rsyslog selective logging with multiple postfix instances

Scenario – one Linux box runs multiple Postfix instances. By default they all log to /var/log/mail.log which makes it difficult to see what’s going on without using grep and so on. The server already uses rsyslog, and Postfix is configured to specify a syslog_name to each instance.

i.e /etc/postfix-blah/ contains “syslog_name = postfix-blah

rsyslog allows you to specify filters / expressions on what is logged where. This can be done on either the program name (:programname) which corresponds to postfix’s syslog_name, or the contents of the log message (:msg) itself.

So, the easy solution is :

  • Edit /etc/rsyslog.d/postfix-domains.conf and add in
  • :programname, contains, "postfix-blah" -/var/log/mail-blah.log
  • Restart rsyslog (/etc/init.d/rsyslogd restart).
  • Watch Ubuntu moan about not using the ‘service’ command.

The leading : is important in the rsyslog rule. 

And obviously the ‘-‘ before the file path is useful for performance – so a sync isn’t called after each write.

So, it’s just a case of populating your /etc/rsyslog.d/postfix-domains.conf file with multiple lines looking like the above, but obviously different for each domain.

Leave a comment

Your email address will not be published.