Menu
▾
▴
[Logwatch-devel] SF.net SVN: logwatch:[84]
|
From: <ste...@us...> - 2012-02-26 15:43:09
|
Revision: 84
http://logwatch.svn.sourceforge.net/logwatch/?rev=84&view=rev
Author: stefjakobs
Date: 2012-02-26 15:43:00 +0000 (Sun, 26 Feb 2012)
Log Message:
-----------
postfix and amavis service scripts replaced by versions from
logreporters
Modified Paths:
--------------
conf/services/amavis.conf
conf/services/postfix.conf
install_logwatch.sh
scripts/services/amavis
scripts/services/clamav
scripts/services/postfix
scripts/services/smartd
Added Paths:
-----------
amavis-logwatch.1
postfix-logwatch.1
Added: amavis-logwatch.1
===================================================================
--- amavis-logwatch.1 (rev 0)
+++ amavis-logwatch.1 2012-02-26 15:43:00 UTC (rev 84)
@@ -0,0 +1,923 @@
+.TH AMAVIS-LOGWATCH 1
+.ad
+.fi
+.SH NAME
+amavis-logwatch
+\-
+An Amavisd-new log parser and analysis utility
+.SH "SYNOPSIS"
+.na
+.nf
+.fi
+\fBamavis-logwatch\fR [\fIoptions\fR] [\fIlogfile ...\fR]
+.SH DESCRIPTION
+.ad
+.fi
+The \fBamavis-logwatch\fR(1) utility is an Amavisd-new log parser
+that produces summaries, details, and statistics regarding
+the operation of Amavisd-new (henceforth, simply called Amavis).
+.PP
+This utility can be used as a
+standalone program, or as a Logwatch filter module to produce
+Amavisd-new summary and detailed reports from within Logwatch.
+.PP
+\fBAmavis-logwatch\fR is able to produce
+a wide range of reports with data grouped and sorted as much as possible
+to reduce noise and highlight patterns.
+Brief summary reports provide a
+quick overview of general Amavis operations and message
+delivery, calling out warnings that may require attention.
+Detailed reports provide easy to scan, hierarchically-arranged
+and organized information, with as much or little detail as
+desired.
+.PP
+Much of the interesting data is available when Amavis'
+$log_level is set to at least 2.
+See \fBAmavis Log Level\fR below.
+.PP
+\fBAmavis-logwatch\fR outputs two principal sections: a \fBSummary\fR section
+and a \fBDetailed\fR section.
+For readability and quick scanning, all event or hit counts appear in the left column,
+followed by brief description of the event type, and finally additional
+statistics or count representations may appear in the rightmost column.
+
+The following segment from a sample Summary report illustrates:
+.RS 4
+.nf
+
+****** Summary ********************************************
+
+ 9 Miscellaneous warnings
+
+ 20313 Total messages scanned ---------------- 100.00%
+1008.534M Total bytes scanned 1,057,524,252
+======== ================================================
+
+ 1190 Blocked ------------------------------- 5.86%
+ 18 Malware blocked 0.09%
+ 4 Banned name blocked 0.02%
+ 416 Spam blocked 2.05%
+ 752 Spam discarded (no quarantine) 3.70%
+
+ 19123 Passed -------------------------------- 94.14%
+ 47 Bad header passed 0.23%
+ 19076 Clean passed 93.91%
+======== ================================================
+
+ 18 Malware ------------------------------- 0.09%
+ 18 Malware blocked 0.09%
+
+ 4 Banned -------------------------------- 0.02%
+ 4 Banned file blocked 0.02%
+
+ 1168 Spam ---------------------------------- 5.75%
+ 416 Spam blocked 2.05%
+ 752 Spam discarded (no quarantine) 3.70%
+
+ 19123 Ham ----------------------------------- 94.14%
+ 47 Bad header passed 0.23%
+ 19076 Clean passed 93.91%
+======== ================================================
+
+ 1982 SpamAssassin bypassed
+ 32 Released from quarantine
+ 2 DSN notification (debug supplemental)
+ 2 Bounce unverifiable
+ 2369 Whitelisted
+ 2 Blacklisted
+ 12 MIME error
+ 58 Bad header (debug supplemental)
+ 40 Extra code modules loaded at runtime
+
+.fi
+.RE 0
+The report indicates there were 9 general warnings, and
+\fBAmavis\fR scanned a total of 20313 messages
+for a total of 1008.53 megabytes or 1,057,524,252 bytes.
+The next summary groups shows the Blocked / Passed overview,
+with 1190 Blocked messages (broken down as 18 messages blocked as malware,
+4 messages with banned names, 416 spam messages, and 752 discarded
+messages), and 19123 Passed messages (47 messages with bad headers
+and 19076 clean messages).
+
+The next (optional) summary grouping shows message disposition by contents category.
+There were 18 malware messages and 4 banned file messages (all blocked),
+1168 Spam messages, of which 416 were blocked (quarantined) and 752 discarded.
+Finally, there were 19123 messages consdidered to be Ham (i.e. not spam), 47
+of which contained bad headers.
+
+Additional count summaries for a variety of events are also listed.
+.PP
+There are dozens of sub-sections available in the \fBDetailed\fR report, each of
+whose output can be controlled in various ways.
+Each sub-section attempts to group and present the most meaningful data at superior levels,
+while pushing less useful or \fInoisy\fR data towards inferior levels.
+The goal is to provide as much benefit as possible from smart grouping of
+data, to allow faster report scanning, pattern identification, and problem solving.
+Data is always sorted in descending order by count, and then numerically by IP address
+or alphabetically as appropriate.
+.PP
+The following Spam blocked segment from a sample \fBDetailed\fR report
+illustrates the basic hierarchical level structure of \fBamavis-logwatch\fR:
+.RS 4
+.nf
+
+****** Detailed *******************************************
+
+ 19346 Spam blocked -----------------------------------
+ 756 fr...@ex...
+ 12 10.0.0.2
+ 12 <>
+ 12 192.168.2.2
+ 12 <>
+ 5 192.168.2.1
+ ...
+
+.fi
+.RE 0
+.PP
+The \fBamavis-logwatch\fR utility reads from STDIN or from the named Amavis
+\fIlogfile\fR.
+Multiple \fIlogfile\fR arguments may be specified, each processed
+in order.
+The user running \fBamavis-logwatch\fR must have read permission on
+each named log file.
+.PP
+.SS Options
+The options listed below affect the operation of \fBamavis-logwatch\fR.
+Options specified later on the command line override earlier ones.
+Any option may be abbreviated to an unambiguous length.
+
+.IP "\fB--[no]autolearn\fR"
+.PD 0
+.IP "\fB--show_autolearn \fIboolean\fR"
+.PD
+Enables (disables) output of the autolearn report.
+This report is only available if the default Amavis \fB$log_templ\fR
+has been modified to provide autolearn results in log entries.
+This can be done by uncommenting two lines in the Amavis program itself (where the
+default log templates reside), or by correctly adding the \fB$log_templ\fR
+variable to the \fBamavisd.conf\fR file.
+See Amavis' \fBREADME.customize\fR and search near the end
+of the Amavisd program for "autolearn".
+.IP "\fB--[no]by_ccat_summary\fR"
+.PD 0
+.IP "\fB--show_by_ccat_summary \fIboolean\fR"
+.PD
+Enables (disables) the by contents category summary in the \fBSummary\fR section.
+Default: enabled.
+.IP "\fB-f \fIconfig_file\fR"
+.PD 0
+.IP "\fB--config_file \fIconfig_file\fR"
+.PD
+Use an alternate configuration file \fIconfig_file\fR instead of
+the default.
+This option may be used more than once.
+Multiple configuration files will be processed in the order presented on the command line.
+See \fBCONFIGURATION FILE\fR below.
+.IP "\fB--debug \fIkeywords\fR"
+Output debug information during the operation of \fBamavis-logwatch\fR.
+The parameter \fIkeywords\fR is one or more comma or space separated keywords.
+To obtain the list of valid keywords, use --debug xxx where xxx is any invalid keyword.
+.IP "\fB--detail \fIlevel\fR"
+Sets the maximum detail level for \fBamavis-logwatch\fR to \fIlevel\fR.
+This option is global, overriding any other output limiters described below.
+
+The \fBamavis-logwatch\fR utility
+produces a \fBSummary\fR section, a \fBDetailed\fR section, and
+additional report sections.
+With \fIlevel\fR less than 5, \fBamavis-logwatch\fR will produce
+only the \fBSummary\fR section.
+At \fIlevel\fR 5 and above, the \fBDetailed\fR section, and any
+additional report sections are candidates for output.
+Each incremental increase in \fIlevel\fR generates one additional
+hierarchical sub-level of output in the \fBDetailed\fR section of the report.
+At \fIlevel\fR 10, all levels are output.
+Lines that exceed the maximum report width (specified with
+\fBmax_report_width\fR) will be cut.
+Setting \fIlevel\fR to 11 will prevent lines in the report from being cut (see also \fB--line_style\fR).
+.IP "\fB--[no]first_recip_only\fR"
+.PD 0
+.IP "\fB--show_first_recip_only \fIboolean\fR"
+.PD
+Specifies whether or not to sort by, and show, only the first
+recipient when a scanned messages contains multiple recipients.
+.IP "\fB--help\fR"
+Print usage information and a brief description about command line options.
+.IP "\fB--ipaddr_width \fIwidth\fR"
+Specifies that IP addresses in address/hostname pairs should be printed
+with a field width of \fIwidth\fR characters.
+Increasing the default may be useful for systems using long IPv6 addresses.
+.IP "\fB-l limiter=levelspec\fR"
+.PD 0
+.IP "\fB--limit limiter=levelspec\fR"
+.PD
+Sets the level limiter \fIlimiter\fR with the specification \fIlevelspec\fR.
+.IP "\fB--line_style \fIstyle\fR"
+Specifies how to handle long report lines.
+Three styles are available: \fBfull\fR, \fBtruncate\fR, and \fBwrap\fR.
+Setting \fIstyle\fR to \fBfull\fR will prevent cutting lines to \fBmax_report_width\fR;
+this is what occurs when \fBdetail\fR is 11 or higher.
+When \fIstyle\fR is \fBtruncate\fR (the default),
+long lines will be truncated according to \fBmax_report_width\fR.
+Setting \fIstyle\fR to \fBwrap\fR will wrap lines longer than \fBmax_report_width\fR such that
+left column hit counts are not obscured.
+This option takes precedence over the line style implied by the \fBdetail\fR level.
+The options \fB--full\fR, \fB--truncate\fR, and \fB--wrap\fR are synonyms.
+
+.IP "\fB--nodetail\fR"
+Disables the \fBDetailed\fR section of the report, and all supplemental reports.
+This option provides a convenient mechanism to quickly disable all sections
+under the \fBDetailed\fR report, where subsequent command line
+options may re-enable one or more sections to create specific reports.
+
+.PD 0
+.IP "\fB--sarules \fR\`\fIS,H\fR\'"
+.IP "\fB--sarules default"
+.PD
+Enables the SpamAssassin Rules Hit report.
+The comma-separated \fIS\fR and \fIH\fR arguments are top N values for the Spam and Ham
+reports, respectively, and can be any integer greater than or equal to 0, or the keyword \fBall\fR.
+The keyword \fBdefault\fR uses the built-in default values.
+.IP "\fB--nosarules\fR"
+Disables the SpamAssassin Rules Hit report.
+
+.PD 0
+.IP "\fB--sa_timings \fR\fInrows\fR"
+Enables the SpamAssassin Timings percentiles report.
+The report can be limited to the top N rows with the \fInrows\fR argument.
+This report requires Amavis 2.6+ and SpamAssassin 3.3+.
+.PD
+.IP "\fB--sa_timings_percentiles \fR\`\fIP1 [P2 ...]\fR\'"
+Specifies the percentiles shown in the SpamAssassin Timings report.
+The arguments \fIP1 ...\fR are integers from 0 to 100 inclusive.
+Their order will be preserved in the report.
+.IP "\fB--nosa_timings\fR"
+Disables the SpamAssassin Timings report.
+.IP "\fB--version\fR"
+Print \fBamavis-logwatch\fR version information.
+
+.PD 0
+.IP "\fB--score_frequencies \fR\`\fIB1 [B2 ...]\fR\'"
+.IP "\fB--score_frequencies default"
+.PD
+Enables the Spam Score Frequency report.
+The arguments \fIB1 ...\fR are frequency distribution buckets, and can be any real numbers.
+Their order will be preserved in the report.
+The keyword \fBdefault\fR uses the built-in default values.
+.IP "\fB--noscore_frequencies\fR"
+Disables the Spam Score Frequency report.
+
+.PD 0
+.IP "\fB--score_percentiles \fR\`\fIP1 [P2 ...]\fR\'"
+.IP "\fB--score_percentiles default"
+.PD
+Enables the Spam Score Percentiles report.
+The arguments \fIP1 ...\fR specify the percentiles shown in the report,
+and are integers from 0 to 100 inclusive.
+The keyword \fBdefault\fR uses the built-in default values.
+.IP "\fB--noscore_percentiles\fR"
+Disables the Spam Score Percentiles report.
+
+.IP "\fB--[no]sect_vars\fR"
+.PD 0
+.IP "\fB--show_sect_vars \fIboolean\fR"
+.PD
+Enables (disables) supplementing each \fBDetailed\fR section title
+with the name of that section's level limiter.
+The name displayed is the command line option (or configuration
+file variable) used to limit that section's output.
+.
+With the large number of level limiters available in \fBamavis-logwatch\fR,
+this a convenient mechanism for determining exactly which level limiter
+affects a section.
+.IP "\fB--[no]startinfo\fR"
+.PD 0
+.IP "\fB--show_startinfo \fIboolean\fR"
+.PD
+Enables (disables) the Amavis startup report showing most recent Amavis startup details.
+.IP "\fB--[no]summary\fR"
+.IP "\fB--show_summary\fR"
+Enables (disables) displaying of the the \fBSummary\fR section of the report.
+The variable Amavis_Show_Summary in used in a configuration file.
+.IP "\fB--syslog_name \fInamepat\fR"
+Specifies the syslog service name that \fBamavis-logwatch\fR uses
+to match syslog lines.
+Only log lines whose service name matches
+the perl regular expression \fInamepat\fR will be used by
+\fBamavis-logwatch\fR; all non-matching lines are silently ignored.
+This is useful when a pre-installed Amavis package uses a name
+other than the default (\fBamavis\fR).
+
+\fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering
+and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR.
+
+.PD 0
+.IP "\fB--timings \fR\fIpercent\fR"
+Enables the Amavis Scan Timings percentiles report.
+The report can be top N-percent limited with the \fIpercent\fR argument.
+.PD
+.IP "\fB--timings_percentiles \fR\`\fIP1 [P2 ...]\fR\'"
+Specifies the percentiles shown in the Scan Timings report.
+The arguments \fIP1 ...\fR are integers from 0 to 100 inclusive.
+Their order will be preserved in the report.
+.IP "\fB--notimings\fR"
+Disables the Amavis Scan Timings report.
+.IP "\fB--version\fR"
+Print \fBamavis-logwatch\fR version information.
+
+.SS Level Limiters
+.PP
+The output of every section in the \fBDetailed\fR report is controlled by a level limiter.
+The name of the level limiter variable will be output when the \fBsect_vars\fR option is set.
+Level limiters are set either via command line in standalone mode with \fB--limit \fIlimiter\fB=\fIlevelspec\fR option,
+or via configuration file variable \fB$amavis_\fIlimiter\fB=\fIlevelspec\fR.
+Each limiter requires a \fIlevelspec\fR argument, which is described below in \fBLEVEL CONTROL\fR.
+
+The list of level limiters is shown below.
+
+.de TQ
+. br
+. ns
+. TP \\$1
+..
+
+.PD 0
+.PP
+Amavis major contents category (ccatmajor) sections, listed in order of priority:
+VIRUS, BANNED, UNCHECKED, SPAM, SPAMMY, BADH, OVERSIZED, MTA, CLEAN.
