Rolf Harold Nelson > SyslogScan >


Annotate this POD


New  2
Open  0
View/Report Bugs

NAME ^ -- Summarizes amount of mail routed through host, sorted by e-mail address


 # summarize mail from syslog by user-name
 # which, if your mail loging goes to /var/log/syslog, is equivalent to:
 % -u /var/log/syslog

 # summarize mail by internet domain name from /var/log/syslog,
 # suppressing parse errors
 % -q -g /var/log/syslog

 # summarize mail by mail deliveries, filtering out mail which
 # was not delivered on September 18 1996
 % -m -T 9.18.1996 /var/log/syslog 

 # cache mail deliveries to file ./syslog.cache
 % -o syslog.cache /var/log/syslog

 # now read deliveries in from cache, and summarize the usage
 # of all users at your domain
 % -i syslog.cache -U `hostname -d`

 # now summarize the usage of all users at, not counting
 # mail sent to/from
 % -i syslog.cache -U


  Usage: [-ugm] [-o cache_outfile]
              [-U user_filter] [-T date_filter]
              [-hvqD] [-i cache_in | syslog ...]
               -u : print report grouped by user (default)
               -g : print report grouped by internet domain name
               -m : print report of mail deliveries
     -o cache_out : store mail deliveries to cache-file "cache_out"
   -U user_filter : only summarize mail involving certain users
   -T date_filter : only summarize mail delivered in a certain time-range
               -q : quiet mode (suppress parsing errors and commentary)
      -i cache_in : read in deliveries from cache-file "cache_in"
        syslog ...: name of logs to scan (default is to use
                    log which messages currently go to)
               -h : print this help message and exit
               -v : print the version number and exit
               -D : print debugging information


To save time for multiple reports, you can cache the deliveries generated from an execution of with the -o flag. The cachefile specified may not already exist.

Subsequent executions can read in the information from the cachefile and increase the executation rate by a factor of about 10.


There are two legal formats for user filters:

     -U      (summarizes mail users sent or delivered)
     -U (summarizes mail users sent or delivered
                          to users who are _not_ at

There are two legal format for date filters:

     -T 9.14.1996
     -T 845251200..845337600  

Both these filters will process only mail successfully delivered on Sept. 14, 1996. The second format allows you to specify any two bounding time_t values such as those produced by


The -T date/time filter should only act upon the data as it is generated from a syslog file. Using the -T filter when reading from a cachefile is not allowed.

The -U address/user filter should only act upon the data as it is being generated into a user or domain summary. Using the -U filter when writing to a cachefile or when generating only a list of deliveries is not allowed.

So, these two lines are legal and will generate a summary of mail sent and received by users at on 9.18.1996: -T 9.18.1996 -o /tmp/syslog.cache /var/log/syslog -u -U -i /tmp/syslog.cache

But neither of these lines is currently legal: -U -o /tmp/syslog.cache /var/log/syslog -u -T 9.18.1996 -i /tmp/syslog.cache


Expect processing mail deliveries to take about 90 sec/megabyte of mail log-lines. If you expect to run multiple reports, consider cacheing your syslog with the -o switch.

 > ls -lL syslog.960801
 -rw-r--r--   1 rolf     30        2364752 Aug  5 18:58 syslog.960801

 > time -m -o /tmp/syslog.cache syslog.960801 > /dev/null 2>&1
 184.226s real  178.220s user  1.560s system  97%

 > cat big_file > /dev/null  # clear out cache for performance test

 > time -m -i /tmp/syslog.cache > /dev/null 2>&1
 17.801s real  14.540s user  0.530s system  84%

Summarizing mail by delivery takes up constant memory. Summarizing by user-name takes up O(n) memory; expect roughly 1 extra megabyte of virtual memory usage per megabyte of syslog file.


The author (Rolf Nelson) can currently be e-mailed as

This code is Copyright (C) SatelLife, Inc. 1996. All rights reserved. This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

In no event shall SatelLife be liable to any party for direct, indirect, special, incidental, or consequential damages arising out of the use of this software and its documentation (including, but not limited to, lost profits) even if the authors have been advised of the possibility of such damage.


SyslogScan::DeliveryIterator, SyslogScan::Summary, SyslogScan::WhereIs

syntax highlighting: