| View previous topic :: View next topic |
| Author |
Message |
elmar283
Guru
Joined: 06 Dec 2004
Posts: 316
Location: Haarlem, Netherlands
|
 Posted: Mon Dec 28, 2015 4:13 pm Post subject: no mail.log, mail.err, mail.warn |
 |
|
Somehow syslog-ng does not log tot /var/log/mail.log, /var/log/mail.err and /var/log/mail.warn
I do not see anny logging.
This is my syslog-ng.conf file:
| Code: |
@version: 3.7
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened,v 1.1 2013/04/28 04:50:34 mr_bones_ Exp $
# https://bugs.gentoo.org/show_bug.cgi?id=426814
@include "scl.conf"
#
# Syslog-ng configuration file, compatible with default hardened installations.
#
options {
owner(root);
## (Make log files group-readable by logcheck)
group(logcheck);
perm(0640);
threaded(yes);
chain_hostnames(no);
stats_freq(43200);
};
source src {
unix-dgram("/dev/log");
internal();
};
#source src {
# systemd-journal();
# internal();
#};
source kernsrc {
file("/proc/kmsg");
};
#source net { udp(); };
#log { source(net); destination(net_logs); };
#destination net_logs { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); };
destination authlog { file("/var/log/auth.log"); };
destination _syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
#destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };
destination avc { file("/var/log/avc.log"); };
destination audit { file("/var/log/audit.log"); };
destination pax { file("/var/log/pax.log"); };
destination grsec { file("/var/log/grsec.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
#destination loghost { udp("loghost" port(999)); };
destination xconsole { pipe("/dev/xconsole"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
#filter f_ppp { facility(ppp); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_avc { message(".*avc: .*"); };
filter f_audit { message("^(\\[.*\..*\] |)audit.*") and not message(".*avc: .*"); };
filter f_pax { message("^(\\[.*\..*\] |)PAX:.*"); };
filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(_syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(kernsrc); filter(f_pax); destination(pax); };
log { source(kernsrc); filter(f_grsec); destination(grsec); };
log { source(kernsrc); filter(f_audit); destination(audit); };
log { source(kernsrc); filter(f_avc); destination(avc); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#log { source(src); filter(f_ppp); destination(ppp); };
#log { source(src); destination(console_all); };
|
Also the other logfiles are not logging much.
Does anyone know what could be wrong? |
|
| Back to top |
|
 |
user
Apprentice
Joined: 08 Feb 2004
Posts: 202
|
| Posted: Mon Dec 28, 2015 10:31 pm Post subject: |
|
|
mhh,
I tested your syslog-ng.conf.
It's work for me (TM).
Did you try?
| Code: | | # logger -p mail.info test |
|
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Tue Dec 29, 2015 10:39 am Post subject: |
|
|
| Which MTA do you use ? Is it configured to send its logs to syslog, and with the "mail" facility ? |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 29, 2015 11:17 am Post subject: |
|
|
elmar283 ...
If I were to guess then I'd suspect that logrotate is in use and that syslog-ng isn't given a HUP on the logs being rotated. If logrotate is in use, do you have something like the following 'postrotate' defined?
| /etc/logrotate.d/syslog-ng: | # Mail system
/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {
sharedscripts
missingok
notifempty
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
} |
... this might also explain why other log files are similarly effected.
best ... khay |
|
| Back to top |
|
|
elmar283
Guru
Joined: 06 Dec 2004
Posts: 316
Location: Haarlem, Netherlands
|
| Posted: Tue Dec 29, 2015 11:49 am Post subject: |
|
|
I use postfix as MTA.
And everything with the mailserver is working just fine. I just don't receive logs anymore.
| Code: | elmar@ZaphodBeeblebrox /etc/logrotate.d $ cat syslog-ng
# $Id$
#
# Syslog-ng logrotate snippet for Gentoo Linux
# contributed by Michael Sterrett
#
/var/log/debug /var/log/kern.log /var/log/grsec.log /var/log/auth.log /var/log/mail.err /var/log/mail.info /var/log/mail.log /var/log/mail.warn /var/log/mailcron.log /var/log/cron.log /var/log/daemon.log /var/log/syslog /var/log/lpr.log /var/log/user.log /var/log/messages {
missingok
sharedscripts
postrotate
/etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
endscript
}
|
| Code: | elmar@ZaphodBeeblebrox /etc/postfix $ cat main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = //usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = domain.eu
mydomain = domain.eu
myorigin = domain.eu
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 450
mynetworks = 10.0.0.0/24 192.168.0.0/24, 192.168.178.0/24, 127.0.0.0/8
home_mailbox = .maildir/
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 5
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = no
home_mailbox = .maildir/
inet_protocols=ipv4
# Increase maximum message size
message_size_limit = 20971520
# Link the mailbox uid and gid to postfix.
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
local_transport = local
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
virtual_transport = virtual
virtual_mailbox_domains = domain.nl, domain2.nl, domain2.eu
virtual_minimum_uid = 5000
virtual_gid_maps = static:5000
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_uid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_limit = 0
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
recipient_delimiter = +
#sasl
# Postifx to SASL authentication
broken_sasl_auth_clients = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# SSL Authentication
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 3
smtpd_tls_key_file = /etc/ssl/postfix/domain.eu_privatekey.pem
smtpd_tls_cert_file = /etc/ssl/postfix/domain.eu_crt.pem
#smtpd_tls_CAfile = /etc/ssl/certs/cacert.org_class3.pem
smtpd_tls_CAfile = /etc/ssl/certs/cacert.org_root.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#mailfitering starst here: Dus als de boel zo niet meer goed werkt dan hetgeen hieronder eerst in de prullenbak mieteren ;)
biff = no
empty_address_recipient = MAILER-DAEMON
queue_minfree = 120000000
#smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
# Block spam using DNS blacklists
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
# HELO Restrictions
#smtpd_helo_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname
smtpd_helo_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_helo_required = yes
# Do not respond to the VRFY command
disable_vrfy_command = yes
# SHOW SOFTWARE VERSION OR NOT
smtpd_banner = $myhostname ESMTP NO UCE
mailbox_command = /usr/bin/procmail -a "domain.eu"
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix/${mail_version}
|
| Code: | elmar@ZaphodBeeblebrox /etc/postfix $ cat master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -D
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
#-o smtpd_tls_security_level=may
#-o smtpd_sasl_auth_enable=yes
#-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
# Hier begint mijn mailscan gededeelte. Dus als zo de boel niet meer werkt dan dit hieronder eerst weghalen.
localhost:10025 inet n - n - 2 smtpd
-o disable_dns_lookup=yes
-o content_filter=
-o myhostname=zaphodbeeblebrox.domain.eu
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
amavis unix - - n - 2 lmtp
-o disable_dns_lookups=yes
-o lmtp_send_xforward_command=yes
-o lmtp_data_done_timeout=1200
smtp inet n - n - 2 smtpd
-o content_filter=amavis:[127.0.0.1]:10024
-o receive_override_options=no_address_mappings
smtps inet n - n - 2 smtpd
-o smtpd_tls_wrappermode=yes
-o content_filter=amavis:[127.0.0.1]:10024
-o receive_override_options=no_address_mappings
|
|
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 29, 2015 1:09 pm Post subject: |
|
|
elmar283 ...
What cron daemon is in use, and is it in the default runlevel, do you have a crontab setup to run cron.{daily,weekly,monthly}? When is logrotate set to run? What happens if you run 'logrotate --force /etc/logrotate.conf'? Are you getting rotated logs at all?
best ... khay |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Wed Dec 30, 2015 11:59 am Post subject: |
|
|
| elmar283 wrote: | | I use postfix as MTA. |
As your conf files mention nothing about syslog parameters, the defaults are applied, and correct.
| Code: | # postconf syslog_facility
syslog_facility = mail |
So postfix is okay, loogrotate seems to be too, if launched...
Certainly a dumb question, but are the permissions on mail.* files correct ?
Is amavis also mute ?
Did you update syslog-ng recently (version 3.7.2 was marked stable a few weeks ago) ? If yes, did you restart it since ? |
|
| Back to top |
|
|
elmar283
Guru
Joined: 06 Dec 2004
Posts: 316
Location: Haarlem, Netherlands
|
| Posted: Wed Dec 30, 2015 12:35 pm Post subject: |
|
|
| CneGroumF wrote: | | elmar283 wrote: | | I use postfix as MTA. |
As your conf files mention nothing about syslog parameters, the defaults are applied, and correct.
| Code: | # postconf syslog_facility
syslog_facility = mail |
So postfix is okay, loogrotate seems to be too, if launched...
Certainly a dumb question, but are the permissions on mail.* files correct ?
Is amavis also mute ?
Did you update syslog-ng recently (version 3.7.2 was marked stable a few weeks ago) ? If yes, did you restart it since ? |
There are no mail.* files. They are not even being generated. I did make a mail.log file and set the permissions on 'root:logcheck' and '-rw-r-----'.
I do not have an 'amavis.log' file at the moment too.
I did update syslog-ng. |
|
| Back to top |
|
|
elmar283
Guru
Joined: 06 Dec 2004
Posts: 316
Location: Haarlem, Netherlands
|
| Posted: Wed Dec 30, 2015 12:36 pm Post subject: |
|
|
I rebooted my machine and now the logs are being generated again.
I still don't know why it didn't work anymore. I will watch wether or not logrotate or logcheck is the cause.
If not I will edit the subject as [resolved]. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Wed Dec 30, 2015 3:42 pm Post subject: |
|
|
| elmar283 wrote: | | I do not have an 'amavis.log' file at the moment too. |
That depends on your configuration. Amavis is able to send its logs to syslog, or to a file.
| Code: | ## LOGGING AND DEBUGGING
$log_level = 0; # verbosity 0..5, -d
$do_syslog = 1; # log via syslogd (preferred). Default : 0
$syslog_ident = 'amavis';
$syslog_facility = 'mail'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7
$logfile = undef; # log file, if syslogging is disabled. Empty by default.
$do_syslog = undef; # same as 0. |
By default, it does nothing.
| Code: | | I did update syslog-ng. |
And it was restarted only when you rebooted your server.  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
