awstats not reading maillog properly?
I've setup awstats on the same server over and over now with both the tar & rpm packages. At the moment I'm back to using the RHEL5 repo version. I've come to the conclusion that my awstats setup may be correct, but maybe my log isn't being parsed correctly.
This server was running RHEL3 earlier this month and I setup awstats for tracking the mail server's stats. It worked perfectly showing very accurate (exactly what we expected) numbers in the thousands every day. Then I upgraded to RHEL 5.4 and as far as I know set everything back to what it was. But now awstats only shows like 10-50 emails sent each day from the server, even though it's actually 1600~3000. I even used the pflogsumm package to verify that I wasn't just crazy, and it reported exactly what we expected.
Postfix settings in the main.cf are exactly as they were before.
The awstats conf file is exactly as it was before. I did a direct copy initially of the /var/www/cgi-bin/awstats stuff so that started out exactly the same with permissions and everything.
We're using mailman-2.1.9-4.el5 to send out 99.99% of emails on this server and those settings are all equally transferred right over.
I've tested mailman out using a test list...I sent about 3000 emails to the test list which had 2 recipients configured on it, and it reported about 3000 emails in awstats. I had thought that it worked at the time but now I'm realizing that since I sent it 3000 times, the server received 3000 emails, and sent 3000 more, so should have recorded over 6000. Mailman uses the aliases file for sending to mailing lists. For ex:
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
Maybe one of the perlscripts parses these sort of mails differently?
I've been going over and over the logs and it seems to only be recording (or marking as valid) the mail that the server receives back...bounces, automated responses, etc. whereas all email going out (according to the log) is just discarded. I'm assuming this is something to do with the log file format...but then I'm not sure what I can do about it since I can't seem to find any other instance of this on google.
in my awstats.postfix.conf file I have:
LogFile="perl /var/www/cgi-bin/awstats/maillogconvert.pl standard < /var/log/maillog |"
LogFormat="%time2 %email %email_r %host %host_r %method %url %code %bytesd"
I've also tried for the logfile:
LogFile="cat /var/log/maillog | /etc/awstats/prepflog.pl | perl /etc/awstats/maillogconvert.pl standard |"
I don't know much perl, but I did an sdiff on the maillogconvert.pl and the awstats.pl between the RHEL version and the tarball from the web site, and there are a few differences.
I've just tried using both versions of these files to update stats (deleting the awstats db files in between) to no avail.
Anyone have any idea what I may be missing?
Maybe it has something to do with mailman "personalization" and how those emails are differentiated (if they even are) in /var/log/maillog . I've been over the logs many times and I can't find any obvious differences in the formatting of before when it worked vs now when it's not working.
Makes me point more to the scripts, but then wouldn't this be a wider issue with more attention on the web that what I've found...which is nothing similar to this issue I'm having.
It ends up that apparently when postfix relays email off to an exchange server, it switches each log entry's DSN from 2.0.0 to 2.6.0 for some legitimate but unclear reason. The script maillogconvert.pl discards all log entries marked with a DSN of 2.6.0 because it's considered to be a "possible duplicate message". But in this case they are not duplicate messages, they're ALL outgoing messages from the server.
So what we did was just change the if/ifelse statement in the perlscript to check for "2._6.0" so it just fails. This works in our case because it's purely a listserv that sends out email notifications, not a server that user actively interact with like a regular email server. I still don't know why it's different than before...because it worked before. This was an upgrade from RHEL3 to RHEL5.
|All times are GMT -5. The time now is 04:39 PM.|