logwatch reports a large number of unmatched dovecot entries every day, which make the dovecot section almost useless.
It reports the number of successful Logins and disconnects and below that unmatched entries for any of those.
The lines say:
dovecot: service=imap, user=... logged out rcvd=..
and
dovecot: service=lda, user=... saved mail to ...
I think these lines should get filtered.
My logwatch dovecot filter matches the latest 7.4.3.
Is there an update which solves the problem?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There have been a half-dozen updates to the dovecot script since 7.4.3. You can get the latest from sourceforge.net (select the git tab). Download the source and execute the install_logwatch.sh. Or just download the latest dovecot script file by itself.
I think the second statement you posted should be counted correctly. Not sure of your first one - it needs more context.
If you still getting unmatched statements, also post your dovecot version (dovecot --version).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My dovecot version is: 2.2.26.0 (23d1de6)
I cloned the git repo and found that the only dovecot file that differs is the scripts/services/dovecot.
The dovecot service from 7.4.3 says
I finally added/changed 2 filter lines to script/services/dovecot under the lda for dovecot 2.0 section to solve the problem.
I hope this may help others with the same issue
# 'lda' for dovecot 2.0, 'deliver' for earlier versions } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag service=lda, user=(.*), .* msgid=.*: saved mail to (.*)/ ) ) {#dovecot:service=lda,user=test@testhost.de,ip=[].msgid=<20170429220048.83BDF6C1A09@server.net>:savedmailtoINBOX$Deliver{$User}{$Mailbox}++;} elsif ( $ThisLine =~ /^$dovecottag service=imap, .*. Logged out / ) {#dovecot:service=imap,user=test@testhost.de,ip=[88.123.23.47].Loggedoutrcvd=170,sent=695:2Time(s)#IGNORE
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
logwatch reports a large number of unmatched dovecot entries every day, which make the dovecot section almost useless.
It reports the number of successful Logins and disconnects and below that unmatched entries for any of those.
The lines say:
dovecot: service=imap, user=... logged out rcvd=..
and
dovecot: service=lda, user=... saved mail to ...
I think these lines should get filtered.
My logwatch dovecot filter matches the latest 7.4.3.
Is there an update which solves the problem?
There have been a half-dozen updates to the dovecot script since 7.4.3. You can get the latest from sourceforge.net (select the git tab). Download the source and execute the install_logwatch.sh. Or just download the latest dovecot script file by itself.
I think the second statement you posted should be counted correctly. Not sure of your first one - it needs more context.
If you still getting unmatched statements, also post your dovecot version (dovecot --version).
My dovecot version is: 2.2.26.0 (23d1de6)
I cloned the git repo and found that the only dovecot file that differs is the scripts/services/dovecot.
The dovecot service from 7.4.3 says
The version from the git clone has an empty $Id and below the Id header the latest revision log entry just shows a rather old 1.18 from 2010.
Nevertheless I replaced the dovecot service file and ran logwatch but the output still lists the service=.. lines as below
I finally added/changed 2 filter lines to script/services/dovecot under the lda for dovecot 2.0 section to solve the problem.
I hope this may help others with the same issue