Last Updated: 980323

splogger and syslog

Introduction

Most people by default are using splogger to log qmail activity. Unfortunately, this can be a real hassle if you are not familiar with syslog. This document will attempt to give you a cursory introduction to using splogger with syslog.

splogger

splogger is the mechanism that qmail will output to in order to relay the information to syslog. Most people have something such as:

csh -cf 'qmail-start ./Mailbox splogger qmail &'

to start their qmail operation. The second argument to qmail-start is the command to receive logging information. This can be any program. splogger is the program which ships with qmail, so most people will be using this.

The first parameter to splogger "qmail" is the string which will be prepended to each log message.

splogger will send all messages to syslog with the "info" priority, unless the message starts with alert: or warning: in which case it will have "alert" or "warning" priority respectively.

syslog

syslog may be a little different on various systems. Let's start with the configuration file.

syslog.conf

View the manual page on your system for the specifics of the format for syslog.conf. Essentially you will have an entry similar to:

mail.debug /var/log/maillog

This will log all messages from the "mail" facility with priority "debug" and up to the file /var/log/maillog. Do not forget that you need to separate the selector (mail.debug) and the action (/var/log/maillog) with a tab.

Since splogger only handles three priorities (or levels), there will only be a few other options which will be useful:

mail.info /var/log/maillog
All qmail messages will be saved in /var/log/maillog
mail.warning /var/log/maillog
Any "warning" or "alert" message will be saved in /var/log/maillog
mail.alert /var/log/maillog
Only "alert" messages will be saved in /var/log/maillog

Log Rotation

Some people may be fortunate enough to have their system to automatically roll over syslog files via a cron command. If you are not so lucky, you will need to create a command which will run periodically (via cron) to roll the logs over. A simple shell script to do this might look as follows:

#!/bin/sh
cd /var/log
mv maillog maillog.old
cp /dev/null maillog
chmod 644 maillog
kill -HUP `cat /etc/syslog.pid`

This will move the log file from maillog to maillog.old and tell the syslogd service to reload its files. Some systems may have the process file in a location other than /etc/syslog.pid. Another location may be /var/run/syslog.pid. Check your syslogd man page for more information.

As a side note, if you are running low on space, you could run a cron script which does something like:

rm maillog.old.gz
nice -n 20 /usr/local/bin/gzip /var/log/maillog.old

to scrunch up the log (they compress nicely!).



Written by Eric Huss

Comments welcome.