1PFLOGSUMM(1) User Contributed Perl Documentation PFLOGSUMM(1)
2
6 pflogsumm.pl - Produce Postfix MTA logfile summary
7 Copyright (C) 1998-2010 by James S. Seymour, Release 1.1.3.
9
11 pflogsumm.pl -[eq] [-d <today|yesterday>] [--detail <cnt>]
12 [--bounce_detail <cnt>] [--deferral_detail <cnt>]
13 [-h <cnt>] [-i|--ignore_case] [--iso_date_time] [--mailq]
14 [-m|--uucp_mung] [--no_bounce_detail] [--no_deferral_detail]
15 [--no_no_msg_size] [--no_reject_detail] [--no_smtpd_warnings]
16 [--problems_first] [--rej_add_from] [--reject_detail <cnt>]
17 [--smtp_detail <cnt>] [--smtpd_stats]
18 [--smtpd_warning_detail <cnt>] [--syslog_name=string]
19 [-u <cnt>] [--verbose_msg_detail] [--verp_mung[=<n>]]
20 [--zero_fill] [file1 [filen]]
21 pflogsumm.pl -[help|version]
23 If no file(s) specified, reads from stdin. Output is to stdout.
25
27 Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is
28 designed to provide an over-view of Postfix activity, with just enough
29 detail to give the administrator a "heads up" for potential trouble
30 spots.
31 Pflogsumm generates summaries and, in some cases, detailed reports of
33 mail server traffic volumes, rejected and bounced email, and server
34 warnings, errors and panics.
35
37 --bounce_detail <cnt>
38 Limit detailed bounce reports to the top <cnt>. 0
40 to suppress entirely.
41 -d today generate report for just today
43 -d yesterday generate report for just "yesterday"
44 --deferral_detail <cnt>
46 Limit detailed deferral reports to the top <cnt>. 0
48 to suppress entirely.
49 --detail <cnt>
51 Sets all --*_detail, -h and -u to <cnt>. Is
53 over-ridden by individual settings. --detail 0
54 suppresses *all* detail.
55 -e extended (extreme? excessive?) detail
57 Emit detailed reports. At present, this includes
59 only a per-message report, sorted by sender domain,
60 then user-in-domain, then by queue i.d.
61 WARNING: the data built to generate this report can
63 quickly consume very large amounts of memory if a
64 lot of log entries are processed!
65 -h <cnt> top <cnt> to display in host/domain reports.
67 0 = none.
69 See also: "-u" and "--*_detail" options for further
71 report-limiting options.
72 --help Emit short usage message and bail out.
74 (By happy coincidence, "-h" alone does much the same,
76 being as it requires a numeric argument :-). Yeah, I
77 know: lame.)
78 -i
80 --ignore_case Handle complete email address in a case-insensitive
81 manner.
82 Normally pflogsumm lower-cases only the host and
84 domain parts, leaving the user part alone. This
85 option causes the entire email address to be lower-
86 cased.
87 --iso_date_time
89 For summaries that contain date or time information,
91 use ISO 8601 standard formats (CCYY-MM-DD and HH:MM),
92 rather than "Mon DD CCYY" and "HHMM".
93 -m modify (mung?) UUCP-style bang-paths
95 --uucp_mung
96 This is for use when you have a mix of Internet-style
98 domain addresses and UUCP-style bang-paths in the log.
99 Upstream UUCP feeds sometimes mung Internet domain
100 style address into bang-paths. This option can
101 sometimes undo the "damage". For example:
102 "somehost.dom!username@foo" (where "foo" is the next
103 host upstream and "somehost.dom" was whence the email
104 originated) will get converted to
105 "foo!username@somehost.dom". This also affects the
106 extended detail report (-e), to help ensure that by-
107 domain-by-name sorting is more accurate.
108 --mailq Run "mailq" command at end of report.
110 Merely a convenience feature. (Assumes that "mailq"
112 is in $PATH. See "$mailqCmd" variable to path thisi
113 if desired.)
114 --no_bounce_detail
116 --no_deferral_detail
117 --no_reject_detail
118 These switches are depreciated in favour of
120 --bounce_detail, --deferral_detail and
121 --reject_detail, respectively.
