[Mimedefang] graphdefang and remote syslogs question

Dan Tulovsky Dan.Tulovsky at sbiandcompany.com
Tue Jun 17 22:51:01 EDT 2003


Hello...

Here's an odd question.

I have three servers running mimedefang.  I would like to combine the
logs (md_logs) from all three servers in one place.  To do this, I use
have two of the servers log local5 messages to the third server.  So,
essentially the md_logs from mimedefang from all three machines get
logged to one mdefang.log file on one server.

The problem arises because the three servers are in three different time
zones.  graphdefang creates its SummaryDB file the first time I run it
on the log file.  The latest time it uses is off the server in the EST
zone (which happens to be the server that I log everything to).  Now,
once that happens, anything that gets logged from the server in PST will
not show up in graphdefang... all those entries are getting logged with
their PST time.  

Here's a sample of the logs:

Jun 17 19:34:03 smtp1 mimedefang.pl[16265]: [ID 702911 local5.info]
MDLOG,h5I2Xuki020658,spam,12.9,200.162.221.90,<h9qepu2k1z at yahoo.com>,<em
ail1>,see us bare it all  :-)                  vj hjhgrtf iw nytovm
rxsgtjdkpvfxgomabevjwnadn  uhkkueolyus  jotxkejzznc gdmdeazphs riu dyk
peg njy
Jun 17 22:33:58 tank mimedefang.pl[15697]:
MDLOG,h5I2Xsok001788,spam,54.4,217.8.154.2,<highplainsmortgage at attbi.com
>,<email2>,Guaranteed Lowest Rates Available, 3.75%
*54^427171
Jun 17 19:34:03 smtp1 mimedefang.pl[18120]: [ID 702911 local5.info]
MDLOG,h5I2Xxki020662,spam,13.2,198.212.180.74,<naviant_network at mtsbp923.
email-info.net>,<email3>,Get 12 CDs for the price of 1
Jun 17 19:34:05 smtp1 mimedefang.pl[14593]: [ID 702911 local5.info]
MDLOG,h5I2Y0ki020664,spam,20.9,69.24.229.62,<bubble at bubbleoffers.com>,<e
mail4>,Your cash prize claiming information

As you can see, there is an entry for 22:33:58... and then two more
entires for 19:34... those two entries (I ran graphdefang manually and
it said 0 lines found) do not get added.

So my question is, has anyone run across this or does anyone have any
suggestions?  Obviously I either need to get all these servers logging
in one time format (two solaris 2.8 servers and Mandrake 9 server) or
get graphdefang to be smarter about what it does...

Any ideas appreciated.

Thank you,
Dan




More information about the MIMEDefang mailing list