Logwatch and 5.0.1 now sending out LARGE messages

[OverZealous]

Since I upgraded to 5.0.1, my nightly logwatch is now including every single spam rejected message under **Unmatched Entries** for postfix. Has any one else seen this happen before? If so, how was it resolved?

Until I have time to try and fix it, I know how to prevent the postfix script from spitting out the unmatched entries, but if someone has any advice, I'd appreciate it.

OS: CentOS 5, Zimbra: 5.0.1

I couldn't find a single item under Zimbra Help regarding 'logwatch'.

[OverZealous]

Quick Update:
I ended up having to account for two changes to the log files:
First: when a message was rejected, the old format had a status code immediately followed by the email address (550 <bob@example.com>). The new format has a second number between them (550 5.5.2 <bob@example.com>). I had to update everywhere that logwatch was looking for
[0-9]+ <... or \d+ <...
to
[0-9]+(?: [\.0-9]+) ...
where the non-capturing group matches this new number. I also had to add this in at least one other place.

Second: The normal, status=sent or deferred line also changed, so I had to add a catchall in the middle.

If anyone is interested, I'd be happy to attach my updated postfix script for logwatch.

[fizi]

I resolved the problem on CentOS 5 by updating the Postfix Logwatch Scripts. You can get the newest version from: Postfix and Amavis Log Reporters

Oh guess I can put a HowTo as well:


Download the new processing script
The Postfix Logwatch script is maintained by Mike Cappella at his homepage: Postfix and Amavis Log Reporters
Download the latest stable version to your server.

Install the new processing script

Code:

1.	Backup the current configuration file:
          cd /usr/share/logwatch/default.conf/services/
          mv postfix.conf postfix.conf.bak
2.	Backup the current processing script
          cd /usr/share/logwatch/scripts/services
          mv postfix postfix.bak
3.	Extract the new scripts and configuration file and change into the same directory they extracted into
4.	Move the new configuration file and set the correct file permissions
          mv postfix-logwatch.conf /usr/share/logwatch/default.conf/services/postfix.conf
          chown root:root /usr/share/logwatch/default.conf/services/postfix.conf
          chmod 644 /usr/share/logwatch/default.conf/services/postfix.conf
5.	Move the new processing script and set the correct file permissions
          mv postfix-logwatch /usr/share/logwatch/scripts/services/postfix
          chown root:root /usr/share/logwatch/scripts/services/postfix
          chmod 755 /usr/share/logwatch/scripts/services/postfix
6.	Manually run logwatch and have it output to a file on the server to verify the output is correct
          logwatch --save /tmp/logwatchDebug.log

Additional Configuration (Optional)
If you want more details output for Postfix make the following change to your configuration file

Code:

vi /usr/share/logwatch/default.conf/services/postfix.conf

Near the bottom you will find a lot of different types of errors that can be logged.

[woodbot]

Hey guys thanks for the info and the howto fizi, I was suffering the same problem.

Can confirm this was successful in trimming the logwatch output on RHEL 5.

[OverZealous]

Thank you! Much better than my hack-n-slash job.