* * * * *

                            More notes on logging

I mentioned yesterday about logging all mail related logs to a central server
[1]. While we don't have a complicated email setup (unlike, say, Negiyo), we
still have several email severs and we get enough tickets about slow or lost
email that it's a pain having to slog through one or two servers piecing
everything together. What I would like is, given a Message-ID (which is
(supposed to be) a globally unique identifier for an email) or an email
address, to make a query in one location and get something like:

> message-id = <[email protected]>
> from = [email protected]
> to   = [email protected]
> [rhohan-isp.example.org]   [gondor.example.net]       Feb 10 22:46:56
> [gondor.example.net]       [spamfirewall.example.com] Feb 10 22:46:57
> [spamfirewall.com]         [compmailserv.example.com] Feb 10 22:47:02
> [compmailserv.example.com] [workstation.example.com]  Feb 10 22:47:06
> [workstation.example.com]  mbox of sean               Feb 10 22:47:06
>

As an example, you see the Message-ID, who sent the email, who received it,
and the five other lines can be read as: machine X sent email to machine Y at
such-n-such a time,” with the last one showing local delivery of the email to
a mailbox.

Anyway, that's what I would like to build. And I can almost do it. Sendmail
[2] (which at The Company we use on our legacy systems), Postfix [3] (which
we use for new servers) and Exim [4] (which we use on one server because it
has a feature that's needed by a program that runs on that one server) all
log a bunch of messages as email works through their respective systems. Each
one uses an internal unique ID, but they at least log the Message-ID at some
point, so I can map the respective MTA (Mail Transport Agent)s internal IDs
to a globally unique ID.

The odd-man out though, is our spam firewall, which is used by a significant
portion of our customers. But, given that our spam firewall is OpenSource™ I
suppose I can modify the source code to emit a Message-ID, but the problem
there is if (or when) we upgrade—I would have to patch the code again (or,
convince the Powers That Be to accept the patch).

I would also like to convert as many software packages to log via syslog, and
while most, like PostgreSQL [5] and even Apache [6], can be configured as
such, there are a few holdouts (I'm looking at you, MySQL [7]) that can't.

[1] gopher://gopher.conman.org/0Phlog:2010/02/09.1
[2] http://www.sendmail.org/
[3] http://www.postfix.org/
[4] http://www.exim.org/
[5] http://www.postgresql.org/
[6] http://httpd.apache.org/
[7] http://www.mysql.com/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.