# Postfix doesn't write to maillog



## urello (Jul 31, 2014)

Fresh installation of Postfix on FreeBSD 9.1 doesn't write to /var/log/maillog


```
[root@freegtw /var/log]# postconf -n
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_interfaces = localhost 192.168.1.100
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination =
myhostname = postfix.local
mynetworks = 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost =
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
unknown_local_recipient_reject_code = 550
```


```
[root@freegtw /var/log]# grep -v ^# /etc/syslog.conf
*.err;kern.warning;auth.notice                  /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
auth.info;authpriv.info                         |exec /usr/local/sbin/sshit
!dhcpd
*.debug                                         /var/log/dhcpd.log
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.*                                          /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *
local4.*                                        /var/log/slapd.log

+192.168.1.2
*.*                                             /var/log/nas.log
+192.168.1.250
*.*                                             /var/log/linksys.log
!ppp
*.*                                             /var/log/ppp.log
```


```
[root@freegtw /var/log]# ls -l /var/log/maillog
-rw-r-----  1 root  wheel  0 Jul 31 15:59 /var/log/maillog
```


----------



## SirDice (Jul 31, 2014)

urello said:
			
		

> ```
> !dhcpd
> ```


Remove that line. It prevents syslog from parsing anything else beyond that line.


----------



## urello (Jul 31, 2014)

If I move !dhcp section beyond !ppp section then dhcpd doesn't write to /var/log/dhcpd.log. Is there any workaround for this or one can use only one section of this type per syslog.conf file?


----------



## SirDice (Jul 31, 2014)

Ah, right. You need to move the other line too. So place this at the end:

```
!dhcpd
*.debug                                         /var/log/dhcpd.log
```

The !<program> filters all messages until the next !<program>. In your old configuration all messages from security.*, mail.*, etc. (almost everything underneath !dhcpd) would only be parsed if the process that sent them is named 'dhcpd', which is obviously not the case for postfix


----------



## urello (Jul 31, 2014)

Is it possible to use !ppp and !dhcpd at the same time? Right now !dhcpd doesn't work after i moved it beyond !ppp


----------



## SirDice (Aug 1, 2014)

On my 9-STABLE machine the last line is 

```
!*
```
Make sure you put the two dhcpd lines above that. There's some other things in your syslog.conf that aren't in the "default" file. Mine should be relatively clean as I tend not to modify it. I'll post it here:

```
# $FreeBSD: stable/9/etc/syslog.conf 238473 2012-07-15 10:55:43Z brueffer $
#
#       Spaces ARE valid field separators in this file. However,
#       other *nix-like systems still insist on using tabs as field
#       separators. If you are sharing this file between systems, you
#       may want to use only tabs as field separators here.
#       Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
*.=debug                                        /var/log/debug.log
*.emerg                                         *
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info                                   /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice
!ppp
*.*                                             /var/log/ppp.log
!*
```


----------

