MRTG
Mike Kercher
mike at CAMAROSS.NET
Tue Oct 1 21:42:13 IST 2002
I forgot to mention, this script is counting connections that are rejected at the MTA (either via /etc/mail/access.db or dnsbl) as
spam or at least attempted spam.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Mike Kercher
Sent: Tuesday, October 01, 2002 3:36 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
Kris got this worked out today. If anyone wants a copy of the sendmail.logs.pl script we are using with v4.00, grab it here:
http://CamaroSS.net/sendmail.logs.pl
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Kris Stumpner
Sent: Tuesday, October 01, 2002 12:40 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
Here's what I came up with tonight. It uses the many extra log file entries
that v4 offers now. It also catches the viruses that are found via Filename
Checks.
if (/MailScanner/) {
$TotalViruses += $1 if /Virus Scanning: Found (\d+) viruses/i;
$TotalViruses++ if /Filename Checks: \S* virus/i;
$TotalSpam += $1 if /Spam Checks: Found (\d+) spam messages/i;
}
The problem I see with the '$TotalViruses ++ if />>> Virus/;' ccommand is
that when MailScanner does a Virus Rescan, it catches it again, so the
figures are skewed 2-fold (as mike pointed out earlier).
Also, '$TotalSpam++ if /actions are deliver/i;' will not work if the server
is not delivering spam marked mail.
This seems to be working good for me thus far.
Kris
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Mike Kercher
Sent: Monday, September 30, 2002 11:37 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] MRTG
Ok...I've been jacking with sendmail.logs.pl now for hours and since I can
only spell 'perl', I'm stumped! For the virus counters,
I need to find '>>> Virus' to increment the counter, but nothing I put on
the line seems to work.
$TotalViruses += $1 if />>> Virus/;
$TotalViruses += $1 if /Rescan/;
$TotalViruses += $1 if /Rescan/i;
Can a perl guru shed some light?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Rose, Bobby
Sent: Monday, September 30, 2002 5:12 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
Oops yeh I forgot about that one.
-----Original Message-----
From: Mike Kercher [mailto:mike at CAMAROSS.NET]
Sent: Monday, September 30, 2002 5:56 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
I found one problem: The process changed from 'mailscanner' to
'MailScanner', so now my spams are being picked up. Viruses are not
however. One thing I noticed in grepping the log is that Viruses that
are detected are being listed twice:
[root at redline bin]# cat /var/log/maillog |grep ">>> Virus"
Sep 30 11:10:39 redline MailScanner[18225]: >>> Virus 'W32/Klez-H' found
in file ./g8UGAXv19493/install.exe Sep 30 11:10:42 redline
MailScanner[18225]: >>> Virus 'W32/Klez-H' found in file
./g8UGAXv19493/install.exe Sep 30 14:21:15 redline MailScanner[18225]:
>>> Virus 'W32/Bugbear-A' found in file ./g8UJLBv25275/BIRTHDAYS.xls.exe
Sep 30 14:21:18 redline MailScanner[18225]: >>> Virus 'W32/Bugbear-A'
found in file ./g8UJLBv25275/BIRTHDAYS.xls.exe Sep 30 16:17:15 redline
MailScanner[28976]: >>> Virus 'W32/Klez-H' found in file
./g8ULH5v28971/CAYRKX0V.scr Sep 30 16:17:17 redline MailScanner[28976]:
>>> Virus 'W32/Klez-H' found in file ./g8ULH5v28971/CAYRKX0V.scr
Will that not throw the count off by a multiple of 2?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Mike Kercher
Sent: Monday, September 30, 2002 4:39 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
Hrm...that doesn't seem to be working for me...
chomp;
if (/sendmail/) {
$TotalMails += $1 if /nrcpts=(\d+),/;
next;
}
if (/mailscanner/) {
$TotalViruses += $1 if />>> Virus/i;
$TotalSpam++ if /actions are deliver/i;
}
}
close LOG;
}
Does that look like what you have?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Rose, Bobby
Sent: Monday, September 30, 2002 4:24 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
The logging has changed so you need to change string used to the regex
the sendmail.logs.pl script. I'm currently using
/actions are deliver/I for Spam and />>> Virus/I for Viruses. So far
that seems to be correct.
-----Original Message-----
From: Mike Kercher [mailto:mike at CAMAROSS.NET]
Sent: Monday, September 30, 2002 5:06 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
They used to be before I upgraded to 4.00 When I have some time, I'll
try to figure out why it's not working anymore.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Matt
Sent: Monday, September 30, 2002 3:59 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MRTG
> I have it running at http://bladeware.com/ I haven't tweaked it since
> moving to v4.00 so for some reason, my Spam and Virus stats are out of
> date. The mail is working though :)
I think it would be neat to have the SPAM and virus stats in the same
graph. Kind of like a T1 is graphed with upstream in one color and
downstream in another.
Matt
More information about the MailScanner
mailing list