Orange is my favorite color

Every morning the same thing in my inbox:

--------------------- IMAP Begin ------------------------

**Unmatched Entries**
Connection, ip=[::ffff:65.81.246.95]: 45 Time(s)
Connection, ip=[::ffff:65.81.61.76]: 8 Time(s)
DISCONNECTED, user=xxxxxxx, ip=[::ffff:65.81.241.95], headers=0, body=0, rcvd=2675, sent=118, time=246, starttls=1: 1 Time(s)
DISCONNECTED, user=xxxxxxx, ip=[::ffff:65.81.241.95], headers=0, body=35629, rcvd=415, sent=42860, time=310, starttls=1: 1 Time(s)
DISCONNECTED, user=xxxxxxx, ip=[::ffff:65.81.61.76], headers=528, body=0, rcvd=555, sent=61494, time=15, starttls=1: 1 Time(s)
LOGIN, user=xxxxxxx, ip=[::ffff:218.55.14.23], protocol=IMAP: 8 Time(s)
LOGIN, user=xxxxxxx, ip=[::ffff:218.55.14.2], protocol=IMAP: 23 Time(s)
LOGOUT, user=xxxxxxx, ip=[::ffff:218.55.14.23], headers=0, body=0, rcvd=44, sent=8574, time=15, starttls=1: 2 Time(s)
LOGOUT, user=xxxxxxx, ip=[::ffff:218.55.14.23], headers=0, body=0, rcvd=44, sent=8574, time=17, starttls=1: 1 Time(s)
LOGOUT, user=xxxxxxx, ip=[::ffff:218.55.14.23], headers=11121, body=0, rcvd=589, sent=29878, time=21, starttls=1: 1 Time(s)
TIMEOUT, user=xxxxxxx, ip=[::ffff:65.81.61.76], headers=5480, body=137917, rcvd=15459, sent=230354, time=41040, starttls=1: 1 Time(s)
couriertls: read: Connection timed out: 2 Time(s)

---------------------- IMAP End -------------------------

Only about 50x the amount of these entries. The reason? The Logwatch script for IMAP that ships with RHEL/CentOS is totally broken. Everything comes back as one blob of “Unmatched Entries”. Not high on my priority list, I was forced to restore sanity to my life by hacking out a fixed version. This doesn’t do everything, but set detail level to 5 (Med) and you’ll get the basics in nice, tabular output:

--------------------- Courier IMAP Begin ------------------------

[IMAPd] Connections:
=========================
Host | Connections | SSL | Total
-------------------------------------- | ----------- | -------- | ---------
m7e0e36d0.tmodns.net | 0 | 0 | 54
m180e36d0.tmodns.net | 0 | 0 | 54
m190e36d0.tmodns.net | 0 | 0 | 26
m590e36d0.tmodns.net | 0 | 0 | 3
32.144.4.182 | 0 | 0 | 2
32.147.133.10 | 0 | 0 | 2
32.168.132.161 | 0 | 0 | 2
32.169.11.246 | 0 | 0 | 1
32.169.127.172 | 0 | 0 | 1
32.169.4.144 | 0 | 0 | 1
64.124.188.114.gatespeed.com | 0 | 0 | 3
mail.fastracing.com | 0 | 0 | 50
mail.sum-racing.net | 0 | 0 | 10
---------------------------------------------------------------------------
0 | 0 | 209

[IMAPd] Login stats:
====================
User | Logins
--------------------------------------- | -------
xxxxxxxxxxxxxxxxxxx | 104
xxxxxxxxxxxxxxx | 59
xxxxxxxxxxxxxxxxxx | 44
-------------------------------------------------
207

You can see some of the stats are logged separately yet. Note that the conf file has a DNS lookup option to turn on/off reverse lookups in the logs. You can get the script and configuration file from my software page now.

1 Comment

  1. brian said:

    on September 1, 2007 at 8:15 am

    It’s worth noting that CentOS 4 users are apparently using a pretty old version of Logwatch (5.5.0?) and that the newer versions have a much better courier script that handles imapd and imapd-ssl. You can check out the CVS and get those or manually install the latest and greatest (via RPM or source). Otherwise, my script above is an easy stopgap solution for RHEL/CentOS 4 users.

{ RSS feed for comments on this post}