Pflogsumm is yet another log analyzer/summarizer for Postfix. It is written in Perl and has been around for a while. Very simple to install, so I writing this post mostly as a note to myself. I added an example cron job with some “grep” syntax to cut the Pflogsumm report down to size by dropping some things I am usually not interested in.

While Pflogsumm has an option to set the desired level of detail, it doesn’t quite control the output they way I would like. So here it is:

mkdir -p /var/adm/bin
cd /var/adm/bin
wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.3.tar.gz
gzip -d pflogsumm-1.1.3.tar.gz
tar xvf pflogsumm-1.1.3.tar
cd pflogsumm-1.1.3/
ln -s /var/adm/bin/pflogsumm-1.1.3/pflogsumm.pl /usr/bin/logsum
/bin/rm -f /var/adm/bin/pflogsumm-1.1.3.tar
logsum -d today /var/log/maillog | more

The report looks something like this:

Postfix log summaries for Mar 12

Grand Totals
------------
messages

  11488   received
   9657   delivered
      0   forwarded
     76   deferred  (784  deferrals)
     44   bounced
  20200   rejected (67%)
      0   reject warnings
      0   held
      0   discarded (0%)

 494699k  bytes received
    519m  bytes delivered
   4857   senders
   2322   sending hosts/domains
   2537   recipients
    807   recipient hosts/domains

Per-Hour Traffic Summary
------------------------
...

In the report I want to see sender/recipient stats, but I want to omit domains that sent or received just a few emails. I just want to see the big-hitters and there is no option in Pflogsumm to omit the small guys. And I added some basic “grep” syntax to my cron job that emails a daily report to me.

55 23 * * 1,2,3,4,5 timeout 300 logsum -d today /var/log/maillog | egrep -v "(^[ ]*[ ][0-9][ ]|^[ ]*[ ][0-9][0-9][ ])" | mailx -s "`hostname -s` PostFix Stats `date +'%Y-%m-%d %H:%M'`" admin@domain.com 2>&1

The “timeout” command is optional. It will simply kill the pflogsumm script if it is still running after five minutes. This would usually be a sign of a problem and you don’t want the script to consume all of your system’s resources. The “egrep” piece will drop any lines that begin with a one- or two-digit number. This will omit stats for minor senders and recipients  making the report easier to read.

Another option is to run the cron job via SSH from another server. This way you can keep your scripts in one location, which can be useful if you have many mail servers. You would need passwordless SSH configured with passwordless sudo. Write a script to loop through your list of PostFix servers and schedule it to run via cron:

#!/bin/bash
# get_logsum.sh
SSH="ssh -qT -o PubkeyAuthentication=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no"
for host in host1 host2 host3
do
	/usr/bin/timeout 300 ${SSH} "${host}" "sudo su - root -c "hostname ; /usr/bin/logsum -d today /var/log/maillog | 
	egrep -v \"(^[ ]*[ ][0-9][ ]|^[ ]*[ ][0-9][0-9][ ])\""" | 
	mailx -s "${host} PostFix Stats `date +'%Y-%m-%d %H:%M'`" admin@domain.com
done

Chmod it 755 and schedule the cron job to run it:

50 23 * * 1,2,3,4,5 /home/you/get_logsum.sh >/dev/null 2>&1