Line 174: |
Line 174: |
| print count[j] "\t" j; \ | | print count[j] "\t" j; \ |
| }' \ | | }' \ |
− | $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f)</nowiki> | + | $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f -name "@*" -o -name current)</nowiki> |
| | | |
| Sample Output: | | Sample Output: |
Line 190: |
Line 190: |
| echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \ | | echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \ |
| if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \ | | if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \ |
− | awk -F"[\t]" ' /logterse plugin/ { svc=$6; count[svc]++; count["Total"]++; } END { for (j in count) print count[j] "\t" j; }' \ | + | awk -F"[\t]" ' /logterse/ { svc=$6; count[svc]++; count["Total"]++; } END \ |
− | $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f) \ | + | { for (j in count) print count[j] "\t" j; }' \ |
| + | $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f -name "@*" -o -name current) \ |
| |sort -nr</nowiki> | | |sort -nr</nowiki> |
| | | |
Line 205: |
Line 206: |
| 6 check_spamhelo | | 6 check_spamhelo |
| 6 auth::auth_cvm_unix_local</nowiki> | | 6 auth::auth_cvm_unix_local</nowiki> |
| + | |
| + | I extended the above script to show % of each one: |
| + | <nowiki> |
| + | if [ -z $DAYS ]; then DAYS=1; fi; \ |
| + | echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \ |
| + | if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \ |
| + | awk -F"[\t]" ' /logterse/ { svc=$6; count[svc]++; count["Total"]++; } END \ |
| + | { for (j in count) print count[j] "\t" j "\t" expr count[j]/count["Total"]*100"%" ; }' \ |
| + | $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f) \ |
| + | |sort -n |
| + | </nowiki> |
| + | Sample output of extended version: |
| + | <nowiki> |
| + | 1 headers 0.00769468% |
| + | 2 auth::auth_cvm_unix_local 0.0153894% |
| + | 33 earlytalker 0.253924% |
| + | 355 spamassassin 2.73161% |
| + | 401 naughty 3.08556% |
| + | 698 tls 5.37088% |
| + | 774 rhsbl 5.95568% |
| + | 1127 check_goodrcptto 8.6719% |
| + | 1359 queued 10.4571% |
| + | 8246 resolvable_fromhost 63.4503% |
| + | 12996 Total 100% |
| + | </nowiki> |
| | | |
| ===Display messages that would have been blocked via DNSBL=== | | ===Display messages that would have been blocked via DNSBL=== |
Line 240: |
Line 266: |
| if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \ | | if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \ |
| if [ $NEWTESTBL ]; then TESTBL=$NEWTESTBL; fi; \ | | if [ $NEWTESTBL ]; then TESTBL=$NEWTESTBL; fi; \ |
− | grep -h logging::logterse $(find /var/log/qpsmtpd -ctime -$DAYS) \ | + | grep -h logging::logterse $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -name "@*" -o -name current) \ |
| |grep -v dnsbl.903 \ | | |grep -v dnsbl.903 \ |
| |tai64nlocal \ | | |tai64nlocal \ |
− | |awk -v DNSBL=$TESTBL -F"\t" '{split($1,intro," "); split(intro[8],ip,"."); split($9,hits," "); split( intro[2],time,"."); \ | + | |awk -v DNSBL=$TESTBL -F"\t" '{split($1,intro," "); \ |
− | print "echo -ne \"" intro[1] " " time[1] "\t" $6 "\t" (hits[2]) \ | + | intro[6] == "`" ? split(intro[7],ip,".") : split(intro[8],ip,"."); split($9,hits," "); \ |
− | "\tFrom: " gensub("[<>]","","g",$4) \ | + | split( intro[2],time,"."); \ |
− | "\tTo: " gensub("[<>]","","g",$5) \ | + | print \ |
− | "\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL \ | + | "echo -ne \"" intro[1] " " time[1] \ |
− | "`\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}' |bash | grep 127\.0</nowiki> | + | "\t" $6 \ |
| + | "\t" ip[1] "." ip[2] "." ip[3] "." ip[4] \ |
| + | "\t" (hits[2]) \ |
| + | "\tFrom: " gensub("[<>]","","g",$4) \ |
| + | "\tTo: " gensub("[<>]","","g",$5) \ |
| + | "\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL " |tr \"\n\" \",\" |sed \"s/,$//\" `"\ |
| + | "\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}'\ |
| + | |bash\ |
| + | |grep 127\.0</nowiki> |
| | | |
| ===List Recent Emails with sending IP=== | | ===List Recent Emails with sending IP=== |
Line 275: |
Line 309: |
| <nowiki>export LC_ALL=C; \ | | <nowiki>export LC_ALL=C; \ |
| mydate=$(date "+%Y-%m-%d")\|$(date -d "yesterday" "+%Y-%m-%d"); \ | | mydate=$(date "+%Y-%m-%d")\|$(date -d "yesterday" "+%Y-%m-%d"); \ |
− | cat -v $(find /var/log/qpsmtpd -ctime -1 -type f) |tai64nlocal |egrep $mydate | grep -v ^# | \ | + | cat -v $(find /var/log/qpsmtpd /var/log/sqpsmtpd/ -ctime -1 -type f -name "@*" -o -name current) \ |
| + | |tai64nlocal |egrep $mydate | grep -v ^# | \ |
| awk -v date="$mydate" -v tots=" {{Total}} " -F"[\t]" ' \ | | awk -v date="$mydate" -v tots=" {{Total}} " -F"[\t]" ' \ |
− | /logterse plugin/ {split($4,ss,"."); ssn=0; for (i in ss) { ssn++}; \ | + | /logterse/ {split($4,ss,"."); ssn=0; for (i in ss) { ssn++}; \ |
| sendtld=tolower( ss[ssn]); sub(">","",sendtld); \ | | sendtld=tolower( ss[ssn]); sub(">","",sendtld); \ |
| tld=sprintf("%-20s",sendtld); plugin=sprintf("%-35s",$6); \ | | tld=sprintf("%-20s",sendtld); plugin=sprintf("%-35s",$6); \ |