Patrick, > I've need to parse amavis log lines and noticed that amavis breaks long log > lines into several chunks. This causes problems because some log lines miss > information I'd need e.g. the following line contains the virus detected > but not the mail_id I need to associated it with a certain message: > > amavis[11910]: (11910-15) p001 1/1 Content-Type: application/octet-stream, > size: 218 B, name: eicar.bin.zip > > What could I do to get what I want? > > - Write my own log_templ? > - Increase $logline_maxlen beyond that syslog usually accepts. I use > rsyslog and speculate rsyslog might accept longer strings. Will verify... > - ???
As far as amavisd is concerned, you may increase $logline_maxlen arbirtarily. What happens with long log lines then depends on your syslog. The default maxlen just fits a standard syslog syscall with its syslogd daemon that comes with FreeBSD systems (and likely others). Check your logging daemon to see what are its limits. When one has additional macros in a log template (like the list of SA tests that triggered, the From and Subject), the size of log lines often exceeds 2000 characters or more. When amavisd breaks a long line into several log entries, these are always wrapped at three characters (size of "...") less then maxlen, the three dots appended at the end of a previous line and at a start of the next line. A log file analyzer can splice these back together reliably. Mark ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
