When running pflogsumm I am getting many error like this:
Use of uninitialized value $domain in string eq at /usr/local/bin/pflogsumm
line 1546, <> line 283375.
Use of uninitialized value $domain in substitution (s///) at
/usr/local/bin/pflogsumm line 1552, <> line 283375.
# awk '{if(NR==283375) print $0}’ mail.log.combined
Mar 29 23:14:45 mail.covisp.net postfix/postscreen[54597] NOQUEUE: reject: RCPT
from [45.155.126.14]:47867: 550 5.7.1 Service unavailable; client
[45.155.126.14] blocked using zen.spamhaus.org; from=<digimsolut...@gmail.com>,
to=<*munged*covisp.net>, proto=ESMTP, helo=<event8.eventproglobally.info>
The combined file is generated by catting several different files
bzcat /var/log/mail.0.bz2 /var/log/postscreen.0.bz2
/var/log/delivery.0.bz2|sort > /tmp/mail.log.combined && pflogsumm
/tmp/mail.log.combined -q --detail 15 --verp-mung=2 --problems-first
--rej-add-from
I don’t get the error if I exclude the postscreen.0.bz2 file from the bzcat
part of the command.
I used rsyslogd to split the login of mail actions which makes my normally
delving into the logs considerably easier.
if $syslogtag contains 'postscreen' then /var/log/postscreen.log
if $syslogtag contains 'postscreen' then stop
if $syslogtag contains 'dnsblog' then /var/log/postscreen.log
if $syslogtag contains 'dnsblog' then stop
if $msg contains 'status=sent' then /var/log/delivery.log
if $msg contains 'status=sent' then stop
if $msg contains 'permit: DATA' then /var/log/delivery.log
if $msg contains 'permit: DATA' then stop
--
Well, we know where we're goin' But we don't know where we've been
And we know what we're knowin' But we can't say what we've seen
