Steve, while I'm not sure I understand your end goal, let me ramble a bit.
I run a mail system for my company. We have about 4000 users worldwide - some even in Canada :-). If I understand your goal, it is to figure out who is doing spamming by sending out large numbers of messages while receiving small numbers back. I applaud the effort! Please do. But after they are identified, is your task to monitor their mail on a daily basis so you can charge them on a per-item basis? Or do you expect to terminate their ability to send mail once they are identified? If you are doing the former, then perhaps RRDTool will work for you as it can give you some interesting graphs to justify the charges. However, I think if I were presented with an RRDTool graph and asked to pay a piece-work amount, I'd want to see an itemized billing. And this will not be available from RRDTool. On the other hand, if your goal is to kick them off (please, please please!) then you will only need to see a couple of instances of their abuse of the mail system. In this case an RRDTool graph along with a GPRINT of "#of Mails sent over a period of time" may be sufficient. At my company, I use RRDTool to provide an elapsed time between sending a mail with return-receipt and getting that return-receipt. I also use it to track the number of mails in queue. I had not tried to pick off "who is sending the biggest/most mails" yet. What I'm doing is providing my management with trends and analysis of the overall health of the system. It is an ongoing process that I'm looking at. This is what RRDTool excels at. It would seem to me that your requirements on a per-abuser basis are more "point-in-time" based. You will track down and identify the abuser using a high level report (possibly a simple graph) and then dig down into that account to provide "evidence" of violation of an existing policy. Then you will have the cause you need to terminate their account. If it was me I'd probably use GREP | SORT | UNIQ -c to do this. The one that floats to the top is the first target! It is a much simpler process and provides you with not only the data you need (the count) but also provides you with the evidence you need (the actual listing of offenses). You could then use this data to backfill an RRDTool database by parsing the time field in PERL to provide graphical analysis of the raw data. This is essentially what I have do to catch the wiley accountant who sends out a thousand spreadsheets a week without compressing any of them! When confronted with a mound of log files, it's hard to refute your actions. Dan ----- Original Message ----- From: "Alex van den Bogaerdt" <[EMAIL PROTECTED]> To: "Steve Fulton" <[EMAIL PROTECTED]> Cc: "RRD developers" <[EMAIL PROTECTED]> Sent: Monday, September 03, 2001 8:39 PM Subject: [rrd-developers] Re: Request: Dynamic creation/deletion of datasources.. > > Steve Fulton wrote: > > > It was suggested by the rrd-users list that I ask here, so: I really like > > RRDTool, but one of the major tasks I need to do involves dealing with > > multiple datasources -- and additions will be occuring daily.. Would it be > > possible in a (near?) future version of RRDTool? -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-developers WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
