Re: Postfix logs disordered

Viktor Dukhovni Mon, 14 Mar 2016 09:23:31 -0700

On Mon, Mar 14, 2016 at 01:57:35PM +0100, Milan Popovic wrote:

> I am facing an "issue" with logs. I want to process the logs on the fly.
> 
> Postfix ID1 -> Sophos -> Postfix ID2
> 
> I think postfix for performance reason writes logs after processing
> messages. I can see this kind of situation in my logs :


I can confirm what Wietse said, Postfix logs information as soon
as it is available.  Note that when mail is forwarded over SMTP
there is concurrent activity on the sending and receiving sides.

> Jan  9 08:03:24 smtp1 postfix/smtpd[21740]: 3pcshX6GNMz11r4C: client=xxxx
> Jan  9 08:03:25 smtp1 postfix/cleanup[24891]: 3pcshX6GNMz11r4C: 
> message-id=<1128173832.11432.1452323000636.JavaMail.Administrator@localhost>
> Jan  9 08:03:25 smtp1 postfix/qmgr[30181]: 3pcshX6GNMz11r4C: 
> from=<yyyyy...@yyyyyyy.no>, size=17921, nrcpt=1 (queue active)

Message comes in, and is forwarded for filtering

> Jan  9 08:03:25 smtp1 postfix/smtpd[17088]: 3pcshY5H0dz11r4G: 
> client=localhost.localdomain[127.0.0.1]
> Jan  9 08:03:25 smtp1 postfix/cleanup[24894]: 3pcshY5H0dz11r4G: 
> message-id=<1128173832.11432.1452323000636.JavaMail.Administrator@localhost>
> 
> Jan  9 08:03:25 smtp1 postfix/qmgr[30181]: 3pcshY5H0dz11r4G: 
> from=<yyyyyy...@yyyyyyy.no>, size=19065, nrcpt=1 (queue active)

Post-filter service enqueues message, and responds to pre-filter forwarder.

> Jan  9 08:03:25 smtp1 postfix/smtp[24892]: 3pcshX6GNMz11r4C: 
> to=<xxxx...@xxxxx.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.1, 
> delays=0.45/0/0/0.66, dsn=2.0.0, status=sent (250 OK, sent 
> 5690B0BD_13054_6511_1 3pcshY5H0dz11r4G)
> Jan  9 08:03:25 smtp1 postfix/qmgr[30181]: 3pcshX6GNMz11r4C: removed

Pre-filter forwarder logs filter success and deletes the queue file.

> Jan  9 08:03:25 smtp1 postfix/smtp[24895]: 3pcshY5H0dz11r4G: 
> to=<xxxx...@xxxxx.com>, relay=mailhost1.b2gmom.internal.tld[10.219.4.69]:25, 
> delay=0.07, delays=0.05/0.01/0/0.01, dsn=2.5.0, status=sent (250 2.5.0 Ok, 
> envelope id 0o0o008gublp3...@xxxxxxx.internal.tld)
> Jan  9 08:03:25 smtp1 postfix/qmgr[30181]: 3pcshY5H0dz11r4G: removed

Postfilter delivery completes and queue file removed.

> My goal is to regroup this informations in only one record in
> elasticsearch.

Parse the logs accordingly, all the information you need is there.

-- 
        Viktor.

Re: Postfix logs disordered

Reply via email to