122 Suppresses the printing of the following detailed
124 reports, respectively:
125 message bounce detail (by relay)
127 message deferral detail
128 message reject detail
129 See also: "-u" and "-h" for further report-limiting
131 options.
132 --no_no_msg_size
134 Do not emit report on "Messages with no size data".
136 Message size is reported only by the queue manager.
138 The message may be delivered long-enough after the
139 (last) qmgr log entry that the information is not in
140 the log(s) processed by a particular run of
141 pflogsumm.pl. This throws off "Recipients by message
142 size" and the total for "bytes delivered." These are
143 normally reported by pflogsumm as "Messages with no
144 size data."
145 --no_smtpd_warnings
147 This switch is depreciated in favour of
149 smtpd_warning_detail
150 On a busy mail server, say at an ISP, SMTPD warnings
152 can result in a rather sizeable report. This option
153 turns reporting them off.
154 --problems_first
156 Emit "problems" reports (bounces, defers, warnings,
158 etc.) before "normal" stats.
159 --rej_add_from
161 For those reject reports that list IP addresses or
162 host/domain names: append the email from address to
163 each listing. (Does not apply to "Improper use of
164 SMTP command pipelining" report.)
165 -q quiet - don't print headings for empty reports
167 note: headings for warning, fatal, and "master"
169 messages will always be printed.
170 --reject_detail <cnt>
172 Limit detailed smtpd reject, warn, hold and discard
174 reports to the top <cnt>. 0 to suppress entirely.
175 --smtp_detail <cnt>
177 Limit detailed smtp delivery reports to the top <cnt>.
179 0 to suppress entirely.
180 --smtpd_stats
182 Generate smtpd connection statistics.
184 The "per-day" report is not generated for single-day
186 reports. For multiple-day reports: "per-hour" numbers
187 are daily averages (reflected in the report heading).
188 --smtpd_warning_detail <cnt>
190 Limit detailed smtpd warnings reports to the top <cnt>.
192 0 to suppress entirely.
193 --syslog_name=name
195 Set syslog_name to look for for Postfix log entries.
197 By default, pflogsumm looks for entries in logfiles
199 with a syslog name of "postfix," the default.
200 If you've set a non-default "syslog_name" parameter
201 in your Postfix configuration, use this option to
202 tell pflogsumm what that is.
203 See the discussion about the use of this option under
205 "NOTES," below.
206 -u <cnt> top <cnt> to display in user reports. 0 == none.
208 See also: "-h" and "--*_detail" options for further
210 report-limiting options.
211 --verbose_msg_detail
213 For the message deferral, bounce and reject summaries:
215 display the full "reason", rather than a truncated one.
216 Note: this can result in quite long lines in the report.
218 --verp_mung do "VERP" generated address (?) munging. Convert
220 --verp_mung=2 sender addresses of the form
221 "list-return-NN-someuser=some.dom@host.sender.dom"
222 to
223 "list-return-ID-someuser=some.dom@host.sender.dom"
224 In other words: replace the numeric value with "ID".
226 By specifying the optional "=2" (second form), the
228 munging is more "aggressive", converting the address
229 to something like:
230 "list-return@host.sender.dom"
232 Actually: specifying anything less than 2 does the
234 "simple" munging and anything greater than 1 results
235 in the more "aggressive" hack being applied.
236 See "NOTES" regarding this option.
238 --version Print program name and version and bail out.
240 --zero_fill "Zero-fill" certain arrays so reports come out with
242 data in columns that that might otherwise be blank.
243
245 Pflogsumm doesn't return anything of interest to the shell.
246
248 Error messages are emitted to stderr.
249
251 Produce a report of previous day's activities:
252 pflogsumm.pl -d yesterday /var/log/maillog
254 A report of prior week's activities (after logs rotated):
256 pflogsumm.pl /var/log/maillog.0
258 What's happened so far today:
260 pflogsumm.pl -d today /var/log/maillog
262 Crontab entry to generate a report of the previous day's activity
264 at 10 minutes after midnight.
265 10 0 * * * /usr/local/sbin/pflogsumm -d yesterday /var/log/maillog
267 2>&1 |/usr/bin/mailx -s "`uname -n` daily mail stats" postmaster
268 Crontab entry to generate a report for the prior week's activity.
270 (This example assumes one rotates ones mail logs weekly, some time
271 before 4:10 a.m. on Sunday.)
