--- /dev/null
+
+FAQ for Pflogsumm.pl - A Log Summarizer/Analyzer for the Postfix MTA
+
+Introduction
+
+ I wouldn't have believed it. What started out mostly as a light-
+ hearted exercise in improving my facility with Perl--with the hope
+ that something useful would come out of it as well--has turned out to
+ be a somewhat popular utility. And as more Admins find out about
+ postfix, and more end up trying pflogsumm.pl, many of the questions,
+ suggestions, and enhancement requests are becoming "frequently
+ asked". So odd as it seems (to me, at any rate), it looks like it's
+ time for a FAQ.
+
+
+Index of pflogsumm.pl Frequently Asked Questions (in no particular order)
+
+ 1. Project Status
+ 2. "Could You Make" or "Here's A Patch To Make" Pflogsumm Do ...
+ 3. Requires Date:Calc Module
+ 4. Built-In Support for Compressed Logs
+ 5. Processing Multiple Log Files
+ 6. Time-Based Reporting and Statistics
+ 7. By-domain Listings
+ 8. Reject, Deferred and Bounced Detail Info
+ 9. "Orphaned" (no size) Messages
+ 10. Pflogsumm misses/mis-diagnoses/mis-reports, etc. <whatever>
+ 11. Pflogsumm is generating lots of "uninitialized value" warnings
+ 12. Pflogsumm just doesn't work or doesn't report anything
+ 13. Postfix Rejects Pflogsumm Reports Because Of Body Checks
+ 14. Pflogsumm Reports Double Traffic When Anti-Virus Scanner Used
+ 15. Pflogsumm's numbers don't add up
+ 16. Hourly stats for reports run without "-d" option are halved
+ 17. How Do I Get Pflogsumm To Email Reports To Me Daily/Weekly/etc.?
+ 18. How Can I View Pflogsumm's Reports In My Web Browser?
+ 19. New Red Hat install - Pflogsumm no longer works!
+ 20. How can I best format my custom reject messages for display in
+ Pflogsumm's output?
+ 21. Pflogsumm doesn't understand my log file format
+ 22. Why Isn't There Any Mention Of "Monkey Butler" In The FAQ?
+ 23. Translating Pflogsumm (Support for Internationalization)
+ 24. Pflogsumm may sometimes calculate "yesterday" incorrectly
+ 25. Sending Logfile Samples
+ 26. From Where Can I Obtain Pflogsumm?
+
+
+1. Project Status
+
+ New work on Pflogsumm is sporadic. It pretty much does everything I
+ need it to do and, so far as I can tell, pretty much what most other
+ people need it to do. And my time is limited.
+
+ I'll still take bug reports. I'll still fix bugs. (But I promise no
+ time-line.) I'll still answer questions (as time allows). And I
+ *may* add the occasional enhancement or whatever--as the mood
+ strikes--but Pflogsumm is pretty much a "finished work" as far as I'm
+ concerned.
+
+
+2. "Could You Make" or "Here's A Patch To Make" Pflogsumm Do ...
+
+ Unless it's a *bug* fix, please see: "1. Project Status"
+
+ To the argument "But it's a patch, all you have to do is...," the
+ answer is: "Not quite." Every time I make a change to Pflogsumm I
+ have to run it through a series of regression checks to make sure the
+ change didn't break something. Then there's the commit,
+ documentation, web page update, etc. cycle.
+
+ I'm particularly unlikely to add code to Pflogsumm to account for
+ non-standard Postfix log entries. "Non-standard" being defined as
+ "other than what Wietse's code does." Or additional stats gathering
+ that nobody else has requested and strikes *me* as of limited interest
+ or use. In addition to the development cycle, there's the issue of
+ "code bloat." Pflogsumm already takes enough (too much?) time and
+ memory on busy machines with large logs. I'm not prone to make this
+ worse for the sake of these things.
+
+ See Also: 21. Pflogsumm doesn't understand my log file format
+
+
+3. Requires Date::Calc Module
+
+ Pflogsumm requires the Date::Calc module. You can download and
+ install the Date::Calc module from CPAN. It can be found at:
+
+ http://search.cpan.org/search?module=Date::Calc
+
+ Or you can remove the code that's dependent on the Date::Calc module.
+ For the convenience of folks that would prefer to take this approach,
+ I've "fenced" all such code like this:
+
+ # ---Begin: SMTPD_STATS_SUPPORT---
+ .
