Rolf Harold Nelson > SyslogScan > read_mail_log.pl

Download:
SyslogScan-0.32.tar.gz

Annotate this POD

CPAN RT

New  2
Open  0
View/Report Bugs
Source  

NAME ^

read_mail_log.pl -- Summarizes amount of mail routed through host, sorted by e-mail address

SYNOPSIS ^

 # summarize mail from syslog by user-name
 % read_mail_log.pl
 # which, if your mail loging goes to /var/log/syslog, is equivalent to:
 % read_mail_log.pl -u /var/log/syslog

 # summarize mail by internet domain name from /var/log/syslog,
 # suppressing parse errors
 % read_mail_log.pl -q -g /var/log/syslog

 # summarize mail by mail deliveries, filtering out mail which
 # was not delivered on September 18 1996
 % read_mail_log.pl -m -T 9.18.1996 /var/log/syslog 

 # cache mail deliveries to file ./syslog.cache
 % read_mail_log.pl -o syslog.cache /var/log/syslog

 # now read deliveries in from cache, and summarize the usage
 # of all users at your domain
 % read_mail_log.pl -i syslog.cache -U `hostname -d`

 # now summarize the usage of all users at foo.com, not counting
 # mail sent to/from bar.com
 % read_mail_log.pl -i syslog.cache -U foo.com:NOT:bar.com

DESCRIPTION ^

  Usage:

        read_mail_log.pl [-ugm] [-o cache_outfile]
              [-U user_filter] [-T date_filter]
              [-hvqD] [-i cache_in | syslog ...]
  
  Where:
               -u : print report grouped by user (default)
               -g : print report grouped by internet domain name
               -m : print report of mail deliveries
     -o cache_out : store mail deliveries to cache-file "cache_out"
  
   -U user_filter : only summarize mail involving certain users
   -T date_filter : only summarize mail delivered in a certain time-range
  
               -q : quiet mode (suppress parsing errors and commentary)
      -i cache_in : read in deliveries from cache-file "cache_in"
        syslog ...: name of logs to scan (default is to use
                    log which mail.info messages currently go to)
  
               -h : print this help message and exit
               -v : print the version number and exit
               -D : print debugging information

CACHES

To save time for multiple reports, you can cache the deliveries generated from an execution of read_mail_log.pl with the -o flag. The cachefile specified may not already exist.

Subsequent executions can read in the information from the cachefile and increase the executation rate by a factor of about 10.

FILTERS

There are two legal formats for user filters:

     -U foo.com      (summarizes mail foo.com users sent or delivered)
     -U foo.com:NOT:bar.com (summarizes mail foo.com users sent or delivered
                          to users who are _not_ at bar.com)

There are two legal format for date filters:

     -T 9.14.1996
     -T 845251200..845337600  

Both these filters will process only mail successfully delivered on Sept. 14, 1996. The second format allows you to specify any two bounding time_t values such as those produced by timelocal.pl.

HOW CACHES AND FILTERS INTERACT

The -T date/time filter should only act upon the data as it is generated from a syslog file. Using the -T filter when reading from a cachefile is not allowed.

The -U address/user filter should only act upon the data as it is being generated into a user or domain summary. Using the -U filter when writing to a cachefile or when generating only a list of deliveries is not allowed.

So, these two lines are legal and will generate a summary of mail sent and received by users at mydomain.org on 9.18.1996:

 read_mail_log.pl -T 9.18.1996 -o /tmp/syslog.cache /var/log/syslog
 read_mail_log.pl -u -U mydomain.org -i /tmp/syslog.cache

But neither of these lines is currently legal:

 read_mail_log.pl -U mydomain.org -o /tmp/syslog.cache /var/log/syslog
 read_mail_log.pl -u -T 9.18.1996 -i /tmp/syslog.cache

PERFORMANCE ^

Expect processing mail deliveries to take about 90 sec/megabyte of mail log-lines. If you expect to run multiple reports, consider cacheing your syslog with the -o switch.

 > ls -lL syslog.960801
 -rw-r--r--   1 rolf     30        2364752 Aug  5 18:58 syslog.960801

 > time read_mail_log.pl -m -o /tmp/syslog.cache syslog.960801 > /dev/null 2>&1
 184.226s real  178.220s user  1.560s system  97%

 > cat big_file > /dev/null  # clear out cache for performance test

 > time read_mail_log.pl -m -i /tmp/syslog.cache > /dev/null 2>&1
 17.801s real  14.540s user  0.530s system  84%

Summarizing mail by delivery takes up constant memory. Summarizing by user-name takes up O(n) memory; expect roughly 1 extra megabyte of virtual memory usage per megabyte of syslog file.

AUTHOR and COPYRIGHT ^

The author (Rolf Nelson) can currently be e-mailed as rolf@usa.healthnet.org.

This code is Copyright (C) SatelLife, Inc. 1996. All rights reserved. This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

In no event shall SatelLife be liable to any party for direct, indirect, special, incidental, or consequential damages arising out of the use of this software and its documentation (including, but not limited to, lost profits) even if the authors have been advised of the possibility of such damage.

SEE ALSO ^

SyslogScan::DeliveryIterator, SyslogScan::Summary, SyslogScan::WhereIs

syntax highlighting: