logging

Julian Field mailscanner at ecs.soton.ac.uk
Thu Sep 12 22:49:52 IST 2002


At 18:48 12/09/2002, you wrote:
>I understand that #5 would result in a large amount of data being
>generated in log files however the problem that I am attempting to solve
>is that the mailarchive function uses a *huge* amount of space when
>enabled.  In the end I am looking to generate per user, per domain and
>summary statistics from this type of log.  I can see where the TO field
>may end up as a fairly long string.  I understand if it seems impractical.

Would your problem be solved by being able to archive different users' and
different domains' mail in separate directories, where you could then just
scan those directories themselves to produce reports on their contents?

Would this be more useful than very verbose logs?

>5. entries that could be used to create email usage reports.  For each
>email to have To, From, Subject, Date, bytes, and names of any attachments
>would allow for easier creation of user reports.
>
>Is there a limit on the length of a log entry? These would be *very* long.
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Thursday, September 12, 2002 9:33 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: logging
>
>Ok, here are all the responses:
>
>1. From <$1> To <$2> virus <$3>
>
>Impossible to generically extract the name of the virus, so this would
>have to include the whole virus report.
>
>2. something that grep could sniff out easily ONLY for caught viruses. Or
>do you have a better solution? The Email ID to go along with it as well
>would be nice. for ones that were scanned and ones that were found to be
>infected
>
>Such as?
>
>3. I would definately like the virus name reported by the virus engine
>
>See (1)
>
>4. making the logging as machine freindly as possible
>
>I will do what I can.
>
>5. entries that could be used to create email usage reports.  For each
>email to have To, From, Subject, Date, bytes, and names of any attachments
>would allow for easier creation of user reports.
>
>Is there a limit on the length of a log entry? These would be *very* long.
>
>6. Identifiable tag
>When you get a chance would you consider altering the logging code for
>matches on filename rules to have an identifiable tag. E.g. instead of
>logging:
>"Executable file in filename.exe" and "Possible MS-Dos shortcut attack
>in filename.pif"
>Log:
>"Filename Rules: Executable file in filename.exe" and "Filename rules:
>Possible MS-Dos shortcut attack in filename.pif"
>
>Definite good idea.
>
>Any more thoughts from anyone?
>--
>Julian Field                Teaching Systems Manager
>jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>Tel. 023 8059 2817          University of Southampton
>                             Southampton SO17 1BJ

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020912/66e4296d/attachment.html


More information about the MailScanner mailing list