Discussion:
pflogsumm empty reports
(too old to reply)
Diego A. Puertas F.
2004-05-07 15:41:51 UTC
Permalink
I've installed pflogsumm-1.1.0 in a Mandrake 9.2 box and it's giving me
reports like there is no activity whatsoever in the server (and that
surely it's not the case). Here is an excerpt of the report:

----------------------------------------------------------------------

Postfix log summaries for May 6

Grand Totals
------------
messages

0 received
0 delivered
0 forwarded
0 deferred
0 bounced
0 rejected (0%)
.
.
.
----------------------------------------------------------------------

Looking around I found a previous message to this list with a similar
problem on this URL:
http://archives.neohapsis.com/archives/postfix/2001-10/2207.html

That problem seems to be the way in which Mandrake stores the logs, not
in 1 file but in 3 diferent files, the solution is reunify in one file
what is splited into three, this command does that:

cat /var/log/mail/* | sort -M

So, what is recommended in the URL is to issue someting like this:

cat /var/log/mail/* | sort -M | pflogsumm -d yesterday

I've done it, and pflogsumm still reports zero activity.


Any thoughts?
Robin Lynn Frank
2004-05-07 16:16:44 UTC
Permalink
On Friday 07 May 2004 08:46, Diego A. Puertas F., "Diego A. Puertas F."=20
Post by Diego A. Puertas F.
I've installed pflogsumm-1.1.0 in a Mandrake 9.2 box and it's giving me
reports like there is no activity whatsoever in the server (and that
----------------------------------------------------------------------
Postfix log summaries for May 6
Grand Totals
------------
messages
0 received
0 delivered
0 forwarded
0 deferred
0 bounced
0 rejected (0%)
.
.
.
----------------------------------------------------------------------
Looking around I found a previous message to this list with a similar
http://archives.neohapsis.com/archives/postfix/2001-10/2207.html
That problem seems to be the way in which Mandrake stores the logs, not
in 1 file but in 3 diferent files, the solution is reunify in one file
cat /var/log/mail/* | sort -M
cat /var/log/mail/* | sort -M | pflogsumm -d yesterday
I've done it, and pflogsumm still reports zero activity.
Any thoughts?
Try pflogsumm.pl -d yesterday /var/log/mail/*
(or pflogsumm -d yesterday /var/log/mail/* if you renamed the file.)

That works fine here.
=2D-=20
Robin Lynn Frank
Director of Operations, Paradigm-Omega, LLC
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=46rom the Room-Full-of-Monkeys Typing Pool:
John Ashcroft, creating a police-state to protect freedom.
Diego A. Puertas F.
2004-05-07 19:21:25 UTC
Permalink
Post by Robin Lynn Frank
Try pflogsumm.pl -d yesterday /var/log/mail/*
(or pflogsumm -d yesterday /var/log/mail/* if you renamed the file.)
That works fine here.
No, I've already tried that, it doesn't work either.

If it is of any help (although I think they're OK), here are permisions
and ownerships of the log files:

$ ls -la /var/log/mail/
total 153014
drwxr-xr-x 2 root root 120 Apr 26 08:06 ./
drwxr-xr-x 16 root root 1208 Apr 26 08:05 ../
-rw-r----- 1 root root 176128 Apr 26 07:48 errors
-rw-r----- 1 root root 155484160 Apr 26 01:36 info
-rw-r----- 1 root root 872448 Apr 26 02:09 warnings
Boring, Andrew
2004-05-07 20:00:43 UTC
Permalink
Diego A. Puertas F.
Post by Diego A. Puertas F.
No, I've already tried that, it doesn't work either.
=20
If it is of any help (although I think they're OK), here are=20
permisions=20
I assume you executed pflogsumm as root? (You would get an error
otherwise).

