Главная Почтовые сервера Настройка Exilog для работы с логами сервера Exim

Настройка Exilog для работы с логами сервера Exim

Опубликованно 23.08.2016 автором . Рубрика: Почтовые сервера. Добавить в закладки: постоянная ссылка.

В предыдущих статьях мы с Вами настроили Exim  в связке Vexim,Spamassasin,ClamAV  и Dovecot.

Теперь настроим Exilog для просмотра отправленных и полученных писем.

Exilog —

программа,позволяющая просматривать по всевозможным фильтрам логи Exim

через  веб-морду. Использует mysql( postgresql).

Устанавливаем с из портов

exim# cd /usr/ports/mail/exilog

exim# make install

Создаем базу данных:

exim# mysql -u root -p password:******

CREATE DATABASE exilog  DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

use exilog;

GRANT ALL PRIVILEGES ON exilog.* TO  exilog@localhost IDENTIFIED BY ‘exilog’;

GRANT ALL PRIVILEGES ON *.* TO exilog@localhost IDENTIFIED BY ‘exilog’ WITH GRANT OPTION;

Дамп таблиц находится —  /usr/local/share/doc/exilog/mysql-db-script.sql

Команда импорта данных :

mysql -u root -p *********  -D exilog </usr/local/share/doc/exilog/mysql-db-script.sql

Однако, дамп не импортируется из-за  слишком длинных праймари кей.

Единственное решение -укоротить их.

Что у меня:

# phpMyAdmin MySQL-Dump

# version 2.3.2

#

# Host: localhost

# Erstellungszeit: 02. Juni 2005 um 15:40

# Server Version: 3.23.47

# PHP-Version: 4.1.2

# Datenbank: `exilog`

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `deferrals`

#

CREATE TABLE `deferrals` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`timestamp` bigint(20) NOT NULL default ‘0’,

`rcpt` varchar(200) NOT NULL default »,

`rcpt_intermediate` varchar(200) default NULL,

`rcpt_final` varchar(200) NOT NULL default »,

`host_addr` varchar(15) default NULL,

`host_dns` varchar(255) default NULL,

`tls_cipher` varchar(128) default NULL,

`router` varchar(128) default NULL,

`transport` varchar(128) default NULL,

`shadow_transport` varchar(128) default NULL,

`errmsg` blob,

PRIMARY KEY  (`server`,`message_id`,`timestamp`,`rcpt`(100),`rcpt_final`(100)),

KEY `rcpt` (`rcpt`),

KEY `rcpt_final` (`rcpt_final`),

KEY `server` (`server`),

KEY `message_id` (`message_id`),

KEY `timestamp` (`timestamp`),

KEY `host_addr` (`host_addr`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `deliveries`

#

CREATE TABLE `deliveries` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`timestamp` bigint(20) NOT NULL default ‘0’,

`rcpt` varchar(200) NOT NULL default »,

`rcpt_intermediate` varchar(200) default NULL,

`rcpt_final` varchar(200) NOT NULL default »,

`host_addr` varchar(15) default NULL,

`host_dns` varchar(255) default NULL,

`tls_cipher` varchar(128) default NULL,

`router` varchar(128) default NULL,

`transport` varchar(128) default NULL,

`shadow_transport` varchar(128) default NULL,

PRIMARY KEY  (`server`,`message_id`,`timestamp`,`rcpt`(100),`rcpt_final`(100)),

KEY `rcpt` (`rcpt`),

KEY `rcpt_final` (`rcpt_final`),

KEY `host_dns` (`host_dns`),

KEY `timestamp` (`timestamp`),

KEY `server` (`server`),

KEY `message_id` (`message_id`),

KEY `host_addr` (`host_addr`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `errors`

#

CREATE TABLE `errors` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`timestamp` bigint(20) NOT NULL default ‘0’,

`rcpt` varchar(200) NOT NULL default »,

`rcpt_intermediate` varchar(200) default NULL,

`rcpt_final` varchar(200) NOT NULL default »,

`host_addr` varchar(15) default NULL,

`host_dns` varchar(255) default NULL,

`tls_cipher` varchar(128) default NULL,

`router` varchar(128) default NULL,

`transport` varchar(128) default NULL,

`shadow_transport` varchar(128) default NULL,

`errmsg` blob,

PRIMARY KEY  (`server`,`message_id`,`timestamp`,`rcpt`(100),`rcpt_final`(100)),

KEY `timestamp` (`timestamp`),

KEY `server` (`server`),

KEY `rcpt` (`rcpt`),

KEY `host_addr` (`host_addr`),

KEY `message_id` (`message_id`),

KEY `rcpt_final` (`rcpt_final`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `messages`

#

CREATE TABLE `messages` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`timestamp` bigint(20) default NULL,

