Metalog uses a different syntax than other logging systems (e.g. syslog-ng). As a result, the pflogsumm.pl script cannot read the metalog files. It turns out that David Ferguson has a one line modification to the pflogsumm.pl script which makes pflogsumm.pl able to read the metalog file and produce useful results. The modification is available on the url above, but effectively one would change the following: while(<>) { next if(defined($dateStr) && ! /^$dateStr/o); s/: \[ID \d+ [^\]]+\] /: /o; # lose "[ID nnnnnn some.thing]" stuff my $logRmdr; next unless((($msgMonStr, $msgDay, $msgHr, $msgMin, $msgSec, $logRmdr) = to: while(<>) { next if(defined($dateStr) && ! /^$dateStr/o); s/: \[ID \d+ [^\]]+\] /: /o; # lose "[ID nnnnnn some.thing]" stuff #------------------------------------------------------------------------ # metalog hack by David B. Ferguson <david@linuxnet.ca> 08/19/2008 # see http://linuxnet.ca/postfix/pflogsumm_metalog.html for latest s/\[(postfix|$syslogName)\/(.*)\] /metalog $1\/$2\[54321\]: /; #------------------------------------------------------------------------ my $logRmdr; next unless((($msgMonStr, $msgDay, $msgHr, $msgMin, $msgSec, $logRmdr) = The change is working very well on my server, but it would be nice if portage could detect the use of metalog and apply the modification automatically. Reproducible: Always Steps to Reproduce: 1. Install Postfix, metalog and pflogsumm.pl 2. Run pflogsumm.pl using any options specifying any postfix log file as the target Actual Results: pflogsumm returns zero traffic Expected Results: pflogsumm should have returned proper postfix statistics.
Appears to be a dupe of (or atleast closely related to) Bug #155556
Somehow I didn't find Bug #155556 when I searched earlier. It appears that the patch is substantially different, although how significant that is, I cannot tell. I noticed that the patch was not added to portage despite being provided about 2 years ago...
*** This bug has been marked as a duplicate of bug 155556 ***
