1AMAVIS-LOGWATCH(1) General Commands Manual AMAVIS-LOGWATCH(1)
2
6 amavis-logwatch - An Amavisd-new log parser and analysis utility
7
9 amavis-logwatch [options] [logfile ...]
10
12 The amavis-logwatch(1) utility is an Amavisd-new log parser that pro‐
13 duces summaries, details, and statistics regarding the operation of
14 Amavisd-new (henceforth, simply called Amavis).
15 This utility can be used as a standalone program, or as a Logwatch fil‐
17 ter module to produce Amavisd-new summary and detailed reports from
18 within Logwatch.
19 Amavis-logwatch is able to produce a wide range of reports with data
21 grouped and sorted as much as possible to reduce noise and highlight
22 patterns. Brief summary reports provide a quick overview of general
23 Amavis operations and message delivery, calling out warnings that may
24 require attention. Detailed reports provide easy to scan, hierarchi‐
25 cally-arranged and organized information, with as much or little detail
26 as desired.
27 Much of the interesting data is available when Amavis' $log_level is
29 set to at least 2. See Amavis Log Level below.
30 Amavis-logwatch outputs two principal sections: a Summary section and a
32 Detailed section. For readability and quick scanning, all event or hit
33 counts appear in the left column, followed by brief description of the
34 event type, and finally additional statistics or count representations
35 may appear in the rightmost column.
36 The following segment from a sample Summary report illustrates:
38 ****** Summary ********************************************
40 9 Miscellaneous warnings
42 20313 Total messages scanned ---------------- 100.00%
44 1008.534M Total bytes scanned 1,057,524,252
45 ======== ================================================
46 1190 Blocked ------------------------------- 5.86%
48 18 Malware blocked 0.09%
49 4 Banned name blocked 0.02%
50 416 Spam blocked 2.05%
51 752 Spam discarded (no quarantine) 3.70%
52 19123 Passed -------------------------------- 94.14%
54 47 Bad header passed 0.23%
55 19076 Clean passed 93.91%
56 ======== ================================================
57 18 Malware ------------------------------- 0.09%
59 18 Malware blocked 0.09%
60 4 Banned -------------------------------- 0.02%
62 4 Banned file blocked 0.02%
63 1168 Spam ---------------------------------- 5.75%
65 416 Spam blocked 2.05%
66 752 Spam discarded (no quarantine) 3.70%
67 19123 Ham ----------------------------------- 94.14%
69 47 Bad header passed 0.23%
70 19076 Clean passed 93.91%
71 ======== ================================================
72 1982 SpamAssassin bypassed
74 32 Released from quarantine
75 2 DSN notification (debug supplemental)
76 2 Bounce unverifiable
77 2369 Whitelisted
78 2 Blacklisted
79 12 MIME error
80 58 Bad header (debug supplemental)
81 40 Extra code modules loaded at runtime
82 The report indicates there were 9 general warnings, and Amavis scanned
84 a total of 20313 messages for a total of 1008.53 megabytes or
85 1,057,524,252 bytes. The next summary groups shows the Blocked /
86 Passed overview, with 1190 Blocked messages (broken down as 18 messages
87 blocked as malware, 4 messages with banned names, 416 spam messages,
88 and 752 discarded messages), and 19123 Passed messages (47 messages
89 with bad headers and 19076 clean messages).
90 The next (optional) summary grouping shows message disposition by con‐
92 tents category. There were 18 malware messages and 4 banned file mes‐
93 sages (all blocked), 1168 Spam messages, of which 416 were blocked
94 (quarantined) and 752 discarded. Finally, there were 19123 messages
95 considered to be Ham (i.e. not spam), 47 of which contained bad head‐
96 ers.
97 Additional count summaries for a variety of events are also listed.
99 There are dozens of sub-sections available in the Detailed report, each
101 of whose output can be controlled in various ways. Each sub-section
102 attempts to group and present the most meaningful data at superior lev‐
103 els, while pushing less useful or noisy data towards inferior levels.
104 The goal is to provide as much benefit as possible from smart grouping
105 of data, to allow faster report scanning, pattern identification, and
106 problem solving. Data is always sorted in descending order by count,
107 and then numerically by IP address or alphabetically as appropriate.
