mr@ramendik.ru>:
Hello,
I am running Leap 42.2.
Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that.
journalctl -f shows much/most/all the logging. You may be able to restrict it. The above does what I need. HTH, Jeffrey -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Den 2017-08-27 kl. 01:26, skrev Jeffrey L. Taylor:
Quoting Mikhail Ramendik <mr@ramendik.ru>:
Hello,
I am running Leap 42.2.
Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that.
journalctl -f
shows much/most/all the logging. You may be able to restrict it. The above does what I need.
To see only postfix in a tail -f fashion journalctl -f -u postfix.service tail -f and since boot journalctl -f --b -u postfix.service tail -f and five days ago journalctl -f --since '5 days ago' -u postfix.service You could also do it with _UID journalctl -f _UID=`id -u postfix` As Carlos said you can install a syslog daemon and forward to that if you want. But I would also recommend start adapting to systemd and journald. If you really want syslog change ForwardToSyslog in /etc/systemd/journald.conf and install the daemon. regards, -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bengt Gördén wrote:
If you really want syslog change ForwardToSyslog in /etc/systemd/journald.conf and install the daemon.
Just install syslog-ng or rsyslog - no need to edit /etc/systemd/journald.conf. -- Per Jessen, Zürich (22.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-27 09:03, Bengt Gördén wrote:
Den 2017-08-27 kl. 01:26, skrev Jeffrey L. Taylor:
Quoting Mikhail Ramendik <mr@ramendik.ru>:
Hello,
I am running Leap 42.2.
Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that.
journalctl -f
shows much/most/all the logging. You may be able to restrict it. The above does what I need.
To see only postfix in a tail -f fashion
journalctl -f -u postfix.service
tail -f and since boot
journalctl -f --b -u postfix.service
tail -f and five days ago
journalctl -f --since '5 days ago' -u postfix.service
You could also do it with _UID journalctl -f _UID=`id -u postfix`
Interesting. But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
As Carlos said you can install a syslog daemon and forward to that if you want. But I would also recommend start adapting to systemd and journald.
Forgive my expressiveness, but bullshit! :-) You simply can not rely on journal to keep long term or large mail logs. It simply can not cope on any mail server. By long term I mean at least two years worth of logs, which amounts to many gigabytes even on a small mail server. Further, it is impossible with journal to adjust logs of, say, mail, to be rotated and compressed differently than the rest.
If you really want syslog change ForwardToSyslog in /etc/systemd/journald.conf and install the daemon.
No need to edit/change anything. Just install the openSUSE daemon package. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that. -- Per Jessen, Zürich (24.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-27 12:34, Per Jessen wrote:
Carlos E. R. wrote:
But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist. What you can do is convert the log to text, then do an extensive grep on it, for any mail related thing you can think of. No warranties to catch it all, though. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
On 2017-08-27 12:34, Per Jessen wrote:
Carlos E. R. wrote:
But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist.
I did notice that,but this works anyway: journalctl SYSLOG_FACILITY=2 -- Per Jessen, Zürich (23.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Carlos, [...]
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist.
man systemd.journal-fields [...]
Cheers / Saludos,
Carlos E. R.
Bye. Michael. -- Michael Hirmke -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-27 19:51, Michael Hirmke wrote:
Hi Carlos,
[...]
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist.
man systemd.journal-fields Ah. Didn't know that page.
But anyway, it doesn't explain how to search on them, just that they are stored in the journal. Which is obvious, the journal has to store at least the same fields as the standard syslog, or it would not be a replacement. The problem is how to access them. Others have said that the trick is using this syntax: journalctl SYSLOG_FACILITY=2 -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
Carlos E. R. wrote:
On 2017-08-27 19:51, Michael Hirmke wrote:
Hi Carlos,
[...]
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist.
man systemd.journal-fields Ah. Didn't know that page.
But anyway, it doesn't explain how to search on them, just that they are stored in the journal. Which is obvious, the journal has to store at least the same fields as the standard syslog, or it would not be a replacement. The problem is how to access them.
Just to be complete - it is in fact all mentioned in the first few lines of the journalctl man page: If one or more match arguments are passed, the output is filtered accordingly. A match is in the format "FIELD=VALUE", e.g. "_SYSTEMD_UNIT=httpd.service", referring to the components of a structured journal entry. See systemd.journal-fields(7) for a list of well-known fields. -- Per Jessen, Zürich (28.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-28 18:11, Per Jessen wrote:
Carlos E. R. wrote:
On 2017-08-27 19:51, Michael Hirmke wrote:
Hi Carlos,
[...]
Search by log facility. Not sure how it's done, but I'm certain journalctl supports something like that.
No, as far as I know, it doesn't. Search "man journalctl", the word "facility" doesn't exist.
man systemd.journal-fields Ah. Didn't know that page.
But anyway, it doesn't explain how to search on them, just that they are stored in the journal. Which is obvious, the journal has to store at least the same fields as the standard syslog, or it would not be a replacement. The problem is how to access them.
Just to be complete - it is in fact all mentioned in the first few lines of the journalctl man page:
If one or more match arguments are passed, the output is filtered accordingly. A match is in the format "FIELD=VALUE", e.g. "_SYSTEMD_UNIT=httpd.service", referring to the components of a structured journal entry. See systemd.journal-fields(7) for a list of well-known fields.
Ugh :-( Yes, I saw that paragraph years ago. Badly written and useless unless you are an scholar, following tracks. They could have written instead actual use examples. I wonder why trained documentation writers do not contribute. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Den 2017-08-27 kl. 12:08, skrev Carlos E. R.:
On 2017-08-27 09:03, Bengt Gördén wrote:
Den 2017-08-27 kl. 01:26, skrev Jeffrey L. Taylor:
Quoting Mikhail Ramendik <mr@ramendik.ru>:
Hello,
I am running Leap 42.2.
Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that.
journalctl -f
shows much/most/all the logging. You may be able to restrict it. The above does what I need. To see only postfix in a tail -f fashion
journalctl -f -u postfix.service
tail -f and since boot
journalctl -f --b -u postfix.service
tail -f and five days ago
journalctl -f --since '5 days ago' -u postfix.service
You could also do it with _UID journalctl -f _UID=`id -u postfix` Interesting.
But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
rfc3164 journalctl SYSLOG_FACILITY=2 Check with journalctl -N to see what fields that currently is used in the journal- Or checkout the last 10 entry's in verbose mode to see what you can filter out. journalctl -o verbose -n
As Carlos said you can install a syslog daemon and forward to that if you want. But I would also recommend start adapting to systemd and journald. Forgive my expressiveness, but bullshit! :-)
I might be. I'm really no black-belt in systemd/journal, just trying to walk the path of least resistance. :-D
You simply can not rely on journal to keep long term or large mail logs. It simply can not cope on any mail server.
By long term I mean at least two years worth of logs, which amounts to many gigabytes even on a small mail server.
Yes. You probably right there although I haven't seen any research about it. Do you know of any? I'm truly interested. I haven't tried with more than 2G logs and that is quite small.
Further, it is impossible with journal to adjust logs of, say, mail, to be rotated and compressed differently than the rest.
I've not tried all things yet but gradually I get there and hopefully will be able to get back and share my findings.
If you really want syslog change ForwardToSyslog in /etc/systemd/journald.conf and install the daemon. No need to edit/change anything. Just install the openSUSE daemon package.
Ok. That's good. regards, -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-27 14:27, Bengt Gördén wrote:
Den 2017-08-27 kl. 12:08, skrev Carlos E. R.:
But how would you extract everything from the "mail" "facility"? That is, everything that would go to /var/log/mail, irrelevant of what daemon or service produced it.
rfc3164
journalctl SYSLOG_FACILITY=2
Ouch. Ok, rfc5424. That's really trivial to use... (irony). :-) Yes, that works.
Check with journalctl -N to see what fields that currently is used in the journal-
Or checkout the last 10 entry's in verbose mode to see what you can filter out.
journalctl -o verbose -n
Argh!
As Carlos said you can install a syslog daemon and forward to that if you want. But I would also recommend start adapting to systemd and journald. Forgive my expressiveness, but bullshit! :-)
I might be. I'm really no black-belt in systemd/journal, just trying to walk the path of least resistance. :-D
Understood. For me, it is far easier to install syslog :-)
You simply can not rely on journal to keep long term or large mail logs. It simply can not cope on any mail server.
By long term I mean at least two years worth of logs, which amounts to many gigabytes even on a small mail server.
Yes. You probably right there although I haven't seen any research about it. Do you know of any? I'm truly interested. I haven't tried with more than 2G logs and that is quite small.
Well, it is based on my own experiments and comments from others. With a very small mail and nntp server the journal log grows very large and takes many minutes to peruse. Soon it starts to rotate out entries: the mail and nntp entries are so many compared to the rest of the system entries, that everything related to the system is purged out soon, and you can not investigate system events more than a few days back. This is due to the journal storing all types of messages in the same binary database, there is no sorting. You can not say "store mail entries for a month, the rest for two weeks", for example, or any other combination. A mail server would need to keep logs for two years. That's millions of lines. Requirements would also be to keep separate backups of the logs, and ensure you can read them on different machines even after destruction of the server. This has not been answered how to do. Being a binary log, you also need tools to reconstruct the logs if they get corrupted and extract the entries. And my experiments found that keeping many thousands of mail/nntp entries in the journal caused it to grow to unmanageable sizes (specially when compared with traditional logs of the same events). A search could take hours.
Further, it is impossible with journal to adjust logs of, say, mail, to be rotated and compressed differently than the rest.
I've not tried all things yet but gradually I get there and hopefully will be able to get back and share my findings.
No, this particular question was answered as impossible (intentionally) previously. The reasoning goes something as that you need to keep logs of every event of the system together. If something goes awry with email, perhaps there was a disk error at the same time that should be investigated. Well, there is some truth in it. Still, mail logs in a mail server can be very large and may force earlier rotation than though of the entire journal thing. And of course, thousands of lines of another stuff can block the sight of other types of events when looking (with eyes) at the logs. It can happen, though, that after a month you are no longer interested in keeping debug logs of, say, nntp, which may be huge. Well, no luck, you can not purge them out. You have to keep the entire thing or nothing.
If you really want syslog change ForwardToSyslog in /etc/systemd/journald.conf and install the daemon. No need to edit/change anything. Just install the openSUSE daemon package.
Ok. That's good.
I have to modify that slightly, just having tried on a test install. YaST will say to remove a systemd log service, I forgot the exact name. It is a place holder, so just accept. Also, the syslog daemon is not automatically enabled and started after install, has to be done manually. No big deal, but both are things to be aware of. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 2017-08-27 00:55, Mikhail Ramendik wrote:
Hello,
I am running Leap 42.2.
Where can I find the postfix logs? I see that postfix is listening to port 25, and I know a local application is supposed to send something to port 25. I'd like to know what it sends (if anything), but there is no /var/log/maillog or anything like that.
On a default Leap system, there is no /var/log text log files, no syslog. There is a systemd journal instead, which you access via journalctl. You can, however, install a syslog daemon and have traditional logs. I would recommend rsyslog. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
participants (6)
-
Bengt Gördén -
Carlos E. R. -
Jeffrey L. Taylor -
mh@mike.franken.de -
Mikhail Ramendik -
Per Jessen