pflogsumm.pl
メールログを解析するスクリプトに pflogsumm がある。
インストール
yum --enablerepo=centosplus install postfix-perl-scripts
CentOS 5.x でのパッケージ名は postfix-pflogsumm
だったが、 CentOS 6.x 以降は postfix-perl-scripts
に変更された。
CentOS 7.x で postfix-perl-scripts
パッケージが含まれるリポジトリは Base が 2.10.1-6 で、 CentOS Plus は 2.10.1-6.0.1 となる。パッケージ内に含まれる pflogsumm.pl
のバージョンは 1.1.3 だった。
他のリポジトリの各バージョンは Lux all が 2.10.1-6, IUS が 3.2.5-2, Ghettoforge Testing が 3.3.1-1, Ghettoforge Plus が 3.2.4-1 となっている。
メールログ解析
LC_ALL=C journalctl --since=yesterday -u postfix | pflogsumm
オプション
usage: pflogsumm.pl -[eq] [-d <today|yesterday>] [--detail <cnt>]
[--bounce_detail <cnt>] [--deferral_detail <cnt>]
[-h <cnt>] [-i|--ignore_case] [--iso_date_time] [--mailq]
[-m|--uucp_mung] [--no_bounce_detail] [--no_deferral_detail]
[--no_no_msg_size] [--no_reject_detail] [--no_smtpd_warnings]
[--problems_first] [--rej_add_from] [--reject_detail <cnt>]
[--smtp_detail <cnt>] [--smtpd_stats]
[--smtpd_warning_detail <cnt>] [--syslog_name=string]
[-u <cnt>] [--verbose_msg_detail] [--verp_mung[=<n>]]
[--zero_fill] [file1 [filen]]
pflogsumm.pl --[version|help]
オプション | 内容 |
---|---|
--bounce_detail <cnt> |
詳細なバウンスレポートを上位 <cnt> 件に限定。 0 は完全に抑制。 |
-d today |
今日のレポートを生成。 |
-d yesterday |
昨日のレポートを生成。 |
--deferral_detail <cnt> |
詳細な延期レポートを上位 <cnt> 件に限定。 0 は完全に抑制。 |
--detail <cnt> |
--*_detail , -h 及び -u すべてに <cnt> を設定。個々の設定に上書きされる。--detail 0 はすべての詳細を抑制。 |
-e |
extended (extreme? excessive?) detail Emit detailed reports. At present, this includes only a per-message report, sorted by sender domain, then user-in-domain, then by queue i.d. WARNING: the data built to generate this report can quickly consume very large amounts of memory if a lot of log entries are processed! |
-h <cnt> |
ホスト/ドメインレポートの上位 <cnt> 件を表示。0 = none.追加のレポート制限オプションについては -u および --*_detail オプションを参照 |
-h --help
|
短い使用方法のメッセージを出して終了。 |
-i --ignore_case
|
大文字小文字を区別せずにメールアドレスを処理。 通常、ホストとドメインの部分を小文字にして、ユーザー部分はそのままになる。このオプションを使用するとメールアドレス全体が小文字になる。 |
--iso_date_time |
For summaries that contain date or time information, use ISO 8601 standard formats (CCYY-MM-DD and HH:MM ), rather than "Mon DD CCYY " and "HHMM ". |
-m |
UUCP-style bang-paths を変更 |
--uucp_mung |
This is for use when you have a mix of Internet-style domain addresses and UUCP-style bang-paths in the log. Upstream UUCP feeds sometimes mung Internet domain style address into bang-paths. This option can sometimes undo the "damage". For example: "somehost.dom!username@foo " (where "foo" is the next host upstream and "somehost.dom " was whence the email originated) will get converted to "foo!username@somehost.dom ". This also affects the extended detail report (-e ), to help ensure that by-domain-by-name sorting is more accurate. |
--mailq |
Run "mailq" command at end of report. Merely a convenience feature. (Assumes that "mailq" is in $PATH . See "$mailqCmd " variable to path thisi if desired.) |
--no_bounce_detail --no_deferral_detail --no_reject_detail
|
These switches are depreciated in favour of --bounce_detail , --deferral_detail and --reject_detail , respectively.Suppresses the printing of the following detailed reports, respectively: message bounce detail (by relay) message deferral detail message reject detail See also: " -u " and "-h " for further report-limiting options. |
--no_no_msg_size |
Do not emit report on "Messages with no size data". Message size is reported only by the queue manager. The message may be delivered long-enough after the (last) qmgr log entry that the information is not in the log(s) processed by a particular run of pflogsumm.pl. This throws off "Recipients by message size" and the total for "bytes delivered." These are normally reported by pflogsumm as "Messages with no size data." |
--no_smtpd_warnings |
This switch is depreciated in favour of smtpd_warning_detail On a busy mail server, say at an ISP, SMTPD warnings can result in a rather sizeable report. This option turns reporting them off. |
--problems_first |
Emit "problems" reports (bounces, defers, warnings, etc.) before "normal" stats. |
--rej_add_from |
For those reject reports that list IP addresses or host/domain names: append the email from address to each listing. (Does not apply to "Improper use of SMTP command pipelining" report.) |
-q |
quiet - don't print headings for empty reports note: headings for warning, fatal, and "master" messages will always be printed. |
--reject_detail <cnt> |
Limit detailed smtpd reject, warn, hold and discard reports to the top <cnt> . 0 to suppress entirely. |
--smtp_detail <cnt> |
Limit detailed smtp delivery reports to the top <cnt> . 0 to suppress entirely. |
--smtpd_stats |
Generate smtpd connection statistics. The "per-day" report is not generated for single-day reports. For multiple-day reports: "per-hour" numbers are daily averages (reflected in the report heading). |
--smtpd_warning_detail <cnt> |
Limit detailed smtpd warnings reports to the top <cnt> . 0 to suppress entirely. |
--syslog_name=name |
Set syslog_name to look for for Postfix log entries. By default, pflogsumm looks for entries in logfiles with a syslog name of "postfix," the default. If you've set a non-default "syslog_name" parameter in your Postfix configuration, use this option to tell pflogsumm what that is. See the discussion about the use of this option under "NOTES," below. |
-u <cnt> |
top <cnt> to display in user reports. 0 == none.See also: " -h " and "--*_detail " options for further report-limiting options. |
--verbose_msg_detail |
For the message deferral, bounce and reject summaries: display the full "reason", rather than a truncated one. Note: this can result in quite long lines in the report. |
--verp_mung --verp_mung=2
|
do "VERP" generated address (?) munging. Convert sender addresses of the form "list-return-NN-someuser=some.dom@host.sender.dom " to "list-return-ID-someuser=some.dom@host.sender.dom "In other words: replace the numeric value with "ID". By specifying the optional "=2" (second form), the munging is more "aggressive", converting the address to something like: " list-return@host.sender.dom "Actually: specifying anything less than 2 does the "simple" munging and anything greater than 1 results in the more "aggressive" hack being applied. See "NOTES" regarding this option. |
--version |
プログラム名とバージョンを出力して終了 |
--zero_fill |
"Zero-fill" certain arrays so reports come out with data in columns that that might otherwise be blank. |