popbsmtpd-users

I have a better syslog filter definition

From: AP3K Assistance (assistance_at_<censored>)
Date: 2002-09-10 00:27:23

• Next message: Pete O'Hara: "Re: My POP-before-SMTP monitor"
• Previous message: Marcus Redivo: "I have a better syslog filter definition"
• In reply to: Marcus Redivo: "I have a better syslog filter definition"
• Next in thread: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Reply: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Reply: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Marcus,

YES!
I ran p sax and found that syslog-ng was reading the config from a file
called /etc/syslog-ng-nobind.conf (which I have attached). I guess this
is because I havn't got dns installed on my machine. I have now ran with
logging options and I get the attached text file which looks good.

Even tho its detecting my ip, it doesn't appear to be logging it to the
database. If I pico pop-before-smtp.db it is empty.

I have also attached my main.cf incase there is anything wrong in there.

Can you please send a reply to ap4k o2.co.uk as my server is flakey at
the moment.

Cheers Mate

James

-----Original Message-----
From: Marcus Redivo
Sent: 10 September 2002 4:41 AM
To: assistance_at_ap3k.com
Subject: I have a better syslog filter definition

Hi James,

I compared our syslog-ng.conf files, and there is no significant
difference.
The extraneous close-paren at the end of the file must be an artifact of
mailing it, because syslog-ng refuses to use a configuration file with
it
present and logs an error saying so. Either that, or it is using a
different
configuration file...

I looked a little deeper into the syslog-ng manual (at
http://www.balabit.hu/static/syslog-ng/reference/book1.html), and found
a
better filter line:

=======
filter f_spop3 { program("stunnel") or program("spop3") or
program("simap"); };
=======

(That should all be on one line.)

This more accurately reflects what we are trying to extract, and handles
both POP and IMAP logins. It works for me; try that.

And (grasping at straws), a few more things:

# rpm -qa | grep syslog
syslog-ng-1.4.10-1.0.24

# ls -l /var/log/spop3.log
prw------- 1 root root 0 Sep 9 20:15 /var/log/spop3.log

# ps ax
  405 ? S 8:52 /sbin/syslog-ng --cfgfile=/etc/syslog-ng.conf
26357 ? S 0:00 /usr/sbin/popbsmtpd --daemon --loglevel=1 --pidfile=/var/run/popbsmtpd.pid

I'm fresh out of ideas, but until something is written to that pipe we
are
stuck.

I have attached the output generated by popbsmtpd when run on the
command line as
"popbsmtpd --loglevel=5", doing a POP login, and hitting Ctrl+C so you
can see what you should be looking for.

Good luck, and let me know if that new filter line works.

Marcus Redivo

PS: I'm writing a reference manual, which should be ready some time next
week. I will advise you when it is available.

The Binary Tool Foundry
http://www.binarytool.com

• Next message: Pete O'Hara: "Re: My POP-before-SMTP monitor"
• Previous message: Marcus Redivo: "I have a better syslog filter definition"
• In reply to: Marcus Redivo: "I have a better syslog filter definition"
• Next in thread: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Reply: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Reply: Marcus Redivo: "RE: [EnGarde] Re: Dynamic SMTP Sending. Help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.6 on 2005-11-05 00:15:05 PST