+ .
+ .
+ <bunch of code>
+ .
+ .
+ .
+ # ---End: SMTPD_STATS_SUPPORT---
+
+ However, if you do this you will lose support for --smtpd_stats.
+
+ Later versions of the Pflogsumm distribution include a script to
+ semi-automate removing smtpd stats support, if you so-desire.
+
+ As of Pflogsumm-1.1.1, the presence of Date::Calc is optional. If you
+ don't want to use the Pflogsumm options that depend upon it, you
+ neither need Date::Calc, nor is it necessary to manually remove the
+ code that depends upon it.
+
+
+4. Built-In Support for Compressed Logs
+
+ I took a look at this. There is a Perl module (which I downloaded,
+ built, and installed here) to interface to libz, but after considering
+ the changes that would be necessary--and the fact that those changes
+ would require that potential users have to download/build/install libz
+ (and of the correct version) and the additional Perl module, I decided
+ to forego this enhancement.
+
+ I could just open a pipe within Pflogsumm and use zcat/gunzip/gzip.
+ That would depend upon a) them being there [probably a safe bet--
+ considering the logs somehow got into that format :-), but...] and b)
+ one of these either being in the path or having an environment
+ variable or a script variable or...
+
+ The thing is, in the latter case there's really no "savings" over
+ simply piping into Pflogsumm in the first place. Multiple processes
+ get spawned, pipes opened, etc. either way. It would add a little
+ convenience, is all.
+
+ So I could do it. And there are a couple of ways I could do it. And
+ my mind is certainly still open on the issue. I'm just not convinced
+ there's a good reason to do it, is all. And I'd like to avoid
+ "creeping over-feature-itis" if I can. My position is *not* set in
+ stone on this issue. In the mean-time:
+
+ zcat /var/log/maillog.0.gz |pflogsumm.pl <args...>
+
+ or
+
+ gunzip </var/log/maillog.0.gz |pflogsumm.pl <args...>
+
+ should do the trick quite nicely for you.
+
+ If you've a complex situation, for example: your logs aren't rotated
+ exactly at midnight, you might try something like:
+
+ (zcat /var/log/maillog.0.gz; cat /var/log/maillog) \
+ |pflogsumm.pl -d yesterday
+
+ See Also: 5. Processing Multiple Log Files
+ 17. How Do I Get Pflogsumm To Email Reports To Me
+ Daily/Weekly/etc.?
+
+
+5. Processing Multiple Log Files
+
+ When processing multiple log files (say: an entire weeks worth of logs
+ that are rotated daily), it is important that Pflogsumm be fed them in
+ chronological order. For performance and memory conservation reasons,
+ Pflogsumm relies on log messages "arriving" in the order in which they
+ were created.
+
+ If you do something like this:
+
+ pflogsumm /var/log/maillog*
+
+ you might not get what you expect! Instead, try something like:
+
+ pflogsumm `ls -rt /var/log/maillog*`
+
+ A more complex example, where compressed logs are involved:
+
+ (zcat `ls -rt /var/log/maillog.*.gz`; cat /var/log/maillog) \
+ |pflogsumm.pl
+
+ Obviously, this depends on the file modification times for your logs
+ being reflective of their chronological order. If that can't be
+ trusted, you're gonna have to get ugly. Like in enumerating each
+ file, or as in:
+
+ (for each in 3 2 1 0; do
+ zcat "/var/log/maillog.$each.gz"
+ done
+ cat /var/log/maillog) |pflogsumm.pl
+
+ or (somewhat more efficiently--by running zcat only once):
+
+ (zcat `for ea in 3 2 1 0; do echo "/var/log/maillog.$ea.gz";
+ done`; cat /var/log/maillog) |pflogsumm.pl
+
+ [Note: I didn't actually run these. So you would be well-advised
+ to double-check them.]
+
+ See Also: 4. Built-In Support for Compressed Logs
+ 17. How Do I Get Pflogsumm To Email Reports To Me
+ Daily/Weekly/etc.?
+
+
+6. Time-Based Reporting and Statistics
+
+ There has been a small assortment of requests for different time
+ statistics reporting. And adding this would be relatively straight-
+ forward. (Just have to reach a consensus on exactly *what* should be
+ reported, and how. This could easily get out of hand!)