+
+.IP "\fBMalwareBlocked"
+.IP "\fBMalwarePassed"
+Blocked or passed messages that contain malware (ccatmajor: VIRUS).
+
+.IP "\fBBannedNameBlocked"
+.IP "\fBBannedNamePassed"
+Blocked or passed messages that contain banned names in MIME parts (ccatmajor: BANNED).
+
+.IP "\fBUncheckedBlocked"
+.IP "\fBUncheckedPassed"
+Blocked or passed messages that were not checked by a virus scanner or SpamAssassin (Amavis ccatmajor: UNCHECKED).
+
+.IP "\fBSpamBlocked"
+.IP "\fBSpamPassed"
+Blocked or passed messages that were considered spam that reached kill level (Amavis ccatmajor: SPAM)
+
+.IP "\fBSpammyBlocked"
+.IP "\fBSpammyPassed"
+Blocked or passed messages that were considered spam, but did not reach kill level (Amavis ccatmajor: SPAMMY)
+
+.IP "\fBBadHeaderBlocked"
+.IP "\fBBadHeaderPassed"
+Blocked or passed messages that contain bad mail headers (ccatmajor: BAD-HEADER).
+
+.IP "\fBOversizedBlocked"
+.IP "\fBOversizedPassed"
+Blocked or passed messages that were considered oversized (Amavis ccatmajor: OVERSIZED).
+
+.IP "\fBMtaBlocked"
+.IP "\fBMtaPassed"
+Blocked or passed messages due to failure to re-inject to MTA (Amavis ccatmajor: MTA-BLOCKED).
+Occurrences of this event indicates a configuration problem.
+[ note: I don't believe mtapassed occurs, but exists for completeness.]
+
+.IP "\fBOtherBlocked"
+.IP "\fBOtherPassed"
+Blocked or passed messages that are not any of other major contents categories (Amavis ccatmajor: OTHER).
+
+
+.IP "\fBTempFailBlocked"
+.IP "\fBTempfailPassed"
+Blocked or passed messages that had a temporary failure (Amavis ccatmajor: TEMPFAIL)
+
+.IP "\fBCleanBlocked"
+.IP "\fBCleanPassed "
+Messages blocked or passed which were considered clean (Amavis ccatmajor: CLEAN; i.e. non-spam, non-viral).
+
+.PP
+Other sections, arranged alphabetically:
+
+.IP "\fBAvConnectFailure"
+Problems connecting to Anti-Virus scanner(s).
+
+.IP "\fBAvTimeout"
+Timeouts awaiting responses from Anti-Virus scanner(s).
+
+.IP "\fBArchiveExtract"
+Archive extraction problems.
+
+.IP "\fBBadHeaderSupp"
+Supplemental debug information regarding messages containing bad mail headers.
+
+.IP "\fBBayes"
+Messages frequencies by Bayesian probability buckets.
+
+.IP "\fBBadAddress"
+Invalid mail address syntax.
+
+.IP "\fBBlacklisted"
+Messages that were (soft-)blacklisted. See also Whitelisted below.
+
+.IP "\fBBounceKilled"
+.IP "\fBBounceRescued"
+.IP "\fBBounceUnverifiable"
+Disposition of incoming bounce messages (DSNs).
+
+.IP "\fBContentType"
+MIME attachment breakdown by type/subtype.
+
+.IP "\fBDccError"
+Errors encountered with or returned by DCC.
+
+.IP "\fBDefangError"
+Errors encountered during defang process.
+
+.IP "\fBDefanged"
+Messages defanged (rendered harmless).
+
+.IP "\fBDsnNotification"
+Errors encountered during attempt to send delivery status notification.
+
+.IP "\fBDsnSuppressed"
+Delivery status notification (DSN) intentionally suppressed.
+
+.IP "\fBExtraModules"
+Additional code modules Amavis loaded during runtime.
+
+.IP "\fBFakeSender"
+Forged sender addresses, as determimed by Amavis.
+
+.IP "\fBFatal"
+Fatal events. These are presented at the top of the report, as they may require attention.
+
+.IP "\fBLocalDeliverySkipped"
+Failures delivering to a local address.
+
+.IP "\fBMalwareByScanner"
+Breakdown of malware by scanner(s) that detected the malware.
+
+.IP "\fBMimeError"
+Errors encountered during MIME extraction.
+
+.IP "\fBPanic"
+Panic events. These are presented at the top of the report, as they may require attention.
+
+.IP "\fBp0f"
+Passive fingerprint (p0f) hits, grouped by mail contents type (virus, unchecked, banned, spam, ham),
+next by operating system genre, and finally by IP address.
+Note: Windows systems are refined by Windows OS version, whereas versions of other operating systems
+are grouped generically.
+
+.IP "\fBReleased"
+Messages that were released from Amavis quarantine.
+
+.IP "\fBSADiags"
+Diagnostics as reported from SpamAssassin.
+
+.IP "\fBSmtpResponse"
+SMTP responses received during dialog with MTA. These log entries are primarly debug.
+
+.IP "\fBTmpPreserved"
+Temporary directories preserved by Amavis when some component encounters a problem or failure.
+Directories listed and their corresponding log entries should be evaluated for problems.
+
+.IP "\fBVirusScanSkipped"
+Messages that could not be scanned by a virus scanner.
+
+.IP "\fBWarning"
+Warning events not categorized in specific warnings below.
+These are presented at the top of the report, as they may require attention.
+
+.IP "\fBWarningAddressModified"
+Incomplete email addresses modified by Amavis for safety.
+
+.IP "\fBWarningNoQuarantineId"
+Attempts to release a quarantined message that did not contain an X-Quarantine-ID header.
+
+.IP "\fBWarningSecurity \fIlevelspec\fR"
+Insecure configuration or utility used by Amavis.
+
+.IP "\fBWarningSmtpShutdown"
+Failures during SMTP conversation with MTA.
+
+.IP "\fBWarningSql"
+Failures to communicate with, or error replies from, SQL service.
+
+.IP "\fBWhitelisted"
+Messages that were (soft-)whitelisted. See also Blacklisted above.
+
+.PD
+.SH LEVEL CONTROL
+.ad
+.fi
+The \fBDetailed\fR section of the report consists of a number of sub-sections,
+each of which is controlled both globally and independently.
+Two settings influence the output provided in the \fBDetailed\fR report:
+a global detail level (specified with \fB--detail\fR) which has final (big hammer)
+output-limiting control over the \fBDetailed\fR section,
+and sub-section specific detail settings (small hammer), which allow further limiting
+of the output for a sub-section.
+Each sub-section may be limited to a specific depth level, and each sub-level may be limited with top N or threshold limits.
+The \fIlevelspec\fR argument to each of the level limiters listed above is used to accomplish this.
+
+It is probably best to continue explanation of sub-level limiting with the following well-known outline-style hierarchy, and
+some basic examples:
+.nf
+
+ level 0
+ level 1
+ level 2
+ level 3
+ level 4
+ level 4
+ level 2
+ level 3
+ level 4
+ level 4
+ level 4
+ level 3
+ level 4
+ level 3
+ level 1
+ level 2
+ level 3
+ level 4
+.fi
+.PP
+The simplest form of output limiting suppresses all output below a specified level.
+For example, a \fIlevelspec\fR set to "2" shows only data in levels 0 through 2.
+Think of this as collapsing each sub-level 2 item, thus hiding all inferior levels (3, 4, ...),
+to yield:
+.nf
+
+ level 0
+ level 1
+ level 2
+ level 2
+ level 1
+ level 2
+.fi
+.PP
+Sometimes the volume of output in a section is too great, and it is useful to suppress any data that does not exceed a certain threshold value.
+Consider a dictionary spam attack, which produces very lengthy lists of hit-once recipient email or IP addresses.
+Each sub-level in the hierarchy can be threshold-limited by setting the \fIlevelspec\fR appropriately.
+Setting \fIlevelspec\fR to the value "2::5" will suppress any data at level 2 that does not exceed a hit count of 5.
