NAME

Parse::Syslog::Mail - Parse mailer logs from syslog

VERSION

Version 0.11

SYNOPSIS

    use Parse::Syslog::Mail;

    my $maillog = Parse::Syslog::Mail->new('/var/log/syslog');
    
    while(my $log = $maillog->next) {
	# do something with $log
        # ...
    }

DESCRIPTION

As its names implies, Parse::Syslog::Mail presents a simple interface to gather mail information from a syslog file. It uses Parse::Syslog for reading the syslog, and offer the same simple interface. Currently supported log formats are: Sendmail, Postfix, Qmail.

METHODS

new()

Creates and returns a new Parse::Syslog::Mail object. A file path or a File::Tail object is expected as first argument. Options can follow as a hash. Most are the same as for Parse::Syslog->new().

Options

  • type - Format of the syslog stream. Can be one of "syslog" (traditional syslog format) or "metalog" (Metalog format).

  • year - Syslog files usually do store the time of the event without year. With this option you can specify the start-year of this log. If not specified, it will be set to the current year.

  • GMT - If this option is set, the time in the syslog will be converted assuming it is GMT time instead of local time.

  • repeat - Parse::Syslog will by default repeat xx times events that are followed by messages like "last message repeated xx times". If you set this option to false, it won't do that.

  • locale - Specifies an additional locale name or the array of locale names for the parsing of log files with national characters.

  • allow_future - If true will allow for timestamps in the future. Otherwise timestamps of one day in the future and more will not be returned (as a safety measure against wrong configurations, bogus year arguments, etc.)

Example

my $syslog = new Parse::Syslog::Mail '/var/log/syslog', allow_future => 1;
next()

Returns the next line of the syslog as a hashref, or undef when there is no more lines. The hashref contains at least the following keys:

  • host - hostname of the machine.

  • program - name of the program.

  • timestamp - Unix timestamp for the event.

  • id - Local transient mail identifier.

  • text - text description.

Other available keys:

  • from - Email address of the sender.

  • to - Email addresses of the recipients, coma-separated.

  • msgid - Message ID.

  • relay - MTA host used for relaying the mail.

  • status - Status of the transaction.

  • delivery_type - (Qmail only) type of the delivery: "local" or "remote".

  • delivery_id - (Qmail only) id number of the delivery.

Example

while(my $log = $syslog->next) {
    # do something with $log
}

DIAGNOSTICS

Can't create new %s object: %s

(F) Occurs in new(). As the message says, we were unable to create a new object of the given class. The rest of the error may give more information.

Expected an argument

(F) You tried to call new() with no argument.

SEE ALSO

Parse::Syslog

Inspecter /var/log/mail.log avec Parse::Syslog::Mail, by Philippe Bruhat, published in GNU/Linux Magazine France #92, March 2007

TODO

Add support for other mailer daemons (Exim, Courier, Qpsmtpd). Send me logs or, even better, patches, if you want support for your favorite mailer daemon.

AUTHOR

Sébastien Aperghis-Tramoni <sebastien@aperghis.net>

BUGS

Please report any bugs or feature requests to bug-parse-syslog-mail@rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/Bugs.html?Dist=Parse-Syslog-Mail. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

CAVEATS

Most probably the same as Parse::Syslog, see "BUGS" in Parse::Syslog

COPYRIGHT & LICENSE

Copyright 2005 Sébastien Aperghis-Tramoni, All Rights Reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.