# no mail.log, mail.err, mail.warn

## elmar283

Somehow syslog-ng does not log tot /var/log/mail.log, /var/log/mail.err and /var/log/mail.warn

I do not see anny logging.

This is my syslog-ng.conf file:

```

@version: 3.7

# Copyright 1999-2011 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened,v 1.1 2013/04/28 04:50:34 mr_bones_ Exp $

# https://bugs.gentoo.org/show_bug.cgi?id=426814

@include "scl.conf"

#

# Syslog-ng configuration file, compatible with default hardened installations.

#

options {

        owner(root);

        ## (Make log files group-readable by logcheck)

        group(logcheck);

        perm(0640);

        threaded(yes);

        chain_hostnames(no);

        stats_freq(43200);

};

source src {

    unix-dgram("/dev/log");

    internal();

};

#source src {

#   systemd-journal();

#   internal();

#};

source kernsrc {

    file("/proc/kmsg");

};

#source net { udp(); };

#log { source(net); destination(net_logs); };

#destination net_logs { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); };

destination authlog { file("/var/log/auth.log"); };

destination _syslog { file("/var/log/syslog"); };

destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };

destination lpr { file("/var/log/lpr.log"); };

destination user { file("/var/log/user.log"); };

destination uucp { file("/var/log/uucp.log"); };

#destination ppp { file("/var/log/ppp.log"); };

destination mail { file("/var/log/mail.log"); };

destination avc { file("/var/log/avc.log"); };

destination audit { file("/var/log/audit.log"); };

destination pax { file("/var/log/pax.log"); };

destination grsec { file("/var/log/grsec.log"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };

destination newserr { file("/var/log/news/news.err"); };

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };

destination console_all { file("/dev/tty12"); };

#destination loghost { udp("loghost" port(999)); };

destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };

filter f_cron { facility(cron); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_lpr { facility(lpr); };

filter f_mail { facility(mail); };

filter f_user { facility(user); };

filter f_uucp { facility(uucp); };

#filter f_ppp { facility(ppp); };

filter f_news { facility(news); };

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn)

   and not facility(auth, authpriv, mail, news); };

filter f_emergency { level(emerg); };

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_crit { level(crit); };

filter f_err { level(err); };

filter f_avc { message(".*avc: .*"); };

filter f_audit { message("^(\\[.*\..*\] |)audit.*") and not message(".*avc: .*"); };

filter f_pax { message("^(\\[.*\..*\] |)PAX:.*"); };

filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); };

log { source(src); filter(f_authpriv); destination(authlog); };

log { source(src); filter(f_syslog); destination(_syslog); };

log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };

log { source(kernsrc); filter(f_kern); destination(kern); };

log { source(src); filter(f_lpr); destination(lpr); };

log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_uucp); destination(uucp); };

log { source(kernsrc); filter(f_pax); destination(pax); };

log { source(kernsrc); filter(f_grsec); destination(grsec); };

log { source(kernsrc); filter(f_audit); destination(audit); };

log { source(kernsrc); filter(f_avc); destination(avc); };

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };

log { source(src); filter(f_news); filter(f_err); destination(newserr); };

log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };

log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

log { source(src); filter(f_emergency); destination(console); };

#log { source(src); filter(f_ppp); destination(ppp); };

#log { source(src); destination(console_all); };

```

Also the other logfiles are not logging much.

Does anyone know what could be wrong?

----------

## user

mhh,

I tested your syslog-ng.conf. 

It's work for me (TM).

Did you try?

```
# logger -p mail.info test
```

----------

## Syl20

Which MTA do you use ? Is it configured to send its logs to syslog, and with the "mail" facility ?

----------

## khayyam

elmar283 ...

If I were to guess then I'd suspect that logrotate is in use and that syslog-ng isn't given a HUP on the logs being rotated. If logrotate is in use, do you have something like the following 'postrotate' defined?

```
# Mail system

/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {

    sharedscripts

    missingok

    notifempty

    postrotate

        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

    endscript

}
```

... this might also explain why other log files are similarly effected.

best ... khay

----------

## elmar283

I use postfix as MTA.

