maillogs - A log file post-processer for multilog log files
maillogs <protocol> [-r] [-v] <protocol> is one of: smtp - report SMTP AUTH attempts and successes rbl - report RBL blocks send - report qmail-send counters pop3 - report pop3 counters imap - report imap counters spamassassin - report spamassassin counters qmailscanner - report qmailscanner counters webmail - count webmail authentications yesterday - mail an activity report to the admin
Maillogs is used in two different ways.
In its simplest form, you just run maillogs and telling it which type of logs you want want to process. It parses the log files in real time, updates the counter files it maintains, and prints out the counters.
The multilog program (http://cr.yp.to/daemontools/multilog.html) has a poorly documented ability to run a postprocessor on logs after they reach a predetermined size (or are otherwise triggered).
This script is that postprocessor. To use maillogs as a post-processor, you must rename it to the the type of logs that it is processing. This is currently one of: pop3log, smtplog, sendlog. When run in this fashion, qmail will pipe its logs to multilog and once they reach the size determined in the log/run file, multilog will run the post-processing command.
When run as a post-processor, multilogs does not print anything, it simply processes through the logs and updates the counters. An optional feature is to have maillogs pipe the logs to cronolog which can archive your logs for you. This is the default behaviour.
A script that:
processes mail logs and generates counters from them. maintains counters for mail logs functions as a postprocessor for multilog
Currently handles log counting of the following types:
qmail mail delivery (send) qmail-pop3d (pop3) courier pop3d (pop3) courier pop3dssl (pop3) courier imapd (imap) courier imapdssl (imap) vpopmail smtp-auth (smtp) sqwebmail (webmail) squirrelmail (webmail) rblsmtpd (rbl) spamasssassin (spamassassin) qmailscanner (qmailscanner)
I have "farms" of mail servers that share a hostname. I needed a way to collect the logs from all the servers and process them. maillogs is a piece of that puzzle that does several things.
takes qmail log files (/var/log/mail/[send|smtp|pop3]/current) parses them, saving counts of the logs active and stores them in counter files.
For smtp logs we count denied RBL connections, spam and virus denials, invalid message formats, and other forms of SMTP phase rejection.
we log a slew of message statistics that are best understood by looking at the RRDutil graphs that "show" them..
For pop3, IMAP, webmail, and SMTP-AUTH, we count the number of connections and the number of successful logins.
Counters are written to files in /var/log/mail/counters/ by default. You can alter the locations of the logs files by editing the toaster.conf file included with this script. That file should be installed in /usr/local/etc.
Options are available in toaster.conf that govern the options available in maillogs.
Installation is automatic when you install Mail-Toaster. The latest version can be downloaded from http://mail-toaster.org/
If the output of maillogs is not what you expect, you can run it in verbose mode to see status messages and debug logging.
This program is a part of and requires Mail::Toaster to be installed.
Mail::Toaster - http://mail-toaster.org/ Date::Parse - CPAN as TimeDate Params::Validate - CPAN Carp - perl built-in English - perl built-in File::Path - perl built-in Getopt::Std - perl built-in Pod::Usage - perl built-in
There are no known bugs in this module. Please report problems to author. Patches are welcome.
Matt Simerson (firstname.lastname@example.org)
Copyright (c) 2004-2010 The Network People, Inc. (email@example.com). All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the The Network People, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.