<html>
At 18:48 12/09/2002, you wrote:<br>
<blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">I
understand that #5 would result in a large amount of data being generated
in log files however the problem that I am attempting to solve is that
the mailarchive function uses a *huge* amount of space when
enabled. In the end I am looking to generate per user, per domain
and summary statistics from this type of log. I can see where the
TO field may end up as a fairly long string. I understand if it
seems impractical.</font></blockquote><br>
Would your problem be solved by being able to archive different users'
and different domains' mail in separate directories, where you could then
just scan those directories themselves to produce reports on their
contents?<br><br>
Would this be more useful than very verbose logs?<br><br>
<blockquote type=cite class=cite cite><font face="Times New Roman, Times"><b>5.
entries that could be used to create email usage reports. For each
email to have To, From, Subject, Date, bytes, and names of any
attachments would allow for easier creation of user reports.<br><br>
</b>Is there a limit on the length of a log entry? These would be *very*
long.</font><font face="arial" size=2 color="#0000FF"><br>
</font>
<dl><font face="tahoma" size=2>
<dd>-----Original Message-----
<dd>From:</b> Julian Field
[<a href="mailto:mailscanner@ECS.SOTON.AC.UK" eudora="autourl">mailto:mailscanner@ECS.SOTON.AC.UK</a>]
<dd>Sent:</b> Thursday, September 12, 2002 9:33 AM
<dd>To:</b> MAILSCANNER@JISCMAIL.AC.UK
<dd>Subject:</b> Re: logging<br><br>
</font>
<dd>Ok, here are all the responses:<br><br>
<dd>1. From <$1> To <$2> virus <$3><br><br>
</b>
<dd>Impossible to generically extract the name of the virus, so this
would have to include the whole virus report.<br><br>
<dd>2. something that grep could sniff out easily ONLY for caught
viruses.</b> Or do you have a better solution? The Email ID to go along
with it as well would be nice. for ones that were scanned and ones that
were found to be infected<br><br>
</b>
<dd>Such as?<br><br>
<dd>3. I would definately like the virus name reported by the virus
engine<br><br>
</b>
<dd>See (1)<br><br>
<dd>4. making the logging as machine freindly as possible <br><br>
</b>
<dd>I will do what I can.<br><br>
<dd>5. entries that could be used to create email usage reports.
For each email to have To, From, Subject, Date, bytes, and names of any
attachments would allow for easier creation of user reports.<br><br>
</b>
<dd>Is there a limit on the length of a log entry? These would be *very*
long.<br><br>
<dd>6. Identifiable tag
<dd>When you get a chance would you consider altering the logging code
for
<dd>matches on filename rules to have an identifiable tag. E.g. instead
of
<dd>logging:
<dd>"Executable file in filename.exe" and "Possible MS-Dos
shortcut attack
<dd>in filename.pif"
<dd>Log:
<dd>"Filename Rules: Executable file in filename.exe" and
"Filename rules:
<dd>Possible MS-Dos shortcut attack in filename.pif"<br><br>
</b>
<dd>Definite good idea.<br><br>
<dd>Any more thoughts from anyone?
<dd>--
<dd>Julian
Field
Teaching Systems Manager
<dd>jkf@ecs.soton.ac.uk
Dept. of Electronics & Computer Science
<dd>Tel. 023 8059
2817 University of
Southampton
<dd>
Southampton SO17 1BJ
</dl></blockquote><br>
<div>--</div>
<div>Julian
Field
Teaching Systems Manager</div>
<div>jkf@ecs.soton.ac.uk
Dept. of Electronics & Computer Science</div>
<div>Tel. 023 8059
2817 University of
Southampton</div>
Southampton SO17 1BJ
</html>