And everything with the mailserver is working just fine. I just don't receive logs anymore.

```
elmar@ZaphodBeeblebrox /etc/logrotate.d $ cat syslog-ng 

# $Id$

#

# Syslog-ng logrotate snippet for Gentoo Linux

# contributed by Michael Sterrett

#

/var/log/debug /var/log/kern.log /var/log/grsec.log /var/log/auth.log /var/log/mail.err /var/log/mail.info /var/log/mail.log /var/log/mail.warn /var/log/mailcron.log /var/log/cron.log /var/log/daemon.log /var/log/syslog  /var/log/lpr.log /var/log/user.log /var/log/messages {

    missingok

    sharedscripts

    postrotate

        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

    endscript

}

```

```
elmar@ZaphodBeeblebrox /etc/postfix $ cat main.cf 

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = //usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

myhostname = domain.eu

mydomain = domain.eu

myorigin = domain.eu

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

unknown_local_recipient_reject_code = 450

mynetworks = 10.0.0.0/24 192.168.0.0/24, 192.168.178.0/24, 127.0.0.0/8

home_mailbox = .maildir/

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

debug_peer_level = 5

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = no

home_mailbox = .maildir/

inet_protocols=ipv4

# Increase maximum message size

message_size_limit = 20971520

# Link the mailbox uid and gid to postfix.

alias_maps = mysql:/etc/postfix/mysql-aliases.cf

relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

local_transport = local

local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_transport = virtual

virtual_mailbox_domains = domain.nl, domain2.nl, domain2.eu

virtual_minimum_uid = 5000

virtual_gid_maps = static:5000

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_uid_maps = static:5000

virtual_mailbox_base = /

virtual_mailbox_limit = 0

# ADDRESS EXTENSIONS (e.g., user+foo)

#

# The recipient_delimiter parameter specifies the separator between

# user names and address extensions (user+foo). See canonical(5),

# local(8), relocated(5) and virtual(5) for the effects this has on

# aliases, canonical, virtual, relocated and .forward file lookups.

# Basically, the software tries user+foo and .forward+foo before

# trying user and .forward.

#

recipient_delimiter = +

#sasl

# Postifx to SASL authentication

broken_sasl_auth_clients = no

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

smtpd_sasl_authenticated_header = no

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# SSL Authentication

smtpd_tls_security_level = may

smtp_tls_CApath = /etc/ssl/certs

smtpd_tls_auth_only = no

smtpd_tls_loglevel = 3

smtpd_tls_key_file = /etc/ssl/postfix/domain.eu_privatekey.pem

smtpd_tls_cert_file = /etc/ssl/postfix/domain.eu_crt.pem

#smtpd_tls_CAfile = /etc/ssl/certs/cacert.org_class3.pem

smtpd_tls_CAfile = /etc/ssl/certs/cacert.org_root.pem 

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

#mailfitering starst here: Dus als de boel zo niet meer goed werkt dan hetgeen hieronder eerst in de prullenbak mieteren ;)

biff = no

empty_address_recipient = MAILER-DAEMON

queue_minfree = 120000000

#smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination

# Block spam using DNS blacklists

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net

# HELO Restrictions

#smtpd_helo_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname

smtpd_helo_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname

smtpd_helo_required = yes

# Do not respond to the VRFY command

disable_vrfy_command = yes

# SHOW SOFTWARE VERSION OR NOT

smtpd_banner = $myhostname ESMTP NO UCE

mailbox_command = /usr/bin/procmail -a "domain.eu"

meta_directory = /etc/postfix

shlib_directory = /usr/lib/postfix/${mail_version}

