logging
Richard, Matt
matthew.richard at COCC.COM
Thu Sep 12 18:48:06 IST 2002
Julian,
I understand that #5 would result in a large amount of data being generated
in log files however the problem that I am attempting to solve is that the
mailarchive function uses a *huge* amount of space when enabled. In the end
I am looking to generate per user, per domain and summary statistics from
this type of log. I can see where the TO field may end up as a fairly long
string. I understand if it seems impractical.
Matthew Richard
matthew.richard at cocc.com <mailto:matthew.richard at cocc.com>
860-678-0444x449
Connecticut Online Computer Center
Avon, CT 06001
5. entries that could be used to create email usage reports. For each email
to have To, From, Subject, Date, bytes, and names of any attachments would
allow for easier creation of user reports.
Is there a limit on the length of a log entry? These would be *very* long.
-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Thursday, September 12, 2002 9:33 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: logging
Ok, here are all the responses:
1. From <$1> To <$2> virus <$3>
Impossible to generically extract the name of the virus, so this would have
to include the whole virus report.
2. something that grep could sniff out easily ONLY for caught viruses. Or do
you have a better solution? The Email ID to go along with it as well would
be nice. for ones that were scanned and ones that were found to be infected
Such as?
3. I would definately like the virus name reported by the virus engine
See (1)
4. making the logging as machine freindly as possible
I will do what I can.
5. entries that could be used to create email usage reports. For each email
to have To, From, Subject, Date, bytes, and names of any attachments would
allow for easier creation of user reports.
Is there a limit on the length of a log entry? These would be *very* long.
6. Identifiable tag
When you get a chance would you consider altering the logging code for
matches on filename rules to have an identifiable tag. E.g. instead of
logging:
"Executable file in filename.exe" and "Possible MS-Dos shortcut attack
in filename.pif"
Log:
"Filename Rules: Executable file in filename.exe" and "Filename rules:
Possible MS-Dos shortcut attack in filename.pif"
Definite good idea.
Any more thoughts from anyone?
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020912/4d144391/attachment.html
More information about the MailScanner
mailing list