108 The following Spam blocked segment from a sample Detailed report illus‐
110 trates the basic hierarchical level structure of amavis-logwatch:
111 ****** Detailed *******************************************
113 19346 Spam blocked -----------------------------------
115 756 from@example.com
116 12 10.0.0.2
117 12 <>
118 12 192.168.2.2
119 12 <>
120 5 192.168.2.1
121 ...
122 The amavis-logwatch utility reads from STDIN or from the named Amavis
125 logfile. Multiple logfile arguments may be specified, each processed
126 in order. The user running amavis-logwatch must have read permission
127 on each named log file.
128 Options
130 The options listed below affect the operation of amavis-logwatch. Op‐
131 tions specified later on the command line override earlier ones. Any
132 option may be abbreviated to an unambiguous length.
133 --[no]autolearn
136 --show_autolearn boolean
137 Enables (disables) output of the autolearn report. This report
138 is only available if the default Amavis $log_templ has been mod‐
139 ified to provide autolearn results in log entries. This can be
140 done by uncommenting two lines in the Amavis program itself
141 (where the default log templates reside), or by correctly adding
142 the $log_templ variable to the amavisd.conf file. See Amavis'
143 README.customize and search near the end of the Amavisd program
144 for "autolearn".
145 --[no]by_ccat_summary
147 --show_by_ccat_summary boolean
148 Enables (disables) the by contents category summary in the Sum‐
149 mary section. Default: enabled.
150 -f config_file
152 --config_file config_file
153 Use an alternate configuration file config_file instead of the
154 default. This option may be used more than once. Multiple con‐
155 figuration files will be processed in the order presented on the
156 command line. See CONFIGURATION FILE below.
157 --debug keywords
159 Output debug information during the operation of amavis-log‐
160 watch. The parameter keywords is one or more comma or space
161 separated keywords. To obtain the list of valid keywords, use
162 --debug xxx where xxx is any invalid keyword.
163 --detail level
165 Sets the maximum detail level for amavis-logwatch to level.
166 This option is global, overriding any other output limiters de‐
167 scribed below.
168 The amavis-logwatch utility produces a Summary section, a De‐
170 tailed section, and additional report sections. With level less
171 than 5, amavis-logwatch will produce only the Summary section.
172 At level 5 and above, the Detailed section, and any additional
173 report sections are candidates for output. Each incremental in‐
174 crease in level generates one additional hierarchical sub-level
175 of output in the Detailed section of the report. At level 10,
176 all levels are output. Lines that exceed the maximum report
177 width (specified with max_report_width) will be cut. Setting
178 level to 11 will prevent lines in the report from being cut (see
179 also --line_style).
180 --[no]first_recip_only
182 --show_first_recip_only boolean
183 Specifies whether or not to sort by, and show, only the first
184 recipient when a scanned messages contains multiple recipients.
185 --help Print usage information and a brief description about command
187 line options.
188 --ipaddr_width width
190 Specifies that IP addresses in address/hostname pairs should be
191 printed with a field width of width characters. Increasing the
192 default may be useful for systems using long IPv6 addresses.
193 -l limiter=levelspec
195 --limit limiter=levelspec
196 Sets the level limiter limiter with the specification levelspec.
197 --line_style style
199 Specifies how to handle long report lines. Three styles are
200 available: full, truncate, and wrap. Setting style to full will
201 prevent cutting lines to max_report_width; this is what occurs
202 when detail is 11 or higher. When style is truncate (the de‐
203 fault), long lines will be truncated according to max_re‐
204 port_width. Setting style to wrap will wrap lines longer than
205 max_report_width such that left column hit counts are not ob‐
206 scured. This option takes precedence over the line style im‐
207 plied by the detail level. The options --full, --truncate, and
208 --wrap are synonyms.
209 --nodetail
212 Disables the Detailed section of the report, and all supplemen‐
213 tal reports. This option provides a convenient mechanism to
214 quickly disable all sections under the Detailed report, where
215 subsequent command line options may re-enable one or more sec‐
216 tions to create specific reports.
217 --sarules `S,H´
219 --sarules default
220 Enables the SpamAssassin Rules Hit report. The comma-separated
221 S and H arguments are top N values for the Spam and Ham reports,
222 respectively, and can be any integer greater than or equal to 0,
223 or the keyword all. The keyword default uses the built-in de‐
224 fault values.