+
+ There's only one *small* problem. Ironically, it's time.
+
+ I've experimented with Pflogsumm grokking the log timestamps. As a
+ matter-of-fact: the enhancement added in the 19990110-05 version
+ required that I do some of this. My first pass was to use the Perl
+ timelocal() function to convert those sub-strings to an integer for
+ subsequent comparison operations. Imagine my surprise when
+ performance of the resulting code was a factor of five (5) times
+ slower than that of its predecessor. After a "remove the statements
+ until it got fast again" exercise, I found that the culprit was
+ timelocal().
+
+ As of version 19990321-01, Pflogsumm does by-domain stats reporting of
+ average and maximum delivery time by host/domain. And an even earlier
+ version added by-hour and by-day message count reporting. Anything
+ much beyond these is going to get "expensive."
+
+ If/when any additional time-based stats reporting is added: I think
+ they are definitely going to be optional.
+
+ One way you can make up for Pflogsumm's deficiency in this respect is
+ to use good ol' Unix tools like "grep" to pre-process your log files
+ before feeding them to Pflogsumm. E.g.:
+
+ grep "Feb 9" /var/log/maillog |pflogsumm what_ever_args
+
+ Note that single-digit days-of-the-month have an additional leading
+ space in the logfiles, where the digit for two-digit dates would be.
+
+
+7. By-domain Listings
+
+ I figured on the desire for this one from the start. There are many
+ possibilities:
+
+ 1) A single report, split by domain
+ 2) An option to limit reporting to a particular domain
+
+ This issue is kind of tricky. The popularity of Unix amongst
+ SysAdmins is testimony to the beauty of being able to wire- together
+ small, simple tools so that one can generate output to ones taste.
+ Anything I do is likely to make some Admins happy and others wishing
+ I'd done it "the other way".
+
+ One thought that occurred is to perhaps provide a couple of options
+ that would allow one to limit a particular report to
+
+ sender=regular_expression and/or recipient=regular_expression
+
+ The problem with this solution is that an Admin desiring to emit
+ custom reports for multiple domains would have to re-process the same
+ log multiple times--once for each desired domain.
+
+ So I'm still thinking about this one.
+
+
+8. Reject, Deferred and Bounced Detail Info
+
+ I've actually only received one query about this so far, but there are
+ bound to be more. So...
+
+ The "detailed" information in the "Reject", "Deferred" and "Bounced"
+ reports is a compromise. Just take a stroll through your postfix logs
+ some day and observe the variation in how the "reason" for a
+ particular reject, defer, or bounce is reported. Without putting a
+ lot of static comparisons for each-and-every case into the analyzer, I
+ have absolutely no hope is doing this very well.
+
+ Emitting the entire "reason" is not good, either. The entire "reason"
+ string can be very long. Depending on what somebody is using to
+ display Pflogsumm's output, the lines may well wrap-- producing output
+ that is no more readable than just grepping the logs.
+
+ And anything more I do to this end may soon be rendered moot. After
+ Wietse gets most of the more important functional stuff out of the
+ way, Postfix logging is going to be completely re-written. (Oh boy,
+ won't that be fun!) I'm hoping I'll be able to get some input into
+ the process so the formatting is more amenable to automated
+ processing. Wietse has indicated that such would be the case.
+
+ Also, please note my primary objective behind Pflogsumm (besides the
+ entertainment value): "just enough detail to give the administrator a
+ ``heads up'' for potential trouble spots." It's not *supposed* to do
+ away with manual inspection entirely.
+
+ For those that really want all that extra detail in the log summary
+ reports, specify the "--verbose_msg_detail" switch.
+
+ See Also: 25. Sending Logfile Samples
+
+
+9. "Orphaned" (no size) Messages
+
+ The Problem:
+
+ Message size is reported only by the queue manager. The message
+ may be delivered long-enough after the (last) qmgr log entry that
+ the information is not in the log(s) processed by a particular run
+ of pflogsumm.pl.
+
+ The Result:
+
+ "Orphaned" messages. These are reported by Pflogsumm as "Messages
+ with no size data."
+
+ This, of course, throws off "Recipients by message size" and the
+ total for "bytes delivered." ("bytes in messages" in earlier
+ versions.)
+
+ The Solution:
+
+ "Memorize" message sizes by queue i.d. Easy in theory. Difficult
+ in practice. At least at the moment.
