Description,
Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is
designed to provide an over-view of Postfix activity, with just enough
detail to give the administrator a “heads up” for potential trouble
spots.
Pflogsumm generates summaries and, in some cases, detailed reports of
mail server traffic volumes, rejected and bounced email, and server
warnings, errors and panics.
Pflogsumm is a great tool to create a summary of Postfix logs. Install it on Ubuntu with:
apt install pflogsumm
(Make sure you logded in with sudo else add sueo infront of the above command)
After installing you can use the following commands to generate reports.
pflogsumm -d today /var/log/mail.log This command will generate the report for today
pflogsumm -d yesterday /var/log/mail.log This command Generate a report for yesterday.
If you like to generate a report for this week.
pflogsumm /var/log/mail.log
If you like to see “problem reports (warning, defers, reject, bounces) before the “normal” report add the following parameters (flags)
--problems-first
like
pflogsumm -d today /var/log/mail.log --problems-first
TO add the email from address to each listing in reject report use the following parameters/flags
--rej-add-from
Like
pflogsumm -d today /var/log/mail.log --rej-add-from
To Display the full reason in reject summaries, use --verbose-msg-detail parameters/flag.
like this
pflogsumm -d today /var/log/mail.log --rej-add-from --verbose-msg-detail
To send a report to your email address every day.
We can add a crontab job.
crontab -e
Add the following line, which will generate a report every day at 2:00 AM.
0 2 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q
To receive the report via email, add the following line above all cron jobs.
MAILTO="you@exmaple.com"
If the MAILTO variable has already been set but you want Postfix mail log summary sent to a different email address, you can put the following line in your Cron job.
0 2 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix mail log summary" you@example.com
The output of pflogsumm command is redirected to mutt, a command line mail user agent, which will use the output as the email body and send it to the email address you specify at the end.
You need to install mutt on your Linux server.
apt install mutt
Here is
Synopsis
pflogsumm.pl -[eq] [-d
[–verp_mung[=
[-m│–uucp_mung] [-i│–ignore_case] [–smtpd_stats] [–mailq]
[–problems_first] [–rej_add_from] [–no_bounce_detail]
[–no_deferral_detail] [–no_reject_detail] [–no_no_msg_size]
[–no_smtpd_warnings] [–zero_fill] [–syslog_name=string]
[file1 [filen]]
Options
-d today generate report for just today
-d yesterday generate report for just “yesterday”
-e extended (extreme? excessive?) detail
Emit detailed reports. At present, this includes
only a per-message report, sorted by sender domain,
then user-in-domain, then by queue i.d.
WARNING: the data built to generate this report can
quickly consume very large amounts of memory if a
lot of log entries are processed!
-h
0 = none.
See also: “-u” and “–no_*_detail” for further
report-limiting options.
–help Emit short usage message and bail out.
(By happy coincidence, “-h” alone does much the same,
being as it requires a numeric argument :-). Yeah, I
know: lame.)
-i
–ignore_case Handle complete email address in a case-insensitive
manner.
Normally pflogsumm lower-cases only the host and
domain parts, leaving the user part alone. This
option causes the entire email address to be lower-
cased.
–iso_date_time
For summaries that contain date or time information,
use ISO 8601 standard formats (CCYY-MM-DD and HH:MM),
rather than “Mon DD CCYY” and “HHMM”.
-m modify (mung?) UUCP-style bang-paths
–uucp_mung
This is for use when you have a mix of Internet-style
domain addresses and UUCP-style bang-paths in the log.
Upstream UUCP feeds sometimes mung Internet domain
style address into bang-paths. This option can
sometimes undo the “damage”. For example:
“somehost.dom!username@foo” (where “foo” is the next
host upstream and “somehost.dom” was whence the email
originated) will get converted to
“foo!username@somehost.dom”. This also affects the
extended detail report (-e), to help ensure that by-
domain-by-name sorting is more accurate.
–mailq Run “mailq” command at end of report.
Merely a convenience feature. (Assumes that “mailq”
is in $PATH. See “$mailqCmd” variable to path thisi
if desired.)
–no_bounce_detail
–no_deferral_detail
–no_reject_detail
Suppresses the printing of the following detailed
reports, respectively:
message bounce detail (by relay)
message deferral detail
message reject detail
See also: “-u” and “-h” for further report-limiting
options.
–no_no_msg_size
Do not emit report on “Messages with no size data”.
Message size is reported only by the queue manager.
The message may be delivered long-enough after the
(last) qmgr log entry that the information is not in
the log(s) processed by a particular run of
pflogsumm.pl. This throws off “Recipients by message
size” and the total for “bytes delivered.” These are
normally reported by pflogsumm as “Messages with no
size data.”
–no_smtpd_warnings
On a busy mail server, say at an ISP, SMTPD warnings
can result in a rather sizeable report. This option
turns reporting them off.
–problems_first
Emit “problems” reports (bounces, defers, warnings,
etc.) before “normal” stats.
–rej_add_from
For those reject reports that list IP addresses or
host/domain names: append the email from address to
each listing. (Does not apply to “Improper use of
SMTP command pipelining” report.)
-q quiet – don’t print headings for empty reports
note: headings for warning, fatal, and “master”
messages will always be printed.
–smtpd_stats
Generate smtpd connection statistics.
The “per-day” report is not generated for single-day
reports. For multiple-day reports: “per-hour” numbers
are daily averages (reflected in the report heading).
–syslog_name=name
Set syslog_name to look for for Postfix log entries.
By default, pflogsumm looks for entries in logfiles
with a syslog name of “postfix,” the default.
If you’ve set a non-default “syslog_name” parameter
in your Postfix configuration, use this option to
tell pflogsumm what that is.
See the discussion about the use of this option under
“NOTES,” below.
-u
See also: “-h” and “–no_*_detail” for further
report-limiting options.
–verbose_msg_detail
For the message deferral, bounce and reject summaries:
display the full “reason”, rather than a truncated one.
Note: this can result in quite long lines in the report.
–verp_mung do “VERP” generated address (?) munging. Convert
–verp_mung=2 sender addresses of the form
“list-return-NN-someuser=some.dom@host.sender.dom”
to
“list-return-ID-someuser=some.dom@host.sender.dom”
In other words: replace the numeric value with “ID”.
By specifying the optional “=2” (second form), the
munging is more “aggressive”, converting the address
to something like:
“list-return@host.sender.dom”
Actually: specifying anything less than 2 does the
“simple” munging and anything greater than 1 results
in the more “aggressive” hack being applied.
See “NOTES” regarding this option.
–version Print program name and version and bail out.
–zero_fill “Zero-fill” certain arrays so reports come out with
data in columns that that might otherwise be blank.
Return Value
Pflogsumm doesn’t return anything of interest to the shell.
