Hi all,
I've been using multitail for some time version 3.something...
Anyway during maintenance I've changed somethings on multitail.conf and
noticed the color conf I've made for QMT so it follows.
hope it helps you to read those logs... ;)
# QMT COLORS
# QMT: clamd
colorscheme:clamd
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta::
cs_re:green:/var/qmail/simscan/.*(: OK)
cs_re:red:/var/qmail/simscan/.*(: [^ ]* FOUND)
cs_re:yellow:/var/qmail/simscan/.*( ERROR)
#
# QMT: qmail-smtp
colorscheme:qmail-smtp
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:magenta,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:green:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:green:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re_val_bigger:magenta,,bold:5:'('(-|)([0-9]|)([0-9]).([0-9]|)([0-9])'/'
11.00')'
cs_re:red,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
cs_re:red,,bold: *[^ ]*:VIRUS:.*
cs_re:red,,bold: *[^ ]*:ATTACH:.*
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
cs_re:yellow: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
cs_re:yellow,,bold: *[^ ]*policy_check: policy forbid([^ ]*).*
cs_re:magenta,,bold:rblsmtpd: ([0-9\.]*)
cs_re:magenta,,bold:qmail-smtpd.*
cs_re:magenta,,bold:spf-reject.*
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
#
# QMT: qmail-send
colorscheme:qmail-send
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:delivery *[^ ]*: success:.*
cs_re:red,,bold:delivery *[^ ]*: failure:.*
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
#
# QMT: SpamAssassin
colorscheme:qmtspamassassin
cs_re:magenta::
cs_re:blue:^....-..-.. ..:..:..
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds,
([^ ]*) bytes.
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^
]*) bytes.
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
cs_re_s:yellow,,bold:result: Y ([^ ]*) .*
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
cs_re:white,,bold:processing message.*
#
# QMT: sophie
colorscheme:sophie
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:NOTICE *[^ ]*:.*
cs_re:red,,bold:Virus present.*
cs_re:red,,bold:WARNING *[^ ]*: Scan result =.*
cs_re:yellow,,bold:WARNING *[^ ]*: error:.*
and this is how i call multitail:
multitail -Z red,black,inverse -T -S -x "%m [EMAIL PROTECTED] %f (%t) [%l]" \
-m 0 -n 49 -cS qmail-send -l "tail -F -q -c 512000
/var/log/qmail/send/current | tai64nlocal" \
-m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan"
-em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000
/var/log/qmail/smtp/current | tai64nlocal" \
-m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan"
-em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000
/var/log/qmail/submission/current | tai64nlocal" \
-m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from
localhost)" -l "tail -F -q -c 512000 /var/log/qmail/spamd/current |
tai64nlocal" \
-m 0 -n 49 -cS clamd -l "tail -F -q -c 512000
/var/log/qmail/clamd/current | tai64nlocal" \
-m 0 -n 49 -cS sophie -l "tail -F -q -c 512000
/var/log/qmail/sophie/current | tai64nlocal"
and for fast reviewing, with help of qmlog (great tool by the way :) ):
multitail -Z red,black,inverse -T -S -x "%m [EMAIL PROTECTED] %f (%t) [%l]" \
-m 0 -n 49 -cS qmail-send -l "qmlog -f send" \
-m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan"
-em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \
-m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan"
-em "rblsmtpd:" -em "qmail-smtpd: " -em "spf-reject" -l "qmlog -f
submission" \
-m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from
localhost)" -l "qmlog -f spamd" \
-m 0 -n 49 -cS clamd -l "qmlog -f clamd" \
-m 0 -n 49 -cS sophie -l "qmlog -f sophie"
Hope it helps!
A M
