[Fwd: [Mimedefang] Log Question]

Jeff Grossman jeff at stikman.com
Wed Oct 31 14:45:20 EDT 2007

> Jeff,
> Two things:
> =46rom your posted syslog.conf:
>> # Log anything (except mail) of level info or higher.
>> # Don't log private authentication messages!
>> #*.info;cron.none;mail.none;news.none;authpriv.none
>> /var/log/messages
>> *.info;cron.none;mail.none;news.none;authpriv.none
>> /var/log/messages
>> (END)
> What the "(END)" entry doing here?  It's not part of any published syntax
> I=
> 'm aware of, so is this just a bad cut/paste from a more/less pager
> output,=
>  or does it exist in the file?
> Also, have you run syslog in the foreground and in debug mode =3D "syslogd
> =
> -d" is the usual version, but your system may be different.  This shows
> eve=
> ry request and where it goes, so it will be both busy and large volume,
> but=
>  if you can run "syslogd -d |tee syslog.log" and then search for a log
> entr=
> y which you feel is wrong, you might then be able to trace what syslog
> thin=
> ks is happening.
> Best Wishes,
> Paul.

Thank you for this information.  Very useful.  Yes, the (END) was from a
less output that I forgot to remove.

Here is the debug output:

logmsg: local3.info<158>, flags 2, from apple, msg Oct 31 11:27:02
 greylist: white; 0; 82.118.211.*; x; *@stikman.com;
Called fprintlog, logging to FILE /var/log/messages

So, for some reason, my md_syslog seems to be logging to local3.info, but
I don't know why.  Does anybody have any ideas?  This is with
MIMEDefang-2.63 and MIMEDefang 2.64-BETA1.

Also, what is still very confusing to me is the whole "check" process that
is listed instead of "mimedefang.pl".  When the line says "mimedefang.pl"
it logs correctly.  But, when it says "check" it goes to local3.info. 
But, that is not always the case either,  here is a "check" where it does
log it correctly.

logmsg: mail.info<22>, flags 2, from apple, msg Oct 31 11:28:17
check[16683]: MDLOG,NOQUEUE,mail_in,,,<x>,<jeff at stikman.com>,Test 2Called
fprintlog, logging to FILE /var/log/maillog

And, process number 16683 is a mimedefang process.

This is on a Debian testing system, just installed last week.

Thanks again for all of the valuable information so far.


