Hi MarkThompson,
I just noticed that my example had the qid parts eaten... probably because I used gt / lt signs which were treated as some type of htm tags... I've tried to lay out my question again below, hopefully it's clearer now!
I would like all the log events from an email message delivery through a number of email server hops to end up as one transaction showing the delivery of that email message as it goes from ingress at our border server through our core to it's final email server delivery. To do this, I think I need to make a transaction out of all the log events related to an email delivery.
The complication is that while each email has log lines related to each other by an assigned qid, each email server that handles that email during delivery assigns it's own qid. The string of qid's is maintained by the receiving sendmail server providing the sending sendmail server the new qid...
I hope that a) my description is clear and b) I'm not telling you too much of what you already know... For the benefit of all who might read this, I'm trying to be as (painfully) clear as possible! 🙂
In short, I would like all log events of the following format to be "made" into one transaction;
mailsrv1 log line 1: qid1
mailsrv1 log line 2: qid1
mailsrv1 log line n: qid1 ( qid2 message accepted for delivery)
mailsrv2 log line 1: qid2
mailsrv2 log line 2: qid2
mailsrv2 log line n: qid2 ( qid3 message accepted for delivery)
... View more