```

```
elmar@ZaphodBeeblebrox /etc/postfix $ cat master.cf 

#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master" or

# on-line: http://www.postfix.org/master.5.html).

#

# Do not forget to execute "postfix reload" after editing this file.

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd -D

#smtp      inet  n       -       n       -       1       postscreen

#smtpd     pass  -       -       n       -       -       smtpd

#dnsblog   unix  -       -       n       -       0       dnsblog

#tlsproxy  unix  -       -       n       -       0       tlsproxy

submission inet n       -       n       -       -       smtpd

#-o smtpd_tls_security_level=may

#-o smtpd_sasl_auth_enable=yes

#-o smtpd_client_restrictions=permit_sasl_authenticated,reject

#submission inet n       -       n       -       -       smtpd

#  -o syslog_name=postfix/submission

#  -o smtpd_tls_security_level=encrypt

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_reject_unlisted_recipient=no

#  -o smtpd_client_restrictions=$mua_client_restrictions

#  -o smtpd_helo_restrictions=$mua_helo_restrictions

#  -o smtpd_sender_restrictions=$mua_sender_restrictions

#  -o smtpd_recipient_restrictions=

#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

#smtps     inet  n       -       n       -       -       smtpd

#  -o syslog_name=postfix/smtps

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_reject_unlisted_recipient=no

#  -o smtpd_client_restrictions=$mua_client_restrictions

#  -o smtpd_helo_restrictions=$mua_helo_restrictions

#  -o smtpd_sender_restrictions=$mua_sender_restrictions

#  -o smtpd_recipient_restrictions=

#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#628       inet  n       -       n       -       -       qmqpd

pickup    unix  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      unix  n       -       n       300     1       qmgr

#qmgr     unix  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

#maildrop  unix  -       n       n       -       -       pipe

#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# Recent Cyrus versions can use the existing "lmtp" master.cf entry.

#

# Specify in cyrus.conf:

#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4

#

# Specify in main.cf one or more of the following:

#  mailbox_transport = lmtp:inet:localhost

#  virtual_transport = lmtp:inet:localhost

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus     unix  -       n       n       -       -       pipe

#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

#

# Old example of delivery via Cyrus.

#

#old-cyrus unix  -       n       n       -       -       pipe

#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

#uucp      unix  -       n       n       -       -       pipe

#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# ====================================================================

#

# Other external delivery methods.

#

#ifmail    unix  -       n       n       -       -       pipe

#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

#

#bsmtp     unix  -       n       n       -       -       pipe

#  flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient

#

#scalemail-backend unix -       n       n       -       2       pipe

#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store

#  ${nexthop} ${user} ${extension}

#

#mailman   unix  -       n       n       -       -       pipe

#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

#  ${nexthop} ${user}

# Hier begint mijn mailscan gededeelte. Dus als zo de boel niet meer werkt dan dit hieronder eerst weghalen.

localhost:10025 inet n  -       n       -       2       smtpd

  -o disable_dns_lookup=yes

  -o content_filter=

  -o myhostname=zaphodbeeblebrox.domain.eu

  -o local_recipient_maps=

  -o relay_recipient_maps=

  -o smtpd_restriction_classes=

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o strict_rfc821_envelopes=yes

  -o smtpd_error_sleep_time=0

  -o smtpd_soft_error_limit=1001

  -o smtpd_hard_error_limit=1000

  -o smtpd_client_connection_count_limit=0

  -o smtpd_client_connection_rate_limit=0

  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

amavis    unix  -       -       n       -       2       lmtp

  -o disable_dns_lookups=yes

  -o lmtp_send_xforward_command=yes

  -o lmtp_data_done_timeout=1200  

smtp       inet  n       -       n       -       2       smtpd

  -o content_filter=amavis:[127.0.0.1]:10024

  -o receive_override_options=no_address_mappings

smtps     inet  n       -       n       -       2       smtpd

  -o smtpd_tls_wrappermode=yes

  -o content_filter=amavis:[127.0.0.1]:10024

  -o receive_override_options=no_address_mappings

```

----------

## khayyam

elmar283 ...

What cron daemon is in use, and is it in the default runlevel, do you have a crontab setup to run cron.{daily,weekly,monthly}? When is logrotate set to run? What happens if you run 'logrotate --force /etc/logrotate.conf'? Are you getting rotated logs at all?

best ... khay

----------

## Syl20

 *elmar283 wrote:*   

> I use postfix as MTA.

 

As your conf files mention nothing about syslog parameters, the defaults are applied, and correct.

```
# postconf syslog_facility

syslog_facility = mail
```

So postfix is okay, loogrotate seems to be too, if launched...

Certainly a dumb question, but are the permissions on mail.* files correct ?

Is amavis also mute ?

Did you update syslog-ng recently (version 3.7.2 was marked stable a few weeks ago) ? If yes, did you restart it since ?

----------

## elmar283

 *CneGroumF wrote:*   

>  *elmar283 wrote:*   I use postfix as MTA. 
> 
> As your conf files mention nothing about syslog parameters, the defaults are applied, and correct.
> 
> ```
> ...

 

There are no mail.* files. They are not even being generated. I did make a mail.log file and set the permissions on 'root:logcheck' and '-rw-r-----'.

I do not have an 'amavis.log' file at the moment too. 

I did update syslog-ng.

----------

## elmar283

I rebooted my machine and now the logs are being generated again.

I still don't know why it didn't work anymore. I will watch wether or not logrotate or logcheck is the cause.

If not I will edit the subject as [resolved].

----------

## Syl20

 *elmar283 wrote:*   

> I do not have an 'amavis.log' file at the moment too.

 

That depends on your configuration. Amavis is able to send its logs to syslog, or to a file.

```
## LOGGING AND DEBUGGING

$log_level = 0;              # verbosity 0..5, -d

$do_syslog = 1;              # log via syslogd (preferred). Default : 0

$syslog_ident = 'amavis';

$syslog_facility = 'mail';   # Syslog facility as a string

           # e.g.: mail, daemon, user, local0, ... local7

$logfile = undef;          # log file, if syslogging is disabled. Empty by default.

$do_syslog = undef;        # same as 0.
```

By default, it does nothing.

```
I did update syslog-ng.
```

And it was restarted only when you rebooted your server.  :Smile: 

----------

