[Mimedefang] RE: graphdefang and remote syslogs question

John Kirkland jpk at bl.org
Wed Jun 18 16:07:01 EDT 2003 

Alain,

I added the following 2 features to graphdefang today:

        * added host-based max time tracking
        * added ability to load logs from more than one datafile

It will use the hostname from the syslog files to seperately track a max
time per host.

You can now specify more than one log file in your graphdefang-config file
in case you want to just load in seperate files from seperate hosts.  It
will also use the host-based max time tracking here.  Look in the
graphdefang-config-mimedefang-example file for syntax example.

You can download the new code at:

http://www.bl.org/~jpk/graphdefang/download/graphdefang-0.9-beta1.tgz

Try it out and provide feedback.  If everything works as expected, then
I'll release it as non-beta.

Regards,
John

On Wed, 18 Jun 2003, Lavoie,Alain [CMC] wrote:

> Hi,
>     you can use the --nomax option that will ignore the date.
>
> --nomax     Ignore the max date/time in the SummaryDB; add all lines from
>             the parsed file to the database.
>
>     We have 2 mail servers, i created a script that check the time stamp
> in the log files and after it does a merge of the 2 log files and finally
> i parse this log file.
>
>
> 	Levoy
>
>
>
>
> I have three servers running mimedefang.  I would like to combine the
> logs (md_logs) from all three servers in one place.  To do this, I use
> have two of the servers log local5 messages to the third server.  So,
> essentially the md_logs from mimedefang from all three machines get
> logged to one mdefang.log file on one server.
>
> The problem arises because the three servers are in three different time
> zones.  graphdefang creates its SummaryDB file the first time I run it
> on the log file.  The latest time it uses is off the server in the EST
> zone (which happens to be the server that I log everything to).  Now,
> once that happens, anything that gets logged from the server in PST will
> not show up in graphdefang... all those entries are getting logged with
> their PST time.
>
> ...
>
> So my question is, has anyone run across this or does anyone have any
> suggestions?  Obviously I either need to get all these servers logging
> in one time format (two solaris 2.8 servers and Mandrake 9 server) or
> get graphdefang to be smarter about what it does...
>
> Any ideas appreciated.
>
> Thank you,
> Dan
>
>
> --__--__--
>

More information about the MIMEDefang mailing list