Tracking the wild mailscanner stats

Fri Aug 15 21:30:39 IST 2003

I've got my 2nd mailscanner box running, but have a couple of hopefully easy
questions regarding tracking stats.  I installed David While's mailstat.pl
program (http://staff.cie.uce.ac.uk/~id001869/mailstats/) which seems to be
more or less working OK, but the graphs for messages, viruses, and spam are
solid blobs, rather than the spikes normally seen on an MRTG graph.  The
server load has peaks and valleys like I'd expect.  On the
http://mail.boys-brigade.org.uk/mrtg/ page which David points to as an
example of mailstats.pl in use, the graphs appear as I'd expect.  (They also
have two graphs that didn't appear in my installation - maybe custom tweaks
on their part?).

It appears that my install is also accumulates the totals from day one.
Thus, I get a steadily rising level, rather than a snapshot of what's
happened in the last 10 minutes (which is how often cron runs).  Has someone
else out there using the program run into these issues?  I really like the
text stats:  at a glance one can see what viruses have attemtped to come
through, where spam is coming from, last time the virus sig was updated etc.

I also have a logrotate question - slightly tangential to the purpose of the
list, but it *is* my mail log that I want to rotate.  My current
/etc/logrotate.d/syslog is thus:

/var/log/mail /var/log/warn /var/log/messages /var/log/allmessages
/var/log/localmessages /var/log/firewall {
    compress
    dateext
    maxage 365
    rotate 99
    missingok
    notifempty
    size +4096k
    create 644 root root
    sharedscripts
    postrotate
        /etc/init.d/syslog reload
    endscript
}

I'm getting a zillion old /var/log/mail-2003MMDD.gz files.  I believe I'll
get up to 99 with the log settings.  So, what I think I want to do is this:

/var/log/mail {
    compress
    dateext
    maxage 365
    rotate 4
    missingok
    notifempty
    size +4096k
    create 644 root root
    sharedscripts
}
/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages
/var/log/firewall {
    compress
    dateext
    maxage 365
    rotate 99
    missingok
    notifempty
    size +4096k
    create 644 root root
    sharedscripts
    postrotate
        /etc/init.d/syslog reload
    endscript
}

The changes being, that I create a seperate stanza for /var/log/mail, set
the rotate to 4 weeks, and take out the postrotate command.  I'm assuming
that the mail stanza will execute first, then the other, and the last thing
done will be to reload syslog.  Is this in fact what will happen, or do I
want the postrotate lines in the /var/log/mail stanza too?

Thanks much...

...Kevin
-------------------
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500