Re: Nothing in /var/log/maillog under stress
On 2020-07-12 20:59, Greg Sims wrote: We are making good progress building a mail server. The server is a KVM running CentOs 8.2 with vcpus=2 and ram=4GB. The system is under heavy load and is likely limited by disk performance. The load is generated by a second KVM using SMTP to send email. Everything seems to be working except there is nothing in /var/log/maillog for a period of 3 minutes. I'm not sure what is causing the omission of logs and how to correct this issue. Maybe systemd-journald rate limit is your problem. I found some information here https://www.rootusers.com/how-to-change-log-rate-limiting-in-linux Do these 3 minutes show up when you call journalctl -u postfix@-.service or more specific journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" I'm concerned that we are not following this recommendation, "Don't overwhelm the disk with mail submissions. Optimize the mail submission rate by tuning the number of parallel submissions and/or by tuning the Postfix in_flow_delay parameter setting." There is no indication in /var/log/maillog of problems (other than 3 minutes of missing logs). I do not know if "overwhelming the disk" would lead to shutting down data going to the maillog altogether. I will set in_flow_delay = 2s for this KVM mail server this evening. The performance snapshots below seem to show: cpu load average is not heavy, plenty of ram free, no swapping (stable at 108Mi), dm-0 is working hard at 129 tps and postfix seems to be keeping up with the load with 39-50 emails in the queue. This run started at 03:05 and created two minutes of data in /var/log/maillog -- and then nothing for 3 minutes starting at 03:07. I am certain the email in the missing three minutes was actually delivered or I would be seeing lots of negative feedback from our subscribers. You can also put 03:07:04 up 17:31, 0 users, load average: 0.42, 0.26, 0.10 totalusedfree shared buff/cache available Mem: 3.7Gi 832Mi 2.0Gi 101Mi 931Mi 2.5Gi Swap: 1.0Gi 108Mi 915Mi Device tpskB_read/skB_wrtn/skB_read kB_wrtn dm-0129.00 0.00 2373.50 0 4747 incoming/active queue: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 39 39 0 0 0 0 0 0 00 0 gmail.com [1] 8 8 0 0 0 0 0 0 00 0 att.net [2] 7 7 0 0 0 0 0 0 00 0 bellsouth.net [3] 7 7 0 0 0 0 0 0 00 0 sbcglobal.net [4] 7 7 0 0 0 0 0 0 00 0 aol.com [5] 4 4 0 0 0 0 0 0 00 0 icloud.com [6] 4 4 0 0 0 0 0 0 00 0 yahoo.com [7] 1 1 0 0 0 0 0 0 00 0 outlook.com [8] 1 1 0 0 0 0 0 0 00 0 deferred queue: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 1 0 0 0 0 0 0 0 00 1 icloud.com [6] 1 0 0 0 0 0 0 0 00 1 03:07:11 up 17:31, 0 users, load average: 0.36, 0.25, 0.10 totalusedfree shared buff/cache available Mem: 3.7Gi 858Mi 1.9Gi 101Mi 933Mi 2.5Gi Swap: 1.0Gi 108Mi 915Mi Device tpskB_read/skB_wrtn/skB_read kB_wrtn dm-0121.50 0.00 2326.00 0 4652 incoming/active queue: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 56 56 0 0 0 0 0 0 00 0 gmail.com [1] 13 13 0 0 0 0 0 0 00 0 att.net [2] 11 11 0 0 0 0 0 0 00 0 sbcglobal.net [4] 11 11 0 0 0 0 0 0 00 0 bellsouth.net [3] 9 9 0 0 0 0 0 0 00 0 icloud.com [6] 6 6 0 0 0 0 0 0 00 0 yahoo.com [7] 5 5 0 0 0 0 0 0 00 0 rocketmail.com [9] 1 1 0 0 0 0 0 0 00 0 deferred queue: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 1 0 0 0 0 0 0 0 00 1 icloud.com [6] 1 0 0 0 0 0 0 0 00 1 Thanks, Greg Links: -- [1] http://gmail.com [2] http://att.net [3] http://bellsouth.net [4] http://sbcglobal.net [5] http://aol.com [6] http://icloud.com [7] http://yahoo.com [8] http://outlook.com [9] http://rocketmail.com -- Christian Kivalo
Re: Nothing in /var/log/maillog under stress
On 2020-07-12 23:01, Greg Sims wrote: Nothing Christian: [root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 15:50:00 CDT. -- -- No entries -- Maybe your systemd unit is named slightly different as in debian, postfix@-.service is what tab completion makes for me... Is there anything in journalctl? What does systemctl status postfix show? You can have postfix log to a file as described in http://www.postfix.org/MAILLOG_README.html first and then fix your logging. -- Christian Kivalo
