On Mon, September 14, 2015 14:51, James B. Byrne wrote: > The Logwatch imapd service script distributed with CentOS-6 does not > generate anything when I run logwatch --service all on a cyrus-imapd > host. Is this expected behaviour? Is there a separate script for > cyrus-imapd or are their configuration options required to get the > existing script to work. > > I have found an ancient (2004) logwatch service script for cyrus-imapd > but I was sort of hoping that there was a more up-to-date and > officially supported version available somewhere. > > Is there? > > There was not, and so I wrote this. Given I know little or nothing of Perl beyond the bare fact of its existence no doubt there are better ways to get the results I obtained. But this is tested on CentOS-6 with cyrus-imapd.2.3.16-13.el6_6, It only handles IMAP logins so anyone using POP3 or Sieve needs to add there own code for those. And, because this is e-mail, linewraps/breaks in the code below may not be exactly as required and do need to be hand checked and corrected. <pre> #!/usr/bin/perl ################################################################### # logwatch script for cyrus-imapd-2.3.16 # looks for imaps and lmtpunix services in /var/log/maillog ################################################################### ################################################################### # script: /etc/logwatch/scripts/services/cyrus-imapd # author: James B. Byrne <byrnejb at harte-lyne.ca> # date: 2015-09-16 # revision: v1.0.1 - 2015-09-17 # # requires: /etc/logwatch/conf/services/cyrus-imapd.conf # containing> # # > Title = "CYRUS IMAPD" # > LogFile = maillog # > *OnlyService = (imaps|lmtpunix) # > *RemoveHeaders = # # based on Sebastian Hagedorn <Hagedorn at uni-koeln.de> 2004 ################################################################### $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; # # Process log file on stdin # while ( defined( $ThisLine = <STDIN> ) ) { chomp( $ThisLine ); use feature "switch"; given( $ThisLine ) { when ( /accepted connection/ ) { # Ignore } when ( /^badlogin: (.+) \[(.+)\] (\w+) (.+) (SASL.*authentication failure:.+)/ ) { #print( "Bad Login: " . $ThisLine . "\n" ); #$ThisLine =~ /^badlogin: (.+) \[(.+)\] (\w+) (.+) (SASL.*authentication failure:.+)/; #print( "BAD LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " : " . $4 . " : " . $5 . "\n"); $IMAPbadlogin++; $IMAPbadmech{$3}++; $IMAPbadip{$2}++; $IMAPbaduser{$4}++ } when ( /DBMSG:/ ) { # Ignore } when ( /Delivered:/ ) { # Ignore } when ( /dupelim:/ ) { # Ignore } when ( /duplicate_check:/ ) { # Ignore } when ( /duplicate_mark:/ ) { # Ignore } when ( /executed/ ) { # Ignore } when ( /Expunged/ ) { # Ignore } when ( /imapd:Loading hard-coded DH parameters/ ) { # Ignore } when ( /lmtp connection preauth/ ) { # Ignore } when ( /^login: (.+) \[(.+)\] (\w+) (.+) User logged in/ ) { # print( "LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " : " . $4 . "\n"); $IMAPlogin++; $IMAPmech{$4}++; $IMAPuser{$3}++; $IMAPip{$2}++; } when ( /IOERROR: fstating sieve script/ ) { # Ignore } when ( /mystore: committing txn/ ) { $LMTPStore++; } when ( /mystore: starting/ ) { # Ignore } when ( /open: / ) { # Ignore } when ( /seen_db: / ) { # Ignore } when ( /skiplist: checkpointed/ ) { # Ignore } when ( /SQUAT/ ) { # ignore } when ( /SSL_accept/ ) { # ignore } when ( /starttls/ ) { $IMAPTLS++; } # Save this till the end when ( /ERROR/ ) { push @ErrorList, "$ThisLine\n"; } default { # Report any unmatched entries... push @OtherList, "$ThisLine\n"; } } # Process next stdin next; } # Report if ( $LMTPStore ) { print " Mails stored: " . $LMTPStore . "\n"; } if ( $IMAPlogin ) { print "\n IMAP:\n"; print " Number of logins: " . $IMAPlogin . "\n"; if ( %IMAPmech ) { print( "\n By mechanism\n" ); } foreach $mech ( sort ( keys %IMAPmech ) ) { print( " . . . using " . $mech . ": " . "$IMAPmech{$mech}\n" ); } if ( %IMAPuser ) { print( "\n By user\n" ); } foreach $user ( sort ( keys %IMAPuser ) ) { print( " . . . from " . $user . ": " . $IMAPuser{$user} . "\n" ); } if ( %IMAPip ) { print( "\n By origin\n" ); } foreach $addr ( sort ( keys %IMAPip ) ) { print( " . . . from " . $addr . ": " . $IMAPip{$addr} . "\n" ); } if ( $IMAPbadlogin ) { print "\n Number of failed logins: " . $IMAPbadlogin . "\n"; if ( %IMAPbaduser ) { print( "\n By user\n" ); } foreach $user ( sort ( keys %IMAPbaduser ) ) { print( " . . . from " . $user . ": " . $IMAPbaduser{$user} . "\n" ); } if ( %IMAPbadip ) { print( "\n By origin\n" ); } foreach $addr ( sort ( keys %IMAPbadip ) ) { print( " . . . from " . $addr . ": " . $IMAPbadip{$addr} . "\n" ); } } if ( $IMAPTLS ) { print "\n Number of sessions using TLS: " . $IMAPTLS . "\n"; } } if ( $#ErrorList >= 0 ) { print "\n**Error Messages**\n"; print @ErrorList; } if ( $#OtherList >= 0 ) { print "\n**Unmatched Entries**\n"; print @OtherList; } exit(0); </pre> -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3