Re: [exim] wishlist: log_selector for PID

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: W B Hacker
Dátum:  
Címzett: exim users
Tárgy: Re: [exim] wishlist: log_selector for PID
Heiko Schlittermann wrote:
> Hello,
>
> sometimes I'd like to see log messages grouped by the process id from
> the exim process handling the connection:
>
> 2006-11-08 17:10:09 H=www.mexem.com.pl [195.94.216.194] sender verify fail for <Sisongkham@???>: Unrouteable address
> 2006-11-08 17:10:09 H=www.mexem.com.pl [195.94.216.194] F=<Sisongkham@???> rejected RCPT <info@???>: Sender verify
> failed 2006-11-08 17:10:10 unexpected disconnection while reading SMTP command from www.mexem.com.pl [195.94.216.194]
>
> Here it's quite obvious that it's the same process, but it's not always
> this way in subsequent lines.
>
> As far as I understand on exim process is handling only one message at
> one time, isn't it?
>
> If each log line could have some pid=4711 (or whatever the key is named)
> it could help to reproduce what happend with sessions if they didn't get
> the 'spool id' assigned yet.
>
> I'm not sure if I expressed myself clearly.?
>


One can 'make this happen' - or something akin to it - with current tools, i.e
a unique per-connection tag of some kind.

While 'wishing' for more, perhaps it could be made an option with not
unreasonable overhead to simply generate the message ID immediately on
connection rather than waiting until the acl_smtp_data phase.

i.e.

- in acl-smtp_connect, acl_smtp_helo, acl_smtp_rcpt it serves as a connection ID
for logging.

- it may be discarded at any point if the traffic is rejected.
I don't *think* that creats a 'unique'ness' problem, nor wastes ID's.

- at acl_smtp_data it becomes the messages ID. Or perhaps just part of it.

Open question as to what course of action is best if/as/when more than one
message is passed over the same connection.

If only part of the ID were to be pre-generated, the rest could be affixed to
that for each succcessive message, creating a 'family resemblance' for grepping.

That would seem to make log analysis easier for single OR multiple arrivals.


JM2CW

Bill