read_mail_log.pl -- Summarizes amount of mail routed through host, sorted by e-mail address
# summarize mail from syslog by user-name % read_mail_log.pl # which, if your mail loging goes to /var/log/syslog, is equivalent to: % read_mail_log.pl -u /var/log/syslog # summarize mail by internet domain name from /var/log/syslog, # suppressing parse errors % read_mail_log.pl -q -g /var/log/syslog # summarize mail by mail deliveries, filtering out mail which # was not delivered on September 18 1996 % read_mail_log.pl -m -T 9.18.1996 /var/log/syslog # cache mail deliveries to file ./syslog.cache % read_mail_log.pl -o syslog.cache /var/log/syslog # now read deliveries in from cache, and summarize the usage # of all users at your domain % read_mail_log.pl -i syslog.cache -U `hostname -d` # now summarize the usage of all users at foo.com, not counting # mail sent to/from bar.com % read_mail_log.pl -i syslog.cache -U foo.com:NOT:bar.com
Usage: read_mail_log.pl [-ugm] [-o cache_outfile] [-U user_filter] [-T date_filter] [-hvqD] [-i cache_in | syslog ...] Where: -u : print report grouped by user (default) -g : print report grouped by internet domain name -m : print report of mail deliveries -o cache_out : store mail deliveries to cache-file "cache_out" -U user_filter : only summarize mail involving certain users -T date_filter : only summarize mail delivered in a certain time-range -q : quiet mode (suppress parsing errors and commentary) -i cache_in : read in deliveries from cache-file "cache_in" syslog ...: name of logs to scan (default is to use log which mail.info messages currently go to) -h : print this help message and exit -v : print the version number and exit -D : print debugging information
To save time for multiple reports, you can cache the deliveries generated from an execution of read_mail_log.pl with the
-o flag. The cachefile specified may not already exist.
Subsequent executions can read in the information from the cachefile and increase the executation rate by a factor of about 10.
There are two legal formats for user filters:
-U foo.com (summarizes mail foo.com users sent or delivered) -U foo.com:NOT:bar.com (summarizes mail foo.com users sent or delivered to users who are _not_ at bar.com)
There are two legal format for date filters:
-T 9.14.1996 -T 845251200..845337600
Both these filters will process only mail successfully delivered on Sept. 14, 1996. The second format allows you to specify any two bounding time_t values such as those produced by timelocal.pl.
-T date/time filter should only act upon the data as it is generated from a syslog file. Using the
-T filter when reading from a cachefile is not allowed.
-U address/user filter should only act upon the data as it is being generated into a user or domain summary. Using the
-U filter when writing to a cachefile or when generating only a list of deliveries is not allowed.
So, these two lines are legal and will generate a summary of mail sent and received by users at mydomain.org on 9.18.1996:
read_mail_log.pl -T 9.18.1996 -o /tmp/syslog.cache /var/log/syslog read_mail_log.pl -u -U mydomain.org -i /tmp/syslog.cache
But neither of these lines is currently legal:
read_mail_log.pl -U mydomain.org -o /tmp/syslog.cache /var/log/syslog read_mail_log.pl -u -T 9.18.1996 -i /tmp/syslog.cache
Expect processing mail deliveries to take about 90 sec/megabyte of mail log-lines. If you expect to run multiple reports, consider cacheing your syslog with the
> ls -lL syslog.960801 -rw-r--r-- 1 rolf 30 2364752 Aug 5 18:58 syslog.960801 > time read_mail_log.pl -m -o /tmp/syslog.cache syslog.960801 > /dev/null 2>&1 184.226s real 178.220s user 1.560s system 97% > cat big_file > /dev/null # clear out cache for performance test > time read_mail_log.pl -m -i /tmp/syslog.cache > /dev/null 2>&1 17.801s real 14.540s user 0.530s system 84%
Summarizing mail by delivery takes up constant memory. Summarizing by user-name takes up O(n) memory; expect roughly 1 extra megabyte of virtual memory usage per megabyte of syslog file.
The author (Rolf Nelson) can currently be e-mailed as email@example.com.
This code is Copyright (C) SatelLife, Inc. 1996. All rights reserved. This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
In no event shall SatelLife be liable to any party for direct, indirect, special, incidental, or consequential damages arising out of the use of this software and its documentation (including, but not limited to, lost profits) even if the authors have been advised of the possibility of such damage.