qmailanalog
I want to know how many messages were sent/failed etc. for a given period of time (say the last three days). I have done the following in both /var/log/qmail/qmail-send and /var/log/qmail/qmail-smtpd (I'll admit my ignorance and say that I don't know the difference between the two. Is qmail-send local deliveries and qmail-smtpd remote deliveries?): 1) Ran matchup on /var/log/qmail/qmail-send(smtpd)/current 2) Converted the matchedup version of current into human readable format using tai64nlocal 3) Pulled out dates for which I want to see log results from the file created above 4) Convert the data above to tai64 format using tai64n 5) Ran this data through zoverall to see qmailanalog results Regardless of whether I run it against /var/log/qmail/qmail-send or /var/log/qmail/qmail-smtpd I get the following: Completed messages: 0 Total delivery attempts: 0 Am I anywhere near doing this right? Here are my actual commands 1) cat /var/log/qmail/qmail-smtpd/current | /usr/local/qmailanalog/bin/matchup /var/log/qmail/qmail-smtpd/matchedup 2) cat /var/log/qmail/qmail-smtpd/matchedup | /usr/local/bin/tai64nlocal human_readable_current 3) vi human_readable_current (remove all unneeded data) 4) cat /var/log/qmail/qmail-send/human_readable_current | /usr/local/bin/tai64n tai64_current 5) cat ./tai64_current | /usr/local/qmailanalog/bin/zoverall overall_log
RE: qmailanalog
Thanks for the info Charles, but I'm confused. How do most of you folks pull out information from your logs? Log files generated by qmail are unreadable/unusable in the current (multilog) format. In order for them to make sense to me, and in order to sift them for specific dates I have to convert them to human readable format. I can do this with tai64nlocal. Once I have removed data that is not pertinent I then have to change them back into multilog format using tai64n, and then convert them into the older TAI64 format that qmailanalog understands, then run them through the qmailanalog scripts. Wow, that's a convoluted process using tools that until now had worked together to provide a graceful solution to my email needs. At the sake of being redundant, how do ya'll do it? -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 10:54 AM To: Qmail Mailing List Subject: Re: qmailanalog Drew Hawn [EMAIL PROTECTED] wrote: I want to know how many messages were sent/failed etc. for a given period of time (say the last three days). I have done the following in both /var/log/qmail/qmail-send and /var/log/qmail/qmail-smtpd (I'll admit my ignorance and say that I don't know the difference between the two. Is qmail-send local deliveries and qmail-smtpd remote deliveries?): No. qmail-smtpd is incoming mail via SMTP. qmail-send is all deliveries, local and remote. 1) Ran matchup on /var/log/qmail/qmail-send(smtpd)/current 2) Converted the matchedup version of current into human readable format using tai64nlocal 3) Pulled out dates for which I want to see log results from the file created above 4) Convert the data above to tai64 format using tai64n 5) Ran this data through zoverall to see qmailanalog results Regardless of whether I run it against /var/log/qmail/qmail-send or /var/log/qmail/qmail-smtpd I get the following: Completed messages: 0 Total delivery attempts: 0 Am I anywhere near doing this right? No. Instead of converting the tai64n timestamps to human-readable, you need to convert them to the fractional seconds (tai) that qmail-analog expects. You can do this with tai64n2tai, included in Bruce Guenter's qlogtools package if I remember correctly. His software is at untroubled.org . Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: qmailanalog
Please tell me what I'm doing wrong! :) Somebody has to be doing this properly, and it's sure not me. What I want is simple enough, I want to know how many messages were sent/received, etc. June 18th. That information is contained within my current file, but I can find no way to report on this data using qmailanalog, tai64n, tai64nlocal, tai64n2tai, etc. I have a current log file that contains log entries that span approximately 1 week. I can successfully use qmailanalog to view information about the messages that were sent and logged into my current file. This gives me information beginning when the log file was created and ending at the last entry of the log file, but I don't want a report that spans the entire week, I want one for a particular day. It seems logical that some magic combination of the following should give me the information that I need. (BTW, I never actually change the data in my current file, I always write out to another file when converting this data). Convert my current file to a human-readable format, grep out lines with the information I want into another file, convert that information back into tai64n format, convert that into tai format, run matchup on the file and then run it through the qmailanalog scripts to report on the dates I want information on. This does not work. If I convert tai64n files into human-readable ones, then convert that file back into tai64n files I get bad data: @40003b3118d1244c4a2c 2001-05-31 09:52:32.237949500 status: Notice that tai64n did convert the date, but also left the human-readable date in the file. For Charles sake, I don't want to simply look at the log files. I want a qmailanalog-style report on a subset of the information contained within my current file. -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 12:39 PM To: Qmail Mailing List Subject: Re: qmailanalog Drew Hawn [EMAIL PROTECTED] wrote: Thanks for the info Charles, but I'm confused. How do most of you folks pull out information from your logs? With qmail-analog, tai64nlocal, and less, in my case. Most people here probably use something similar. Log files generated by qmail are unreadable/unusable in the current (multilog) format. tai64n timestamps aren't supposed to be human readable. They're supposed to be easily