On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote: > On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote: > > Hello Gilles, > > > > In article <[email protected]> Gilles Chehade > > <[email protected]> wrote: > > > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote: > > > > CVSROOT: /cvs > > > > Module name: src > > > > Changes by: [email protected] 2018/12/21 07:41:41 > > > > > > > > Modified files: > > > > usr.sbin/smtpd : smtp_session.c > > > > > > > > Log message: > > > > start simplifying log lines, they're no longer intended to be > > > > parseable, we > > > > have a reporting API for tools that want to analyze events, maillog is > > > > just > > > > for us, hoomans. > > > > > > > > > > that was not the best way to phrase my commit log ... sorry > > > > > > i meant they're no longer intended to be friendlier to scripts than to > > > humans: there will still be in a format that's easy to quickly script, > > > but they will hold information easily readable by humans, not a lot of > > > unrelated context infos so tools can generate dashboards out of single > > > lines. > > > > > > logs for humans, event reports for tools. > > > > > > > Since long I've been greping IPs from spammers and attackers from > > /var/log/maillog, /var/log/authlog and /var/log/daemon using a shell > > script I wrote that automatically includes them in a file read by a pf > > table. In the case of maillog, it relies in the address="" and host="" > > info currently included. > > > > Will it appear sender's IP and hostname in /var/log/maillog after this > > change? > > > > yes, you'll still be able to grep that information from maillog
You selected carefully the words in your answer. :-) Indeed, I still can grep "IP" and "host" in maillog, but they are alone in a first line and the only way to associate them with the following lines containing the from= to= and result= (to know what "happened" with that connection) is by using the connection id, what will *painfully* overcomplicate my scripts. I don't know what's the opinion of the rest about this change. I'd highly appreciate you to include again the IP on each line of info as before. :-) > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg Walter
