On 2020-07-13 03:57, Greg Sims wrote:
I removed rsyslog using yum, rebooted the VM and made sure postfix was
running. I then sent five emails from a remote VM using SMTP. I can
see the postfix logs using journalctl. This set of postfix logs do
not make it to /var/log/maillog. The five emails were delivered. I'm
not sure if this is the expected behavior.
This is expected as rsyslog writes to /var/log/maillog. Now you only
have the journal except for those services that write to their own
logfile directly...
Apache is also running on this VM. I performed "tail
/var/log/httpd/access_log" and can see Apache logging.
... like apache does.
Greg Sims
www.RayStedman.org [1]
On Sun, Jul 12, 2020 at 5:08 PM Greg Sims <webmas...@raystedman.org>
wrote:
I updated my maillog processing tool to make use of journalctl.
This is working well and I can now see the "missing" maillog entries
with my tool. This is a great step in the right direction.
I have rsyslog running which looks like it might be redundant --
based on the serverfault post you supplied. I will try running
without rsyslog and see what happens.
I am aware of the systemd journal rate limits from CentOS 7. I will
do additional research to know when I hit these limits and make
needed adjustments if I do.
Thanks for your help Christian! I am now able to accomplish my
goals using journalctl.
I am more than willing to collect data to help determine why the
three minutes of log data is not making it to /var/log/maillog. To
be honest, I do not know how to "... find out how your syslog daemon
gets the messages from the systemd journal.".
Greg Sims
On Sun, Jul 12, 2020 at 3:51 PM Christian Kivalo
<ml+postfix-us...@valo.at> wrote:
On 2020-07-13 00:10, Greg Sims wrote:
Thank you Christian. I am running on CentOS 8.2 and the name of
the
service is "postfix.service". When I enter:
journalctl -u postfix.service --since="2020-07-12 03:06:00"
--until="2020-07-12 03:11:00"
I see all of the missing data that should be in
/var/log/maillog --
almost 50,000 records. You discovered a way to gain access to
the
missing data!
The big question for me continues to be, why did this data not
make it
to /var/log/maillog?
You'd have to find out how your syslog daemon get the messages
from the
systemd journal. What syslog daemon do you have installed?
Be aware that systemd journal has some rate limits which can lead
to
loss of log messages, see the man 5 journald.conf
I found this
https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald
which covers rsyslog on centos 7. There is an import module for
systemd
journal.
On my server rsyslog is configured to create a log socket at
/var/spool/postfix/dev/log and ignore systemd journal and that
works
well for my use case.
Greg Sims
On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo
<ml+postfix-us...@valo.at> wrote:
On 2020-07-12 23:01, Greg Sims wrote:
Nothing Christian:
[root@mail0 postfix]# journalctl -u postfix@-.service
--since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00"
-- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun
2020-07-12
15:50:00 CDT. --
-- No entries --
Maybe your systemd unit is named slightly different as in
debian,
postfix@-.service is what tab completion makes for me...
Is there anything in journalctl? What does systemctl status
postfix
show?
You can have postfix log to a file as described in
http://www.postfix.org/MAILLOG_README.html first and then fix
your
logging.
--
Christian Kivalo
--
Christian Kivalo
Links:
------
[1] https://www.RayStedman.org
--
Christian Kivalo
