Comments on Postfix Monitoring With Mailgraph And pflogsumm On Debian Lenny
Postfix Monitoring With Mailgraph And pflogsumm On Debian Lenny This article describes how you can monitor your Postfix mailserver with the tools Mailgraph and pflogsumm. Mailgraph creates daily, weekly, monthly, and yearly graphs of sent, received, bounced, and rejected emails and also of spam and viruses, if SpamAssassin and ClamAV are integrated into Postfix (e.g. using amavisd-new). These graphs can be accessed with a browser, whereas pflogsumm ("Postfix Log Entry Summarizer") can be used to send reports of Postfix activity per email.
13 Comment(s)
Comments
Can this be used on a system with ISPconfig installed?
Hi,
please note that users of rsyslog will already have an entry for /var/log/mail.log in /etc/logrotate.d/rsyslog (other syslog daemons might have a similar file), so this one should be modified instead of /etc/logrotate.conf.
Please also take into consideration to use the "prerotate" feature of logrotate instead of a cron job that unzips and rezips the logfile. In your example you just need to add
prerotate
/usr/local/sbin/postfix_report.sh
endscript
to your logrotate configuration to have it executed right before the rotation (and remove the gunzip/gzip lines and use /var/log/mail.log for pflogsumm).
But apart from my comments about logrotate I really appreciate your Howto as I always wanted to have statistics but never thought about those two packages. 
Kind regards
Sebastian
@sebastian:
Please elaborate. I am stuck with this problem of conflicting logrotate.conf and rsyslog rotation :-( your solution sounds just like what I need, see thread: https://www.howtoforge.com/forums/showthread.php?t=25175
Thanks for this (an many other) article(s)
I optimised my cron job for pfloggsumm as follows:
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
zcat /var/log/mail.log.0.gz |pflogsumm | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: [email protected]" -I"Received: from www.example.com ([192.168.0.100])" | sendmail [email protected]
exit 0
Which i think saves some cpu/disk cycles.
Do you see a drawback to this method ?
Kind regards,
Piet
Logwatch even handles spf reporting, it should be also said that mailgraph uses all postfix stats, and if you have a computer with multiple instances of postfix on different ip addresses then mailgraph only gives a general idea of all traffic, not specific traffic to that ip/site.
Nitpick ? maybe but one computer one website is a bit simple. The mailgraph charts are nice. and can be improved with a bit of a simple stylesheet.
Maybe you are using another syslog version but I had to restart the syslog deamon in order to get log in the mail.log file after the rotations.
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
I modified the configuration, maybe it is usefull for someone:
postfix_report.sh (no zip and unzip):
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
pflogsumm /var/log/mail.log | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: [email protected]" -I"Received: from www.example.com ([192.168.0.100])" | sendmail [email protected]
exit 0
And I use the rsyslog:
/var/log/mail.log {
missingok
daily
rotate 7
create
compress
start 0
prerotate
/usr/local/sbin/postfix_report.sh
endscript
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}
Greetings,
Jasper Tepper
hi.. i want to ask something.. I know that mailgraph can log spam/virus but dont know who send it... and pflogsumm can log message, recepient... so is pflogsumm can log virus/spam too ?
http://www.birkosan.com/2012/05/mailgraph-with-postfixpostscreen.html
Changes
Two main things are new - one that some of the variables have been separated out to a conf file: /etc/default/mailgraph (that is automatically written to during package install), so for instance, the way to ignore localhost is now just to change the line in that file to read:
IGNORE_LOCALHOST=true
& for Plesk users:
MAIL_LOG=/usr/local/psa/var/log/maillog
I guess BOOT_START should also be set to true...
...the other thing that has changed is that there is now an external css file that the mailgraph.cgi code uses to format output. I found that this didn't automatically get installed from the package and I had to get it from the tarball. I then found that it was broke if placed in the cgi-bin directory alongside mailgraph.cgi (apparently it tries to execute it as a cgi), so instead moved it to the httpdocs directory and modified the code to read:
<link rel="stylesheet" href="../mailgraph.css" type="text/css" />
Missing Perl Modules
Anyway that was later, since none of it worked when I installed it from the debian repository, so from here: https://github.com/DamianZaremba/mailgraph I determined I was missing perl modules (check like so: http://www.cyberciti.biz/faq/how-do-i-find-out-what-perl-modules-already-installed-on-my-system/ ) as I don't really use any perl stuff on this server.
Installed cpanimus from here: http://www.cpan.org/modules/INSTALL.html. FILE:Tail got installed in the process...but had to manually install Time::HiRes:
cpanm Time::HiRes
Permissions & image files
I still had errors as it was trying to save temporary image files to a directory it didn't have permissions on, so I modified mailgraph.cgi to read:
my $tmp_dir = '/var/www/vhosts/domain.com/httpdocs/temp';
...which was a directory already with write permission for the apache user.
Bigger Pictures
It now worked , but the charts were a bit small, so modified overall width in the css file and changed the mailgraph.cgi script so it read :
my $xpoints = 930;
&
my $ypoints = 250;
.... Now it's working fine. Not an automatic setup by a long chalk, but I got there in the end and it looks fine!
I think it would be great to have some more documentation for this... from someone who undrstands it better than me! like I'm not even exactly clear what the legends represent on the graphs...! and is there any way you can get it to import old logs to get a view of the time before it was installed?? that would be awesome! How about getting a daily image emailed??
I am unable to get this to work. Following this tutorial, I attempted this on Ubuntu 14.04.4 LTS:
apt-get update
aptitude install -y rrdtool mailgraph
dpkg-reconfigure mailgraph
cp -p /usr/lib/cgi-bin/mailgraph.cgi /var/www/html/cgi-bin
/etc/init.d/apache2 restart
At this point, things are supposed to work, but I got:
The requested URL /cgi-bin/mailgraph.cgi was not found on this server.
Followed some advice from:
http://stackoverflow.com/questions/21698645/how-to-run-cgi-script-on-apache-server
chown www-data:www-data /var/www/html/cgi-bin
vi /etc/apache2/sites-enabled/000-default.conf
Added this within:
<virtualhost>
<Files ~ "\.(pl|cgi)$">
SetHandler perl-script
PerlResponseHandler ModPerl::PerlRun
Options +ExecCGI
PerlSendHeader On
</Files>
</birtualhost>
vi /etc/apache2/apache2.conf
added:
<Directory /var/www/cgi-bin/>
AddHandler cgi-script .cgi .pl
Options FollowSymLinks ExecCGI
AllowOverride None
</Directory>
Installed mod_perl and mod-fcgid for apache2:
apt-get install -y libapache2-mod-perl2 libapache2-mod-fcgid libapache2-mod-fcgid-dbg
/etc/init.d/apache2 restart
Still getting:
The requested URL /cgi-bin/mailgraph.cgi was not found on this server.
Hello I have this error after installing pflogsum :
error: /etc/logrotate.conf:33 duplicate log entry for /var/log/mail.log
How to solve it please.Thank you
comment gunzip ....
comment zip ...
add zcat logfile | pflogsumm .....
no need to gunzip log file then, and later zip it back