SYNOPSIS
sendmail2dlfDESCRIPTION
sendmail2dlf(1) converts a LogLevel 9 sendmail (8.10.x or higher) logfile, as created using syslog, to a Lire email Distilled Log Format file.Input is one line per event. Outputted is one line per delivery:
time logrelay queueid msgid fromuser fromdomain fromrelay \ size delay xdelay touser todomain torelay stat
(This should be the format as defined in email/dlf.cfg.)
EXAMPLE
The lines
Apr 20 03:00:11 firewall sendmail[442]: DAA00442: \ from=<[email protected]>, size=4992, class=0, \ pri=34992, nrcpts=1, \ msgid=<[email protected]>, \ proto=ESMTP, relay=host.example.nl [150.0.0.45] Apr 20 03:00:11 firewall sendmail[442]: DAA00442: \ to=<[email protected]>, delay=00:00:00, mailer=smtp, \ stat=queued Apr 20 05:00:11 firewall sendmail[503]: DAA00442: \ to=<[email protected]>, delay=02:00:00, \ xdelay=00:00:03, mailer=smtp, relay=mailgw.aap.com. \ [3.4.64.199], stat=Sent (OK id=12i7CN-0001Kv-00)
wil be converted to
956109611 firewall DAA00442 \ <[email protected]> user \ example.com host.example.nl_[150.0.0.45] 4992 0 0 \ jan aap.com host.example.nl._[150.0.0.45] queued \ UNKNOWN 956116811 firewall DAA00442 \ <[email protected]> user \ example.com host.example.nl_[150.0.0.45] 4992 \ 7200 3 jan aap.com mailgw.aap.com._[3.4.64.199] \ sent (ok_id=12i7cn-0001kv-00)
The lines
Mar 17 13:34:32 mailhost sendmail[8408]: NAA08408: \ from=<[email protected]>, size=1890, class=0, \ pri=0, nrcpts=4, \ msgid=<[email protected]>, \ proto=ESMTP, relay=root@[1.2.6.10] Mar 17 13:45:26 mailhost sendmail[8457]: NAA08408: \ to=lkrksen@www, delay=00:10:56, xdelay=00:00:01, \ mailer=smtp, relay=www.example.nl. [194.229.43.3], \ stat=Sent (NAA06261 Message accepted for delivery) \ Mar 17 13:45:27 mailhost sendmail[8457]: NAA08408: \ [email protected], delay=00:10:57, \ xdelay=00:00:01, mailer=smtp, relay=host.example.nl. \ [150.0.0.45], stat=Sent (OK) Mar 17 13:45:31 mailhost sendmail[8457]: NAA08408: \ to=<[email protected]>,<[email protected]>,<[email protected]>, \ delay=00:11:01, xdelay=00:00:04, mailer=smtp, \ relay=mailgw.aap.com. [3.4.64.199], stat=Sent (OK \ id=12Vw8J-0001iT-00)
will be converted to
953210726 mailhost NAA08408 \ <[email protected]>\ piet example.com root@[1.2.6.10] 1890 656 1 lkrksen \ www www.example.nl._[194.229.43.3] sent \ (naa06261_message_accepted_for_delivery) 953210727 mailhost NAA08408 \ <[email protected]> \ piet example.com root@[1.2.6.10] 1890 657 1 ll \ host.example.com host.example.nl._[150.0.0.45] sent (ok) 953210731 mailhost NAA08408 \ <[email protected]> \ piet example.com root@[1.2.6.10] 1890 661 4 mvelsla \ aap.com mailgw.aap.com._[3.4.64.199] sent \ (ok_id=12vw8j-0001it-00) 953210731 mailhost NAA08408 \ <[email protected]> \ piet example.com root@[1.2.6.10] 1890 661 4 pvhove \ aap.com mailgw.aap.com._[3.4.64.199] sent \ (ok_id=12vw8j-0001it-00) 953210731 mailhost NAA08408 \ <[email protected]> \ piet example.com root@[1.2.6.10] 1890 661 4 pdebaerd \ aap.com mailgw.aap.com._[3.4.64.199] sent \ (ok_id=12vw8j-0001it-00)
The lines