+.PP
+Perhaps producing a top N list, such as top 10 senders, is desired.
+A \fIlevelspec\fR of "3:10:" limits level 3 data to only the top 10 hits.
+.PP
+With those simple examples out of the way, a \fIlevelspec\fR is defined as a whitespace- or comma-separated list of one or more of the following:
+.IP "\fIl\fR"
+Specifies the maximum level to be output for this sub-section, with a range from 0 to 10.
+if \fIl\fR is 0, no levels will be output, effectively disabling the sub-section
+(level 0 data is already provided in the Summary report, so level 1 is considered the first useful level in the \fBDetailed\fR report).
+Higher values will produce output up to and including the specified level.
+.IP "\fIl\fB.\fIn\fR"
+Same as above, with the addition that \fIn\fR limits this section's level 1 output to
+the top \fIn\fR items.
+The value for \fIn\fR can be any integer greater than 1.
+(This form of limiting has less utility than the syntax shown below. It is provided for
+backwards compatibility; users are encouraged to use the syntax below).
+.IP "\fIl\fB:\fIn\fB:\fIt\fR"
+This triplet specifies level \fIl\fR, top \fIn\fR, and minimum threshold \fIt\fR.
+Each of the values are integers, with \fIl\fR being the level limiter as described above, \fIn\fR being
+a top \fIn\fR limiter for the level \fIl\fR, and \fIt\fR being the threshold limiter for level \fIl\fR.
+When both \fIn\fR and \fIt\fR are specified, \fIn\fR has priority, allowing top \fIn\fR lists (regardless of
+threshold value).
+If the value of \fIl\fR is omitted, the specified values for \fIn\fR and/or \fIt\fR are used for
+all levels available in the sub-section.
+This permits a simple form of wildcarding (eg. place minimum threshold limits on all levels).
+However, specific limiters always override wildcard limiters.
+The first form of level limiter may be included in \fIlevelspec\fR to restrict output, regardless of how many triplets are present.
+.PP
+All three forms of limiters are effective only when \fBamavis-logwatch\fR's detail level is 5
+or greater (the \fBDetailed\fR section is not activated until detail is at least 5).
+.PP
+See the \fBEXAMPLES\fR section for usage scenarios.
+.SH CONFIGURATION FILE
+.ad
+\fBAmavis-logwatch\fR can read configuration settings from a configuration file.
+Essentially, any command line option can be placed into a configuration file, and
+these settings are read upon startup.
+
+Because \fBamavis-logwatch\fR can run either standalone or within Logwatch,
+to minimize confusion, \fBamavis-logwatch\fR inherits Logwatch's configuration
+file syntax requirements and conventions.
+These are:
+.IP \(bu 4'.
+White space lines are ignored.
+.IP \(bu 4'.
+Lines beginning with \fB#\fR are ignored
+.IP \(bu 4'.
+Settings are of the form:
+.nf
+
+ \fIoption\fB = \fIvalue\fR
+
+.fi
+.IP \(bu 4'.
+Spaces or tabs on either side of the \fB=\fR character are ignored.
+.IP \(bu 4'.
+Any \fIvalue\fR protected in double quotes will be case-preserved.
+.IP \(bu 4'.
+All other content is reduced to lowercase (non-preserving, case insensitive).
+.IP \(bu 4'.
+All \fBamavis-logwatch\fR configuration settings must be prefixed with "\fB$amavis_\fR" or
+\fBamavis-logwatch\fR will ignore them.
+.IP \(bu 4'.
+When running under Logwatch, any values not prefixed with "\fB$amavis_\fR" are
+consumed by Logwatch; it only passes to \fBamavis-logwatch\fR (via environment variable)
+settings it considers valid.
+.IP \(bu 4'.
+The values \fBTrue\fR and \fBYes\fR are converted to 1, and \fBFalse\fR and \fBNo\fR are converted to 0.
+.IP \(bu 4'.
+Order of settings is not preserved within a configuration file (since settings are passed
+by Logwatch via environment variables, which have no defined order).
+.PP
+To include a command line option in a configuration file,
+prefix the command line option name with the word "\fB$amavis_\fR".
+The following configuration file setting and command line option are equivalent:
+.nf
+
+ \fB$amavis_Line_Style = Truncate\fR
+
+ \fB--line_style Truncate\fR
+
+.fi
+Level limiters are also prefixed with \fB$amavis_\fR, but on the command line are specified with the \fB--limit\fR option:
+.nf
+
+ \fB$amavis_SpamBlocked = 2\fR
+
+ \fB--limit SpamBlocked=2\fR
+
+.fi
+
+
+The order of command line options and configuration file processing occurs as follows:
+1) The default configuration file is read if it exists and no \fB--config_file\fR was specified on a command line.
+2) Configuration files are read and processed in the order found on the command line.
+3) Command line options override any options already set either via command line or from any configuration file.
+
+Command line options are interpreted when they are seen on the command line, and later options will override previously set options.
+
+
+.SH "EXIT STATUS"
+.na
+.nf
+.ad
+.fi
+The \fBamavis-logwatch\fR utility exits with a status code of 0, unless an error
+occurred, in which case a non-zero exit status is returned.
+.SH "EXAMPLES"
+.na
+.nf
+.ad
+.fi
+.SS Running Standalone
+\fBNote:\fR \fBamavis-logwatch\fR reads its log data from one or more named Amavis log files, or from STDIN.
+For brevity, where required, the examples below use the word \fIfile\fR as the command line
+argument meaning \fI/path/to/amavis.log\fR.
+Obviously you will need to substitute \fIfile\fR with the appropriate path.
+.nf
+.PP
+To run \fBamavis-logwatch\fR in standalone mode, simply run:
+.nf
+.RS 4
+.PP
+\fBamavis-logwatch \fIfile\fR
+.RE 0
+.nf
+.PP
+A complete list of options and basic usage is available via:
+.nf
+.RS 4
+.PP
+\fBamavis-logwatch --help\fR
+.RE 0
+.nf
+.PP
+To print a summary only report of Amavis log data:
+.nf
+.RS 4
+.PP
+\fBamavis-logwatch --detail 1 \fIfile\fR
+.RE 0
+.fi
+.PP
+To produce a summary report and a one-level detail report for May 25th:
+.nf
+.RS 4
+.PP
+\fBgrep 'May 25' \fIfile\fB | amavis-logwatch --detail 5\fR
+.RE 0
+.fi
+.PP
+To produce only a top 10 list of Sent email domains, the summary report and detailed reports
+are first disabled. Since commands line options are read and enabled left-to-right,
+the Sent section is re-enabled to level 1 with a level 1 top 10 limiter:
+.nf
+.RS 4
+.PP
+\fBamavis-logwatch --nosummary --nodetail \\
+ --limit spamblocked '1 1:10:' \fIfile\fR
+.RE 0
+.fi
+.PP
+The following command and its sample output shows a more complex level limiter example.
+The command gives the top 4 spam blocked recipients (level 1), and under with each recipient
+the top 2 sending IPs (level 2) and finally below that, only envelope from addresses (level 3) with hit counts
+greater than 6.
+Ellipses indicate top N or threshold-limited data:
+.nf
+.RS 4
+.PP
+\fBamavis-logwatch --nosummary --nodetail \\
+ --limit spamblocked '1:4: 2:2: 3::6' \fIfile\fR
+.nf
+
+19346 Spam blocked -----------------------------------
+ 756 jo...@ex...
+ 12 10.0.0.1
+ 12 <>
+ 12 10.99.99.99
+ 12 <>
+ ...
+ 640 fr...@ex...
+ 8 10.0.0.1
+ 8 <>
+ 8 192.168.3.19
+ 8 <>
+ ...
+ 595 pe...@sa...
+ 8 10.0.0.1
+ 8 <>
+ 7 192.168.3.3
+ 7 <>
+ ...
+ 547 pa...@ex...
+ 8 192.168.3.19
+ 8 <>
+ 7 10.0.0.1
+ 7 <>
+ ...
+ ...