Re: Nothing in /var/log/maillog under stress
On 2020-07-13 00:10, Greg Sims wrote: Thank you Christian. I am running on CentOS 8.2 and the name of the service is "postfix.service". When I enter: journalctl -u postfix.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" I see all of the missing data that should be in /var/log/maillog -- almost 50,000 records. You discovered a way to gain access to the missing data! The big question for me continues to be, why did this data not make it to /var/log/maillog? You'd have to find out how your syslog daemon get the messages from the systemd journal. What syslog daemon do you have installed? Be aware that systemd journal has some rate limits which can lead to loss of log messages, see the man 5 journald.conf I found this https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald which covers rsyslog on centos 7. There is an import module for systemd journal. On my server rsyslog is configured to create a log socket at /var/spool/postfix/dev/log and ignore systemd journal and that works well for my use case. Greg Sims On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo wrote: On 2020-07-12 23:01, Greg Sims wrote: Nothing Christian: [root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 15:50:00 CDT. -- -- No entries -- Maybe your systemd unit is named slightly different as in debian, postfix@-.service is what tab completion makes for me... Is there anything in journalctl? What does systemctl status postfix show? You can have postfix log to a file as described in http://www.postfix.org/MAILLOG_README.html first and then fix your logging. -- Christian Kivalo -- Christian Kivalo
Re: Nothing in /var/log/maillog under stress
Nothing Christian: [root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 15:50:00 CDT. -- -- No entries -- Greg Sims Blessings, Greg www.RayStedman.org On Sun, Jul 12, 2020 at 1:29 PM Christian Kivalo wrote: > > > On 2020-07-12 20:59, Greg Sims wrote: > > We are making good progress building a mail server. The server is a > > KVM running CentOs 8.2 with vcpus=2 and ram=4GB. The system is under > > heavy load and is likely limited by disk performance. The load is > > generated by a second KVM using SMTP to send email. Everything seems > > to be working except there is nothing in /var/log/maillog for a period > > of 3 minutes. I'm not sure what is causing the omission of logs and > > how to correct this issue. > Maybe systemd-journald rate limit is your problem. I found some > information here > https://www.rootusers.com/how-to-change-log-rate-limiting-in-linux > > Do these 3 minutes show up when you call journalctl -u postfix@-.service > or more specific > > journalctl -u postfix@-.service --since="2020-07-12 03:06:00" > --until="2020-07-12 03:11:00" > > > I'm concerned that we are not following this recommendation, "Don't > > overwhelm the disk with mail submissions. Optimize the mail submission > > rate by tuning the number of parallel submissions and/or by tuning the > > Postfix in_flow_delay parameter setting." There is no indication in > > /var/log/maillog of problems (other than 3 minutes of missing logs). I > > do not know if "overwhelming the disk" would lead to shutting down > > data going to the maillog altogether. I will set in_flow_delay = 2s > > for this KVM mail server this evening. > > > > The performance snapshots below seem to show: cpu load average is not > > heavy, plenty of ram free, no swapping (stable at 108Mi), dm-0 is > > working hard at 129 tps and postfix seems to be keeping up with the > > load with 39-50 emails in the queue. This run started at 03:05 and > > created two minutes of data in /var/log/maillog -- and then nothing > > for 3 minutes starting at 03:07. I am certain the email in the > > missing three minutes was actually delivered or I would be seeing lots > > of negative