Leon, > I'm monitoring my system (Postfix+Cyrus+Amavisd-new: SA+ClamAV) with > mailgraph, amavis-stats and pflogsumm (preprocessing logs before handing > them to pflogsumm with prepflog.pl - http://web.tiscali.it/postfix/ > to get more accurate results). My findings are:
I don't have much experience with any of these, so I'll just try to point out some possible discrepancies in counts obtained from parsing log-level 0 amavisd log entries (having in mind 2.4.x series), assuming the basic parsing is done well and that possible higher-log-level log entries are not triggering false/multiple counts. - long log entries (somewhere over 1000 characters) are split into multiple log entries (showing "..." at glue points), which are possibly interleaved by log entries from other parallel child processes. Log analyzer must know how to glue fragments together before parsing them, correlating shown mail id and process id; wraps often occur when SA tests logging is enabled (macro %T is used in $log_templ); - a message with multiple recipients may show as two log entries when action differs between recipients, e.g. if some are spam lovers or have high kill level (log will show 'Passed XXXX' for them), while other recipients may show 'Blocked XXXX' as an additional log entry for the same message; - if by-recipient log entries are enabled ($log_recip_templ), these may look quite similar to by-message entries ($log_templ), so it is prudent to enable just one or the other, and make sure the log analyzer know it is seeing by-recip or by-message entries. Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