+
+ You see, if Pflogsumm's going to "memorize" message sizes, it has
+ to have some definitive way to know when to delete a no-
+ longer-needed reference. Otherwise the memory file will just grow
+ forever.
+
+ As with the "Reject, Deferred and Bounced Detail Info" issue above,
+ I'm hoping the get some input into future changes in logging issues.
+ In any event: maybe whatever comes out of the logging redesign will
+ provide a solution.
+
+ As of Pflogsumm version 1.0.12, the "Messages with no size data" report
+ can be turned off.
+
+
+10. Pflogsumm misses/mis-diagnoses/mis-reports, etc. <whatever>
+
+ Are you using a real old version of VMailer? As of pflogsumm.pl
+ version 19990220-06, versions of VMailer prior to 19981023 are no
+ longer supported. Sorry. Pflogsumm-19990121-01.pl will be made
+ permanently available from now on for those with out-of-date versions
+ of VMailer prior to 19981023.
+
+ Are you processing your log files in chronological order? See item
+ "5: "Processing Multiple Log Files".
+
+ Pflogsumm.pl is being developed by me on my rather small-scale server
+ at home. There are only two users on the system. And I do no
+ mail-forwarding. So the log samples I have to work with are
+ commensurately limited.
+
+ If there's something that Pflogsumm is not doing, or not doing right,
+ let me know what it is, what you think it ought to do, and send me a
+ representative sample of *real* log entries with which to work.
+
+ See Also: 5. Processing Multiple Log Files
+ 12. Pflogsumm just doesn't work or doesn't report anything
+ 15. Pflogsumm's numbers don't add up
+ 19. New Red Hat install - Pflogsumm no longer works!
+ 21. Pflogsumm doesn't understand my log file format
+ 25. Sending Logfile Samples
+
+
+11. Pflogsumm is generating lots of "uninitialized value" warnings
+
+ Are you using a version of Perl lower than 5.004_04? Perhaps with a
+ "beta" version of pflogsumm.pl? If so, try turning off the "-w"
+ switch. Pflogsumm as of 19990413-02beta appeared to work correctly
+ with Perl 5.003 in spite of the warnings. (Those warnings didn't
+ appear with Perl 5.004.)
+
+ I don't guarantee that I'll remember to test future versions of
+ pflogsumm.pl against 5.003, but I'll try to :-).
+
+ You really should consider upgrading your Perl to 5.004 or later.
+
+
+12. Pflogsumm just doesn't work or doesn't report anything
+
+ Did you *download* Pflogsumm as opposed to grabbing it by
+ "copy-and-paste" from a browser? Copy-and-paste can result in lines
+ being unintentionally wrapped and hard-tabs being converted to
+ spaces. This will break Pflogsumm.
+
+ Also, I've received a couple of reports by people downloading
+ Pflogsumm with Lynx that the download has long lines wrapped.
+ Naturally, this breaks Pflogsumm.
+
+ See Also: 10. Pflogsumm misses/mis-diagnoses/mis-reports, etc.
+ <whatever>
+ 19. New Red Hat install - Pflogsumm no longer works!
+ 21. Pflogsumm doesn't understand my log file format
+
+
+13. Postfix Rejects Pflogsumm Reports Because Of Body Checks
+
+ You configure Postfix to do body checks, Postfix does its thing,
+ Pflogsumm reports it and Postfix catches the the same string in the
+ Pflogsumm report. There are several solutions to this.
+
+ Wolfgang Zeikat contributed this:
+
+ #!/usr/bin/perl
+ use MIME::Lite;
+
+ ### Create a new message:
+ $msg = MIME::Lite->new(
+ From => 'your@send.er',
+ To => 'your@recipie.nt',
+ # Cc => 'some@other.com, some@more.com',
+ Subject => 'pflogsumm',
+ Date => `date`,
+ Type => 'text/plain',
+ Encoding => 'base64',
+ Path =>'/tmp/pflogg',
+ );
+
+ $msg->send;
+
+ Where "/tmp/pflogg" is the output of Pflogsumm. This puts Pflogsumm's
+ output in a base64 MIME attachment.
+
+ In a follow-up to a thread in the postfix-users mailing list, Ralf
+ Hildebrandt noted:
+
+ "mpack does the same thing."
+
+ The canonical FTP site for mpack is ftp.andrew.cmu.edu:pub/mpack/
+
+ The solution I came up with is to modify the body_checks statements to
+ ignore the strings when they're in a Pflogsumm report, as follows:
+
+ Bounce anything with 6 or more "$"s in a row...
+
+ /\${6,}/ REJECT
+
+ Which, of course, catches the line in the Pflogsumm report too.
+ So...
+
+ /^(?!\s+[0-9]+\s+).*?\${6,}/ REJECT
+
+ which reads "anything with 6 or more '$'s in a row that is not a line
+ beginning with one or more whitespace characters, followed by one or
+ more digits, followed by one or more whitespace characters."
+
+ (This is using PCRE's, btw.)
+
+ Note that my solution will be more computationally expensive, by a
+ *long* way, than encoding Pflogsumm's output into a format that
+ body_checks won't catch.
+
+ Robert L Mathews suggested the following solution
+
+ /^ {6,11}[[:digit:]]{1,6}[ km] / OK
+
+ Placed at the beginning of a body_checks file, this will "pre-approve"
+ lines in Pflogsumm's output that might otherwise get caught. That's
+ a POSIX regexp version. A PCRE version of the same thing would be:
+
+ /^ {6,11}\d{1,6}[ km] / OK
+
+
+14. Pflogsumm Reports Double Traffic When Anti-Virus Scanner Used
+
+ Sadly, there's absolutely nothing I can do about this :-(.
+
+ The problem arises because of the way in which anti-virus scanning is
+ handled by Postfix. Basically, Postfix "delivers" each email to the
+ anti-virus scanner and the anti-virus scanner re-sends it through
+ Postfix. So each email really is received twice and sent/delivered
+ twice.
+
+ And yes, I tried. I really, really tried. If I recall correctly, I
+ spent come two days mucking-about with this problem. Actually thought
+ I had it once or twice. But the results inevitably failed regression
+ testing. At the end of this, and with some more careful thought, I
+ realized it just wasn't possible. If you think you can prove me
+ wrong, please do so. I'd be quite pleased to be proven wrong on this
+ one.
+
+ johnfawcett at tiscali-dot-it believes he's done it. You may find
+ prefiltering your log with his "prepflog" does it for you. You can
+ find it at <http://web.tiscali.it/postfix/>.
+
+
+15. Pflogsumm's numbers don't add up
+
+ Pflogsumm reports more "delivered" than "received"
+
+ Naturally. A single email message can have multiple recipients.
+
+ Pflogsumm reports more "rejected" than "received"
+
+ Why doesn't delivered + deferred + bounce + rejected = received?
+
+ Some rejects (header and body checks, for example) happen in
+ "cleanup," after alias lists are expanded. Thus a single received
+ message will be rejected multiple times: once for each recipient.
+
+ The "size=" fields, multiplied by their "nrcpt=" fields, when added-up
+ yields a total higher than Pflogsumm's "bytes delivered" total.
+
+ Pflogsumm doesn't count something delivered until it actually *is*
+ delivered. Nrcpt only suggests the number of intended recipients,
+ not how many are actually deliverable. Only if there were no
+ bounces, rejects, defers or other undeliverables for everything
+ that was received would a calculation such as that above yield the
+ proper value.
+
+ Pflogsumm's "% rejected" doesn't add up
+
+ The "percent rejected" and "percent discarded" figures are only
+ approximations. They are calculated as follows (example is for
+ "percent rejected"):
+
+ percent rejected =
+
+ (rejected / (delivered + rejected + discarded)) * 100
+
+ Given the issues discussed above, this is really the best that can
+ be hoped-for, IMO.
+
+ I consistently see more "delivered" than "received." How is that
+ possible?
+
+ Any message that's got multiple recipients in the "To:,"
+ "Cc:," and "Bcc:" fields will result in a single "received"
+ with multiple "delivered"s, as well as, possibly, multiple
+ "rejects" (or reject warnings, discards or holds), depending
+ on where in Postfix' processing the rule was that resulted
+ in the reject, etc.
+
+ See Also: 10. Pflogsumm misses/mis-diagnoses/mis-reports, etc.
+ <whatever>
+
+
+16. Hourly stats for reports run without "-d" option are halved
+
+ Scenario: On day #1 of a fresh logfile, you run Pflogsumm with "-d
+ today" and the next day you run it with no "-d" option. The "Per-Hour
+ Traffic" statistics are approximately halved. How can this be?