feedback from our subscribers. > You can also put > > >>> 03:07:04 up 17:31, 0 users, load average: 0.42, 0.26, 0.10 > >> > >> totalusedfree shared buff/cache > >> available > >> > >> Mem: 3.7Gi 832Mi 2.0Gi 101Mi 931Mi > >> 2.5Gi > >> > >> Swap: 1.0Gi 108Mi 915Mi > >> > >> Device tpskB_read/skB_wrtn/skB_read > >> kB_wrtn > >> > >> dm-0129.00 0.00 2373.50 0 > >> 4747 > >> > >> incoming/active queue: > >> > >> T 5 10 20 40 80 160 320 > >> 640 1280 1280+ > >> > >> TOTAL 39 39 0 0 0 0 0 0 > >> 00 0 > >> > >> gmail.com [1] 8 8 0 0 0 0 0 > >> 0 00 0 > >> > >> att.net [2] 7 7 0 0 0 0 0 > >> 0 00 0 > >> > >> bellsouth.net [3] 7 7 0 0 0 0 0 > >> 0 00 0 > >> > >> sbcglobal.net [4] 7 7 0 0 0 0 0 > >> 0 00 0 > >> > >> aol.com [5] 4 4 0 0 0 0 0 > >> 0 00 0 > >> > >> icloud.com [6] 4 4 0 0 0 0 0 > >> 0 00 0 > >> > >> yahoo.com [7] 1 1 0 0 0 0 0 > >> 0 00 0 > >> > >> outlook.com [8] 1 1 0 0 0 0 0 > >> 0 00 0 > >> > >> deferred queue: > >> > >> T 5 10 20 40 80 160 320 > >> 640 1280 1280+ > >> > >> TOTAL 1 0 0 0 0 0 0 0 > >> 00 1 > >> > >> icloud.com [6] 1 0 0 0 0 0 0 > >> 0 00 1 > >> > >>> 03:07:11 up 17:31, 0 users, load average: 0.36, 0.25, 0.10 > >> > >> totalusedfree shared buff/cache > >> available > >> > >> Mem: 3.7Gi 858Mi 1.9Gi 101Mi 933Mi > >> 2.5Gi > >> > >> Swap: 1.0Gi 108Mi 915Mi > >> > >> Device tpskB_read/skB_wrtn/skB_read > >> kB_wrtn > >> > >> dm-0121.50 0.00 2326.00 0 > >> 4652 > >> > >> incoming/active queue: > >> > >> T 5 10 20 40 80 160 320 > >> 640 1280 1280+ > >> > >> TOTAL 56 56 0 0 0 0 0 0 > >> 00 0 > >> > >> gmail.com [1] 13 13 0 0 0 0 0 > >> 0 00 0 > >> > >> att.net [2] 11 11 0 0 0 0 0 > >> 0 00 0 > >> > >> sbcglobal.net [4] 11 11 0 0 0 0 0 > >> 0 00 0 > >> > >> bellsouth.net [3] 9 9 0 0 0 0 0 > >> 0 00 0 > >> > >> icloud.com [6] 6 6 0 0 0 0 0 > >> 0 00 0 > >> > >> yahoo.com [7] 5 5 0 0 0 0 0 > >> 0 00 0 > >> > >> rocketmail.com [9] 1 1 0 0 0 0 0 > >> 0 00 0 > >> > >> deferred queue: > >> > >> T 5 10 20 40 80 160 320 > >> 640 1280 1280+ > >> > >> TOTAL 1 0 0 0 0 0 0 0 > >> 00 1 > >> > >> icloud.com [6] 1 0 0 0 0 0 0 > >> 0 0
Re: Nothing in /var/log/maillog under stress
Thank you Christian. I am running on CentOS 8.2 and the name of the service is "postfix.service". When I enter: journalctl -u postfix.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" I see all of the missing data that should be in /var/log/maillog -- almost 50,000 records. You discovered a way to gain access to the missing data! The big question for me continues to be, why did this data not make it to /var/log/maillog? Greg Sims On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo wrote: > On 2020-07-12 23:01, Greg Sims wrote: > > Nothing Christian: > > > >> [root@mail0 postfix]# journalctl -u postfix@-.service > >> --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" > >> -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 > >> 15:50:00 CDT. -- > >> -- No entries -- > Maybe your systemd unit is named slightly different as in debian, > postfix@-.service is what tab completion makes for me... > > Is there anything in journalctl? What does systemctl status postfix > show? > > You can have postfix log to a file as described in > http://www.postfix.org/MAILLOG_README.html first and then fix your > logging. > > -- > Christian Kivalo >
Re: Nothing in /var/log/maillog under stress
I updated my maillog processing tool to make use of journalctl. This is working well and I can now see the "missing" maillog entries with my tool. This is a great step in the right direction. I have rsyslog running which looks like it might be redundant -- based on the serverfault post you supplied. I will try running without rsyslog and see what happens. I am aware of the systemd journal rate limits from CentOS 7. I will do additional research to know when I hit these limits and make needed adjustments if I do. Thanks for your help Christian! I am now able to accomplish my goals using journalctl. I am more than willing to collect data to help determine why the