0

Actually i overtook the administration of a mail cluster which uses postfix. And i was really confused when i saw the different loggings:

  • one of the servers logs to a custom logfile, instead there is no maillog_file defined
  • another server of the cluster logs everything to the syslog file
  • the third server logs nothing
  • another two servers logging correctly

But all the settings are correct and there are no custom logfiles defined - so in my understanding it should use the rsyslog to log to the mail.log, mail.info, mail.warn and mail.err - but thats not happening correct.

I've read something about creating a rsyslog config file, to force the postfix logging to these files - but i'm not that much into it.

Maybe someone can support which way i can go to get it back/working into the default rsyslog files?

germebl
  • 11
  • 2

1 Answers1

0

Download your rsyslog package:

apt-get download rsyslog

Then inspect a package file (rsyslog_8.2102.0-2+deb11u1_amd64.deb in my case):

dpkg -c rsyslog_8.2102.0-2+deb11u1_amd64.deb
...
-rwxr-xr-x root/root      2864 2022-05-21 01:05 ./etc/init.d/rsyslog
-rw-r--r-- root/root      1974 2022-05-21 01:05 ./etc/rsyslog.conf
drwxr-xr-x root/root         0 2022-05-21 01:05 ./etc/rsyslog.d/
...

You can extract a package (there are other ways to do that if you want to):

mkdir /tmp/1
dpkg-deb -x rsyslog_8.2102.0-2+deb11u1_amd64.deb /tmp/1

Now, the temporary directory /tmp/1 has the default Debian config of the rsyslog. You can compare that with the current config to confirm it's changed (or not):

diff /etc/rsyslog.conf /tmp/1/etc/rsyslog.conf

For reference, this is how mail section looks like in the config in the package version I was inspecting:

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

If you're brave you can just reinstall the config files for the whole package:

apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" rsyslog
Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
  • Thats it! The rsyslog.conf was mostly broken. I've checked the last edit date and its fits to a maintenance the server had before some weeks (before i overtook the administration of it). I repaired it while having open the default one to find the broken parts. Everything is fine now again. Thank you! – germebl Jun 14 '23 at 12:59