+
+ Note that when you run Pflogsumm on a logfile that contains multi-day
+ logfile entries, Pflogsumm automatically changes the per-hour stats to
+ daily traffic averages. If there's even *one* logfile entry from
+ another day, all of the per-hour stats will be divided by two. Unless
+ you rotate logfiles *precisely* at midnight--and it's unlikely you can
+ guarantee that happening--there's no way to prevent this.
+
+
+17. How Do I Get Pflogsumm To Email Reports To Me Daily/Weekly/etc.?
+
+ Excuse me? You're running a mailserver and you don't know how to use
+ cron to run things on a scheduled basis and pipe the output to
+ something that'll email it to you?
+
+ Oh. My. Lord.
+
+ *sigh*
+
+ Here's my crontab entries:
+
+ 10 0 * * * /usr/local/sbin/pflogsumm -d yesterday /var/log/syslog \
+ 2>&1 |/usr/bin/mailx -s "`uname -n` daily mail stats" postmaster
+
+ 10 4 * * 0 /usr/local/sbin/pflogsumm /var/log/syslog.0 \
+ 2>&1 |/usr/bin/mailx -s "`uname -n` weekly mail stats" postmaster
+
+ (Those are actually each a single line. I line-broke them [and
+ signified that with the "\"s] for readability.)
+
+ The first generates stats for the previous day and is run *after*
+ midnight. The second is run against the previous week's entire log.
+ (I rotate my logs weekly.)
+
+ If you rotate your logs on a different schedule, want monthly reports,
+ etc., I leave it as an exercise to you, the reader, to figure out how
+ to concatenate several logs to stdout and feed that to Pflogsumm.
+
+ See Also: 4. Built-In Support for Compressed Logs
+ 5. Processing Multiple Log Files
+ The Unix manual pages for "cron," "crontab," "cat,"
+ "zcat," "gzip," "gunzip," "mail," "mailx," etc.
+
+
+18. How Can I View Pflogsumm's Reports In My Web Browser?
+
+ Just direct Pflogsumm's output to a file, call it "something.txt" or
+ whatever, and look at it with your browser :). If you want to get
+ fancy, create a post-processing shell script that'll create a
+ date-tagged file, like "mailstats-20030216.txt". It's easy.
+
+ See Also: Pflogsumm Through A Browser, on Pflogsumm's home page.
+
+
+19. New Red Hat install - Pflogsumm no longer works!
+
+ From some email exchanges with a couple of people that reported
+ this...
+
+ "It appears the Pflogsumm is broken with RedHat9. I can take
+ the same log file and run it under Solaris9/RedHat 7.3 (perl 5.8
+ on both) without a problem, but it breaks on RH9."
+
+ "Oops. Sorry about the false alarm. This is an issue with
+ some of the other Perl scripts that are out there due to Red Hat
+ 8/9 using LANG=en_US.UTF-8
+
+ Changing the locale to "POSIX" fixes this...
+ LANG=C
+
+ Note that Pflogsumm works fine when run through cron.daily, as
+ cron has different environment settings."
+
+ "Ah, the good old RH8/9 UTF-8 strikes again. I should have
+ known. Setting LANG to either en_US or C fixes the problem."
+
+ What the above means is that you have to change the "LANG" environment
+ variable from "en_US.UTF-8" to "en_US" or "C". E.g.:
+
+ LANG="en_US"
+ export LANG
+
+ in your shell. Or you could add these commands to your login
+ profile. (I.e.: $HOME/.bash_profile, if you're using bash.) Or set
+ the system-wide default in /etc/sysconfig/i18n. My RH boxes have LANG
+ set to "en_US" there, and everything seems to work fine. (If you set
+ it in your profile or the system-wide default, you'll need a fresh
+ login for it to take effect, obviously.)
+
+ See Also: 10. Pflogsumm misses/mis-diagnoses/mis-reports, etc.
+ <whatever>
+ 12. Pflogsumm just doesn't work or doesn't report anything
+ 21. Pflogsumm doesn't understand my log file format
+
+
+20. How can I best format my custom reject messages for display in
+ Pflogsumm's output?
+
+ Reject reason strings found in the mail log will be truncated at the
+ first comma (","), colon (":") or semi-colon (";"). If you want a
+ "clause" in your reject message to appear in Pflogsumm's output,
+ without having to specify --verbose_msg_detail, use a punctuation mark
+ other than one of those three, such as a dash ("-").
