[PLUG] Mail log reporting differences

wes plug at the-wes.com
Thu May 3 17:49:44 UTC 2018


On Thu, May 3, 2018 at 6:05 AM, Rich Shepard <rshepard at appl-ecosys.com>
wrote:

>   This is from yesterday's logwatch:
>
> From logwatch at appl-ecosys.com Thu May  3 03:10:05 2018
> Date: Thu,  3 May 2018 03:10:04 -0700 (PDT)
>
>       201   Accepted                                    62.23%
>       122   Rejected                                    37.77%
>  --------   --------------------------------------------------
>       323   Total                                      100.00%
>
> and this from yesterday's pflogsumm:
>
> Date: Thu,  3 May 2018 03:10:05 -0700 (PDT)
>
> Grand Totals
> ------------
> messages
>
>     177   received
>     166   delivered
>
>   I've seen this discrepancy for years and have always wondered why. So I'm
> asking if any of you system/network professionsls has some possible
> explanations.
>

Without knowing what each script does, it's hard to guess what they might
be doing differently. The first thing that sticks out to me, is that the
elements being reported are different. Logwatch reports "Accepted" and
"Rejected" emails, while pflogsumm repots "Received" and "Delivered"
emails. These could very well be 4 different metrics. While a "Rejected"
email is more or less self-explanatory, I am not clear on what constitutes
an "Accepted" message. Likewise for received vs delivered; are these
inbound vs outbound? Are these all inbound, with the 11 emails which were
received but not delivered having something other than "delivered"
happening to them? So many questions....

The man pages for both of these utilities are very vague on what
"yesterday" means to them. Logwatch in particular appears highly
customizable, so without knowing your site's particular configuration, it
will be more difficult to guess at what's going on. Either way, I don't
really get the impression that a time difference is responsible for the
different data being displayed.

If this were my system, I would be playing with the source logfile in
question myself to try to reconstruct which elements it's counting as which
category of data.

-wes



More information about the PLUG mailing list