Hi all, I've been using multitail for some time version 3.something... Anyway during maintenance I've changed somethings on multitail.conf and noticed the color conf I've made for QMT so it follows. hope it helps you to read those logs... ;)
# QMT COLORS # QMT: clamd colorscheme:clamd cs_re:blue:^....-..-.. ..:..:.. cs_re:magenta:: cs_re:green:/var/qmail/simscan/.*(: OK) cs_re:red:/var/qmail/simscan/.*(: [^ ]* FOUND) cs_re:yellow:/var/qmail/simscan/.*( ERROR) # # QMT: qmail-smtp colorscheme:qmail-smtp cs_re:cyan:: cs_re:blue:^....-..-.. ..:..:.. cs_re:magenta,,bold:<= cs_re:magenta,,bold:=> cs_re:green,,bold:=> *[^ ]* cs_re:green:<= *[^ ]* cs_re:green,,bold:=> *[^ ]* <[^>]*> cs_re:green:<= *[^ ]* <[^>]*> cs_re:yellow:H=[^ ]* cs_re:red:verify failed for SMTP recipient.* cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused cs_re_val_bigger:magenta,,bold:5:'('(-|)([0-9]|)([0-9]).([0-9]|)([0-9])'/' 11.00')' cs_re:red,,bold: *[^ ]*SPAM REJECT ([^ ]*).* cs_re:red,,bold: *[^ ]*:VIRUS:.* cs_re:red,,bold: *[^ ]*:ATTACH:.* cs_re:red,,bold: *[^ ]*policy_check: policy_load failed cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).* cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).* cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).* cs_re:yellow: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).* cs_re:yellow,,bold: *[^ ]*policy_check: policy forbid([^ ]*).* cs_re:magenta,,bold:rblsmtpd: ([0-9\.]*) cs_re:magenta,,bold:qmail-smtpd.* cs_re:magenta,,bold:spf-reject.* cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).* cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).* # # QMT: qmail-send colorscheme:qmail-send cs_re:cyan:: cs_re:blue:^....-..-.. ..:..:.. cs_re:white,,bold:delivery *[^ ]*: success:.* cs_re:red,,bold:delivery *[^ ]*: failure:.* cs_re:yellow,,bold:delivery *[^ ]*: deferral:.* # # QMT: SpamAssassin colorscheme:qmtspamassassin cs_re:magenta:: cs_re:blue:^....-..-.. ..:..:.. cs_re:yellow:autolearn=failed cs_re:red,,blink:server killed by [^,]*, shutting down cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes. cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes. cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes. cs_re_s:yellow,,bold:result: Y ([^ ]*) .* cs_re_s:green,,bold:server successfully spawned child process, pid (.*) cs_re:green:server successfully spawned child process, pid cs_re:white,,bold:processing message.* # # QMT: sophie colorscheme:sophie cs_re:cyan:: cs_re:blue:^....-..-.. ..:..:.. cs_re:white,,bold:NOTICE *[^ ]*:.* cs_re:red,,bold:Virus present.* cs_re:red,,bold:WARNING *[^ ]*: Scan result =.* cs_re:yellow,,bold:WARNING *[^ ]*: error:.* and this is how i call multitail: multitail -Z red,black,inverse -T -S -x "%m [EMAIL PROTECTED] %f (%t) [%l]" \ -m 0 -n 49 -cS qmail-send -l "tail -F -q -c 512000 /var/log/qmail/send/current | tai64nlocal" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/smtp/current | tai64nlocal" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/submission/current | tai64nlocal" \ -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "tail -F -q -c 512000 /var/log/qmail/spamd/current | tai64nlocal" \ -m 0 -n 49 -cS clamd -l "tail -F -q -c 512000 /var/log/qmail/clamd/current | tai64nlocal" \ -m 0 -n 49 -cS sophie -l "tail -F -q -c 512000 /var/log/qmail/sophie/current | tai64nlocal" and for fast reviewing, with help of qmlog (great tool by the way :) ): multitail -Z red,black,inverse -T -S -x "%m [EMAIL PROTECTED] %f (%t) [%l]" \ -m 0 -n 49 -cS qmail-send -l "qmlog -f send" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -em "spf-reject" -l "qmlog -f submission" \ -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "qmlog -f spamd" \ -m 0 -n 49 -cS clamd -l "qmlog -f clamd" \ -m 0 -n 49 -cS sophie -l "qmlog -f sophie" Hope it helps! A M