Features - monozoide/MailLogSentinel GitHub Wiki

  • SASL Log Parsing: Extracts relevant information (server, date, IP address, username, client hostname) from Postfix/Dovecot authentication logs.
  • Incremental Processing: Efficiently processes logs by remembering the last read offset, making it suitable for frequent execution (e.g., via cron or Systemd timers).
  • Log Rotation Handling: Correctly handles rotated log files, including gzipped archives (e.g., mail.log.1, mail.log.2.gz).
  • CSV Output: Stores detected authentication attempts in a structured CSV file (default: maillogsentinel.csv).
  • Reverse DNS Lookups: Performs reverse DNS lookups for the source IP addresses of authentication attempts to provide client hostnames.
  • DNS Caching: Includes a configurable LRU (Least Recently Used) cache for DNS lookup results to improve performance and reduce redundant external DNS queries.
  • Daily Email Reports: Generates and sends daily email summaries that include:
  • Key statistics (total attempts, top offenders).
  • The full CSV data as an email attachment.
  • Interactive Setup (--setup):
  • A user-friendly command-line wizard for initial configuration.
  • Guides users through setting up paths, email details, logging levels, and DNS cache settings.
  • Generates example Systemd service and timer unit files, tailored to the user's environment, for easy automation of log processing and reporting.
  • Can assist with directory creation and permission settings (requires root/sudo privileges).
  • Automatic Setup Logging: All console output generated during the interactive setup process (--setup) is automatically saved to maillogsentinel_setup.log in the current working directory from which the script was executed.
  • Data Management Options:
  • --reset: Archives existing data files (CSV, state file, script's operational log) to a timestamped backup directory and then resets the log processing offset. This is useful for starting fresh with log analysis without losing historical data.
  • --purge: Similar to --reset, archives all data for a complete clean start.
  • Configurable Operational Logging: The script's own operational logging (to maillogsentinel.log) has configurable levels (DEBUG, INFO, WARNING, ERROR, CRITICAL).