Usage - monozoide/MailLogSentinel GitHub Wiki

MailLogSentinel is executed from the command line. Standard options like --help (for a full list of arguments and their descriptions, including a reference to the man page and full README) and --version (to display the script version) are available. Key operational arguments include:

maillogsentinel [options]

Or, if not installed to a directory in your system's PATH:

python3 /path/to/your/MailLogSentinel/bin/maillogsentinel.py [options]

  • Default Operation (Log Processing): Running the script without any specific action flags (like --setup or --report) performs its primary log processing task:

    maillogsentinel

    This default action will:

    1. Load the configuration (from /etc/maillogsentinel.conf by default).
    2. Read the mail log file from the last processed position (stored in the state.offset file). If it's the first run or after a reset, it may process from the beginning of the current log file.
    3. Parse new log entries for SASL authentication failures.
    4. Perform reverse DNS lookups for IP addresses (utilizing the DNS cache if enabled).
    5. Append any detected intrusion attempts to the CSV file (maillogsentinel.csv).
    6. Update the state.offset file with the new log offset.

  • --config <path_to_config_file> Specifies a custom path to the configuration file. If this option is not provided, the script defaults to using /etc/maillogsentinel.conf.

    maillogsentinel --config /opt/maillogsentinel/custom_config.conf

  • --setup Initiates the interactive first-time setup wizard. This is primarily used to create the initial configuration file, define essential paths, and generate Systemd unit file templates for automation. This command requires root (sudo) privileges to perform actions like creating system directories or suggesting system group modifications.

    sudo maillogsentinel --setup

    Note: The setup process is also automatically triggered if the configuration file (either the default /etc/maillogsentinel.conf or one specified by --config) is not found.

  • --report Triggers the generation and sending of the daily email summary report. This action reads data from the existing maillogsentinel.csv file. It should typically be scheduled to run after a log processing run.

    maillogsentinel --report

  • --reset Resets the application's log processing state. When executed, this option:

    1. Archives existing data: The main CSV file (maillogsentinel.csv), the script's operational log (maillogsentinel.log), and the state file (state.offset) are moved to a timestamped backup directory created within your user's home directory.
    2. The log processing offset is effectively reset to zero. Consequently, the next standard run of the script will process mail logs from the beginning (or based on its logic for handling very old logs, if applicable), rather than from the last recorded offset.
    maillogsentinel --reset

  • --purge Similar to --reset, but intended for a more definitive "fresh start." It archives all data in the same manner as --reset (CSV, operational log, state file). Use this if you want to clear out all historical data and operational logs managed by the script and begin monitoring anew as if from a clean installation.

    maillogsentinel --purge