|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Header logging, revisited
From: Michael Schwager (mike
schwager.com)Date: Fri Mar 31 2000 - 23:08:53 CST
- Next message: Michael Schwager: "Double logging"
- Previous message: Miguel A.L. Paraz: "Re: extracting smtp traffic from logs"
- Next in thread: Craig Sanders: "Re: Header logging, revisited"
- Reply: Craig Sanders: "Re: Header logging, revisited"
- Reply: Ralf Hildebrandt: "Re: Header logging, revisited"
- Reply: Jim Seymour: "Re: Header logging, revisited"
- Reply: Guenther Blatzheim: "Re: Header logging, revisited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings,
I have a question. Given:
1. I need to log some headers (To:, From:, Subject:).
2. We are currently doing that in Sendmail with custom code in the
source; it's easy there because the entire header is available
in a struct.
3. Sendmail beats up our boxes (Sun Ultra 450's with dual 300 MHz
processors running Solaris 2.6, 1 Gig RAM, and a Solid State disk).
(...well, disk i/o is ok now :)
4. Message flow peaks at about 8 msgs/second, average message
size 50k. Sustained message flow is about 5 msgs/second during
peak morning hours on one of our boxes.
5. Next year they plan to replace our Sun's with Windows 2000
boxes.
6. Because of performance issues, I want our Sun's to go out in
style... I'd like to be running Postfix and have a 0 downtime,
ultra-reliable, plenty-of-overhead-for-more-mail installation.
Rather than throwing money at our performance ("ewwww... look at Unix.
I guess if you've got $100k to spend, you can fix anything..."),
I'm throwing postfix at it.
I see that header logging has been discussed before in this list, and the
recommended solution was about what Wietse said:
/etc/postfix/main.cf:
always_bcc = log-headers
/etc/aliases:
log-headers: "|sed '/^$/q' | logger -p mail.info -t headers; exit 0"
Now, given my concerns about performance, do you think that be a good
avenue for us? I worry that forking the two processes would be a killer.
As a matter of fact, we need to be able to correlate the envelope logging
with the header logging, so I would go ahead and write a perl or C program
to do the logging instead (thus attempting to extract the Postfix ID). At
any rate, I think syslog would be much more advantageous... but I'm not
sure if the savings in overhead would be so great.
So should I bust into the cleanup.c source code and start hacking? Or is
there, perhaps, a way for log-headers to connect to a daemon or a socket
without firing up another process? Or... should I just not sweat it? I
could just give it at try, I suppose, but I'd like to save myself a day's
work if I can. Thanks!
-- -Mike Mike
- Next message: Michael Schwager: "Double logging"
- Previous message: Miguel A.L. Paraz: "Re: extracting smtp traffic from logs"
- Next in thread: Craig Sanders: "Re: Header logging, revisited"
- Reply: Craig Sanders: "Re: Header logging, revisited"
- Reply: Ralf Hildebrandt: "Re: Header logging, revisited"
- Reply: Jim Seymour: "Re: Header logging, revisited"
- Reply: Guenther Blatzheim: "Re: Header logging, revisited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]