three minutes of log data is not making it to /var/log/maillog. To be honest, I do not know how to "... find out how your syslog daemon gets the messages from the systemd journal.". Greg Sims On Sun, Jul 12, 2020 at 3:51 PM Christian Kivalo wrote: > > > On 2020-07-13 00:10, Greg Sims wrote: > > Thank you Christian. I am running on CentOS 8.2 and the name of the > > service is "postfix.service". When I enter: > > > >> journalctl -u postfix.service --since="2020-07-12 03:06:00" > >> --until="2020-07-12 03:11:00" > > I see all of the missing data that should be in /var/log/maillog -- > > almost 50,000 records. You discovered a way to gain access to the > > missing data! > > > > The big question for me continues to be, why did this data not make it > > to /var/log/maillog? > You'd have to find out how your syslog daemon get the messages from the > systemd journal. What syslog daemon do you have installed? > Be aware that systemd journal has some rate limits which can lead to > loss of log messages, see the man 5 journald.conf > > I found this > > https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald > which covers rsyslog on centos 7. There is an import module for systemd > journal. > > On my server rsyslog is configured to create a log socket at > /var/spool/postfix/dev/log and ignore systemd journal and that works > well for my use case. > > > Greg Sims > > > > On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo > > wrote: > > > >> On 2020-07-12 23:01, Greg Sims wrote: > >>> Nothing Christian: > >>> > [root@mail0 postfix]# journalctl -u postfix@-.service > --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" > -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun > >> 2020-07-12 > 15:50:00 CDT. -- > -- No entries -- > >> Maybe your systemd unit is named slightly different as in debian, > >> postfix@-.service is what tab completion makes for me... > >> > >> Is there anything in journalctl? What does systemctl status postfix > >> show? > >> > >> You can have postfix log to a file as described in > >> http://www.postfix.org/MAILLOG_README.html first and then fix your > >> logging. > >> > >> -- > >> Christian Kivalo > > -- > Christian Kivalo >
Re: Nothing in /var/log/maillog under stress
I removed rsyslog using yum, rebooted the VM and made sure postfix was running. I then sent five emails from a remote VM using SMTP. I can see the postfix logs using journalctl. This set of postfix logs do not make it to /var/log/maillog. The five emails were delivered. I'm not sure if this is the expected behavior. Apache is also running on this VM. I performed "tail /var/log/httpd/access_log" and can see Apache logging. Greg Sims www.RayStedman.org On Sun, Jul 12, 2020 at 5:08 PM Greg Sims wrote: > I updated my maillog processing tool to make use of journalctl. This is > working well and I can now see the "missing" maillog entries with my tool. > This is a great step in the right direction. > > I have rsyslog running which looks like it might be redundant -- based on > the serverfault post you supplied. I will try running without rsyslog and > see what happens. > > I am aware of the systemd journal rate limits from CentOS 7. I will do > additional research to know when I hit these limits and make needed > adjustments if I do. > > Thanks for your help Christian! I am now able to accomplish my goals > using journalctl. > > I am more than willing to collect data to help determine why the three > minutes of log data is not making it to /var/log/maillog. To be honest, I > do not know how to "... find out how your syslog daemon gets the messages > from the systemd journal.". > > Greg Sims > > On Sun, Jul 12, 2020 at 3:51 PM Christian Kivalo > wrote: > >> >> >> On 2020-07-13 00:10, Greg Sims wrote: >> > Thank you Christian. I am running on CentOS 8.2 and the name of the >> > service is "postfix.service". When I enter: >> > >> >> journalctl -u postfix.service --since="2020-07-12 03:06:00" >> >> --until="2020-07-12 03:11:00" >> > I