NAME
sa-stats.pl - Builds received spam/ham report from mail log
New Note §
VERSION
$Revision: 1.17 $
New Note §
SYNOPSIS
Usage: sa-stats.pl [options]
- Options
- -l, --logfile=filename logfile to read
(default: /var/log/maillog) -s, --start Sets date/time for start of reporting pe +riod
-e, --end Sets date/time for end of reporting peri +od
-u, --userstats Generates stats for the top spam victims
(default is 25; see -T) -H, --html Generates HTML report
(default: plain text) -T, --top=# Display top # spam victims
(# defaults to 25; -T implies -u) -h, --help Displays this message -V, --version Display version info --mail=emailaddress Sends report to emailaddress --sendmail=/path/to/sendmail Location of sendmail binary
(default: /usr/sbin/sendmail) --from=emailaddress Sets From: field of mail -v, --verbose Sets verbose mode (requires -D) -D, --debug Sets debug mode
New Note §
DESCRIPTION
Creates simple text report of spam/ham detected by SpamAssassin by parsing spamd entries in the mail log (generally /var/log/maillog)
New Note §
EXAMPLES
To generate a text report from midnight to present using /var/log/maillog: New Note §
./sa-stats.pl -s 'midnight' -e 'now' > sa_stats.txt
New Note §
To generate an HTML report including the top 5 spam victims for the month of January 2004 from compressed mail logs: New Note §
gunzip -c /var/log/maillog-200401*.gz | ./sa-stats.pl -H -T 5 -l - \ -s '2001-01-01 00:00:00' -e '2004-01-31 23:59:59' > jan_2004_stats.html
New Note §
Note the use of '-' as a filename to represent STDIN. New Note §
To generate a text report with per-user stats from yesterday, reading from /var/log/mail and turning on all debugging output: New Note §
./sa-stats.pl -v -D -u -l /var/log/mail \ -s 'yesterday midnight' 1>stats.txt 2>stats.err
New Note §
TIPS
*
Are you running spamd? Currently sa-stats.pl only reads syslog entries from spamd; it doesn't work with MTA-level calls to Mail::SpamAssassin or with logs generated by the spamassassin perl script.
New Note §
*
Are there spamd entries in your mail log? Use 'grep spamd /var/log/maillog' to find out.
New Note §
*
Are there spamd entries in your mail log within the analysis interval? Run 'sa-stats.pl -v -D ...' to see the entries that are found and discarded as well as to see the actual analysis interval.
New Note §
DEPENDENCIES
*
Getopt::Long
New Note §
*
POSIX
New Note §
*
Time::Local
New Note §
*
Date::Manip
New Note §
*
Parse::Syslog;
New Note §
BUGS
*
Because of poor year handling in Parse::Syslog, the script may not work well when the log file dates back to the previous year.
New Note §
TO DO
*
Find bugs
New Note §
*
Fix bugs
New Note §
*
Don't call /usr/sbin/sendmail directly; use Mail::Internet or Net::SMTP or other standard module
New Note §
*
Add support for compressed logs (see gzopen() from Compress::Zlib)
New Note §
*
Have --verbose work without --debug
New Note §
AUTHORS
Brad Rathbun <brad@computechnv.com> http://www.computechnv.com/ New Note §
Bob Apthorpe <apthorpe+sa@cynistar.net> http://www.cynistar.net/~apthorpe/ New Note §
Duncan Findlay <duncf@debian.org>