> Hello, I am trying to setup qmailanalog - first of all my log files look
> like this 'Oct 30 10:32:08 flashburn qmail: 972919928.511859 new msg
103249' so
> I assume that I need to strip the 'Oct 30 10:32:08 flashburn qmail:' how
do I do
> that??? Also, once that's streaming in good, what do I need to run???
any
> help would be appreciated!!! Thanks!!!
First of all you can read the documentation, it explains how to use matchup.
Assuming your qmailanalog is in /usr/local/qmailanalog, check out
/usr/local/qmailanalog/doc/MATCHUP.
This is from MATCHUP:
=[begin]=
To remove the "Aug 1 05:30:08 host qmail:" added by syslogd, feed your
logs through
awk '{$1="";$2="";$3="";$4="";$5="";print}'
Note that the syslog mechanism is inherently unreliable: it does not
guarantee that all messages will be logged. For reliable logs, try the
logging utilities in the daemontools package.
=[end]=
Enjoy.
example:
cat /var/log/maillog | awk '{$1="";$2="";$3="";$4="";$5="";print}' >
/tmp/maillog.new
cat /tmp/maillog.new | /usr/local/qmailanalog/bin/matchup >
/tmp/maillog.matchup
cat /tmp/maillog.matchup | /usr/local/qmailanalog/bin/zoverall
--
Alex Khanin, Systems Administrator
TMP Worldwide, Inc | Directional Marketing -%- Interactive
relationalMail(tm) | 205 Hudson Street 7th Floor NYC 10013
P. 646.613.2074 | F. 646.613.0648 | www.relationalMail.com
