Logwatch plugin for MailScanner?

[Mark Nienberg]

On 9 Sep 2003 at 15:42, Furnish, Trever G wrote:
> Redhat ships with Logwatch nicely configured to do nightly log summaries of
> anything unusual to root.  It's a nice framework, IMHO.  Before I start
> writing a plugin for summarizing MailScanner logs at my site I thought I'd
> ask - anyone already done one?

Well, sort of.  I wrote a very simple one that just reports:

the number of viruses,
the number of delivered spam,
the number of deleted spam,
and the number of timeouts for spamassassin.

It is ridiculously underpowered compared to other standalone log analyzers
contributed by others on this list.  But it is in the right form for use with logwatch, so
maybe you could use it as a starting point for something more powerful.

By the way, I upgraded the logwatch that came with my RedHat 7.3 to one from the
logwatch website (4.3.2-1), which is a huge improvement.
----
Mark


Here is the file "/etc/log.d/conf/services/mailscanner.conf"

################################################################
# $Id: MailScanner.conf,v 0.1 2003/05/28 mark Exp $
################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "MailScanner"

# Which logfile group...
LogFile = maillog

# Only give lines pertaining to the MailScanner service...
*OnlyService = MailScanner
*RemoveHeaders


And here is the file  "/etc/log.d/scripts/services/mailscanner"

#!/usr/bin/perl
#############################################################
# $Id: MailScanner,v 0.3 2003/06/02  mark
#############################################################

$Viruses = 0;
$SpamDeleted = 0;
$SpamDelivered = 0;
$SAtimeout = 0;

while (defined($ThisLine = <STDIN>)) {
   if ($ThisLine =~ /actions are .*delete/) {
      $SpamDeleted++;
   } elsif ($ThisLine =~ /actions are .*deliver/) {
      $SpamDelivered++;
   }

   if ($ThisLine =~ /SpamAssassin timed out/) {
      $SAtimeout++;
   }

   if ( ($Virii) = ($ThisLine =~ /Virus Scanning: Found (\d+) viruses/) ) {
      $Viruses += $Virii;
   }
}


if ($Viruses > 0) {
   print "\n" . $Viruses . " viruses found";
}

if ($SpamDeleted > 0) {
   print "\n" . $SpamDeleted . " spam messages deleted";
}

if ($SpamDelivered > 0) {
   print "\n" . $SpamDelivered . " spam messages delivered";
}

if ($SAtimeout > 0) {
   print "\n" . $SAtimeout . " SpamAssassin time outs";
}

exit(0);