see all of the missing data that should be in /var/log/maillog -- >> > almost 50,000 records. You discovered a way to gain access to the >> > missing data! >> > >> > The big question for me continues to be, why did this data not make it >> > to /var/log/maillog? >> You'd have to find out how your syslog daemon get the messages from the >> systemd journal. What syslog daemon do you have installed? >> Be aware that systemd journal has some rate limits which can lead to >> loss of log messages, see the man 5 journald.conf >> >> I found this >> >> https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald >> which covers rsyslog on centos 7. There is an import module for systemd >> journal. >> >> On my server rsyslog is configured to create a log socket at >> /var/spool/postfix/dev/log and ignore systemd journal and that works >> well for my use case. >> >> > Greg Sims >> > >> > On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo >> > wrote: >> > >> >> On 2020-07-12 23:01, Greg Sims wrote: >> >>> Nothing Christian: >> >>> >> [root@mail0 postfix]# journalctl -u postfix@-.service >> --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" >> -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun >> >> 2020-07-12 >> 15:50:00 CDT. -- >> -- No entries -- >> >> Maybe your systemd unit is named slightly different as in debian, >> >> postfix@-.service is what tab completion makes for me... >> >> >> >> Is there anything in journalctl? What does systemctl status postfix >> >> show? >> >> >> >> You can have postfix log to a file as described in >> >> http://www.postfix.org/MAILLOG_README.html first and then fix your >> >> logging. >> >> >> >> -- >> >> Christian Kivalo >> >> -- >> Christian Kivalo >> >
Re: Nothing in /var/log/maillog under stress
On 2020-07-13 03:57, Greg Sims wrote: I removed rsyslog using yum, rebooted the VM and made sure postfix was running. I then sent five emails from a remote VM using SMTP. I can see the postfix logs using journalctl. This set of postfix logs do not make it to /var/log/maillog. The five emails were delivered. I'm not sure if this is the expected behavior. This is expected as rsyslog writes to /var/log/maillog. Now you only have the journal except for those services that write to their own logfile directly... Apache is also running on this VM. I performed "tail /var/log/httpd/access_log" and can see Apache logging. ... like apache does. Greg Sims www.RayStedman.org [1] On Sun, Jul 12, 2020 at 5:08 PM Greg Sims wrote: I updated my maillog processing tool to make use of journalctl. This is working well and I can now see the "missing" maillog entries with my tool. This is a great step in the right direction. I have rsyslog running which looks like it might be redundant -- based on the serverfault post you supplied. I will try running without rsyslog and see what happens. I am aware of the systemd journal rate limits from CentOS 7. I will do additional research to know when I hit these limits and make needed adjustments if I do. Thanks for your help Christian! I am now able to accomplish my goals using journalctl. I am more than willing to collect data to help determine why the three minutes of log data is not making it to /var/log/maillog. To be honest, I do not know how to "... find out how your syslog daemon gets the messages from the systemd journal.". Greg Sims On Sun, Jul 12, 2020 at 3:51 PM Christian Kivalo wrote: On 2020-07-13 00:10, Greg Sims wrote: Thank you Christian. I am running on CentOS 8.2 and the name of the service is "postfix.service". When I enter: journalctl -u postfix.