parsable by programs. That's the whole point of tai64nlocal -- you log with tai64n timestamps, and if you want to read the log with human-readable timestamps, you do: tai64nlocal log | pager_of_choice Don't run the logs through tai64nlocal before they hit the disk. In order for them to make sense to me, and in order to sift them for specific dates I have to convert them to human readable format. No, it's much simpler than that. A program to filter a log with tai64nlocal timestamps for particular dates is trivial; Bruce's qlogtools probably includes one (though I haven't checked). After you've filtered them, you run it through tai64nlocal before reading it. Once I have removed data that is not pertinent I then have to change them back into multilog format using tai64n, and then convert them into the older TAI64 format that qmailanalog understands, then run them through the qmailanalog scripts. Don't remove any data. What isn't pertinent? qmail-analog needs all of the various data that qmail-send logs to be able to accurately summarize it. Charles -- -- - Charles Cazabon [EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. -- -
RE: Log Entry question
My run script is: exec env - PATH=/var/qmail/bin:$PATH \ qmail-start '|dot-forward .forward |preline /usr/bin/procmail' -Original Message- From: Chris Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 5:09 PM To: Drew Hawn Cc: [EMAIL PROTECTED] Subject: Re: Log Entry question On Wed, Jun 13, 2001 at 04:47:13PM -0700, Drew Hawn wrote: Sendmail is not running. When I ps-aux | grep tcpserver I get: qmaild 612 0.0 0.0 11520 ?SW 09:23 0:00 [tcpserver] What does your run script look like? Chris
Log Entry question
In my log file (/var/log/qmail/qmail-smtpd) I have files named similarly to: @40003b26027a37dfa084.s These files contain thousands of entries similar to : @40003b262932196daa9c tcpserver: fatal: unable to bind: address already used I don't know what this is and I've got 25MB of log files with these entries. What do they mean? = Drew Hawn - Systems Administrator Santa Barbara Technology Group, LLC 402 E. Gutierrez St. Santa Barbara, CA 93101 Phone: 805-879-1505 Fax: 805-564-7188 [EMAIL PROTECTED] =
FW: Log Entry question
Thanks. I'll check it out. How can I decode the tai64 format? I can't tell when this problem is still occurring. -Original Message- From: David U. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 4:39 PM To: Drew Hawn; [EMAIL PROTECTED] Subject: RE: Log Entry question a) They are the timestamp in tai64 format b) you are probably running another MTA or another instance of Qmail on por 25. c) 25 Megs of logs isn't very bad...don't sweat it. Just kill whatever's on port 25. maybe a reboot will fix it if you don't know how to do that. -davidu -Original Message- From: Drew Hawn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 4:22 PM To: '[EMAIL PROTECTED]' Subject: Log Entry question In my log file (/var/log/qmail/qmail-smtpd) I have files named similarly to: @40003b26027a37dfa084.s These files contain thousands of entries similar to : @40003b262932196daa9c tcpserver: fatal: unable to bind: address already used I don't know what this is and I've got 25MB of log files with these entries. What do they mean? = Drew Hawn - Systems Administrator Santa Barbara Technology Group, LLC 402 E. Gutierrez St. Santa Barbara, CA 93101 Phone: 805-879-1505 Fax: 805-564-7188 [EMAIL PROTECTED] =
RE: Log Entry question
Sendmail is not running. When I ps-aux | grep tcpserver I get: qmaild 612 0.0 0.0 11520 ?SW 09:23 0:00 [tcpserver] Is this normal? I've commented out pretty much everything in inetd.conf. Only telnet is currently running from here. -Original Message- From: Nick (Keith) Fish [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 12:45 PM To: Drew Hawn; Qmail Mailing List Subject: Re: Log Entry question Drew Hawn wrote: In my log file (/var/log/qmail/qmail-smtpd) I have files named similarly to: @40003b26027a37dfa084.s These files contain thousands of entries similar to : @40003b262932196daa9c tcpserver: fatal: unable to bind: address already used I don't know what this is and I've got 25MB of log files with these entries. What do they mean? They mean what they say: qmail is unable to start the SMTP service because something else is already running (probably SMTP) on port 25. Find out is running there. Places to look include inetd.conf or xinetd.conf. Most likely you forgot to kill the copy of sendmail you have running on your system is this is your first attempt at starting qmail or you have an old tcpserver process running qmail on that port which was never killed correctly. Do `ps aux | grep [tcpserver/sendmail]`, respectively. -- Nick (Keith) Fish Network Engineer Triton Technologies, Inc. 1-800-837-4253
process status list - I'm clueless
Here's the output of ps -ax | grep qmail: 607 ?S 0:00 supervise qmail-send 609 ?S 0:00 supervise qmail-smtpd 613 ?S 0:00 qmail-send 614 ?S 0:00 /usr/local/bin/multilog t s250 /var/log/qmail/qma 615 ?S 0:00 /usr/local/bin/multilog t s250 /var/log/qmail/qma 619 ?S 0:00 qmail-lspawn |dot-forward .forward?|preline /usr/bin/ 620 ?S 0:00 qmail-rspawn 621 ?S 0:00 qmail-clean + Don't the first two lines tell me that supervise is trying to start qmail-send and qmail-smtp? Line 3 says qmail-send is running, but I have nothing that tells me that qmail-smtp is running. I am unable to send messages out. This was working previously and now it's not. Why do I have two log lines? The qmail How-To says, You should see several tasks running, at the very least qmail-send, and some supervise processes, but doesn't give any detail on exactly what should show up. This is my /var/qmail/rc file: exec env - PATH=/var/qmail/bin:$PATH \ qmail-start '|dot-forward .forward |preline /usr/bin/procmail' + = Drew Hawn - Systems Administrator Santa Barbara Technology Group, LLC 402 E. Gutierrez St. Santa Barbara, CA 93101 Phone: 805-879-1505 Fax: 805-564-7188 [EMAIL PROTECTED] =