225 --nosarules
227 Disables the SpamAssassin Rules Hit report.
228 --sa_timings nrows
230 Enables the SpamAssassin Timings percentiles report. The report
231 can be limited to the top N rows with the nrows argument. This
232 report requires Amavis 2.6+ and SpamAssassin 3.3+.
233 --sa_timings_percentiles `P1 [P2 ...]´
235 Specifies the percentiles shown in the SpamAssassin Timings re‐
236 port. The arguments P1 ... are integers from 0 to 100 inclu‐
237 sive. Their order will be preserved in the report.
238 --nosa_timings
240 Disables the SpamAssassin Timings report.
241 --version
243 Print amavis-logwatch version information.
244 --score_frequencies `B1 [B2 ...]´
246 --score_frequencies default
247 Enables the Spam Score Frequency report. The arguments B1 ...
248 are frequency distribution buckets, and can be any real numbers.
249 Their order will be preserved in the report. The keyword de‐
250 fault uses the built-in default values.
251 --noscore_frequencies
253 Disables the Spam Score Frequency report.
254 --score_percentiles `P1 [P2 ...]´
256 --score_percentiles default
257 Enables the Spam Score Percentiles report. The arguments P1 ...
258 specify the percentiles shown in the report, and are integers
259 from 0 to 100 inclusive. The keyword default uses the built-in
260 default values.
261 --noscore_percentiles
263 Disables the Spam Score Percentiles report.
264 --[no]sect_vars
267 --show_sect_vars boolean
268 Enables (disables) supplementing each Detailed section title
269 with the name of that section's level limiter. The name dis‐
270 played is the command line option (or configuration file vari‐
271 able) used to limit that section's output. With the large num‐
272 ber of level limiters available in amavis-logwatch, this a con‐
273 venient mechanism for determining exactly which level limiter
274 affects a section.
275 --[no]startinfo
277 --show_startinfo boolean
278 Enables (disables) the Amavis startup report showing most recent
279 Amavis startup details.
280 --[no]summary
282 --show_summary
284 Enables (disables) displaying of the the Summary section of the
285 report. The variable Amavis_Show_Summary in used in a configu‐
286 ration file.
287 --syslog_name namepat
289 Specifies the syslog service name that amavis-logwatch uses to
290 match syslog lines. Only log lines whose service name matches
291 the perl regular expression namepat will be used by amavis-log‐
292 watch; all non-matching lines are silently ignored. This is
293 useful when a pre-installed Amavis package uses a name other
294 than the default (amavis).
295 Note: if you use parenthesis in your regular expression, be sure
297 they are cloistering and not capturing: use (?:pattern) instead
298 of (pattern).
299 --timings percent
301 Enables the Amavis Scan Timings percentiles report. The report
302 can be top N-percent limited with the percent argument.
303 --timings_percentiles `P1 [P2 ...]´
305 Specifies the percentiles shown in the Scan Timings report. The
306 arguments P1 ... are integers from 0 to 100 inclusive. Their
307 order will be preserved in the report.
308 --notimings
310 Disables the Amavis Scan Timings report.
311 --version
313 Print amavis-logwatch version information.
314 Level Limiters
317 The output of every section in the Detailed report is controlled by a
318 level limiter. The name of the level limiter variable will be output
319 when the sect_vars option is set. Level limiters are set either via
320 command line in standalone mode with --limit limiter=levelspec option,
321 or via configuration file variable $amavis_limiter=levelspec. Each
322 limiter requires a levelspec argument, which is described below in
323 LEVEL CONTROL.
324 The list of level limiters is shown below.
326 Amavis major contents category (ccatmajor) sections, listed in order of
329 priority: VIRUS, BANNED, UNCHECKED, SPAM, SPAMMY, BADH, OVERSIZED, MTA,
330 CLEAN.
331 MalwareBlocked
333 MalwarePassed
334 Blocked or passed messages that contain malware (ccatmajor:
335 VIRUS).
336 BannedNameBlocked
338 BannedNamePassed
339 Blocked or passed messages that contain banned names in MIME
340 parts (ccatmajor: BANNED).
341 UncheckedBlocked
343 UncheckedPassed
344 Blocked or passed messages that were not checked by a virus
345 scanner or SpamAssassin (Amavis ccatmajor: UNCHECKED).
346 SpamBlocked
348 SpamPassed
349 Blocked or passed messages that were considered spam that
350 reached kill level (Amavis ccatmajor: SPAM)
351 SpammyBlocked
353 SpammyPassed
354 Blocked or passed messages that were considered spam, but did
355 not reach kill level (Amavis ccatmajor: SPAMMY)
356 BadHeaderBlocked
358 BadHeaderPassed
359 Blocked or passed messages that contain bad mail headers (ccat‐
360 major: BAD-HEADER).
361 OversizedBlocked
363 OversizedPassed
364 Blocked or passed messages that were considered oversized
365 (Amavis ccatmajor: OVERSIZED).
366 MtaBlocked
368 MtaPassed
369 Blocked or passed messages due to failure to re-inject to MTA
370 (Amavis ccatmajor: MTA-BLOCKED). Occurrences of this event in‐
371 dicates a configuration problem. [ note: I don't believe mta‐
372 passed occurs, but exists for completeness.]
373 OtherBlocked
375 OtherPassed
376 Blocked or passed messages that are not any of other major con‐
377 tents categories (Amavis ccatmajor: OTHER).
378 TempFailBlocked
381 TempfailPassed
382 Blocked or passed messages that had a temporary failure (Amavis
383 ccatmajor: TEMPFAIL)
384 CleanBlocked
386 CleanPassed
387 Messages blocked or passed which were considered clean (Amavis
388 ccatmajor: CLEAN; i.e. non-spam, non-viral).
389 Other sections, arranged alphabetically:
391 AvConnectFailure
393 Problems connecting to Anti-Virus scanner(s).
394 AvTimeout
396 Timeouts awaiting responses from Anti-Virus scanner(s).
397 ArchiveExtract
399 Archive extraction problems.
400 BadHeaderSupp
402 Supplemental debug information regarding messages containing bad
403 mail headers.
404 Bayes Messages frequencies by Bayesian probability buckets.
406 BadAddress
408 Invalid mail address syntax.
409 Blacklisted
411 Messages that were (soft-)blacklisted. See also Whitelisted be‐
412 low.
413 BounceKilled
415 BounceRescued
416 BounceUnverifiable
417 Disposition of incoming bounce messages (DSNs).
418 ContentType
420 MIME attachment breakdown by type/subtype.
421 DccError
423 Errors encountered with or returned by DCC.
424 DefangError
426 Errors encountered during defang process.
427 Defanged
429 Messages defanged (rendered harmless).
430 DsnNotification
432 Errors encountered during attempt to send delivery status noti‐
433 fication.
434 DsnSuppressed
436 Delivery status notification (DSN) intentionally suppressed.
437 ExtraModules
439 Additional code modules Amavis loaded during runtime.
440 FakeSender
442 Forged sender addresses, as determined by Amavis.
443 Fatal Fatal events. These are presented at the top of the report, as
445 they may require attention.
446 LocalDeliverySkipped
448 Failures delivering to a local address.
449 MalwareByScanner
451 Breakdown of malware by scanner(s) that detected the malware.
452 MimeError
454 Errors encountered during MIME extraction.
455 Panic Panic events. These are presented at the top of the report, as
457 they may require attention.
458 p0f Passive fingerprint (p0f) hits, grouped by mail contents type
460 (virus, unchecked, banned, spam, ham), next by operating system
461 genre, and finally by IP address. Note: Windows systems are re‐
462 fined by Windows OS version, whereas versions of other operating
463 systems are grouped generically.
464 Released
466 Messages that were released from Amavis quarantine.
467 SADiags
469 Diagnostics as reported from SpamAssassin.
470 SmtpResponse
472 SMTP responses received during dialog with MTA. These log en‐
473 tries are primarly debug.
474 TmpPreserved
476 Temporary directories preserved by Amavis when some component
477 encounters a problem or failure. Directories listed and their
478 corresponding log entries should be evaluated for problems.
479 VirusScanSkipped
481 Messages that could not be scanned by a virus scanner.
482 Warning
484 Warning events not categorized in specific warnings below.
485 These are presented at the top of the report, as they may re‐
486 quire attention.
487 WarningAddressModified
489 Incomplete email addresses modified by Amavis for safety.
490 WarningNoQuarantineId
492 Attempts to release a quarantined message that did not contain
493 an X-Quarantine-ID header.
494 WarningSecurity levelspec
496 Insecure configuration or utility used by Amavis.
497 WarningSmtpShutdown
499 Failures during SMTP conversation with MTA.
500 WarningSql
502 Failures to communicate with, or error replies from, SQL ser‐
503 vice.
504 Whitelisted
506 Messages that were (soft-)whitelisted. See also Blacklisted
507 above.
508
511 The Detailed section of the report consists of a number of sub-sec‐
512 tions, each of which is controlled both globally and independently.
513 Two settings influence the output provided in the Detailed report: a
514 global detail level (specified with --detail) which has final (big ham‐
515 mer) output-limiting control over the Detailed section, and sub-section
516 specific detail settings (small hammer), which allow further limiting
517 of the output for a sub-section. Each sub-section may be limited to a
518 specific depth level, and each sub-level may be limited with top N or
519 threshold limits. The levelspec argument to each of the level limiters
520 listed above is used to accomplish this.
521 It is probably best to continue explanation of sub-level limiting with
523 the following well-known outline-style hierarchy, and some basic exam‐
524 ples:
525 level 0
527 level 1
528 level 2
529 level 3
530 level 4
531 level 4
532 level 2
533 level 3
534 level 4
535 level 4
536 level 4
537 level 3
538 level 4
539 level 3
540 level 1
541 level 2
542 level 3
543 level 4
544 The simplest form of output limiting suppresses all output below a
546 specified level. For example, a levelspec set to "2" shows only data
547 in levels 0 through 2. Think of this as collapsing each sub-level 2
548 item, thus hiding all inferior levels (3, 4, ...), to yield:
549 level 0
551 level 1
552 level 2
553 level 2
554 level 1
555 level 2
556 Sometimes the volume of output in a section is too great, and it is
558 useful to suppress any data that does not exceed a certain threshold
559 value. Consider a dictionary spam attack, which produces very lengthy
560 lists of hit-once recipient email or IP addresses. Each sub-level in
561 the hierarchy can be threshold-limited by setting the levelspec appro‐
562 priately. Setting levelspec to the value "2::5" will suppress any data
563 at level 2 that does not exceed a hit count of 5.
564 Perhaps producing a top N list, such as top 10 senders, is desired. A
566 levelspec of "3:10:" limits level 3 data to only the top 10 hits.
567 With those simple examples out of the way, a levelspec is defined as a
569 whitespace- or comma-separated list of one or more of the following:
570 l Specifies the maximum level to be output for this sub-section,
572 with a range from 0 to 10. if l is 0, no levels will be output,
573 effectively disabling the sub-section (level 0 data is already
574 provided in the Summary report, so level 1 is considered the
575 first useful level in the Detailed report). Higher values will
576 produce output up to and including the specified level.
577 l.n Same as above, with the addition that n limits this section's
579 level 1 output to the top n items. The value for n can be any
580 integer greater than 1. (This form of limiting has less utility
581 than the syntax shown below. It is provided for backwards com‐
582 patibility; users are encouraged to use the syntax below).
583 l:n:t This triplet specifies level l, top n, and minimum threshold t.
585 Each of the values are integers, with l being the level limiter
586 as described above, n being a top n limiter for the level l, and
587 t being the threshold limiter for level l. When both n and t
588 are specified, n has priority, allowing top n lists (regardless
589 of threshold value). If the value of l is omitted, the speci‐
590 fied values for n and/or t are used for all levels available in
591 the sub-section. This permits a simple form of wildcarding (eg.
592 place minimum threshold limits on all levels). However, spe‐
593 cific limiters always override wildcard limiters. The first
594 form of level limiter may be included in levelspec to restrict
595 output, regardless of how many triplets are present.
596 All three forms of limiters are effective only when amavis-logwatch's
598 detail level is 5 or greater (the Detailed section is not activated un‐
599 til detail is at least 5).
600 See the EXAMPLES section for usage scenarios.
602
604 Amavis-logwatch can read configuration settings from a configuration
605 file. Essentially, any command line option can be placed into a con‐
606 figuration file, and these settings are read upon startup.
607 Because amavis-logwatch can run either standalone or within Logwatch,
609 to minimize confusion, amavis-logwatch inherits Logwatch's configura‐
610 tion file syntax requirements and conventions. These are:
611 • White space lines are ignored.
613 • Lines beginning with # are ignored
615 • Settings are of the form:
617 option = value
619 • Spaces or tabs on either side of the = character are ignored.
622 • Any value protected in double quotes will be case-preserved.
624 • All other content is reduced to lowercase (non-preserving, case in‐
626 sensitive).
627 • All amavis-logwatch configuration settings must be prefixed with
629 "$amavis_" or amavis-logwatch will ignore them.
630 • When running under Logwatch, any values not prefixed with
632 "$amavis_" are consumed by Logwatch; it only passes to amavis-log‐
633 watch (via environment variable) settings it considers valid.
634 • The values True and Yes are converted to 1, and False and No are
636 converted to 0.
637 • Order of settings is not preserved within a configuration file
639 (since settings are passed by Logwatch via environment variables,
640 which have no defined order).
641 To include a command line option in a configuration file, prefix the
643 command line option name with the word "$amavis_". The following con‐
644 figuration file setting and command line option are equivalent:
645 $amavis_Line_Style = Truncate
647 --line_style Truncate
649 Level limiters are also prefixed with $amavis_, but on the command line
651 are specified with the --limit option:
652 $amavis_SpamBlocked = 2
654 --limit SpamBlocked=2
656 The order of command line options and configuration file processing oc‐
660 curs as follows: 1) The default configuration file is read if it exists
661 and no --config_file was specified on a command line. 2) Configuration
662 files are read and processed in the order found on the command line.
663 3) Command line options override any options already set either via
664 command line or from any configuration file.
665 Command line options are interpreted when they are seen on the command
667 line, and later options will override previously set options.
668
672 The amavis-logwatch utility exits with a status code of 0, unless an
673 error occurred, in which case a non-zero exit status is returned.
674
676 Running Standalone
677 Note: amavis-logwatch reads its log data from one or more named Amavis
678 log files, or from STDIN. For brevity, where required, the examples
679 below use the word file as the command line argument meaning
680 /path/to/amavis.log. Obviously you will need to substitute file with
681 the appropriate path.
682 To run amavis-logwatch in standalone mode, simply run:
684 amavis-logwatch file
686 A complete list of options and basic usage is available via:
688 amavis-logwatch --help
690 To print a summary only report of Amavis log data:
692 amavis-logwatch --detail 1 file
694 To produce a summary report and a one-level detail report for May 25th:
696 grep 'May 25' file | amavis-logwatch --detail 5
698 To produce only a top 10 list of Sent email domains, the summary report
700 and detailed reports are first disabled. Since commands line options
701 are read and enabled left-to-right, the Sent section is re-enabled to
702 level 1 with a level 1 top 10 limiter:
703 amavis-logwatch --nosummary --nodetail \
705 --limit spamblocked '1 1:10:' file
706 The following command and its sample output shows a more complex level
708 limiter example. The command gives the top 4 spam blocked recipients
709 (level 1), and under with each recipient the top 2 sending IPs (level
710 2) and finally below that, only envelope from addresses (level 3) with
711 hit counts greater than 6. Ellipses indicate top N or threshold-lim‐
712 ited data:
713 amavis-logwatch --nosummary --nodetail \
715 --limit spamblocked '1:4: 2:2: 3::6' file
716 19346 Spam blocked -----------------------------------
718 756 joe@example.com
719 12 10.0.0.1
720 12 <>
721 12 10.99.99.99
722 12 <>
723 ...
724 640 fred@example.com
725 8 10.0.0.1
726 8 <>
727 8 192.168.3.19
728 8 <>
729 ...
730 595 peter@sample.net
731 8 10.0.0.1
732 8 <>
733 7 192.168.3.3
734 7 <>
735 ...
736 547 paul@example.us
737 8 192.168.3.19
738 8 <>
739 7 10.0.0.1
740 7 <>
741 ...
742 ...
743 Running within Logwatch
745 Note: Logwatch versions prior to 7.3.6, unless configured otherwise,
746 required the --print option to print to STDOUT instead of sending re‐
747 ports via email. Since version 7.3.6, STDOUT is the default output
748 destination, and the --print option has been replaced by --output std‐
749 out. Check your configuration to determine where report output will be
750 directed, and add the appropriate option to the commands below.
