[Mimedefang] Logwatch stopped gleening as much useful (MdF) info following FC5 upgrade
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Dec 25 14:54:06 EST 2006
alan premselaar wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Philip Prindeville wrote:
>
>
>>I used to get some useful Logwatch info when I was
>>running FC3:
>>
>>
>...snip...
>
>
>
>>Then I upgraded the OS to FC5 (but kept everything else
>>the same), and now I hardly get anything useful at all:
>>
>>
>>
>...snip...
>
>
>
>>So... Anyone know what might have changed to stop logwatch from
>>gathering as much useful information? Did one of the log formats
>>change in either Sendmail or MdF that might cause it to not be
>>grepped out properly by logwatch?
>>
>>Of course, that wouldn't have stopped Logwatch from gathering the
>>useful summary information that it used to about top relays,
>>volumes handled, etc.
>>
>>Thanks,
>>
>>-Philip
>>
>>
>
>I ran into issues like this as well and dug into the logwatch configs, etc.
>
>I'm pretty sure that along with the FC3 -> FC5 upgrade you upgraded
>logwatch (from RPM) correct? that's what happened to me and I found
>that by default the latest logwatch ignores "Milter: changed" (or
>something like that) lines now.
>
>HTH
>
>Alan
>
>
Yes, I went from 5.2.2 to 7.2.1 in the upgrade.
I was thinking that they actually don't catch Sendmail milter
lines any more...
Perhaps we could work with the logwatch-devel group to
come up with a good set definitions file for Sendmail milters...
or alternatively, we could add standardized convenience
functions/wrappers for md_syslog() to have people call
from within their filter_relay(), filter_sender(), etc. functions
that would be specifically extracted and post-processed by
logwatch's sendmail-milter.conf file (which we'd also have
to write and supply to the logwatch folks).
What do you all think?
-Philip
More information about the MIMEDefang
mailing list