# [SOLVED] postfix - log file

## Joseph_sys

Where is the posftix log file define?

I'm using syslog-ng and see there:

...

destination messages { file("/var/log/messages"); };

...

but I don't see any log file in /var/log/maillog or mail.Last edited by Joseph_sys on Thu May 24, 2012 7:02 pm; edited 1 time in total

----------

## audiodef

You want to emerge syslog-ng with the "hardened" use flag. Syslog-ng will then produce individual logs for everything in /var/log. You'll be able to find your mail (postfix) messages in /var/log/mail. 

See the postfix link in my sig for more detailed information.

----------

## darkphader

 *audiodef wrote:*   

> You want to emerge syslog-ng with the "hardened" use flag.

 

Didn't even know about this. There's no mention in the ufed output.

However, I customized my syslog organization some time ago:

```
destination messages { file("/var/log/messages"); };

destination d_cron { file("/var/log/detail/cron.log"); };

destination d_mail { file("/var/log/mail/maillog.log"); };

destination d_mailinfo { file("/var/log/mail/mailinfo.log"); };

destination d_mailwarn { file("/var/log/mail/mailwarn.log"); };

destination d_mailerr { file("/var/log/mail/mailerr.log"); };

destination d_mailreject { file("/var/log/mail/mailreject.log"); };

destination d_fetchmail { file("/var/log/mail/fetchmail.log"); };

destination d_local6 { file("/var/log/mail/imapd.log"); };

destination d_ntp { file("/var/log/detail/ntp.log"); };

destination d_router { file("/var/log/detail/router.log"); };

destination d_auth { file("/var/log/detail/auth.log"); };

destination d_named { file("/var/log/detail/named.log"); };

destination d_unbound { file("/var/log/detail/unbound.log"); };

destination d_nsd { file("/var/log/detail/nsd.log"); };

destination d_daemon { file("/var/log/detail/daemon.log"); };

destination d_kern { file("/var/log/detail/kern.log"); };

destination d_clamupdate { file("/var/log/detail/freshclam.log"); };

destination d_user { file("/var/log/detail/user.log"); };

destination d_dhcpd { file("/var/log/detail/dhcpd.log"); };

destination d_slapd { file("/var/log/detail/slapd.log"); };

destination d_cupsd { file("/var/log/cups/cupsd.log"); };

destination d_server { file("/var/log/detail/server.log"); };

destination d_wap { file("/var/log/detail/wap.log"); };

destination d_rsync { file("/var/log/detail/rsync.log"); };

destination d_kerberos { file("/var/log/detail/kerberos.log"); };

destination d_samba { file("/var/log/samba/audit.log"); };

destination console_all { file("/dev/tty12"); };

filter f_mail { facility(mail); };

filter f_cron { facility(cron); };

filter f_clamupdate { program(freshclam); };

filter f_ntp { program(ntpd); };

filter f_fetchmail { program(fetchmail); };

filter f_local3 { facility(local3); };

filter f_local4 { facility(local4); };

filter f_local5 { facility(local5); };

filter f_local6 { facility(local6); };

filter f_local7 { facility(local7); };

filter f_server { host("sserver"); };

filter f_router { host("stargate"); };

filter f_wap { host("wap"); };

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_crit { level(crit); };

filter f_err { level(err); };

filter f_wce { level(warn, crit, err); };

filter f_reject { match("keyword" value("reject")); };

filter f_named { program(named); };

filter f_unbound { program(unbound); };

filter f_nsd { program(nsd); };

filter f_cupsd { program(cupsd); };

filter f_dhcpd { program(dhcpd); };

filter f_slapd { program(slapd); };

filter f_rsync { program(rsync); };

filter f_auth { facility(auth); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_user { facility(user); };

log { source(s_udp); filter(f_server); destination(d_server); };

log { source(s_udp); filter(f_router); destination(d_router); };

log { source(s_udp); filter(f_wap); destination(d_wap); };

log { source(src); filter(f_fetchmail); filter(f_fetchmail); destination(d_fetchmail); flags(); };

log { source(src); filter(f_mail); filter(f_reject); destination(d_mailreject); };

log { source(src); filter(f_mail); filter(f_info); destination(d_mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(d_mailerr); };

log { source(src); filter(f_mail); destination(d_mail); flags(); };

log { source(src); filter(f_clamupdate); destination(d_clamupdate); flags(); };

log { source(src); filter(f_local3); destination(d_samba); flags(final); };

log { source(src); filter(f_local5); destination(d_kerberos); flags(); };

log { source(src); filter(f_local6); destination(d_local6); flags(); };

log { source(src); filter(f_local4); filter(f_dhcpd); destination(d_dhcpd); flags(); };

log { source(src); filter(f_local4); filter(f_slapd); destination(d_slapd); flags(); };

log { source(src); filter(f_cupsd); destination(d_cupsd); flags(); };

log { source(src); filter(f_rsync); destination(d_rsync); flags(); };

log { source(src); filter(f_cron); destination(d_cron); flags(); };

log { source(src); filter(f_ntp); destination(d_ntp); flags(); };

log { source(src); filter(f_named); destination(d_named); flags(final); };

log { source(src); filter(f_unbound); destination(d_unbound); flags(final); };

log { source(src); filter(f_nsd); destination(d_nsd); flags(); };

log { source(src); filter(f_auth); destination(d_auth); };

log { source(src); filter(f_daemon); destination(d_daemon); };

log { source(src); filter(f_kern); destination(d_kern); };

log { source(src); filter(f_user); destination(d_user); };

log { source(src); destination(messages); };

log { source(src); destination(console_all); };
```

May need some cleanup but has been working for years.

Chris

----------

## audiodef

 *darkphader wrote:*   

>  *audiodef wrote:*   You want to emerge syslog-ng with the "hardened" use flag. 
> 
> Didn't even know about this. There's no mention in the ufed output.
> 
> 

 

If you mean eix or emerge -p syslog-ng output, "hardened" should be there. 

Of course, using hardened doesn't mean you can't still customize your logs.

----------

## darkphader

 *audiodef wrote:*   

> If you mean eix or emerge -p syslog-ng output, "hardened" should be there. 
> 
> Of course, using hardened doesn't mean you can't still customize your logs.

 

No, I mean ufed from app-portage/ufed. Yes the flag is clearly shown with an emerge -pv but it doesn't explain the meaning. Ufed is nice in that it lists most of the flags and what they do and can even be used to edit them although I generally directly edit make.conf. However even ufed doesn't explain the meaning of hardened for syslog-ng.

----------

## cach0rr0

 *darkphader wrote:*   

>  *audiodef wrote:*   If you mean eix or emerge -p syslog-ng output, "hardened" should be there. 
> 
> Of course, using hardened doesn't mean you can't still customize your logs. 
> 
> No, I mean ufed from app-portage/ufed. Yes the flag is clearly shown with an emerge -pv but it doesn't explain the meaning. Ufed is nice in that it lists most of the flags and what they do and can even be used to edit them although I generally directly edit make.conf. However even ufed doesn't explain the meaning of hardened for syslog-ng.

 

blind guess - does ufed work by parsing/caching/whatever metadata.xml? 

because there's no hardened entry in metadata.xml for syslog-ng

could explain it

----------

## audiodef

I see what you mean about hardened in ufed now. I think cach0rr0 nailed the problem.

----------