751 To print a summary report for today's Amavis log data:
753 logwatch --service amavis --range today --detail 1
755 To print a report for today's Amavis log data, with one level
757 of detail in the Detailed section:
758 logwatch --service amavis --range today --detail 5
760 To print a report for yesterday, with two levels of detail in the De‐
762 tailed section:
763 logwatch --service amavis --range yesterday --detail 6
765 To print a report from Dec 12th through Dec 14th, with four levels of
767 detail in the Detailed section:
768 logwatch --service amavis --range \
770 'between 12/12 and 12/14' --detail 8
771 To print a report for today, with all levels of detail:
773 logwatch --service amavis --range today --detail 10
775 Same as above, but leaves long lines uncropped:
777 logwatch --service amavis --range today --detail 11
779 Amavis Log Level
781 Amavis provides additional log information when the variable $log_level
782 is increased above the default 0 value. This information is used by
783 the amavis-logwatch utility to provide additional reports, not avail‐
784 able with the default $log_level=0 value. A $log_level of 2 is sug‐
785 gested.
786 If you prefer not to increase the noise level in your main mail or
788 Amavis logs, you can configure syslog to log Amavis' output to multiple
789 log files, where basic log entries are routed to your main mail log(s)
790 and more detailed entries routed to an Amavis-specific log file used to
791 feed the amavis-logwatch utility.
792 A convenient way to accomplish this is to change the Amavis configura‐
794 tion variables in amavisd.conf as shown below:
795 amavisd.conf:
797 $log_level = 2;
798 $syslog_facility = 'local5';
799 $syslog_priority = 'debug';
800 This increases $log_level to 2, and sends Amavis' log entries to an al‐
803 ternate syslog facility (eg. local5, user), which can then be routed to
804 one or more log files, including your main mail log file:
805 syslog.conf:
807 #mail.info -/var/log/maillog
808 mail.info;local5.notice -/var/log/maillog
809 local5.info -/var/log/amavisd-info.log
811 Amavis' typical $log_level 0 messages will be directed to both your
814 maillog and to the amavisd-info.log file, but higher $log_level mes‐
815 sages will only be routed to the amavisd-info.log file. For additional
816 information on Amavis' logging, search the file RELEASE_NOTES in the
817 Amavis distribution for:
818 "syslog priorities are now dynamically derived"
820
823 The amavis-logwatch program uses the following (automatically set) en‐
824 vironment variables when running under Logwatch:
825 LOGWATCH_DETAIL_LEVEL
827 This is the detail level specified with the Logwatch command
828 line argument --detail or the Detail setting in the ...conf/ser‐
829 vices/amavis.conf configuration file.
830 LOGWATCH_DEBUG
832 This is the debug level specified with the Logwatch command line
833 argument --debug.
834 amavis_xxx
836 The Logwatch program passes all settings amavis_xxx in the con‐
837 figuration file ...conf/services/amavis.conf to the amavis fil‐
838 ter (which is actually named .../scripts/services/amavis) via
839 environment variable.
840
842 Standalone mode
843 /usr/local/bin/amavis-logwatch
844 The amavis-logwatch program
845 /usr/local/etc/amavis-logwatch.conf
847 The amavis-logwatch configuration file in standalone mode
848 Logwatch mode
850 /etc/logwatch/scripts/services/amavis
851 The Logwatch amavis filter
852 /etc/logwatch/conf/services/amavis.conf
854 The Logwatch amavis filter configuration file
855
857 logwatch(8), system log analyzer and reporter
858
860 README, an overview of amavis-logwatch
861 Changes, the version change list history
862 Bugs, a list of the current bugs or other inadequacies
863 Makefile, the rudimentary installer
864 LICENSE, the usage and redistribution licensing terms
865
867 Covered under the included MIT/X-Consortium License:
868 http://www.opensource.org/licenses/mit-license.php
869
872 Mike Cappella
873 The original amavis Logwatch filter was written by Jim O'Halloran, and
875 has had many contributors over the years. They are entirely not re‐
876 sponsible for any errors, problems or failures since the current au‐
877 thor's hands have touched the source code.
878 AMAVIS-LOGWATCH(1)