popbsmtpd-users
I have a better syslog filter definition
Hi James,
I compared our syslog-ng.conf files, and there is no significant
difference. The extraneous close-paren at the end of the file must be an
artifact of mailing it, because syslog-ng refuses to use a configuration
file with it present and logs an error saying so. Either that, or it is
using a different configuration file...
I looked a little deeper into the syslog-ng manual (at
http://www.balabit.hu/static/syslog-ng/reference/book1.html), and found a
better filter line:
=======
filter f_spop3 { program("stunnel") or program("spop3") or program("simap"); };
=======
(That should all be on one line.)
This more accurately reflects what we are trying to extract, and handles
both POP and IMAP logins. It works for me; try that.
And (grasping at straws), a few more things:
# rpm -qa | grep syslog
syslog-ng-1.4.10-1.0.24
# ls -l /var/log/spop3.log
prw------- 1 root root 0 Sep 9 20:15 /var/log/spop3.log
# ps ax
405 ? S 8:52 /sbin/syslog-ng --cfgfile=/etc/syslog-ng.conf
26357 ? S 0:00 /usr/sbin/popbsmtpd --daemon --loglevel=1 --pidfile=/var/run/popbsmtpd.pid
I'm fresh out of ideas, but until something is written to that pipe we
are stuck.
I have attached the output generated by popbsmtpd when run on the command
line as "popbsmtpd --loglevel=5", doing a POP login, and hitting Ctrl+C
so you can see what you should be looking for.
Good luck, and let me know if that new filter line works.
Marcus Redivo
PS: I'm writing a reference manual, which should be ready some time next week.
I will advise you when it is available.
This archive was generated by hypermail 2.1.6 on 2005-11-05 00:15:05 PST
| 
