Colorfull QMail Logging

From QmailToaster
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Info from AM (agmsoft@gmail.com) to displaying your Qmail log in color

Add this line on your /etc/multitail.conf, if not exist create it. 

# QMT COLORS
# QMT: clamd
colorscheme:clamd
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta::
cs_re:green:/var/qmail/simscan/.*(: OK)
cs_re:red:/var/qmail/simscan/.*(: [^ ]* FOUND)
cs_re:yellow:/var/qmail/simscan/.*( ERROR)
#
# QMT: qmail-smtp
colorscheme:qmail-smtp
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:magenta,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:green:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:green:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re_val_bigger:magenta,,bold:5:'('(-|)([0-9]|)([0-9]).([0-9]|)([0-9])'/'11.00')'
cs_re:red,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
cs_re:red,,bold: *[^ ]*:VIRUS:.*
cs_re:red,,bold: *[^ ]*:ATTACH:.*
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
cs_re:yellow: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
cs_re:yellow,,bold: *[^ ]*policy_check: policy forbid([^ ]*).*
cs_re:magenta,,bold:rblsmtpd: ([0-9\.]*)
cs_re:magenta,,bold:qmail-smtpd.*
cs_re:magenta,,bold:spf-reject.*
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
#
# QMT: qmail-send
colorscheme:qmail-send
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:delivery *[^ ]*: success:.*
cs_re:red,,bold:delivery *[^ ]*: failure:.*
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
#
# QMT: SpamAssassin
colorscheme:qmtspamassassin
cs_re:magenta::
cs_re:blue:^....-..-.. ..:..:..
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
cs_re_s:yellow,,bold:result: Y ([^ ]*) .*
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
cs_re:white,,bold:processing message.*
#
# QMT: sophie
colorscheme:sophie
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:NOTICE *[^ ]*:.*
cs_re:red,,bold:Virus present.*
cs_re:red,,bold:WARNING *[^ ]*: Scan result =.*
cs_re:yellow,,bold:WARNING *[^ ]*: error:.*


and this is how I call multitail: (or you can create a bash script with below code in it)

Using tail: 

multitail -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \
   -m 0 -n 49 -cS qmail-send -l "tail -F -q -c 512000 /var/log/qmail/send/current | tai64nlocal" \
   -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/smtp/current | tai64nlocal" \
   -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/submission/current | tai64nlocal" \
   -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "tail -F -q -c 512000 /var/log/qmail/spamd/current | tai64nlocal" \
   -m 0 -n 49 -cS clamd -l "tail -F -q -c 512000 /var/log/qmail/clamd/current | tai64nlocal" \
   -m 0 -n 49 -cS sophie -l "tail -F -q -c 512000 /var/log/qmail/sophie/current | tai64nlocal"

Using qmlog (you must have QTP installed) 

multitail -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \
   -m 0 -n 49 -cS qmail-send -l "qmlog -f send" \
   -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \
   -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -em "spf-reject" -l "qmlog -f submission" \
   -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "qmlog -f spamd" \
   -m 0 -n 49 -cS clamd -l "qmlog -f clamd" \
   -m 0 -n 49 -cS sophie -l "qmlog -f sophie"

A simple script to display smtpd and spamd 

multitail -s 2 -M 5000 -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \
   -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \
   -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "qmlog -f spamd"
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Colorfull_QMail_Logging&oldid=154"