`msgid` varchar(255) default NULL,

`completed` bigint(20) default NULL,

`mailfrom` varchar(255) default NULL,

`host_addr` varchar(15) default NULL,

`host_rdns` varchar(255) default NULL,

`host_ident` varchar(255) default NULL,

`host_helo` varchar(255) default NULL,

`proto` varchar(32) default NULL,

`size` bigint(20) default NULL,

`tls_cipher` varchar(128) default NULL,

`user` varchar(128) default NULL,

`bounce_parent` varchar(16) default NULL,

PRIMARY KEY  (`server`,`message_id`),

KEY `msgid` (`msgid`),

KEY `user` (`user`),

KEY `timestamp` (`timestamp`),

KEY `host_addr` (`host_addr`),

KEY `message_id` (`message_id`),

KEY `bounce_parent` (`bounce_parent`),

KEY `mailfrom` (`mailfrom`),

KEY `server` (`server`),

KEY `host_dns` (`host_rdns`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `queue`

#

CREATE TABLE `queue` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`mailfrom` varchar(255) NOT NULL default »,

`timestamp` bigint(20) NOT NULL default ‘0’,

`num_dsn` int(11) NOT NULL default ‘0’,

`frozen` bigint(20) default NULL,

`recipients_delivered` blob,

`recipients_pending` blob,

`spool_path` varchar(64) NOT NULL default »,

`subject` varchar(255) default NULL,

`msgid` varchar(255) default NULL,

`headers` blob NOT NULL,

`action` varchar(64) default NULL,

PRIMARY KEY  (`server`,`message_id`),

KEY `spool_path` (`spool_path`),

KEY `mailfrom` (`mailfrom`),

KEY `message_id` (`message_id`),

KEY `server` (`server`),

KEY `timestamp` (`timestamp`),

KEY `frozen` (`frozen`),

KEY `msgid` (`msgid`),

KEY `action` (`action`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `rejects`

#

CREATE TABLE `rejects` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary default NULL,

`timestamp` bigint(20) NOT NULL default ‘0’,

`host_addr` varchar(15) NOT NULL default »,

`host_rdns` varchar(255) NOT NULL default »,

`host_ident` varchar(255) default NULL,

`host_helo` varchar(255) default NULL,

`mailfrom` varchar(255) default NULL,

`rcpt` varchar(255) default NULL,

`errmsg` varchar(255) NOT NULL default »,

UNIQUE KEY `rejects_unique` (`server`,`timestamp`,`host_addr`,`errmsg`),

KEY `message_id` (`message_id`),

KEY `server` (`server`),

KEY `timestamp` (`timestamp`),

KEY `host_addr` (`host_addr`),

KEY `mailfrom` (`mailfrom`),

KEY `rcpt` (`rcpt`),

KEY `host_dns` (`host_rdns`)

) TYPE=MyISAM;

# ———————————————————

#

# Tabellenstruktur fьr Tabelle `unknown`

#

CREATE TABLE `unknown` (

`server` varchar(32) NOT NULL default »,

`message_id` varchar(16) binary NOT NULL default »,

`timestamp` bigint(20) NOT NULL default ‘0’,

`line` varchar(255) NOT NULL default »,

PRIMARY KEY  (`server`,`message_id`,`timestamp`,`line`),

KEY `server` (`server`),

KEY `message_id` (`message_id`),

KEY `timestamp` (`timestamp`)

) TYPE=MyISAM;

#END OF FILE

Теперь правим конфиг:

/usr/local/etc/exilog.conf

Что у меня:

# НАЧАЛО

{ # DO NOT REMOVE THIS BRACKET

# Exilog config file. Read the comments. Obey the syntax.

# (c) Tom Kistner 2005

‘servers’ => { # ————————————

# Server definitions. One block per server,

# separated with comma.

# Currently, each server only has a single

# property: Its group membership. Groups are

# just strings that bundle servers. Each

# server can only be in one group.

# Keep the server names short (do not use FQDN).

# Likewise, keep the group names short.

‘exim’ => {

‘group’ => ‘Mail’

},

#      ‘fanucci’ => {

#                     ‘group’ => ‘MXes’

#                   }

}, # End of server definitions ———————-

‘sql’ => { # —————————————-

# SQL Server definition. Use one of the following

# blocks as a template.

# Example for local MySQL server

‘type’     => ‘mysql’,

‘DBI’      => ‘DBI:mysql:database=exilog;’,

‘user’     => ‘exilog’,

‘pass’     => ‘exilog’

# Example for remote MySQL server

#’type’     => ‘mysql’,

#’DBI’      => ‘DBI:mysql:database=exilog;host=foobar.duncanthrax.net;port=3306’,

#’user’     => ‘myuser’,

#’pass’     => ‘mypass’

# Example for Postgresql server

#’type’     => ‘pgsql’,

#’DBI’      => ‘DBI:Pg:dbname=exilog;host=195.2.162.40;port=5432;’,

#’user’     => ‘myuser’,

#’pass’     => ‘mypass’

