Web lists-archives.com

Re: question on spamd logging




	Hi.

On Sat, Aug 25, 2018 at 12:16:49PM -0400, Gene Heskett wrote:
> On Saturday 25 August 2018 12:12:09 Reco wrote:
> 
> > 	Hi.
> >
> > On Sat, Aug 25, 2018 at 11:27:32AM -0400, Gene Heskett wrote:
> > > This is expanding the syslog to the point of drowning out any real
> > > actionable messages.
> > >
> > > I think it used to have a log of its own. How, it this continues
> > > once stretch is up and running, can we put those spamd messages back
> > > into spamassassin's own log file? Seems like the logical place for
> > > them.
> >
> > It's definitely possible with rsyslog's filtering feature.
> > Can you provide a sample of the records that annoy you?
> >
> > Reco
> 
> Aug 25 12:10:01 coyote /USR/SBIN/CRON[20245]: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh)
> Aug 25 12:11:33 coyote spamd[4854]: spamd: connection from localhost [127.0.0.1]:43518 to port 783, fd 5
> Aug 25 12:11:33 coyote spamd[4854]: spamd: setuid to gene succeeded
> Aug 25 12:11:33 coyote spamd[4854]: spamd: processing message <20180825161027.eaq2xy65oiar6fqz@xxxxxxxx> aka <AgA_oytFLPE.A.wcD.I-XgbB@bendel> for gene:1000
> Aug 25 12:11:34 coyote spamd[4854]: spamd: clean message (1.6/5.1) for gene:1000 in 1.1 seconds, 10538 bytes.
> Aug 25 12:11:34 coyote spamd[4854]: spamd: result: . 1 - BAYES_50,HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,T_DKIM_INVALID 
> scantime=1.1,size=10538,user=gene,uid=1000,required_score=5.1,rhost=localhost,raddr=127.0.0.1,rport=43518,mid=<20180825161027.eaq2xy65oiar6fqz@xxxxxxxx>,rmid=<AgA_oytFLPE.A.wcD.I-XgbB@bendel>,bayes=0.500000,autolearn=no 
> autolearn_force=no
> Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II
> 
> Several hundred a day...

Try this:

cat > /etc/rsyslog.d/spamd.conf << EOF
:syslogtag, startswith, "spamd" /var/log/spamd.log
:syslogtag, startswith, "spamd" stop
EOF

service rsyslogd restart

Consider adding logrotate configuration file for the new
/var/log/spamd.log.

And, before you ask, documentation for rsyslogd lives in "rsyslog-doc"
package.

Reco