+.fi
+.RE 0
+.fi
+.SS Running within Logwatch
+\fBNote:\fR Logwatch versions prior to 7.3.6, unless configured otherwise, required the \fB--print\fR option to print to STDOUT instead of sending reports via email.
+Since version 7.3.6, STDOUT is the default output destination, and the \fB--print\fR option has been replaced
+by \fB--output stdout\fR. Check your configuration to determine where report output will be directed, and add the appropriate option to the commands below.
+.PP
+To print a summary report for today's Amavis log data:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range today --detail 1\fR
+.RE 0
+.nf
+.PP
+To print a report for today's Amavis log data, with one level
+of detail in the \fBDetailed\fR section:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range today --detail 5\fR
+.RE 0
+.fi
+.PP
+To print a report for yesterday, with two levels of detail in the \fBDetailed\fR section:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range yesterday --detail 6\fR
+.RE 0
+.fi
+.PP
+To print a report from Dec 12th through Dec 14th, with four levels of detail in the \fBDetailed\fR section:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range \\
+ 'between 12/12 and 12/14' --detail 8\fR
+.RE 0
+.PP
+To print a report for today, with all levels of detail:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range today --detail 10\fR
+.RE 0
+.PP
+Same as above, but leaves long lines uncropped:
+.nf
+.RS 4
+.PP
+\fBlogwatch --service amavis --range today --detail 11\fR
+.RE 0
+.SS "Amavis Log Level"
+.PP
+Amavis provides additional log information when the variable
+\fB$log_level\fR is increased above the default 0 value.
+This information is used by the \fBamavis-logwatch\fR utility to provide additional reports,
+not available with the default \fB$log_level\fR=0 value.
+A \fB$log_level\fR of 2 is suggested.
+.PP
+If you prefer not to increase the noise level in your main mail or Amavis logs,
+you can configure syslog to log Amavis' output to multiple log files,
+where basic log entries are routed to your main mail log(s) and more detailed
+entries routed to an Amavis-specific log file used to feed the \fBamavis-logwatch\fR utility.
+.PP
+A convenient way to accomplish this is to change the Amavis
+configuration variables in \fBamavisd.conf\fR as shown below:
+.nf
+
+ amavisd.conf:
+ $log_level = 2;
+ $syslog_facility = 'local5';
+ $syslog_priority = 'debug';
+
+.fi
+.PP
+This increases \fB$log_level\fR to 2, and sends Amavis' log entries to
+an alternate syslog facility (eg. \fBlocal5\fR, user), which can then be
+routed to one or more log files, including your main mail log file:
+.nf
+
+ syslog.conf:
+ #mail.info -/var/log/maillog
+ mail.info;local5.notice -/var/log/maillog
+
+ local5.info -/var/log/amavisd-info.log
+
+.fi
+.PP
+\fBAmavis\fR' typical \fB$log_level\fR 0 messages will be directed to both your maillog
+and to the \fBamavisd-info.log\fR file, but higher \fB$log_level\fR messages
+will only be routed to the \fBamavisd-info.log\fR file.
+For additional information on Amavis' logging, search the
+file \fBRELEASE_NOTES\fR in the Amavis distribution for:
+.nf
+
+ "syslog priorities are now dynamically derived"
+
+.fi
+.SH "ENVIRONMENT"
+.na
+.nf
+.ad
+.fi
+The \fBamavis-logwatch\fR program uses the following (automatically set) environment
+variables when running under Logwatch:
+.IP \fBLOGWATCH_DETAIL_LEVEL\fR
+This is the detail level specified with the Logwatch command line argument \fB--detail\fR
+or the \fBDetail\fR setting in the ...conf/services/amavis.conf configuration file.
+.IP \fBLOGWATCH_DEBUG\fR
+This is the debug level specified with the Logwatch command line argument \fB--debug\fR.
+.IP \fBamavis_\fIxxx\fR
+The Logwatch program passes all settings \fBamavis_\fIxxx\fR in the configuration file ...conf/services/amavis.conf
+to the \fBamavis\fR filter (which is actually named .../scripts/services/amavis) via environment variable.
+.SH "FILES"
+.na
+.nf
+.SS Standalone mode
+.IP "/usr/local/bin/amavis-logwatch"
+The \fBamavis-logwatch\fR program
+.IP "/usr/local/etc/amavis-logwatch.conf"
+The \fBamavis-logwatch\fR configuration file in standalone mode
+.SS Logwatch mode
+.IP "/etc/logwatch/scripts/services/amavis"
+The Logwatch \fBamavis\fR filter
+.IP "/etc/logwatch/conf/services/amavis.conf"
+The Logwatch \fBamavis\fR filter configuration file
+.SH "SEE ALSO"
+.na
+.nf
+logwatch(8), system log analyzer and reporter
+.SH "README FILES"
+.na
+.ad
+.nf
+README, an overview of \fBamavis-logwatch\fR
+Changes, the version change list history
+Bugs, a list of the current bugs or other inadequacies
+Makefile, the rudimentary installer
+LICENSE, the usage and redistribution licensing terms
+.SH "LICENSE"
+.na
+.nf
+.ad
+Covered under the included MIT/X-Consortium License:
+http://www.opensource.org/licenses/mit-license.php
+
+.SH "AUTHOR(S)"
+.na
+.nf
+Mike Cappella
+
+.fi
+The original \fBamavis\fR Logwatch filter was written by
+Jim O'Halloran, and has had many contributors over the years.
+They are entirely not responsible for any errors, problems or failures since the current author's
+hands have touched the source code.
Modified: conf/services/amavis.conf
===================================================================
--- conf/services/amavis.conf 2012-02-22 23:32:44 UTC (rev 83)
+++ conf/services/amavis.conf 2012-02-26 15:43:00 UTC (rev 84)
@@ -18,76 +18,207 @@
# Which logfile group...
LogFile = maillog
-# Only give lines pertaining to the amavis filter...
+# Specifies the global maximum detail level
+#
+#Detail = 10
+
+# Only give lines pertaining to the amavis service...
+#
+# The variables OnlyService and amavis_Syslog_Name are regular
+# expression patterns, and should both be set to match the
+# amavis service name used in your syslog entries.
+#*OnlyService = (usr/sbin/amavisd|dccproc)
*OnlyService = (amavis|dccproc)
*RemoveHeaders
-# Specifies the maximum report width, for Detail <= 10
+# Set this to the service name used in amavis syslog entries
#
-#$amavis_Max_Report_Width = 100
+# Note: if you use parenthesis in your regular expression, be sure it
+# is cloistering and not capturing: use (?:pattern) instead of (pattern).
+# $amavis_Syslog_Name = "/usr/sbin/amavisd"
+$amavis_Syslog_Name = "(?:amavis|dccproc)"
+#
+# Set the variable below to specify the maximum report width.
+# for Detail <= 10
+#
+$amavis_Max_Report_Width = 100
+
+# Specifies how to handle line lengths greater than Max_Report_Width.
+# Options are Truncate (default), Wrap, or Full.
+# for Detail <= 10
+#
+$amavis_Line_Style = Truncate
+
+# Show names of detail section variables/command line options in
+# detail report titles. For command line, use --[no]sect_vars,
+# without an argument.
+#
+$amavis_Show_Sect_Vars = No
+
+# In reports, for tallying purposes, use (and show) only the first
+# recipient when a message contains multple recipients.
+#
+$amavis_Show_First_Recip_Only = No
+
+# Include a by-contents category grouping in the summary report.
+#
+$amavis_Show_By_Ccat_Summary = Yes
+
+# Amavis Timings Report
+#
# Specifies the percentiles of collected data to show in the timing report.
# Valid values are from 0 to 100, inclusive.
#
-#$amavis_Timing_Percentiles = 0 5 25 50 75 95 100
+$amavis_Timings_Percentiles = "0 5 25 50 75 95 100"
-# Show spam score percentiles
+#
+# Show top N percent of the amavis scan timings report
+#
+$amavis_Timings = 95
+
+# Amavis SpamAssassin Timings Report
#
-#$amavis_Show_SpamScore = Yes
-
-# Specifies the percentiles of spam scores to show
+# Specifies the percentiles of collected data to show in the
+# SpamAssassin timing report (requires amavis 2.6+, SA 3.3+).
