Postfix Monitoring With Mailgraph And pflogsumm - Page 3

Submitted by falko (Contact Author) (Forums) on Mon, 2006-07-03 15:58. ::

4 Fedora Core 5

 

4.1 Mailgraph

There's no Mailgraph package available for Fedora Core 5, so we must install it manually. First, we need to install the prerequsities that Mailgraph requires:

yum install rrdtool rrdtool-perl perl-File-Tail

Then we download the Mailgraph sources and copy the Mailgraph scripts to the appropriate locations:

cd /tmp
wget http://people.ee.ethz.ch/~dws/software/mailgraph/pub/mailgraph-1.12.tar.gz
tar xvfz mailgraph-1.12.tar.gz
cd mailgraph-1.12
mv mailgraph.pl /usr/local/bin/mailgraph.pl
mv mailgraph-init /etc/init.d/mailgraph

Now we must adjust the Mailgraph init script /etc/init.d/mailgraph:

vi /etc/init.d/mailgraph

On Fedora, the Postfix mail log is /var/log/maillog, so we change

MAIL_LOG=/var/log/syslog

to

MAIL_LOG=/var/log/maillog

Then we add another variable to /etc/init.d/mailgraph, IGNORE_LOCALHOST. If you have integrated a content filter like amavisd into Postfix, add this line

IGNORE_LOCALHOST="--ignore-localhost"

to the block where the variables like MAIL_LOG are defined. If you don't use a content filter, add this line instead:

IGNORE_LOCALHOST=""

In both cases, change

        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR

to

        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR $IGNORE_LOCALHOST

So the final script should look like this (in this case, with --ignore-localhost enabled):

#!/bin/sh

# $Id: mailgraph-init,v 1.4 2005/06/13 11:23:22 dws Exp $
# example init script for mailgraph
#
# chkconfig: 2345 82 28
# description: mailgraph postfix log grapher.
#
# processname: mailgraph.pl
# pidfile: /var/run/mailgraph.pid


PATH=/bin:/usr/bin
MAILGRAPH_PL=/usr/local/bin/mailgraph.pl
MAIL_LOG=/var/log/maillog
PID_FILE=/var/run/mailgraph.pid
RRD_DIR=/var/lib
IGNORE_LOCALHOST="--ignore-localhost"

case "$1" in
'start')
        echo "Starting mail statistics grapher: mailgraph";
        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR $IGNORE_LOCALHOST
        ;;

'stop')
        echo "Stopping mail statistics grapher: mailgraph";
        if [ -f $PID_FILE ]; then
                kill `cat $PID_FILE`
                rm $PID_FILE
        else
                echo "mailgraph not running";
        fi
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;

esac
exit 0

Next we make the script executable, create the appropriate system startup links and start Mailgraph:

chmod 755 /etc/init.d/mailgraph
chkconfig --levels 235 mailgraph on
/etc/init.d/mailgraph start

Still in the /tmp/mailgraph-1.12 directory, we move mailgraph.cgi to our cgi-bin directory:

mv mailgraph.cgi /var/www/www.example.com/cgi-bin/

Now we open the file and adjust the locations of the two Mailgraph databases.

vi /var/www/www.example.com/cgi-bin/mailgraph.cgi

Change

my $rrd = 'mailgraph.rrd'; # path to where the RRD database is
my $rrd_virus = 'mailgraph_virus.rrd'; # path to where the Virus RRD database is

to

my $rrd = '/var/lib/mailgraph.rrd'; # path to where the RRD database is
my $rrd_virus = '/var/lib/mailgraph_virus.rrd'; # path to where the Virus RRD database is

Then we make the script executable:

chmod 755 /var/www/www.example.com/cgi-bin/mailgraph.cgi

If you use suExec for the www.example.com web site, you must chown mailgraph.cgi to the appropriate owner and group.

Now direct your browser to http://www.example.com/cgi-bin/mailgraph.cgi, and you should see some graphs. Of course, there must be some emails going through your system before you see the first results, so be patient.

 

4.2 pflogsumm

The steps differ only slightly from those on Debian and Ubuntu. The main difference is that Postfix logs to /var/log/maillog on Fedora instead of /var/log/mail.log (Debian/Ubuntu) (pay attention to the dot!).

First we install pflogsumm:

yum install postfix-pflogsumm

We want pflogsumm to be run by a cron job each day and send the report to postmaster@example.com. Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

vi /etc/logrotate.conf

/var/log/maillog {
    missingok
    daily
    rotate 7
    create
    compress
    start 0
}

Also change /etc/logrotate.d/syslog

vi /etc/logrotate.d/syslog

from

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

to

/var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

There's a logrotate script in /etc/cron.daily. This script is called everyday between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/maillog to /var/log/maillog.0 and compress it, and the compressed file will be /var/log/maillog.0.gz. It will also create a new, empty /var/log/maillog to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/postfix_report.sh which invokes pflogsumm and makes it send the report to postmaster@example.com:

vi /usr/local/sbin/postfix_report.sh

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
gunzip /var/log/maillog.0.gz

pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received: from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com

gzip /var/log/maillog.0
exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/postfix_report.sh

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

0 7 * * * /usr/local/sbin/postfix_report.sh &> /dev/null

This will send the report to postmaster@example.com.

 

5 Links

up

Copyright © 2006 Falko Timme
All Rights Reserved.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf | print: this | all page(s)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
Nice howto
Submitted by Anonymous (Contact Author) (Forums) on Thu, 2006-07-06 11:08.

This is quite neat. Just one minor gripe - after the first log rotation postfix wouldn't write to the new maillog - turned out I had to restart syslog. Maybe you could add this to your howto.

 

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Re: nice howto
Submitted by Anonymous (Contact Author) (Forums) on Wed, 2006-07-12 18:05.
I agree... it seems to have taken some time, possibly two days, but it wasn't apparent that the logs broke.  I figured it is due to the edit of /etc/logrotate.d/syslog; removenig /var/log/maillog.  Since this is being excluded now, NO maillog logging is happening.  What is up with that suggestion?
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
pflogsumm double-reporting
Submitted by Anonymous (Contact Author) (Forums) on Thu, 2006-07-06 19:28.

previous poster -- syslog should be restarted as per logrotate.conf, check you haven't typo'ed.

 

 I only speed-read this so forgive me if I missed it, but if you are using amavisd-new or something similar you'll still end up with double-reporting of emails as pflogsumm doesn't handle this (see http://jimsun.linxnet.com/downloads/pflogsumm-faq.txt  Q.14) 

 

Casper. 

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Fix for syslog not restarting properly - no entries in maillog
Submitted by BlueC (Contact Author) (Forums) on Sun, 2008-03-30 13:11.

Many users have reported that syslog needs restarting otherwise the maillog file doesn't fill up and the pflogsumm emails just report zero emails. This seems to happen on RedHat based systems (Fedora, RHEL, CentOS).

The fix for this is to change the appropriate section of /etc/logrotate.conf to look like this:

 /var/log/maillog {
    missingok
    daily
    rotate 7
    create
    compress
    start 0
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

Additionally, to the previous poster, there is no double-reporting of emails when used with amavisd - this problem is overcome within the tutorial. 

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf