CentOS7

Postfixログ解析ツール導入(pflogsumm)

Postfixのログ解析ツールであるpflogsummを導入する。

ここでは、毎日自動的に前日分のPostfixログを解析して結果をメールサーバー管理者(postmaster)宛にメール送信するようにする。

pflogsummインストール

[root@centos ~]# yum -y install postfix-pflogsumm ← pflogsummインストール

pflogsumm確認

[root@centos ~]# vi pflogsumm_report ← pflogsumm実行スクリプト作成
#!/bin/bash

MAILLOG=`mktemp`
for log in `ls /var/log/maillog-*
sort`
do
cat $log >> $MAILLOG
done
cat /var/log/maillog >> $MAILLOG
REPORT=`mktemp`
pflogsumm --problems_first --verbose_msg_detail --mailq -d yesterday $MAILLOG > $REPORT
cat $REPORT
mail -s "`head -1 $REPORT` in `uname -n`" postmaster
rm -f $MAILLOG $REPORT
[root@centos ~]# chmod 700 pflogsumm_report ← pflogsumm実行スクリプトへ実行権限付加
[root@centos ~]# ./pflogsumm_report ← pflogsumm実行スクリプト実行

以下のようなメールがpostmaster宛に送られてくることを確認

Postfix log summaries for Feb 16

Grand Totals
------------
messages

      4   received
      4   delivered
      0   forwarded
      0   deferred
      0   bounced
      4   rejected (50%)
      0   reject warnings
      0   held
      0   discarded (0%)

  31578   bytes received
  31578   bytes delivered
      2   senders
      2   sending hosts/domains
      2   recipients
      1   recipient hosts/domains


message deferral detail: none

message bounce detail (by relay): none

message reject detail
---------------------
  RCPT
    550 : Recipient address rejected: User unknown in local recipient table; from= to= proto=SMTP helo= (total: 1)
           1   xxxxxxxx.com
    550 : Recipient address rejected: User unknown in local recipient table; from= to= proto=SMTP helo= (total: 1)
           1   62.63.187.136
    554 : Relay access denied; from= to= proto=SMTP helo= (total: 1)
           1   dyxnet.com
    554 : Relay access denied; from= to= proto=SMTP helo= (total: 1)
           1   210.200.18.153

message reject warning detail: none

message hold detail: none

message discard detail: none

smtp delivery failures: none

Warnings: none

Fatal Errors: none

Panics: none

Master daemon messages: none

Per-Hour Traffic Summary
    time          received  delivered   deferred    bounced     rejected
    --------------------------------------------------------------------
    0000-0100           0          0          0          0          0
    0100-0200           0          0          0          0          0
    0200-0300           0          0          0          0          0
    0300-0400           0          0          0          0          0
    0400-0500           2          2          0          0          0
    0500-0600           0          0          0          0          0
    0600-0700           0          0          0          0          0
    0700-0800           0          0          0          0          1
    0800-0900           0          0          0          0          0
    0900-1000           0          0          0          0          1
    1000-1100           0          0          0          0          0
    1100-1200           0          0          0          0          0
    1200-1300           0          0          0          0          0
    1300-1400           0          0          0          0          1
    1400-1500           0          0          0          0          0
    1500-1600           0          0          0          0          0
    1600-1700           2          2          0          0          0
    1700-1800           0          0          0          0          0
    1800-1900           0          0          0          0          0
    1900-2000           0          0          0          0          0
    2000-2100           0          0          0          0          0
    2100-2200           0          0          0          0          1
    2200-2300           0          0          0          0          0
    2300-2400           0          0          0          0          0

Host/Domain Summary: Message Delivery
 sent cnt  bytes   defers   avg dly max dly host/domain
 -------- -------  -------  ------- ------- -----------
      4    31578        0    26.5 s    1.2 m  xxxxxxxx.com

Host/Domain Summary: Messages Received
 msg cnt   bytes   host/domain
 -------- -------  -----------
      2    27078   xxxxxxxx.com
      2     4500   xxxxxxxx.jp

Senders by message count
------------------------
      2   root@xxxxxxxx.com
      2   apache@xxxxxxxx.jp

Recipients by message count
---------------------------
      2   root@xxxxxxxx.com
      2   webmaster@xxxxxxxx.com

Senders by message size
-----------------------
  27078   root@xxxxxxxx.com
   4500   apache@xxxxxxxx.jp

Recipients by message size
--------------------------
  16517   webmaster@xxxxxxxx.com
  15061   root@xxxxxxxx.com

Current Mail Queue
------------------
Mail queue is empty

pflogsumm定期自動実行設定

[root@centos ~]# mv pflogsumm_report /etc/cron.daily/ ← pflogsumm実行スクリプトを毎日自動実行されるディレクトリへ移動

トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS