Am getting quite a few unmatched entries from logwatch when processing postfix mail log. ~~~~~~~~~~~~~~~~~~~~~~~~ equery uses postfix [ Searching for packages matching postfix... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ Found these USE variables for mail-mta/postfix-2.3.5 ] U I - - cdb : Adds support for the CDB database engine from the author of qmail - - dovecot-sasl : Enable Dovecot protocol version 1 (server only) SASL implementation + + hardened : activate default security enhancements for toolchain (gcc, glibc, binutils) - - ipv6 : Adds support for IP version 6 - - ldap : Adds LDAP support (Lightweight Directory Access Protocol) - - mailwrapper : Adds mailwrapper support to allow multiple MTAs to be installed + + mbox : Adds support for mbox (/var/spool/mail) style mail spools - - mysql : Adds mySQL Database support - - nis : Support for NIS/YP services + + pam : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip - - postgres : Adds support for the postgresql database - - sasl : Adds support for the Simple Authentication and Security Layer - - selinux : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur + + ssl : Adds support for Secure Socket Layer connections - - vda : Adds support for virtual delivery agent quota enforcing ~~~~~~~~~~~~~~~~~~~~~~~~ equery uses logwatch [ Searching for packages matching logwatch... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ No USE flags found for sys-apps/logwatch-7.3-r1] ~~~~~~~~~~~~~~~~~~~~~~~ seems at somepoint postfix added/changed some of the message lines: For example, logwatch is looking for the following: ( $ThisLine =~ m/^[a-zA-Z0-9]+: to=\<.*>, relay=.*, delay=[0-9]+, status=(sent|deferred)/ ) postfix is generating the following: 2087E2C145: to=<someid@somedomain.foo>, relay=local, delay=3.8, delays=0.8/0.01/0/3, dsn=2.0.0, status=sent (delivered to com mand: /usr/bin/procmail) Looks like most of the unmatched entries have a new format for the delay, and new "delays=" and "dsn=" values.
There is a new version of Logwatch (7.3.4) with a completely re-worked postfix filter available. Perhaps this will work with the new format postfix log entries? If so, can we get an ebuild for it?
Created attachment 110984 [details, diff] Patch to Postfix processor for new Postfix logging format This patch seems to be working for me. It's a 1 liner to add the new Postfix formatting to the Postfix log processor. Give it a try and see how it works.
>=logwatch-7.3.1 supports postfix-2.3.x log format. I suggest to mark stable =sys-apps/logwatch-7.3.2.
x86 done
ppc64 stable
sparc stable.
Stable on ppc
amd64 stable
alpha stable, closing.
