The Message Log notifier parses the message_log file and generates events based on what it sees in the file. Events that are to be notified on are each configured via a <event>...</event> block in the monitor-notifier.conf file.



  <notifier message_log>
    use = PureMessage::Monitor::Notifier::MessageLog
    <event spam>
    <event internal_mail>
    <event every_message>

Option Explanations

Within the <event>...</event> block, key=value pairs are used to filter log entries and determine when to fire the event. The ``key'' is the actual field from the message_log and the ``value'' is a regular expression that must be matched in order for the event to fire. Multiple key=value pairs can be listed within an <event>...</event> block, and all must match in order for the event to fire.

For more information on the fields present in the message_log and their meaning, please refer to PureMessage::MessageLog.

Events generated by the Message Log notifier may contain the following fields of information which can be consumed by Analyzers:

The time stamp (in seconds since the epoch) from the log entry; when the log entry occurred.

The name of the Event, as configured in the <event>...</event> block (e.g. ``spam'').

milter_status (a)
The milter status for this message, and the callback that provided the final action.

blocklist_result (b)
The result of a blocklist lookup; ``ok'' or ``reject''.

env_from (f)
The envelope-from address.

internal (i)
Message was generated from an internal host.

spam_probability (p)
The spam probability value for the message; a number between 0 and 1.

queue_id (q)
The MTA queue id of the message.

relay_host (r)
The hostname of the relay SMTP server.

ext_relay_host (fur)
The IP address of the first unknown relay SMTP server. The first unknown relay is the first relay in the received headers of a message that is NOT in the trusted relays list.

message_size (size)
The message size (in bytes).

env_to (t)
The envelope-to address. Repeats when there are multiple recipients of the message.

processing_time (tm)
The time (in seconds) that it took to process the message.

virus_id (v)
The virus ID. Will repeat if multiple viruses are found.

You can also monitor custom message_log entries by specifying their given name. For example, if you have added a custom message_log entry such as the following:


You could then monitor the occurrences of this message_log entry by adding an event block to the monitor-notifier.conf file like the following:

  <event my_event_name>


Copyright (C) 2000-2006 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.