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" I see all of the missing data that should be in /var/log/maillog -- almost 50,000 records. You discovered a way to gain access to the missing data! The big question for me continues to be, why did this data not make it to /var/log/maillog? You'd have to find out how your syslog daemon get the messages from the systemd journal. What syslog daemon do you have installed? Be aware that systemd journal has some rate limits which can lead to loss of log messages, see the man 5 journald.conf I found this https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald which covers rsyslog on centos 7. There is an import module for systemd journal. On my server rsyslog is configured to create a log socket at /var/spool/postfix/dev/log and ignore systemd journal and that works well for my use case. Greg Sims On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo wrote: On 2020-07-12 23:01, Greg Sims wrote: Nothing Christian: [root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 15:50:00 CDT. -- -- No entries -- Maybe your systemd unit is named slightly different as in debian, postfix@-.service is what tab completion makes for me... Is there anything in journalctl? What does systemctl status postfix show? You can have postfix log to a file as described in http://www.postfix.org/MAILLOG_README.html first and then fix your logging. -- Christian Kivalo -- Christian Kivalo Links: -- [1] https://www.RayStedman.org -- Christian Kivalo
Re: Nothing in /var/log/maillog under stress
On 2020-07-13 02:08, Greg Sims wrote: I updated my maillog processing tool to make use of journalctl. This is working well and I can now see the "missing" maillog entries with my tool. This is a great step in the right direction. That sounds great. I have rsyslog running which looks like it might be redundant -- based on the serverfault post you supplied. I will try running without rsyslog and see what happens. I am aware of the systemd journal rate limits from CentOS 7. I will do additional research to know when I hit these limits and make needed adjustments if I do. I added this to /etc/system/journal.conf.d/journald.conf and it works for me. [Journal] RateLimitIntervalSec=1s RateLimitBurst=0 Thanks for your help Christian! I am now able to accomplish my goals using journalctl. I am more than willing to collect data to help determine why the three minutes of log data is not making it to /var/log/maillog. To be honest, I do not know how to "... find out how your syslog daemon gets the messages from the systemd journal.". Greg Sims On Sun, Jul 12, 2020 at 3:51 PM Christian Kivalo wrote: On 2020-07-13 00:10, Greg Sims wrote: Thank you Christian. I am running on CentOS 8.2 and the name of the service is "postfix.service". When I enter: journalctl -u postfix.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" I see all of the missing data that should be in /var/log/maillog -- almost 50,000 records. You discovered a way to gain access to the missing data! The big question for me continues to be, why did this data not make it to /var/log/maillog? You'd have to find out how your syslog daemon get the messages from the systemd journal. What syslog daemon do you have installed? Be aware that systemd journal has some rate limits which can lead to loss of log messages, see the man 5 journald.conf I found this https://serverfault.com/questions/959982/is-rsyslog-redundant-on-when-using-journald which covers rsyslog on centos 7. There is an import module for systemd journal. On my server rsyslog is configured to create a log socket at /var/spool/postfix/dev/log and ignore systemd journal and that works well for my use case. Greg Sims On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo wrote: On 2020-07-12 23:01, Greg Sims wrote: Nothing Christian: [root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12 03:06:00" --until="2020-07-12 03:11:00" -- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12 15:50:00 CDT. -- -- No entries -- Maybe your systemd unit is named slightly different as in debian, postfix@-.service is what tab completion makes for me... Is there anything in journalctl? What does systemctl status postfix show? You can have postfix log to a file as described in http://www.postfix.org/MAILLOG_README.html first and then fix your logging. -- Christian Kivalo -- Christian Kivalo -- Christian Kivalo
