With /usr/bin/log I can get information about the mail services from macOS's log system. E.g. /usr/bin/log show --start '2019-08-07 12:50:59' --end '2019-08-07 13:00:59' --predicate '(process == "smtp") || (process == "smtpd") || (process == "postscreen") || (process == "qmgr")' -info
I use run this via a script every night to get a semi-normal postfix log from macOS's log system.
#!/bin/bash
#LOGDIR=/tmp # For testing
LOGDIR=/var/log
LOGFILE="$LOGDIR/tmpmail.log"
LOGDATEFILE="$LOGDIR/maillog.lastrun"
LOCKDIR="$LOGDIR/maillog.lock"
if mkdir "$LOCKDIR"
then
# Lock acquired
# Remove LOCKDIR when the script finishes, or when it receives a signal
trap 'rm -rf "$LOCKDIR"' 0 # remove directory when script finishes
ENDDATE=$(date -v-1S +"%Y-%m-%d %T")
echo >&2 "Adding mail log data to $LOGFILE until cutoff $ENDDATE"
if [ ! -f "$LOGDATEFILE" ]
then
/usr/bin/log show --end "$ENDDATE" --predicate '(process == "smtp") || (process == "smtpd") || (process == "postscreen") || (process == "qmgr")' -info >> "$LOGFILE"
else
STARTDATE=`cat "$LOGDATEFILE"`
echo >&2 "Adding mail log data to $LOGFILE from previous cutoff $STARTDATE"
/usr/bin/log show --start "$STARTDATE" --end "$ENDDATE" --predicate '(process == "smtp") || (process == "smtpd") || (process == "postscreen") || (process == "qmgr")' -info >> "$LOGFILE"
fi
/bin/echo -n "$ENDDATE" >"$LOGDATEFILE"
else
# Another one is already running or the lock was not cleaned up
echo >&2 "Cannot acquire lock on $LOCKDIR. Giving up"
exit 0
fi
This used to work perfectly, and I had no need for my logs for a long while. Now I have, and I find out that the log extraction has become erratic. To be precise: while I can see a few messages being delivered (or greylisting-bounced) in the log, there are many that I know that have been delivered (they are in the user's mail box), but that do not show up in the log. I cannot think of a rational explanation.
Could it be that the database of macOS's log system is hosed and how do I find out?