Postfix Monitoring With Mailgraph And pflogsumm - Page 2

Submitted by falko (Contact Author) (Forums) on Mon, 2006-07-03 15:55. ::

3 Ubuntu Dapper Drake (6.06 LTS)

 

3.1 Mailgraph

To install Mailgraph, we run

apt-get install rrdtool mailgraph

Ubuntu doesn't ask us questions. Nevertheless, we have to make the differentiation if we use a content filter like amavisd in Postfix or not. Open /etc/default/mailgraph:

vi /etc/default/mailgraph

If you use a content filter like amavisd, the file should have the following contents:

MAIL_LOG=/var/log/mail.log
IGNORE_LOCALHOST=true

If you don't, then it should look like this:

MAIL_LOG=/var/log/mail.log
IGNORE_LOCALHOST=false

Ubuntu doesn't create the system startup links for Mailgraph automatically, so we do it now:

update-rc.d mailgraph defaults

Also, we have to start Mailgraph now:

/etc/init.d/mailgraph start

Now we must copy the mailgraph.cgi script (which draws the graphs and creates the output for our web browsers) to the cgi-bin directory of our www.example.com web site:

cp -p /usr/lib/cgi-bin/mailgraph.cgi /var/www/www.example.com/cgi-bin

The script is already executable, so we don't need to chmod it. If you use suExec for the www.example.com web site, you must chown mailgraph.cgi to the appropriate owner and group.

Now direct your browser to http://www.example.com/cgi-bin/mailgraph.cgi, and you should see some graphs. Of course, there must be some emails going through your system before you see the first results, so be patient.

 

3.2 pflogsumm

The pflogsumm part is exactly the same as for Debian Sarge:

To install pflogsumm, we run

apt-get install pflogsumm

We want pflogsumm to be run by a cron job each day and send the report to postmaster@example.com. Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

vi /etc/logrotate.conf

/var/log/mail.log {
    missingok
    daily
    rotate 7
    create
    compress
    start 0
}

There's a logrotate script in /etc/cron.daily. This script is called everyday between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/mail.log to /var/log/mail.log.0 and compress it, and the compressed file will be /var/log/mail.log.0.gz. It will also create a new, empty /var/log/mail.log to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/postfix_report.sh which invokes pflogsumm and makes it send the report to postmaster@example.com:

vi /usr/local/sbin/postfix_report.sh

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
gunzip /var/log/mail.log.0.gz

pflogsumm /var/log/mail.log.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received: from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com

gzip /var/log/mail.log.0
exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/postfix_report.sh

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

0 7 * * * /usr/local/sbin/postfix_report.sh &> /dev/null

This will send the report to postmaster@example.com.

up

Copyright © 2006 Falko Timme
All Rights Reserved.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf | print: this | all page(s)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
pflogsumm
Submitted by gumicsoves (Contact Author) (Forums) on Mon, 2007-12-10 02:26.

Hi,

Thanks for the article it was a very good starting point for me and I'd also like to contribute with my two comments:

- pflogsumm is capable of sending reports for yesterday and today so there's no need to change the rotation of the mail log files. You can just simply execute:

cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d yesterday --problems_first

This is going to give you statistics for yesterday.

I personally created a file in /etc/cron.daily/ with this content:

#!/bin/sh
echo -e "From: root@example.com\nSubject: Daily Mail Statistics on `hostname --fqdn`\nTo: <postmaster@example.com>\n\n`cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d yesterday --problems_first`\n\n\n\n`cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d today --mailq --problems_first`\n"|sendmail -t
exit 0

This gives me statistics for yesterday 0-24 and also for today 0-6:47 am and also lists the content of the queues.

- If for some reason this was not working for you than it is very important to use the right tool for the log rotation. /var/log/mail* files are rotated by a script which comes with the sysklogd package. In your solution /var/log/mail.log is rotated twice, once by the sysklogd script on Sunday and once every day at 6:25. Which will result in a strange situation and you have only 4 days of history, because the sysklogd keeps only 4 versions.

So you can either disable the weekly rotation and use the rotation you described or do it the "proper way". I'm saying proper because the sysklogd rotation is doing other things as well. 

You need to edit two files in order to change the default (weekly rotation with 4 weeks of history) behavior. Add mail to the daily rotation script:

/etc/cron.daily/sysklogd

Add these lines: (-c 14 means keep 14 days of history)

# Non default logrotate for mail logs
for LOG in `syslogd-listfiles -a | grep mail`
do
  if [ -s $LOG ]; then
    savelog -g adm -m 640 -u root -c 14 $LOG >/dev/null
  fi
done

Disable mail logs in the weekly rotation file:

/etc/cron.weekly/sysklogd

modify this line: 

for LOG in `syslogd-listfiles --weekly`

to look like this: 

for LOG in `syslogd-listfiles --weekly -s mail`


login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
regarding the postfix_report.sh script
Submitted by fromport (Contact Author) (Forums) on Thu, 2006-12-28 02:50.

wouldn't this script be more logical?
Saves a lot on cpu/disk io
 #!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
zcat /var/log/mail.log.0.gz | pflogsumm | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received: from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com;
exit 0

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf