Man Linux: Main Page and Category List

NAME

       sendmail2dlf - convert sendmail logfiles to dlf

SYNOPSIS

       sendmail2dlf

DESCRIPTION

       sendmail2dlf(1) converts a LogLevel 9 sendmail (8.10.x or higher)
       logfile, as created using syslog, to a Lire email Distilled Log Format
       file.

       Input is one line per event.  Outputted is one line per delivery:

        time logrelay queueid msgid fromuser fromdomain fromrelay \
        size delay xdelay touser todomain torelay stat

       (This should be the format as defined in email/dlf.cfg.)

EXAMPLE

       The lines

        Apr 20 03:00:11 firewall sendmail[442]: DAA00442: \
          from=<user@example.com>, size=4992, class=0, \
          pri=34992, nrcpts=1, \
          msgid=<200004192316.BAA19611@achilles.noot.com>, \
          proto=ESMTP, relay=host.example.nl [150.0.0.45]
        Apr 20 03:00:11 firewall sendmail[442]: DAA00442: \
          to=<jan@aap.com>, delay=00:00:00, mailer=smtp, \
          stat=queued
        Apr 20 05:00:11 firewall sendmail[503]: DAA00442: \
          to=<jan@aap.com>, delay=02:00:00, \
          xdelay=00:00:03, mailer=smtp, relay=mailgw.aap.com. \
          [3.4.64.199], stat=Sent (OK id=12i7CN-0001Kv-00)

       wil be converted to

        956109611 firewall DAA00442 \
          <200004192316.baa19611@achilles.noot.com> user \
          example.com host.example.nl_[150.0.0.45] 4992 0 0 \
          jan aap.com host.example.nl._[150.0.0.45] queued \
          UNKNOWN
        956116811 firewall DAA00442 \
          <200004192316.baa19611@achilles.noot.com> user \
          example.com host.example.nl_[150.0.0.45] 4992 \
          7200 3 jan aap.com mailgw.aap.com._[3.4.64.199] \
          sent (ok_id=12i7cn-0001kv-00)

       The lines

        Mar 17 13:34:32 mailhost sendmail[8408]: NAA08408: \
         from=<piet@example.com>, size=1890, class=0, \
         pri=0, nrcpts=4, \
         msgid=<000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com>, \
         proto=ESMTP, relay=root@[1.2.6.10]
        Mar 17 13:45:26 mailhost sendmail[8457]: NAA08408: \
         to=lkrksen@www, delay=00:10:56, xdelay=00:00:01, \
         mailer=smtp, relay=www.example.nl. [194.229.43.3], \
         stat=Sent (NAA06261 Message accepted for delivery) \
        Mar 17 13:45:27 mailhost sendmail[8457]: NAA08408: \
         to=ll@host.example.com, delay=00:10:57, \
         xdelay=00:00:01, mailer=smtp, relay=host.example.nl. \
         [150.0.0.45], stat=Sent (OK)
        Mar 17 13:45:31 mailhost sendmail[8457]: NAA08408: \
         to=<mvelsla@aap.com>,<pvhove@aap.com>,<pdebaerd@aap.com>, \
         delay=00:11:01, xdelay=00:00:04, mailer=smtp, \
         relay=mailgw.aap.com. [3.4.64.199], stat=Sent (OK \
         id=12Vw8J-0001iT-00)

       will be converted to

        953210726 mailhost NAA08408 \
         <000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com>\
         piet example.com root@[1.2.6.10] 1890 656 1 lkrksen \
         www www.example.nl._[194.229.43.3] sent \
         (naa06261_message_accepted_for_delivery)
        953210727 mailhost NAA08408 \
         <000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com> \
         piet example.com root@[1.2.6.10] 1890 657 1 ll \
         host.example.com host.example.nl._[150.0.0.45] sent (ok)
        953210731 mailhost NAA08408 \
         <000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com> \
         piet example.com root@[1.2.6.10] 1890 661 4 mvelsla \
         aap.com mailgw.aap.com._[3.4.64.199] sent \
         (ok_id=12vw8j-0001it-00)
        953210731 mailhost NAA08408 \
         <000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com> \
         piet example.com root@[1.2.6.10] 1890 661 4 pvhove \
         aap.com mailgw.aap.com._[3.4.64.199] sent \
         (ok_id=12vw8j-0001it-00)
        953210731 mailhost NAA08408 \
         <000b01bf9009$f6885b20$6c062014@sabepc06.be.example.com> \
         piet example.com root@[1.2.6.10] 1890 661 4 pdebaerd \
         aap.com mailgw.aap.com._[3.4.64.199] sent \
         (ok_id=12vw8j-0001it-00)

       The lines

        Mar 15 13:34:09 firewall sendmail[279]: NAA00279: \
         from=<klaas@example.com>, size=2281952, class=0, \
         pri=2311952, nrcpts=1, \
         msgid=<200003151230.NAA00112@mailhost.example.nl>, \
         proto=ESMTP, relay=host.example.nl [150.0.0.45]
        Mar 15 13:34:09 firewall sendmail[279]: NAA00279: \
         to=<klaas@hotmail.com>, delay=00:00:04, mailer=smtp, \
         stat=queued
        Mar 15 13:39:58 firewall sendmail[401]: NAA00279: \
         to=<klaas@hotmail.com>, delay=00:05:53, xdelay=00:00:06, \
         mailer=smtp, relay=mc5.law5.hotmail.com. \
         [216.32.243.136], stat=Service unavailable
        Mar 15 13:39:58 firewall sendmail[401]: NAA00279: \
         NAA00401: postmaster notify: Service unavailable
        Mar 15 13:40:04 firewall sendmail[401]: NAA00401: \
         to=klaas@host.example.com, delay=00:00:06, \
         xdelay=00:00:04, mailer=smtp, relay=host.example.nl. \
         [150.0.0.45], stat=Sent (OK)

       will be converted to

        953037249 firewall NAA00279 \
         <200003151230.naa00112@mailhost.example.nl> klaas \
         example.com host.example.nl_[150.0.0.45] 2281952 4 1 \
         klaas hotmail.com mailgw.csc.com._[208.219.64.199] \
         queued UNKNOWN
        953037598 firewall NAA00279 \
         <200003151230.naa00112@mailhost.example.nl> klaas \
         example.com host.example.nl_[150.0.0.45] 2281952 353 6 \
         klaas hotmail.com mc5.law5.hotmail.com._[216.32.243.136] \
         service unavailable

       The fact that the delivery ’Mar 15 13:40:04 firewall sendmail[401]:
       NAA00401:’ does not generate a dlf record is a bug.

       When the line

        Mar 15 19:39:40 mailhost sendmail[2178]: TAA02178: \
         from=<foo@hotmail.com>, size=0, class=0, pri=0, \
         nrcpts=0, proto=SMTP, relay=[1.84.7.150]

       occurs in the input, and there is no line carrying the same queueid,
       the line is discarded, and reported as skipped: any to- or from- line,
       lacking any partner, will get discarded.

       Lines like:

        Mar 15 13:40:19 firewall sendmail[456]: alias database \
         /etc/aliases.db out of date

       wil get discarded

EXAMPLES

       To process a log as produced by sendmail:

        $ sendmail2dlf < mail.log

       sendmail2dlf will be rarely used on its own, but is more likely called
       by lr_log2report:

        $ lr_log2report sendmail < /var/log/maillog

BUGS

       When queueids are being reused within one logfile, behaviour is
       unpredictable.  Incomplete logsnippets (e.g. from-lines without to-
       lines) are not treated well.

       It is reported events like this occur in sendmail log files:

        SAA14845: from=<>, size=146990, class=0, pri=176990, nrcpts=1,
         msgid=<092246.09986@rly-yc03.mx.aol.com>, proto=ESMTP,
         relay=omr-d06.mx.aol.com [205.188.156.71]
        SAA14845: to=joe@mailhost, ctladdr=<joe@example.edu>, delay=00:00:01,
         mailer=local, stat=User unknown
        SAA14845: to=<joe@example.edu>, delay=00:00:01, mailer=local,
         stat=User unknown
        SAA14845: SAA14846: postmaster notify: User unknown
        SAA14846: to="|exec /usr/local/bin/procmail", ctladdr=ann@mailhost (2217/10),
         delay=00:00:00, xdelay=00:00:00, mailer=prog, stat=Sent
        SAA14846: to=bob@imap-ns, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
         relay=apex.example.edu. [152.19.4.80],
         stat=Sent (Message received: GVV8N400.CMX)
        SAA14846: to=eve@mailhost, delay=00:00:01, xdelay=00:00:00, mailer=local,
         stat=Sent

       Note that SAA14845 has _two_ final to= lines, while the from= line
       states nrcpts=1.  This blows the axiom of this script away.  We haven’t
       decided yet on how to deal with this...

THANKS

       Edward Eldred, for finding and reporting a bug.

VERSION

       $Id: sendmail2dlf.in,v 1.32 2006/07/23 13:16:34 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2000, 2001, 2002 Stichting LogReport Foundation
       LogReport@LogReport.org

       This program is part of Lire.

       Lire is free software; you can redistribute it and/or modify it under
       the terms of the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       This program is distributed in the hope that it will be useful, but
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
       General Public License for more details.

       You should have received a copy of the GNU General Public License along
       with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

AUTHOR

       Joost van Baal <joostvb@logreport.org>