Re: SMTP Logging using penlogd : bogus web line

Joshua Johnston wrote:
> (I hit send too soon by accident)
> ----- "Joshua Johnston" <jjohnston_at_sproutloud.com> wrote:
>
>> ----- "Ulric Eriksson" <ulric_at_qbranch.se> wrote:
>>
>>> On Wed, 21 Jan 2009, Joshua Johnston wrote:
>>>
>>>> Hi,
>>>>
>>>> I recently started using pen for email load balancing and ran
>>>> into an issue using penlog / penlogd for "merging" the mail log
>>>> with pen's own logs. When I send data to penlog, if it doesn't
>>>> contain a " (double quote) it is ignored and the following is
>>>> written to /var/log/debug.log
>>>>
>>>> Jan 21 15:21:19 mail penlogd: bogus web line Jan 21 15:21:07
>>>> mlr2 postfix/qmgr[1010]: 8D2D742C2: removed
>>>>
>>>> Is there a way to tell pen(log) to log these lines that don't
>>>> contain a double quote short of modifying the code?
>>> No. ;)
>>>
>>> From penlogd.c, the function store_web:
>>>
>>> p = strchr(b, '"');
>>> if (p == NULL) {
>>> debug("bogus web line %s", b);
>>> return;
>>> }
>>>
>>> As the name of the function suggests, it expects web logs. How
>>> have you configured postfix to make it use penlog? It is a very
>>> interesting idea and I think penlogd could quite easily be
>>> adapted for that use.
>>>
>>> Ulric
>> Right now I use a hackish approach combining a wrapper script and
>> some modifications to syslog.conf.
>>
>> I added the following lines to syslog.conf
>>
>> local6.* |/usr/local/bin/penlog_smtp
>>
>> Then penlog_smtp is:
>>
>> #!/bin/sh
>> read INPUT
>> echo $INPUT '"penlog"' | /usr/local/bin/penlog <HOSTNAME> <PORT>
>>
>> Then postfix's main.cf has:
>>
>> syslog_facility = local6
>>
>> I have Courier IMAP doing something similar with it's LOGGEROPTS
>> config flag
>> but pointed to local7
>
> You can see I added '"penlog"' to the data passed to penlog so that it
> sees the double quotes and logs it properly. My next task is to modify
> penlogd.c and remove the checks for double quotes and just use the
> original character pointer b in place of p and q.

. . . and I made a patch. I am using a version patched with the attached
patch on our development system. Once I am confident with my changes I
will be moving it to production.

It also removes the need for a wrapper script for syslog, I can pipe
directly to penlog <HOST> <PORT> now