272 10 4 * * 0 /usr/local/sbin/pflogsumm /var/log/maillog.0
274 2>&1 |/usr/bin/mailx -s "`uname -n` weekly mail stats" postmaster
275 The two crontab examples, above, must actually be a single line
277 each. They're broken-up into two-or-more lines due to page
278 formatting issues.
279
281 The pflogsumm FAQ: pflogsumm-faq.txt.
282
284 Pflogsumm makes no attempt to catch/parse non-Postfix log
285 entries. Unless it has "postfix/" in the log entry, it will be
286 ignored.
287 It's important that the logs are presented to pflogsumm in
289 chronological order so that message sizes are available when
290 needed.
291 For display purposes: integer values are munged into "kilo" and
293 "mega" notation as they exceed certain values. I chose the
294 admittedly arbitrary boundaries of 512k and 512m as the points at
295 which to do this--my thinking being 512x was the largest number
296 (of digits) that most folks can comfortably grok at-a-glance.
297 These are "computer" "k" and "m", not 1000 and 1,000,000. You
298 can easily change all of this with some constants near the
299 beginning of the program.
300 "Items-per-day" reports are not generated for single-day
302 reports. For multiple-day reports: "Items-per-hour" numbers are
303 daily averages (reflected in the report headings).
304 Message rejects, reject warnings, holds and discards are all
306 reported under the "rejects" column for the Per-Hour and Per-Day
307 traffic summaries.
308 Verp munging may not always result in correct address and
310 address-count reduction.
311 Verp munging is always in a state of experimentation. The use
313 of this option may result in inaccurate statistics with regards
314 to the "senders" count.
315 UUCP-style bang-path handling needs more work. Particularly if
317 Postfix is not being run with "swap_bangpath = yes" and/or *is* being
318 run with "append_dot_mydomain = yes", the detailed by-message report
319 may not be sorted correctly by-domain-by-user. (Also depends on
320 upstream MTA, I suspect.)
321 The "percent rejected" and "percent discarded" figures are only
323 approximations. They are calculated as follows (example is for
324 "percent rejected"):
325 percent rejected =
327 (rejected / (delivered + rejected + discarded)) * 100
329 There are some issues with the use of --syslog_name. The problem is
331 that, even with $syslog_name set, Postfix will sometimes still log
332 things with "postfix" as the syslog_name. This is noted in
333 /etc/postfix/sample-misc.cf:
334 # Beware: a non-default syslog_name setting takes effect only
336 # after process initialization. Some initialization errors will be
337 # logged with the default name, especially errors while parsing
338 # the command line and errors while accessing the Postfix main.cf
339 # configuration file.
340 As a consequence, pflogsumm must always look for "postfix," in logs,
342 as well as whatever is supplied for syslog_name.
343 Where this becomes an issue is where people are running two or more
345 instances of Postfix, logging to the same file. In such a case:
346 . Neither instance may use the default "postfix" syslog name
348 and...
349 . Log entries that fall victim to what's described in
351 sample-misc.cf will be reported under "postfix", so that if
352 you're running pflogsumm twice, once for each syslog_name, such
353 log entries will show up in each report.
354 The Pflogsumm Home Page is at:
356 http://jimsun.LinxNet.com/postfix_contrib.html
358
360 For certain options (e.g.: --smtpd_stats), Pflogsumm requires the
361 Date::Calc module, which can be obtained from CPAN at
362 http://www.perl.com.
363 Pflogsumm is currently written and tested under Perl 5.8.3.
365 As of version 19990413-02, pflogsumm worked with Perl 5.003, but
366 future compatibility is not guaranteed.
367
369 This program is free software; you can redistribute it and/or
370 modify it under the terms of the GNU General Public License
371 as published by the Free Software Foundation; either version 2
372 of the License, or (at your option) any later version.
373 This program is distributed in the hope that it will be useful,
375 but WITHOUT ANY WARRANTY; without even the implied warranty of
376 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
377 GNU General Public License for more details.
378 You may have received a copy of the GNU General Public License
380 along with this program; if not, write to the Free Software
381 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
382 USA.
383 An on-line copy of the GNU General Public License can be found
385 http://www.fsf.org/copyleft/gpl.html.
3861.1.3 2010-03-20 PFLOGSUMM(1)