Logwatch plugin for MailScanner? {Scanned by HJMS}

Tue Sep 9 23:48:50 IST 2003

Good 'nuff - thanks.  I'll start from yours and get back to you if I come up
with useful enhancements.

--
Trever

> -----Original Message-----
> From: Mark Nienberg [mailto:mark at TIPPINGMAR.COM]
> Sent: Tuesday, September 09, 2003 5:34 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Logwatch plugin for MailScanner? {Scanned by HJMS}
>
>
> On 9 Sep 2003 at 15:42, Furnish, Trever G wrote:
> > Redhat ships with Logwatch nicely configured to do nightly
> log summaries of
> > anything unusual to root.  It's a nice framework, IMHO.
> Before I start
> > writing a plugin for summarizing MailScanner logs at my
> site I thought I'd
> > ask - anyone already done one?
>
> Well, sort of.  I wrote a very simple one that just reports:
>
> the number of viruses,
> the number of delivered spam,
> the number of deleted spam,
> and the number of timeouts for spamassassin.
>
> It is ridiculously underpowered compared to other standalone
> log analyzers
> contributed by others on this list.  But it is in the right
> form for use with logwatch, so
> maybe you could use it as a starting point for something more
> powerful.
>
> By the way, I upgraded the logwatch that came with my RedHat
> 7.3 to one from the
> logwatch website (4.3.2-1), which is a huge improvement.
> ----
> Mark
>
>
> Here is the file "/etc/log.d/conf/services/mailscanner.conf"
>
> ################################################################
> # $Id: MailScanner.conf,v 0.1 2003/05/28 mark Exp $
> ################################################################
>
> # You can put comments anywhere you want to.  They are
> effective for the
> # rest of the line.
>
> # this is in the format of <name> = <value>.  Whitespace at
> the beginning
> # and end of the lines is removed.  Whitespace before and
> after the = sign
> # is removed.  Everything is case *insensitive*.
>
> # Yes = True  = On  = 1
> # No  = False = Off = 0
>
> Title = "MailScanner"
>
> # Which logfile group...
> LogFile = maillog
>
> # Only give lines pertaining to the MailScanner service...
> *OnlyService = MailScanner
> *RemoveHeaders
>
>
> And here is the file  "/etc/log.d/scripts/services/mailscanner"
>
> #!/usr/bin/perl
> #############################################################
> # $Id: MailScanner,v 0.3 2003/06/02  mark
> #############################################################
>
> $Viruses = 0;
> $SpamDeleted = 0;
> $SpamDelivered = 0;
> $SAtimeout = 0;
>
> while (defined($ThisLine = <STDIN>)) {
>    if ($ThisLine =~ /actions are .*delete/) {
>       $SpamDeleted++;
>    } elsif ($ThisLine =~ /actions are .*deliver/) {
>       $SpamDelivered++;
>    }
>
>    if ($ThisLine =~ /SpamAssassin timed out/) {
>       $SAtimeout++;
>    }
>
>    if ( ($Virii) = ($ThisLine =~ /Virus Scanning: Found (\d+)
> viruses/) ) {
>       $Viruses += $Virii;
>    }
> }
>
>
> if ($Viruses > 0) {
>    print "\n" . $Viruses . " viruses found";
> }
>
> if ($SpamDeleted > 0) {
>    print "\n" . $SpamDeleted . " spam messages deleted";
> }
>
> if ($SpamDelivered > 0) {
>    print "\n" . $SpamDelivered . " spam messages delivered";
> }
>
> if ($SAtimeout > 0) {
>    print "\n" . $SAtimeout . " SpamAssassin time outs";
> }
>
> exit(0);
>