}, # End of SQL server definition ———————

‘agent’ => { # —————————————

# Agent configuration.

# The agent writes a log file. You can also

# use /dev/null here once things are running

# smoothly.

‘log’ => ‘/var/log/exilog_agent’,

# The agent writes its PID into this file. Useful,

# if you want to start the agent using a command

# like start-stop-daemon.

‘pidfile’ => ‘/var/run/exilog-agent.pid’,

# If this is set to ‘no’, the agent will NOT change

# its process names to be more informative. This will

# prevent problems on systems that restrict changes

# to process names for security reasons (Debian and

# NetBSD for example).

‘use_pretty_names’ => ‘yes’,

# The server the agent is running on. MUST

# be one of the names specified in the

# ‘Servers’ section above.

‘server’ => ‘exim’,

# The log(s) to monitor. If you log via syslog,

# this will only be a single file (typically

# /var/log/mail). If you use Exim’s own logging,

# you should specify the mainlog and rejectlog here.

‘logs’ => [

#  ‘/var/log/exim/rejectlog’,

‘/var/log/exim/mainlog’

],

# Path to Exim’s queue directory.

‘queue’ => ‘/var/spool/exim’,

# Path to your Exim binary

‘exim’ => ‘/usr/sbin/exim’,

# Delay between two queue listing refreshes.

# Thirty seconds is reasonable.

‘queue_refresh_delay’ => 30

}, # End of Exilog Agent configuration —————

‘cleanup’ => { # ————————————-

# Configuration for the database cleanup tool

# (exilog_cleanup.pl).

# How many days worth of logs to keep in the

# database. 10 days is somehow reasonable. If

# you run a small shop you can also keep months

# of logs. If you run a VERY big shop you might

# want to reduce this number or buy some more

# processing power.

‘cutoff’ => 10

}, # End of exilog_cleanup.pl configuration ———-

‘web’ => { # ——————————————

# Options for the web interface.

# Defines how the web interface shows timestamps.

# Use ‘local’ to use the local time of the HTTP server

# machine, or use ‘gmt’ to use normalized GMT

# timestamps.

# TIP: If all of your machines are in one time zone,

# use ‘local’.

‘timestamps’ => ‘local’,

# When using basic auth to restrict access to the web

# interface, you can define users to be «read-only».

# They will not be able to cancel or delete messages

# (but they can start a delivery run). Clients that

# do not authenticate are mapped to a user name

# of «anonymous».

‘restricted_users’ => [

‘anonymous’,

‘bob’,

‘alice’,

‘peter’

]

} # End of web interface configuration —————

};

# EOF

В качестве лога, который будет проверяться я выбрал свой —

‘/var/log/exim/mainlog’. Кстати, он должен быть прописан в конфигурационном файле Exim.

Смотрите предыдущие статьи.

Добавим в автозагрузку в /etc/rc.conf:

exilog_enable=»YES»

Запускаем демон:

/usr/local/etc/rc.d/exilog start

Проверим, все ли хорошо:

ps -ax |grep exilog

Должны увидеть нечто подобное

:

>ps -ax |grep exilog

24902  ??  Ss   0:00.12 [exilog_agent] (perl5.8.8)

24903  ??  S    0:06.03 [exilog_agent:_tail] (/var/log/maillog) (perl5.8.8)

24904  ??  S    0:03.79 [exilog_agent:_queue_manager] (/var/spool/exim) (perl5.8.8)

24905  ??  S    0:13.34 [exilog_agent:_queue_actions]  (perl5.8.8)

Все ок.

Если нет — необходимо просмотреть логи, ибо в них практически все ответы — /var/log/exilog_agent

Настройка веб-морды.

Нужен mod_cgi для Apache.

Создаем ВиртуалХост для ексилога в httpd-vhosts.conf:

exim# ee/usr/local/etc/apache22/extra/httpd-vhosts.conf

<VirtualHost 10.10.10.203:8070>

ServerAdmin

Этот адрес электронной почты защищен от спам-ботов. У вас должен быть включен JavaScript для просмотра.

DocumentRoot «/usr/local/www/exilog»

ServerName exilog.xxxx.ru

DirectoryIndex exilog_cgi.pl

ErrorLog «/var/log/exilog_log»

#    CustomLog «/var/log/vexim-access_log» common

<Directory «/usr/local/www/exilog/»>

Options ExecCGI

AllowOverride All

Order Allow,deny

Allow from all

</Directory>

</VirtualHost>

Не забываем в httpd.conf открыть порт 8070:

exim# ee /usr/local/etc/apache22/httpd.conf

Listen 10.10.10.203:8070

Проверяем, чтобы была раскоментирована следующая строка:

AddHandler cgi-script .cgi

Проверяем подключение конфигурационного файла httpd-vhosts.conf в httpd.conf

# Virtual hosts

Include etc/apache22/extra/httpd-vhosts.conf

Открываем в браузере: https://10.10.10.203:8070 и, если все нормально, видим:

Для того, чтобы взялись логи — перезагрузите сервер физически (выключите и включите).

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *