How to get rid of "connection open|reset|close" in syslog?

Discussion in 'NOD32 version 2 Forum' started by herira, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. herira

    herira Registered Member

    Joined:
    Apr 23, 2007
    Posts:
    5
    Hi

    I've just installed "NOD32 for Linux/BSD Mail Server" (licensed) on a mail gateway.

    I'm using the "Content filtering in MTA Postfix" method, daisy chaining with amavisd-new like this (port numbers in brackets, all services on same host):

    World -> [25]postfix -> [2526]nod32smtp -> [10024]amavisd-new -> [10025]postfix -> [25]World


    Nod32 version: nod32 (nod32ls) 2.70.5 (from nod32 -v).
    Postfix version: 2.3.6.
    Amavisd-new: 2.4.5


    Things seems to be working according to plan, but how do I get rid of all the "connection open|reset|close" syslog entries, without loosing the "summary" entries as well?


    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0100]: Connection open attempt
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0100]: Connection open success
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset attempt
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset success
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset attempt
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset success
    Apr 23 14:50:12 mail1 nod32d[12228]: summary[2fc4021e]: vdb=9638, agent=smtp, msgid=<xxx@xxxx>, sndr=""Kara" <xxxxx@xxxxx.xx>", rcpt="<xxx@xxxxxxx.xx>", object="email message", name="mail", virus="is OK", action="", info="", lines=0
    Apr 23 14:50:12 mail1 nod32smtp[12234]: summary[2fca0101]: action="accepted"
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset attempt
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection reset success
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection close attempt
    Apr 23 14:50:12 mail1 nod32smtp[12234]: note[2fca0101]: Connection close success


    The above is what I currently get in my log per clean mail. :blink:

    Seems to me all the "connection" lines are really just internal nod32 debugging information.

    Nod32 uses syslog with nod32.cfg set to "log_level = 3" and "log_mask = "11111111111"".

    Lowering the log_level to 2 will get rid of the "summary" lines (which I want to keep), but keep the "connection" lines (which I want to loose)...


    Thanks
    Henning
     
    herira, Apr 23, 2007
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...