oscarmlage oscarmlage

Logwatch, add a new postfix custom service

Written by oscarmlage on

Last days ago I had lot of problems with MTA servers, hacked accounts, bad redirects policies and some other minor issues that kept me with the hands dirty in sysadmin keyboard. Needless to say how I love to put my sysadm hat and start to fix and/or optimize stuff, so from that bunch of problems was born this little script that makes my days easier than before.

We're talking about a logwatch custom service. Logwatch is a customizable log analysis system. Logwatch parses through your system's logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems. I use logwatch to monitor common services running on servers. It sends me a daily report by mail telling me what happened last 24 hours. It's easy to add a new custom service, you have to put 3 files in the right place (Debian like distribution):

/etc/logwatch/conf/logfiles/my-postfix.conf

# /etc/logwatch/conf/logfiles/my-postfix.conf

# The LogFile path is relative to /var/log by default.
# You can change the default by setting LogDir.
LogFile = mail*.log

# This enables searching through zipped archives as well.
Archive = mail*.gz

# Expand the repeats (actually just removes them now).
*ExpandRepeats

/etc/logwatch/conf/services/my-postfix.conf

# /etc/logwatch/conf/services/my-postfix.conf

# The title shown in the report.
Title = "My Postfix"

# The name of the log file group (file name).
LogFile = my-postfix

/etc/logwatch/scripts/services/my-postfix

!/usr/bin/env bash
# /etc/logwatch/scripts/services/my-postfix

mailq | grep @ | awk '{ORS=(ORS==RS)?FS:RS; print $$NF}'
tot=`mailq | grep @ | awk '{ORS=(ORS==RS)?FS:RS; print $$NF}' | wc -l`

echo -e ""
echo "Total: ${tot}"
echo -e ""
echo -e ""
echo -e "Deferred emails from mail.log"
echo -e ""
grep "status" | grep -v "status=sent" | awk '{print $7" "$12}' | sort -rn | uniq -c | sort -rn

The output

This is the report that the script sends me in the email, first part are the queued emails and the second part is a deferred list sorted by number of times it appears on mail.log:

--------------------- My Postfix Begin ------------------------

 8A183B59       4347 Fri Jun  6 01:11:31  xxx@gmail.com -> zzz@gmail.com
 88EE3B7C       2501 Thu Jun  5 16:28:42  xxx@domain.com -> xxx@terra.es
 E16C1B3C        435 Thu Jun  5 13:34:28  xxx@xxx.kimsufi.com -> root@xxx.kimsufi.com
 A4F3CB78       2501 Thu Jun  5 15:09:41  xxx@domain.com -> zzz@terra.es
 AE0DBB8F       2501 Thu Jun  5 18:38:00  xxx@domain.com -> zzz@terra.es
 AB746B6E       2501 Thu Jun  5 14:17:22  xxx@domain.com -> zzz@terra.es
 AB5A289A        807 Wed Jun  4 06:26:47  xxx@xxx.kimsufi.com -> root@xxx.kimsufi.com

 Total: 7

 Deferred emails from mail.log

     484 to=(root@xxxx.kimsufi.com), dsn=4.3.0,
     461 to=(zzz@terra.es), status=deferred
     170 to=(root@yyy.kimsufi.com), status=deferred
      56 to=(info@domain.com), status=deferred
      37 to=(zzz@gmail.com), dsn=4.7.0,
      31 to=(ooo@gmail.es), status=deferred
      31 to=(vvv@terra.es), status=deferred
      ...
       1 from=(soporte@domain.com),
       1 from=(root@vvv.kimsufi.com),

 ---------------------- My Postfix End -------------------------

The main goal is to be able to take some decisions with a simple and quick glance.

Recomendations

As you can see in the last script, the bunch of files we selected to inspect (mail*.log) was the main input of the script, so we don't need to make a cat or something like that in the service script, they're treated as STDIN.

I must say too that you must activate logrotate on the logs to preserve logwatch eating cpu and harddisk for a long time. You can read more about how to add a service in logwatch here.