Scenario – one Linux box runs multiple Postfix instances. By default they all log to /var/log/mail.log which makes it difficult to see what’s going on without using grep and so on. The server already uses rsyslog, and Postfix is configured to specify a syslog_name to each instance.
i.e /etc/postfix-blah/main.cf contains “syslog_name = postfix-blah”
rsyslog allows you to specify filters / expressions on what is logged where. This can be done on either the program name (:programname) which corresponds to postfix’s syslog_name, or the contents of the log message (:msg) itself.
So, the easy solution is :
- Edit /etc/rsyslog.d/postfix-domains.conf and add in
:programname, contains, "postfix-blah" -/var/log/mail-blah.log- Restart rsyslog (/etc/init.d/rsyslogd restart).
- Watch Ubuntu moan about not using the ‘service’ command.
The leading : is important in the rsyslog rule.
And obviously the ‘-‘ before the file path is useful for performance – so a sync isn’t called after each write.
So, it’s just a case of populating your /etc/rsyslog.d/postfix-domains.conf file with multiple lines looking like the above, but obviously different for each domain.