Re: [exim] Custom log-element?

Top Pagina
Delete this message
Reply to this message
Auteur: Graeme Fowler
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Custom log-element?
On 21 Oct 2015, at 00:12, Bjørnar Ness <bjornar.ness@???> wrote:
> Is it possible to have exim include a MACRO or other expansion in every logline
> it writes? The reason I want this is a have setup where exim acts as
> mx/submission for multiple brands based on incoming ip address (proxy
> protocol). I would like
> to log both BRAND and SERVERTYPE
>
> Is this currently possible?


As others have said - no, it isn't.

However - if you play with the 'warn' verb and use the log_message modifier to add the relevant bits to your logs when required, you can then use the 'exigrep' tool to extract all messages matching the regex you need to look for. As an example, I have the following in one of my systems:

warn log_message = X-Originating-IP: $h_x-originating-ip:
     condition   = ${if def:header_x-originating-ip:}


So, given a specific client IP on our campus network, I can search for all the messages originating there (which means if we have a compromised account/trojan/malware connecting via this system, we can see what damage it tried to do) - e.g. for all messages from 10.45.99.0/24:

exigrep 'X-Originating-IP: 10\.45\.99\.' mainlog

That would pull out all entries pertaining to that header.

I'll leave getting that into your platform to you :)

Graeme