Amavisd logging question
bill at inetmsg.com
Thu Mar 10 01:06:58 CET 2011
On 3/8/2011 10:28 AM, Bill Landry wrote:
> On 3/8/2011 6:57 AM, Mark Martinec wrote:
>>>>> I have been noticing for quite some time that amavisd-new logs test
>>>>> results messages to the maillog differently at time. For example:
>>>>> Feb 27 14:22:06 mail amavis: (27931-08) Passed CLEAN
>>>>> Feb 27 14:22:56 mail ch4-03611-04): (03611-04) Passed CLEAN
>>>>> These are 2 different message that amavisd-new tested and reported to
>>>>> the maillog as "Passed CLEAN". However, notice that the first log
>>>>> clearly shows it came from "amavis", but the second log entry show it
>>>>> came from "ch4-03611-04)". Note that there is also a closing ")" is
>>>>> second log entry but no opening "(".
>>>>> Any ideas why this is happening and what I can do to fix it? I am
>>>>> currently running amavisd-new-2.6.4 (20090625).
>>>> What syslog variant are you using?
>>>> Looks like part of a process name ($0) ends up as a syslog ident.
>>> I'm running Fedora 12:
>>> Linux mail.inetmsg.com 22.214.171.124-175.fc12.i686.PAE #1 SMP Wed Dec 1
>>> 21:45:50 UTC 2010 i686 athlon i386 GNU/Linux
>>> rsyslogd 4.4.2, compiled with: [...]
>> I just came across a note in the syslog(3) man page on Linux:
>> The argument 'ident' in the call of openlog() is probably stored as-is.
>> Thus, if the string it points to is changed, syslog() may start
>> the changed string, and if the string it points to ceases to exist,
>> the results
>> are undefined.
>> Perhaps using a static variable would help, in case the Unix::Syslog
>> module does not cope with this detail.
>> Could you please try the attached patch for 2.6.4 (same for 2.7.0).
> Mark, I've applied the patch and so far things are looking good. Usually
> I see about 500 of these "Mar 8 04:26:36 mail ch25-04407-25)" type
> entries in the maillog per day, so I'll report back tomorrow on whether
> the patched resolved this or not.
Well, it looks like it got better, only about 100 of these "ch..." type
entries in the past 24 hours. Here is a sample from this afternoon:
Mar 9 14:07:51 mail ch20-21366-20): (21366-20) Passed SPAM...
Mar 9 14:22:09 mail ch21-21366-21): (21366-21) Passed CLEAN...
Mar 9 14:27:30 mail ch22-21366-22): (21366-22) Passed SPAM...
More information about the amavis-users