LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-07-2014, 05:29 AM   #1
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Rep: Reputation: Disabled
How to better read the /var/log/maillog


I use sendmail , there are many mails send in and out and have log in /var/log/maillog , I usually read the log manually , it is very waste of time , would advise is there any tools or script that can better manage the log so that I can more easlier to find data from this log ? thanks
 
Old 10-07-2014, 10:06 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
What data are you looking for specifically?
 
Old 10-07-2014, 11:30 AM   #3
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
What data are you looking for specifically?
for example , if I want to search the error which the mail was sent to xxx@yyy.com , another example , if I want to find all mail which was sent between 17:00 to 17:02

Now the data is very raw, not easy to find such information .

thanks
 
Old 10-07-2014, 11:54 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Code:
grep xxx@yyy.com /var/log/maillog
and
Code:
grep 17:0[012] /var/log/maillog
should get you started.
 
1 members found this post helpful.
Old 10-07-2014, 09:34 PM   #5
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Code:
grep xxx@yyy.com /var/log/maillog
and
Code:
grep 17:0[012] /var/log/maillog
should get you started.
thanks reply ,

I guess many people feel headache to read /var/log/maillog , is there good script or any management tool to read it ?
 
Old 10-08-2014, 02:24 AM   #6
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,331

Rep: Reputation: 224Reputation: 224Reputation: 224
Every process (is that the right word?) has a unique identifier; in my (default) log format it's the 7th field (space-separated). When a message's fate doesn't happen in a set of contiguous events (common in a busy environment) I'll grep on the ID.

When I've been suspicious of a correspondent, or trying to debug a problem with a recipient, I'll grep on that address, pick out all the IDs (cut -d" " -f7 | sort -u) , then grep on those IDs. Or, if a set of correspondents have a common problem I'll grep on that error report, pick out the IDs, then grep on those IDs...

Sendmail has a forum at which you can ask; look at sendmail.org.

maillog is plain-text; you can write your own tool with a shell script.
 
Old 10-13-2014, 12:23 AM   #7
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
thanks reply ,

I have another question .

A user complaints can not receive the mail , I checked the /var/log/maillog , the mail server did not receive the mail during the time .

But I would like to ask.

1) can I check the log by the mail subject , the mail contains the mail subject ?
2) if the mail server did not received the mail , what is the best practice to trace the error ?
 
Old 10-13-2014, 05:24 AM   #8
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
The maillog should have the 'to' and 'from' address in logs, you can search by them. you can also search if the mail was queued for delivery or not.

I will suggest sending a test mail to your own account and tail the maillog, that will give you a proper insight of what happens when you send a mail.
 
Old 10-13-2014, 06:21 AM   #9
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by SAbhi View Post
The maillog should have the 'to' and 'from' address in logs, you can search by them. you can also search if the mail was queued for delivery or not.

I will suggest sending a test mail to your own account and tail the maillog, that will give you a proper insight of what happens when you send a mail.
thanks reply ,

It is strange that the mail was sent to two email address , one can not found in the maillog , but another one can not be found , would advise how can I trace it ? thanks
 
Old 10-13-2014, 10:23 PM   #10
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
Quote:
Originally Posted by byran cheung View Post
thanks reply ,

It is strange that the mail was sent to two email address , one can not found in the maillog , but another one can not be found , would advise how can I trace it ? thanks
it is not strange!! depends upon what i am getting with what you said, without any logs shared here. It is good if you paste the logs or what you see.

Also if you try sending a test mail as i suggested before.
 
Old 10-14-2014, 01:36 AM   #11
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,331

Rep: Reputation: 224Reputation: 224Reputation: 224
Quote:
Originally Posted by byran cheung View Post
A user complaints can not receive the mail , I checked the /var/log/maillog , the mail server did not receive the mail during the time .
You can't search by subject but you can search by sender or recipient. A sender will be logged with a line such as:

Quote:
Oct 1 10:04:42 banana sm-mta[1316]: s91G4ewc001316: from=<sender@domain.com>, size=6237, class=0, nrcpts=1, msgid=<561001823.23948541412160826553.JavaMail.nobody@bos1px-app2>, proto=ESMTP, daemon=MTA, relay=IDENT:1000@localhost [127.0.0.1]
See that number before the 'from'? That's the ID that is in the log for everything that happens to this message. Search on it to see what sendmail did with this message. If sender@domain.com doesn't even show up in maillog then something else kept it from getting to sendmail. Have sender search his maillog for to=sender@domain.com.
 
Old 03-26-2019, 04:12 PM   #12
snidleystash
LQ Newbie
 
Registered: Jan 2004
Location: Gaithersburg, MD
Posts: 6

Rep: Reputation: 1
/var/log/maillog defined

Where are the contents of /var/log/maillog defined? I'd like to be able to intelligently (HAH) read the log to be able to tell what is going on with emails I'm trying to send. Is there something to tell me what is in the log and how to interpret it?
 
Old 03-26-2019, 05:55 PM   #13
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.7.1908
Posts: 4,259

Rep: Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487Reputation: 1487
Quote:
Originally Posted by snidleystash View Post
Where are the contents of /var/log/maillog defined? I'd like to be able to intelligently (HAH) read the log to be able to tell what is going on with emails I'm trying to send. Is there something to tell me what is in the log and how to interpret it?
This thread is almost five years old, and you're asking a completely unrelated question.
Please open a new thread with your new question...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help... /var/log/maillog entries L1nuxn00b703 Linux - Newbie 1 10-07-2011 07:44 AM
/var/log/maillog is empty loftus49 Fedora 4 07-08-2010 01:21 AM
Sendmail won't log to /var/log/maillog zumajim Linux - Software 2 07-27-2009 03:38 PM
write mail log to /var/log/maillog jimmyjiang Red Hat 4 01-15-2008 07:18 PM
why is maillog on my server getting created in /var/log/maillog.3 ? weblink_dipti Linux - Software 2 06-16-2007 05:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration