Search:

qmail-relog - Read and Rewrite qmail-send Log Files

You may like qmail or not - the log files look (at least) strange. It talks about a lot of things but the information for each mail is spread about several lines. While the idea behind the TAI64N time format sounds good I consider it as totally useless for emails. Anyway, as qmail user you have to live with it.

When I was first forced to work with qmail's logfiles I started working on qmail-relog (see listing below). The script itself is not so interesting. After you have saved you have to decide if you want to use the hex2dec() with gawk's builtin strtonum() function or not.

qmail-relog reads qmail's multilog (current and archived) logfiles on it's input and converts this into something more useful.

So the obvious uses are

# zcat /var/log/qmail-archive/2009/qmail/qmail-send/some-logfile.gz | qmail-relog

or

# tail -F /var/log/qmail/qmail-send/current | qmail-relog

If you have tail supporting the -F option than this is attractive for real-time logfile conversion. I used this for some weeks and from time to time I found that the tail (or qmail-relog) had terminated . I assume this is due to multilog's log file rotation. I resolved this by restarting the "tail -F" once a day by cron.

qmail-relog recognizes splogger syslog messages:

# tail -F /var/log/qmail-raw.log | qmail-relog

If you use the script for real-time conversion you can customize it a little bit. Set the variable mode to syslog. In this case qmail-relog writes its output to syslog instead to stdout.

Download

Download the script: qmail-relog.

Updates

< dag | at | awk-scripting.de >