man pflogsumm Command

Man page for apt-get pflogsumm Command

Man Page for pflogsumm in Linux

Ubuntu Man Command : man pflogsumm

Man Pflogsumm  Command

This tutorial shows the man page for man pflogsumm in linux.

Open terminal with 'su' access and type the command as shown below:
man pflogsumm

Result of the Command Execution shown below:

PFLOGSUMM(1)                                                     User Contributed Perl Documentation                                                    PFLOGSUMM(1)

NAME Produce Postfix MTA logfile summary

Copyright (C) 1998 2007 by James S. Seymour, Release 1.1.2.

SYNOPSIS [eq] [ d <today é"!yesterday>] [ h <cnt>] [ u <cnt>]
[ verp_mung[=<n>]] [ verbose_msg_detail] [ iso_date_time]
[ m é"! uucp_mung] [ i é"! ignore_case] [ smtpd_stats] [ mailq]
[ problems_first] [ rej_add_from] [ no_bounce_detail]
[ no_deferral_detail] [ no_reject_detail] [ no_no_msg_size]
[ no_smtpd_warnings] [ zero_fill] [ syslog_name=string]
[file1 [filen]] [help é"!version]

If no file(s) specified, reads from stdin. Output is to stdout.

Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is
designed to provide an over view of Postfix activity, with just enough
detail to give the administrator a "heads up" for potential trouble

Pflogsumm generates summaries and, in some cases, detailed reports of
mail server traffic volumes, rejected and bounced email, and server
warnings, errors and panics.

d today generate report for just today
d yesterday generate report for just "yesterday"

e extended (extreme? excessive?) detail

Emit detailed reports. At present, this includes
only a per message report, sorted by sender domain,
then user in domain, then by queue i.d.

WARNING: the data built to generate this report can
quickly consume very large amounts of memory if a
lot of log entries are processed!

h <cnt> top <cnt> to display in host/domain reports.

0 = none.

See also: " u" and " no_*_detail" for further
report limiting options.

help Emit short usage message and bail out.

(By happy coincidence, " h" alone does much the same,
being as it requires a numeric argument : ). Yeah, I
know: lame.)

ignore_case Handle complete email address in a case insensitive

Normally pflogsumm lower cases only the host and
domain parts, leaving the user part alone. This
option causes the entire email address to be lower


For summaries that contain date or time information,
use ISO 8601 standard formats (CCYY MM DD and HH:MM),
rather than "Mon DD CCYY" and "HHMM".

m modify (mung?) UUCP style bang paths

This is for use when you have a mix of Internet style
domain addresses and UUCP style bang paths in the log.
Upstream UUCP feeds sometimes mung Internet domain
style address into bang paths. This option can
sometimes undo the "damage". For example:
"somehost.dom!username@foo" (where "foo" is the next
host upstream and "somehost.dom" was whence the email
originated) will get converted to
"foo!username@somehost.dom". This also affects the
extended detail report ( e), to help ensure that by
domain by name sorting is more accurate.

mailq Run "mailq" command at end of report.

Merely a convenience feature. (Assumes that "mailq"
is in $PATH. See "$mailqCmd" variable to path thisi
if desired.)


Suppresses the printing of the following detailed
reports, respectively:

message bounce detail (by relay)
message deferral detail
message reject detail

See also: " u" and " h" for further report limiting


Do not emit report on "Messages with no size data".

Message size is reported only by the queue manager.
The message may be delivered long enough after the
(last) qmgr log entry that the information is not in
the log(s) processed by a particular run of This throws off "Recipients by message
size" and the total for "bytes delivered." These are
normally reported by pflogsumm as "Messages with no
size data."


On a busy mail server, say at an ISP, SMTPD warnings
can result in a rather sizeable report. This option
turns reporting them off.


Emit "problems" reports (bounces, defers, warnings,
etc.) before "normal" stats.

For those reject reports that list IP addresses or
host/domain names: append the email from address to
each listing. (Does not apply to "Improper use of
SMTP command pipelining" report.)

q quiet don't print headings for empty reports

note: headings for warning, fatal, and "master"
messages will always be printed.


Generate smtpd connection statistics.

The "per day" report is not generated for single day
reports. For multiple day reports: "per hour" numbers
are daily averages (reflected in the report heading).


Set syslog_name to look for for Postfix log entries.

By default, pflogsumm looks for entries in logfiles
with a syslog name of "postfix," the default.
If you've set a non default "syslog_name" parameter
in your Postfix configuration, use this option to
tell pflogsumm what that is.

See the discussion about the use of this option under
"NOTES," below.

u <cnt> top <cnt> to display in user reports. 0 == none.

See also: " h" and " no_*_detail" for further
report limiting options.


For the message deferral, bounce and reject summaries:
display the full "reason", rather than a truncated one.

Note: this can result in quite long lines in the report.

verp_mung do "VERP" generated address (?) munging. Convert
verp_mung=2 sender addresses of the form
"list return NN someuser=some.dom@host.sender.dom"
"list return ID someuser=some.dom@host.sender.dom"

In other words: replace the numeric value with "ID".

By specifying the optional "=2" (second form), the
munging is more "aggressive", converting the address
to something like:

"list return@host.sender.dom"

Actually: specifying anything less than 2 does the
"simple" munging and anything greater than 1 results
in the more "aggressive" hack being applied.

See "NOTES" regarding this option.

version Print program name and version and bail out.

zero_fill "Zero fill" certain arrays so reports come out with
data in columns that that might otherwise be blank.

Pflogsumm doesn't return anything of interest to the shell.

Error messages are emitted to stderr.

Produce a report of previous day's activities: d yesterday /var/log/maillog

A report of prior week's activities (after logs rotated): /var/log/maillog.0

What's happened so far today: d today /var/log/maillog

Crontab entry to generate a report of the previous day's activity
at 10 minutes after midnight.

10 0 * * * /usr/local/sbin/pflogsumm d yesterday /var/log/maillog
2>&1  é"!/usr/bin/mailx s "`uname n` daily mail stats" postmaster

Crontab entry to generate a report for the prior week's activity.
(This example assumes one rotates ones mail logs weekly, some time
before 4:10 a.m. on Sunday.)

10 4 * * 0 /usr/local/sbin/pflogsumm /var/log/maillog.0
2>&1  é"!/usr/bin/mailx s "`uname n` weekly mail stats" postmaster

The two crontab examples, above, must actually be a single line
each. They're broken up into two or more lines due to page
formatting issues.

The pflogsumm FAQ: pflogsumm faq.txt.

Pflogsumm makes no attempt to catch/parse non Postfix log
entries. Unless it has "postfix/" in the log entry, it will be

It's important that the logs are presented to pflogsumm in
chronological order so that message sizes are available when

For display purposes: integer values are munged into "kilo" and
"mega" notation as they exceed certain values. I chose the
admittedly arbitrary boundaries of 512k and 512m as the points at
which to do this my thinking being 512x was the largest number
(of digits) that most folks can comfortably grok at a glance.
These are "computer" "k" and "m", not 1000 and 1,000,000. You
can easily change all of this with some constants near the
beginning of the program.

"Items per day" reports are not generated for single day
reports. For multiple day reports: "Items per hour" numbers are
daily averages (reflected in the report headings).

Message rejects, reject warnings, holds and discards are all
reported under the "rejects" column for the Per Hour and Per Day
traffic summaries.

Verp munging may not always result in correct address and
address count reduction.

Verp munging is always in a state of experimentation. The use
of this option may result in inaccurate statistics with regards
to the "senders" count.

UUCP style bang path handling needs more work. Particularly if
Postfix is not being run with "swap_bangpath = yes" and/or *is* being
run with "append_dot_mydomain = yes", the detailed by message report
may not be sorted correctly by domain by user. (Also depends on
upstream MTA, I suspect.)

The "percent rejected" and "percent discarded" figures are only
approximations. They are calculated as follows (example is for
"percent rejected"):

percent rejected =

(rejected / (delivered + rejected + discarded)) * 100

There are some issues with the use of syslog_name. The problem is
that, even with $syslog_name set, Postfix will sometimes still log
things with "postfix" as the syslog_name. This is noted in

Related Topics

Apt Get Commands