Re: question on spamd logging
- Date: Sat, 25 Aug 2018 20:08:29 +0300
- From: Reco <recoverym4n@xxxxxxxxx>
- Subject: Re: question on spamd logging
On Sat, Aug 25, 2018 at 12:16:49PM -0400, Gene Heskett wrote:
> On Saturday 25 August 2018 12:12:09 Reco wrote:
> > Hi.
> > On Sat, Aug 25, 2018 at 11:27:32AM -0400, Gene Heskett wrote:
> > > This is expanding the syslog to the point of drowning out any real
> > > actionable messages.
> > >
> > > I think it used to have a log of its own. How, it this continues
> > > once stretch is up and running, can we put those spamd messages back
> > > into spamassassin's own log file? Seems like the logical place for
> > > them.
> > It's definitely possible with rsyslog's filtering feature.
> > Can you provide a sample of the records that annoy you?
> > Reco
> Aug 25 12:10:01 coyote /USR/SBIN/CRON: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh)
> Aug 25 12:11:33 coyote spamd: spamd: connection from localhost [127.0.0.1]:43518 to port 783, fd 5
> Aug 25 12:11:33 coyote spamd: spamd: setuid to gene succeeded
> Aug 25 12:11:33 coyote spamd: spamd: processing message <20180825161027.eaq2xy65oiar6fqz@xxxxxxxx> aka <AgA_oytFLPE.A.wcD.I-XgbB@bendel> for gene:1000
> Aug 25 12:11:34 coyote spamd: spamd: clean message (1.6/5.1) for gene:1000 in 1.1 seconds, 10538 bytes.
> Aug 25 12:11:34 coyote spamd: spamd: result: . 1 - BAYES_50,HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,T_DKIM_INVALID
> Aug 25 12:11:35 coyote spamd: prefork: child states: II
> Several hundred a day...
cat > /etc/rsyslog.d/spamd.conf << EOF
:syslogtag, startswith, "spamd" /var/log/spamd.log
:syslogtag, startswith, "spamd" stop
service rsyslogd restart
Consider adding logrotate configuration file for the new
And, before you ask, documentation for rsyslogd lives in "rsyslog-doc"