Mar 15 13:34:09 firewall sendmail[279]: NAA00279: \ from=<[email protected]>, size=2281952, class=0, \ pri=2311952, nrcpts=1, \ msgid=<[email protected]>, \ proto=ESMTP, relay=host.example.nl [150.0.0.45] Mar 15 13:34:09 firewall sendmail[279]: NAA00279: \ to=<[email protected]>, delay=00:00:04, mailer=smtp, \ stat=queued Mar 15 13:39:58 firewall sendmail[401]: NAA00279: \ to=<[email protected]>, delay=00:05:53, xdelay=00:00:06, \ mailer=smtp, relay=mc5.law5.hotmail.com. \ [216.32.243.136], stat=Service unavailable Mar 15 13:39:58 firewall sendmail[401]: NAA00279: \ NAA00401: postmaster notify: Service unavailable Mar 15 13:40:04 firewall sendmail[401]: NAA00401: \ [email protected], delay=00:00:06, \ xdelay=00:00:04, mailer=smtp, relay=host.example.nl. \ [150.0.0.45], stat=Sent (OK)
will be converted to
953037249 firewall NAA00279 \ <[email protected]> klaas \ example.com host.example.nl_[150.0.0.45] 2281952 4 1 \ klaas hotmail.com mailgw.csc.com._[208.219.64.199] \ queued UNKNOWN 953037598 firewall NAA00279 \ <[email protected]> klaas \ example.com host.example.nl_[150.0.0.45] 2281952 353 6 \ klaas hotmail.com mc5.law5.hotmail.com._[216.32.243.136] \ service unavailable
The fact that the delivery 'Mar 15 13:40:04 firewall sendmail[401]: NAA00401:' does not generate a dlf record is a bug.
When the line
Mar 15 19:39:40 mailhost sendmail[2178]: TAA02178: \ from=<[email protected]>, size=0, class=0, pri=0, \ nrcpts=0, proto=SMTP, relay=[1.84.7.150]
occurs in the input, and there is no line carrying the same queueid, the line is discarded, and reported as skipped: any to- or from- line, lacking any partner, will get discarded.
Lines like:
Mar 15 13:40:19 firewall sendmail[456]: alias database \ /etc/aliases.db out of date
wil get discarded
EXAMPLES
To process a log as produced by sendmail:
$ sendmail2dlf < mail.log
sendmail2dlf will be rarely used on its own, but is more likely called by lr_log2report:
$ lr_log2report sendmail < /var/log/maillog
BUGS
When queueids are being reused within one logfile, behaviour is unpredictable. Incomplete logsnippets (e.g. from-lines without to-lines) are not treated well.It is reported events like this occur in sendmail log files:
SAA14845: from=<>, size=146990, class=0, pri=176990, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, relay=omr-d06.mx.aol.com [205.188.156.71] SAA14845: to=joe@mailhost, ctladdr=<[email protected]>, delay=00:00:01, mailer=local, stat=User unknown SAA14845: to=<[email protected]>, delay=00:00:01, mailer=local, stat=User unknown SAA14845: SAA14846: postmaster notify: User unknown SAA14846: to="|exec /usr/local/bin/procmail", ctladdr=ann@mailhost (2217/10), delay=00:00:00, xdelay=00:00:00, mailer=prog, stat=Sent SAA14846: to=bob@imap-ns, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, relay=apex.example.edu. [152.19.4.80], stat=Sent (Message received: GVV8N400.CMX) SAA14846: to=eve@mailhost, delay=00:00:01, xdelay=00:00:00, mailer=local, stat=Sent
Note that SAA14845 has _two_ final to= lines, while the from= line states nrcpts=1. This blows the axiom of this script away. We haven't decided yet on how to deal with this...
THANKS
Edward Eldred, for finding and reporting a bug.VERSION
$Id: sendmail2dlf.in,v 1.32 2006/07/23 13:16:34 vanbaal Exp $COPYRIGHT
Copyright (C) 2000, 2001, 2002 Stichting LogReport Foundation [email protected]This program is part of Lire.
Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with http://www.gnu.org/copyleft/gpl.html.