I don't know Mandrake at all, but can you adjust syslog.conf to log all
mail into one file?

mail.err /var/log/maillog
mail.info /var/log/maillog
mail.crit /var/log/maillog
or
mail.* /var/log/maillog

or something like that?
Robin Lynn Frank
2004-05-07 21:06:48 UTC
Permalink
On Friday 07 May 2004 12:25, Diego A. Puertas F., "Diego A. Puertas F."=20
Post by Diego A. Puertas F.
Post by Robin Lynn Frank
Try pflogsumm.pl -d yesterday /var/log/mail/*
(or pflogsumm -d yesterday /var/log/mail/* if you renamed the file.)
That works fine here.
No, I've already tried that, it doesn't work either.
If it is of any help (although I think they're OK), here are permisions
$ ls -la /var/log/mail/
total 153014
drwxr-xr-x 2 root root 120 Apr 26 08:06 ./
drwxr-xr-x 16 root root 1208 Apr 26 08:05 ../
-rw-r----- 1 root root 176128 Apr 26 07:48 errors
-rw-r----- 1 root root 155484160 Apr 26 01:36 info
-rw-r----- 1 root root 872448 Apr 26 02:09 warnings
I should have though ot this before. run pflogsumm as root.
=2D-=20
Robin Lynn Frank
Director of Operations, Paradigm-Omega, LLC
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=46rom the Room-Full-of-Monkeys Typing Pool:
There is no insanity defense in Montana.
Diego A. Puertas F.
2004-05-07 21:23:47 UTC
Permalink
Post by Robin Lynn Frank
I should have though ot this before. run pflogsumm as root.
I have
Robin Lynn Frank
2004-05-07 22:53:19 UTC
Permalink
On Friday 07 May 2004 14:27, Diego A. Puertas F., "Diego A. Puertas F."=20
Post by Diego A. Puertas F.
Post by Robin Lynn Frank
I should have though ot this before. run pflogsumm as root.
I have
If you are pointing pflogsumm at the right files and running it as root, th=
e=20
only other question I can ask is if you have the required perl module=20
installed. I believe it is Date::Calc, but check either Jim's web site or=
=20
look in the comments in the source.
=2D-=20
Robin Lynn Frank
Director of Operations, Paradigm-Omega, LLC
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=46rom the Room-Full-of-Monkeys Typing Pool:
He's dead, Jim.
Chris Holleman
2004-05-08 05:59:25 UTC
Permalink
Post by Robin Lynn Frank
On Friday 07 May 2004 12:25, Diego A. Puertas F., "Diego A. Puertas F."
Post by Robin Lynn Frank
Try pflogsumm.pl -d yesterday /var/log/mail/*
(or pflogsumm -d yesterday /var/log/mail/* if you renamed the file.)
you could try -d today. I've had trouble with pflogsumm once, because logs were rotated daily so there was no "yesterdays" data
--
Met vriendelijke groeten/kind regards,

Chris Holleman
Dudi Goldenberg
2004-05-08 06:10:22 UTC
Permalink
My Debian logs are rotated daily and I had the same problem.

I ended up running pflogsumm.pl /var/log/mail.log.0 instead to gather
yesterday's data.

Works like a charm.

Dudi
Post by Robin Lynn Frank
On Friday 07 May 2004 12:25, Diego A. Puertas F., "Diego A. Puertas
F."=20
Post by Robin Lynn Frank
Post by Robin Lynn Frank
Try pflogsumm.pl -d yesterday /var/log/mail/*
(or pflogsumm -d yesterday /var/log/mail/* if you renamed the
file.)
you could try -d today. I've had trouble with pflogsumm once, because
logs were rotated daily so there was no "yesterdays" data


--=20
Met vriendelijke groeten/kind regards,

Chris Holleman
Diego A. Puertas F.
2004-05-10 17:13:07 UTC
Permalink
Syslog had stoped loging, once I fixed that it worked allrigth

This works if you have multiple logfiles, provided that pflogsumm had
something to analize: pflogsumm /var/log/mail/*

Loading...