+
+
+21. Pflogsumm doesn't understand my log file format
+
+ I've received several requests to modify Pflogsumm's log file format
+ regular expression matching to accommodate "non-standard" log file
+ formats. I'm not inclined to honour such requests. The regexp that
+ identifies Postfix' log file entries is nearly incomprehensible as it
+ is. If your log file format has extra fields (e.g.: FreeBSD syslogd
+ with "-v -v" specified), or, as in one case (metalog), is lacking
+ fields, and you insist on doing things that way, I recommend you
+ code-up a little pre-filter to mung the format into a standard one.
+
+ See Also: 10. Pflogsumm misses/mis-diagnoses/mis-reports, etc.
+ <whatever>
+ 12. Pflogsumm just doesn't work or doesn't report anything
+ 19. New Red Hat install - Pflogsumm no longer works!
+
+
+22. Why Isn't There Any Mention Of "Monkey Butler" In The FAQ?
+
+ A friend of mine asked me if I'd put the phrase "monkey butler" in
+ the FAQ. The answer is no. Pflogsumm is used by some rather large
+ corporations. There are credibility issues. Sorry. :)
+
+
+23. Translating Pflogsumm (Support for Internationalization)
+
+ Unfortunately, Pflogsumm doesn't currently have i18n support.
+
+ It wasn't until at least Perl 5.6 that i18n was included as part of
+ the base distribution. Since, last time I looked, 5.005* was still
+ the most widely-used version of Perl (that's what I'm still running
+ everywhere, too), I can't put i18n in without chancing breaking
+ things right-and-left for the majority of my customers.
+
+ Even with Perl 5.6 and above, it was mentioned in postfix-users, by
+ Liviu Daia, that
+
+ "Perl 5.6+ has locales. Locales can give you localized
+ dates, charsets, standard error messages etc., but it
+ won't automatically switch languages of the strings
+ defined in your program. For that, you still need
+ gettext or something equivalent."
+
+ So I'm not clear on the future of i18n support in Pflogsumm. But I'm
+ keeping an eye on things. Proper i18n support has long been one of
+ the top things on my own wish list!
+
+ Prospective translators are urged to translate *only* the
+ stable/production versions. Beta and Alpha versions can sometimes
+ change rapidly.
+
+ If you do translate Pflogsumm, let me know and I'll put a link to it
+ on Pflogsumm's main web page.
+
+
+24. Pflogsumm may sometimes calculate "yesterday" incorrectly
+
+ As Wieland Chmielewski aptly noted:
+
+ Subroutine get_datestr incorrectly assumes that each day of
+ the year comprises 24 hours. In those countries which
+ participate in Daylight Saving Time policy there is one day
+ with 23 hours and one day with 25 hours. So, chances are (for
+ 1 hour within those days) that get_datestr actually returns
+ either "the day before yesterday" or "today" instead of
+ "yesterday" as requested.
+
+ Right you are, Wieland, and thanks for the catch.
+
+ Problem is, of course, there's really no clean, easy, certain fix.
+ The work-around is to stay well clear of DST never-never land with
+ your cron jobs.
+
+
+25. Sending Logfile Samples
+
+ Here's the deal with whatever you may send me in the way of log
+ samples:
+
+ . Obfuscate them if you want. But take care not alter them
+ in such a manner that they're not accurate wrt the "realism" of
+ the data, make sure the field formatting is not altered, and
+ that the order of the log entries is not altered.
+
+ . The world is an unsafe place for your data, no matter where
+ it might reside. But I'll do my level best to ensure that your
+ data does not fall into the hands of others.
+
+ . If you want, I'll PGP-encrypt the data when it's not in
+ use.
+
+ . You can PGP-encrypt it when you send it to me if you're
+ concerned. My PGP public key can be found on my Web site and at
+ the PGP public key servers.
+
+ . If you want, I'll delete the sample data when the work is
+ done. But I would *like* to keep it around for future
+ regression-testing. It's your call. Let me know.
+
+
+26. From Where Can I Obtain Pflogsumm?
+
+ http://jimsun.LinxNet.com/postfix_contrib.html
+
+
+Created: 15 Feb., 1999 / Last updated: 10 April, 2004