# Valid values are from 0 to 100, inclusive.
#
-#$amavis_SpamScore_Percentiles = 0 50 90 95 98 100
+$amavis_SA_Timings_Percentiles = "0 5 25 50 75 95 100"
-# Show top N percent of the timings report
+#
+# Show top N rows of the SpamAssassin timings report
+# Requires: amavis 2.6+, SpamAssassin 3.3+
+#
+$amavis_SA_Timings = 100
+
+# Spam Score Percentiles Report
#
-#$amavis_Timings = 95
+# Specifies the percentiles shown in the spam scores frequency report.
+# Valid values range from 0 to 100, inclusive. The keyword "default"
+# can be used instead to reset the values to their built-in default.
+#
+$amavis_Score_Percentiles = "0 50 90 95 98 100"
-# Show SpamAssassin rules hit
+# Spam Score Frequency Report
#
-#$amavis_Show_SARules = Yes
+# Specifies the buckets shown in the spam scores frequency report.
+# Valid values are real numbers. The keyword "default"
+# can be used instead to reset the values to their built-in default.
+#
+$amavis_Score_Frequencies = "-10 -5 0 5 10 20 30"
-# Show top N SpamAssassin Ham rules hit
+# SpamAssassin Spam / Ham Rules Hit Report
+#
+# Specifies the number of top S spam and top H ham hits to show in the
+# SpamAssassin Spam and Ham rules hit report. The value is a list
+# separated by whitespace or a comma. The order is "spam,ham". The
+# keyword "all" means unlimited limit, and 0 specifies none. For
+# example, the value "all,10" would show all Spam rules hit, but only
+# the top 10 ham rules, whereas "0,all" would prevent the Spam hit
+# report, and show all the hit Ham rules.
#
-#$amavis_SARulesTopHam = 20
+$amavis_SARules = "20 20"
-# Show top N SpamAssassin Spam rules hit
+# Autolearn Report
#
-#$amavis_SARulesTopSpam = 20
+# Shows the autolearn report when autolearn entries are present in
+# amavis log entries. To make these available, the default
+# $log_templ variable needs to be modified. This can be done by
+# uncommenting two lines in the amavis program itself (where the
+# default log templates reside), by correctly adding the $log_templ
+# variable to the amavisd.conf file. See amavis' README.customize
+# and the end of the amavisd program, searching for "autolearn".
+$amavis_Show_Autolearn = Yes
# If available, show most recent amavis startup details
-#
-#$amavis_Show_StartInfo = Yes
+#
+$amavis_Show_StartInfo = Yes
+# Show the summary section. For command line, use --[no]summary,
+# without an argument.
+$amavis_Show_Summary = Yes
+# Level Limiters
+#
# The variables below control the maximum output level for a given
-# category. A level of 1 indicates only one level of detailed output in
-# the Detailed report section. The Summary section is only available
-# at logwatch --Detail level >= 5. Increasing the Detail level
+# category. A level of 1 indicates only one level of detailed output
+# in the Detailed report section. The Summary section is only avail-
+# able at logwatch --Detail level >= 5. Increasing the Detail level
# by one adds one level of additional detail in the Summary section.
+#
# For example, Detail 5 would output one additional level of detail,
# Detail 6 two levels, etc. all the way up to 10. Finally, Detail
-# 11 yeilds uncropped lines of output.
+# 11 yields uncropped lines of output.
+#
+# You can control the maximum number of level 1 lines by appending
+# a period and a number. The value 2.10 would indicate 2 levels
+# of detail, but only 10 level 1 lines. For example, setting
+# $amavis_SpamBlocked = 1.20 yields a top 20 list of blocked spam.
+#
+# A more useful form of limiting uses triplets in the form l:n:t.
+# This triplet specifies level l, top n, and minimum threshold t.
+# Each of the values are integers, with l being the level limiter
+# as described above, n being a top n limiter for the level l, and
+# t being the threshold limiter for level l. When both n and t
+# are specified, n has priority, allowing top n lists (regardless
+# of threshold value). If the value of l is omitted, the speci-
+# fied values for n and/or t are used for all levels available in
+# the sub-section. This permits a simple form of wildcarding (eg.
+# place minimum threshold limits on all levels). However, spe-
+# cific limiters always override wildcard limiters. The first
+# form of level limiter may be included in levelspec to restrict
+# output, regardless of how many triplets are present.
-# uncomment and change the value of a variable below to control
-# the maximum detail level for the named category
-#$amavis_SpamPassed = 1
-#$amavis_SpamBlocked = 1
-#$amavis_MalwarePassed = 1
-#$amavis_MalwareBlocked = 1
-#$amavis_BannedNamesPassed = 1
-#$amavis_BannedNamesBlocked = 1
-#$amavis_BadHeadersPassed = 1
-#$amavis_BadHeadersBlocked = 1
-#$amavis_BadHeadersSupp = 1
-#$amavis_ReleasedMsg = 1
-#$amavis_MimeError = 1
-#$amavis_DSNNotification = 1
-#$amavis_EncryptedArchive = 1
-#$amavis_Warning = 1
-#$amavis_MalwareByScanner = 1
-#$amavis_Bayes = 1
+$amavis_CleanPassed = 0
+$amavis_CleanBlocked = 10
+$amavis_SpamPassed = 10
+$amavis_SpamBlocked = 10
+$amavis_SpammyPassed = 10
+$amavis_SpammyBlocked = 10
+$amavis_MalwarePassed = 10
+$amavis_MalwareBlocked = 10
+$amavis_BannedNamePassed = 10
+$amavis_BannedNameBlocked = 10
+$amavis_BadHeaderPassed = 10
+$amavis_BadHeaderBlocked = 10
+$amavis_MTABlocked = 10
+$amavis_OversizedBlocked = 10
+$amavis_OtherBlocked = 10
+$amavis_AVConnectFailure = 10
+$amavis_AVTimeout = 10
+$amavis_ArchiveExtract = 10
+$amavis_BadHeaderSupp = 10
+$amavis_Bayes = 10
+$amavis_Blacklisted = 10
+$amavis_BounceKilled = 10
+$amavis_BounceRescued = 10
+$amavis_BounceUnverifiable = 10
+$amavis_ContentType = 10
+$amavis_DccError = 10
+$amavis_DefangError = 10
+$amavis_Defanged = 10
+$amavis_DsnNotification = 10
+$amavis_DsnSuppressed = 10
+$amavis_ExtraModules = 10
+$amavis_FakeSender = 10
+$amavis_LocalDeliverySkipped = 10
+$amavis_MalwareByScanner = 10
+$amavis_MalwareToSpam = 10
+$amavis_MimeError = 10
+$amavis_p0f = 2
+$amavis_Released = 10
+$amavis_SADiags = 10
+$amavis_SmtpResponse = 10
+$amavis_TmpPreserved = 10
+$amavis_VirusScanSkipped = 1
+$amavis_Warning = 10
+$amavis_WarningAddressModified = 2
+$amavis_WarningNoQuarantineID = 1
+$amavis_WarningSecurity = 10
+$amavis_WarningSmtpShutdown = 10
+$amavis_WarningSQL = 10
+$amavis_Whitelisted = 10
+
# vi: shiftwidth=3 tabstop=3 et
Modified: conf/services/postfix.conf
===================================================================
--- conf/services/postfix.conf 2012-02-22 23:32:44 UTC (rev 83)
+++ conf/services/postfix.conf 2012-02-26 15:43:00 UTC (rev 84)
@@ -1,36 +1,331 @@
-###########################################################################
-# $Id: postfix.conf,v 1.14 2008/05/25 01:21:50 mike Exp $
-###########################################################################
+#
+# postfix.conf / postfix-logwatch.conf
+#
+# This is the postfix-logwatch configuration file.
-# You can put comments anywhere you want to. They are effective for the
-# rest of the line.
+# Lines in this file are of the format:
+#
+# VAR = VALUE
+# *VAR = VALUE
+# $VAR = VALUE
+#
+# Whitespace surrounding the = assignment character is removed. Variable names
+# and values are case insensitive. Double quotes can be used to preserve case and
+# whitespace.
+#
+# Variables beginning with a * are used only by logwatch.
+# Variables beginning with a $ are used only by the postfix-logwatch filter.
+# Variables beginning with neither * nor $ are used only by logwatch, with the
+# exception of the Detail variable which is passed via environment to the
+# postfix-logwatch filter.
+#
+# Any of the equivalent boolean values below may be used where appropriate:
+#
+# 1, Yes, True, On
+# 0, No, False, Off
+#
+# Lines that begin with a # are comment lines. Blank and whitespace lines
+# are ignored. Whitespace at the beginning and end of a line is ignored.
+#
-# this is in the format of <name> = <value>. Whitespace at the beginning
-# and end of the lines is removed. Whitespace before and after the = sign
-# is removed. Everything is case *insensitive*.
+# Specifies the title used in the logwatch report
+#
+Title = "Postfix"
-# Yes = True = On = 1
-# No = False = Off = 0
+# Specifies the logwatch logfile group
+#
+LogFile = maillog
-Title = postfix
+# Specifies the global, maximum detail level
+#
+#Detail = 10
-# Which logfile group...
-LogFile = maillog
+# The *OnlyService selector is used solely by logwatch to select log lines
+# to pass to the postfix-logwatch filter. And postfix-logwatch uses the
+# $postfix_Syslog_Name variable for log line selection.
+#
+# When used in logwatch, both the *OnlyService and $postfix_Syslog_Name
+# variables below should contain essentially the same REs so that lines passed
+# by logwatch are also selected by postfix-logwatch. Note that *OnlyService
+# also includes the /<postfix service name> (eg. postfix/smtpd).
+#
+# If you change postfix's syslog_name for any postfix service, you will need to
+# replace "postfix" below with an appropriate RE to capture the desired log entries.
+# Do likewise for *OnlyService above when used under logwatch. For example, the
+# settings:
+#
+# *OnlyService = "postfix\d?/[-a-zA-Z\d]*"
+# $postfix_Syslog_Name = "postfix\d?"
+#
+# will capture postfix/smtpd, postfix2/virtual, ..., postfix9/cleanup
+#
+# Note: If you use parenthesis in your regular expression, be sure they
+# are cloistering and not capturing: use (?:pattern) instead of (pattern).
+#
+# Performance Note:
+# If you do not wish to analyze any or all of postgrey, postfwd, or policyd-spf
+# consider simplifying $postfix_Syslog_Name to increase log scanning performance. The
+# more complex the RE, the longer the scan time to select/reject a log line. The
+# difference in scan times between the simple string 'postfix' and the more complex
+# alternation RE that includes postfix, postgrey, postfwd and policyd-spf is about 40%.
+#
+# Includes: postfix/smtpd, etc, postfix/policy-spf
+#*OnlyService = "postfix/[-\w]*"
+#$postfix_Syslog_Name = "postfix"
+# Includes: postfix/smtpd, etc, postfix/policy-spf, postgrey, postfwd, policyd-spf
+*OnlyService = "(?:post(?:fix|grey|fwd)|policyd-spf)(?:/[-\w]*)?"
+$postfix_Syslog_Name = "(?:post(?:fix|grey|fwd)|policyd-spf)"
-# Only give lines pertaining to the postfix service...
-*OnlyService = "postfix/[a-zA-Z0-9]*"
-# *OnlyService = "postfix/smtpd"
-*RemoveHeaders =
+# Ignored postfix services
+#
+# Ignores postfix services postfix/SERVICE, where SERVICE is an RE
+# pattern. The example below will ignore log lines whose syslog
+# name is "postfix/myservice".
+#$postfix_Ignore_Service = "myservice"
-########################################################
-# This was written and is maintained by:
-# Kenneth Porter <sh...@we...>
+# Specifies the maximum report width for Detail <= 10,
+# or when postfix_Line_Style is not set to Truncate
#
-# Please send all comments, suggestions, bug reports,
-# etc, to sh...@we....
+$postfix_Max_Report_Width = 100
+
+# Specifies how to handle line lengths greater than Max_Report_Width.
+# Options are Truncate (default), Wrap, or Full.
+# for Detail <= 10
#
-########################################################
+$postfix_Line_Style = Truncate
+# Set the variable below to the value set for "recipient_delimiter"
+# in your postfix configuration, if you want your recipient email
+# addresses split into their user + extension.
+#
+#$postfix_Recipient_Delimiter = "+"
+# Width of IP addresses for columnar output. Change to 40 for IPv6 addresses
+#$postfix_ipaddr_width = 40
+$postfix_ipaddr_width = 15
+# Switch to use Postfix 2.8 long queue IDs:
+# Postfix option: enable_long_queue_ids
+$postfix_Enable_Long_Queue_Ids = No
+
+# Show delays percentiles report. For command line, use --[no]delays,
+# without an argument.
+#
+$postfix_Show_Delays = Yes
+
+# Show names of detail section variables/command line options in
+# detail report titles. For command line, use --[no]sect_vars,
+# without an argument.
+#
+$postfix_Show_Sect_Vars = No
+
+# Show the postfix-reported hostname of 'unknown' in formatted
+# ip/hostname pairs. For command line, use --[no]unknown,
+# without an argument.
+#
+$postfix_Show_Unknown = Yes
+
+# Show the summary section. For command line, use --[no]summary,
+# without an argument.
+$postfix_Show_Summary = Yes
+
+# Specifies the percentiles shown in the delivery delays report
+# Valid values are from 0 to 100, inclusive.
+$postfix_Delays_Percentiles = "0 25 50 75 90 95 98 100"
+
+# Specifies the list of reject sections that will be output in
+# reports (eg. 5xx permanent or 4xx temporary failures).
+# Each entry in the comma or whitespace separated list consists of 3
+# characters, where the first is either 4 or 5, and second and third
+# are a digit or a dot "." match-anything character. Also allowed is
+# the keyword "Warn" (which is used for postfix "warn_if_reject" rejects).
+# In PCRE (perl regular expression) terms, any pattern that matches:
+#
+# ^([45][0-9.][0-9.]|Warn)$
+#
+# is acceptable.
+#
+# Typical reject codes:
+#
+# 421 Service not available, closing transmission channel
+# 450 Requested mail action not taken: mailbox unavailable
+# 451 Requested action aborted: local error in processing
+# 452 Requested action not taken: insufficient system storage
+#
+# 500 Syntax error, command unrecognized
+# 501 Syntax error in parameters or arguments
+# 502 Command not implemented
+# 503 Bad sequence of commands
+# 504 Command parameter not implemented
+# 550 Requested action not taken: mailbox unavailable
+# 551 User not local; please try <forward-path>
+# 552 Requested mail action aborted: exceeded storage allocation
+# 553 Requested action not taken: mailbox name not allowed
+# 554 Transaction failed
+#
+# Specific codes take priority over wildcard patterns. The default list
+# is: "5.. 4.. Warn".
+#
+# See also the various Reject... level limiters below
+#
+$postfix_Reject_Reply_Patterns = "5.. 4.. Warn"
+
+# Level Limiters
+#
+# The variables below control the maximum output level for a given
+# category. A level of 1 indicates only one level of detailed output in
+# the Detailed report section. The Summary section is only available
+# at logwatch --Detail level >= 5. Increasing the Detail level
+# by one adds one level of additional detail in the Summary section.
+#
+# For example, Detail 5 would output one additional level of detail,
+# Detail 6 two levels, etc. all the way up to 10. Finally, Detail
+# 11 yields uncropped lines of output.
+#
+# You can control the maximum number of level 1 lines by appending
+# a period and a number. The value 2.10 would indicate 2 levels
+# of detail, but only 10 level-1 lines. For example, setting
+# $postfix_Sent = 1.20 yields a top 20 list of Messages Sent.
+#
+# A more useful form of limiting uses triplets in the form l:n:t.
+# This triplet specifies level l, top n, and minimum threshold t.
+# Each of the values are integers, with l being the level limiter
+# as described above, n being a top n limiter for the level l, and
+# t being the threshold limiter for level l. When both n and t
+# are specified, n has priority, allowing top n lists (regardless
+# of threshold value). If the value of l is omitted, the speci-
+# fied values for n and/or t are used for all levels available in
+# the sub-section. This permits a simple form of wildcarding (eg.
+# place minimum threshold limits on all levels). However, spe-
+# cific limiters always override wildcard limiters. The first
+# form of level limiter may be included in levelspec to restrict
+# output, regardless of how many triplets are present.
+
+$postfix_Sent = 1
+$postfix_SentLmtp = 1
+$postfix_Delivered = 1
+$postfix_Forwarded = 1
+$postfix_ConnectionLostInbound = 1
+$postfix_TimeoutInbound = 1
+$postfix_ConnectToFailure = 2
+
+# Disabled by default to reduce noise and consume less memory.
+# Enable at will
+$postfix_EnvelopeSenders = 0
+$postfix_EnvelopeSenderDomains = 0
+$postfix_ConnectionInbound = 0
+# Reject by IP report
+$postfix_ByIpRejects = 0
+
+$postfix_PanicError = 10
+$postfix_FatalError = 10
+$postfix_Error = 10
+# warnings
+$postfix_Anvil = 3
+$postfix_AttrError = 10
+$postfix_CommunicationError = 10
+$postfix_DatabaseGeneration = 10
+$postfix_DNSError = 10
+$postfix_HeloError = 10
+$postfix_HostnameValidationError = 10
+$postfix_HostnameVerification = 10
+$postfix_IllegalAddrSyntax = 10
+$postfix_LdapError = 10
+$postfix_MailerLoop = 10
+$postfix_MapProblem = 10
+$postfix_MessageWriteError = 10
+$postfix_NumericHostname = 10
+$postfix_ProcessExit = 10
+$postfix_ProcessLimit = 10
+$postfix_QueueWriteError = 10
+$postfix_RBLError = 10
+$postfix_SaslAuthFail = 10
+$postfix_SmtpConversationError = 10
+$postfix_StartupError = 10
+$postfix_WarningsOther = 10
+
+# Common access control actions
+$postfix_Bcced = 10
+$postfix_Discarded = 10
+$postfix_Filtered = 10
+$postfix_Hold = 10
+$postfix_Prepended = 10
+$postfix_Redirected = 10
+$postfix_Replaced = 10
+$postfix_Warned = 10
+# DUNNO action not logged
+# IGNORE action not logged
+# REJECT actions are below
+
+# Rejects
+# The following are generic reject types, which are automatically
+# expanded into each reject variant, based on the reply patterns
+# listed in Reject_Reply_Patterns. By default, each item in the
+# list below becomes 4xxReject..., 5xxReject..., and WarnReject...
+$postfix_RejectBody = 10
+$postfix_RejectClient = 10
+$postfix_RejectConfigError = 10
+$postfix_RejectContent = 10
+$postfix_RejectData = 10
+$postfix_RejectEtrn = 10
+$postfix_RejectHeader = 10
+$postfix_RejectHelo = 10
+$postfix_RejectInsufficientSpace = 10
+$postfix_RejectLookupFailure = 10
+$postfix_RejectMilter = 10
+$postfix_RejectProxy = 10
+$postfix_RejectRBL = 10
+$postfix_RejectRecip = 10
+$postfix_RejectRelay = 10
+$postfix_RejectSender = 10
+$postfix_RejectSize = 10
+$postfix_RejectUnknownClient = 10
+$postfix_RejectUnknownReverseClient = 10
+$postfix_RejectUnknownUser = 10
+$postfix_RejectUnverifiedClient = 3
+$postfix_RejectVerify = 10
+
+# For more precise control, you can comment out any of the reject
+# types above and specify each variant manually, but the list must
+# be consistent with the values specified in Reject_Reply_Patterns.
+#
+# For example, you could comment out $postfix_RejectHelo above, and
+# instead uncomment the three RejectHelo variants, allowing you to
+# specify different level limiters to each variant:
+#
+# Permanent 5xx variant
+# $postfix_5xxRejectHelo = 1
+# Temporary 4xx variant
+# $postfix_4xxRejectHelo = 2
+# Warn_if_reject variant
+# $postfix_WarnRejectHelo = 2
+#
+
+$postfix_Deferred = 10
+$postfix_Deferrals = 10
+$postfix_BounceLocal = 10
+$postfix_BounceRemote = 10
+
+$postfix_Discarded = 10
+$postfix_ReturnedToSender = 10
+$postfix_NotificationSent = 10
+$postfix_ConnectionLostOutbound = 10
+
+$postfix_Deliverable = 10
+$postfix_Undeliverable = 10
+$postfix_PixWorkaround = 10
+$postfix_SaslAuth = 10
+$postfix_TlsServerConnect = 10
+$postfix_TlsClientConnect = 10
+$postfix_TlsUnverified = 10
+$postfix_TlsOffered = 10
+$postfix_SMTPProtocolViolation = 10
+
+$postfix_Postscreen = 1
+$postfix_DNSBLog = 1
+
+$postfix_PolicySPF = 10
+$postfix_PolicydWeight = 10
+$postfix_Postgrey = 10
+
# vi: shiftwidth=3 tabstop=3 et
Modified: install_logwatch.sh
===================================================================
--- install_logwatch.sh 2012-02-22 23:32:44 UTC (rev 83)
+++ install_logwatch.sh 2012-02-26 15:43:00 UTC (rev 84)
@@ -263,25 +263,27 @@
done
#Man page
-if [ -d $MANDIR/man5 ] && [ -d $MANDIR/man8 ] && [ $HAVE_MAKEWHATIS ]; then
+if [ -d $MANDIR/man5 ] && [ -d $MANDIR/man8 ] && [ -d $MANDIR/man1 ] && [ $HAVE_MAKEWHATIS ]; then
install -m 0644 logwatch.8 $MANDIR/man8
install -m 0644 logwatch.conf.5 $MANDIR/man5
install -m 0644 override.conf.5 $MANDIR/man5
install -m 0644 ignore.conf.5 $MANDIR/man5
+ install -m 0644 postfix-logwatch.1 $MANDIR/man1
+ install -m 0644 amavis-logwatch.1 $MANDIR/man1
#OpenBSD no -s
if [ $OS = "OpenBSD" ]; then
- makewhatis -u $MANDIR/man5 $MANDIR/man8
+ makewhatis -u $MANDIR/man5 $MANDIR/man8 $MANDIR/man1
else
#FreeBSD and NetBSD no -s no -u
if [ $OS = "FreeBSD" ] || [ $OS = "NetBSD" ]; then
- makewhatis $MANDIR/man5 $MANDIR/man8
+ makewhatis $MANDIR/man5 $MANDIR/man8 $MANDIR/man1
else
#MacOS X aka Darwin no -u [even thought the manpage says]
if [ $OS = "Darwin" ]; then
- makewhatis -s "5 8" $MANDIR
+ makewhatis -s "1 5 8" $MANDIR
else
#Linux
- makewhatis -u -s "5 8" $MANDIR
+ makewhatis -u -s "1 5 8" $MANDIR
fi
fi
fi
@@ -293,8 +295,14 @@
install -m 0644 logwatch.conf.5 $MANDIR/man1m
install -m 0644 override.conf.5 $MANDIR/man1m
install -m 0644 ignore.conf.5 $MANDIR/man1m
+ install -m 0644 postfix-logwatch.1 $MANDIR/man1
+ install -m 0644 amavis-logwatch.1 $MANDIR/man1
catman -w -M $MANDIR/man1m
else
+ install -m 0755 -d $MANDIR/man1
+ install -m 0644 postfix-logwatch.1 $MANDIR/man1
+ install -m 0644 amavis-logwatch.1 $MANDIR/man1
+
install -m 0755 -d $MANDIR/man5
install -m 0644 logwatch.conf.5 $MANDIR/man5
install -m 0644 override.conf.5 $MANDIR/man5
@@ -303,8 +311,8 @@
install -m 0755 -d $MANDIR/man8
install -m 0644...
[truncated message content] |