Hi, On Thu, 4 Mar 2004, Forrest Aldrich wrote:
> Has anyone any scripts that will scan the logs and provide some > summaries of SA activity (ie: number of hits on different rules, average > time to process a message, etc)... perhaps into MRTG. Check your SA installation's ./tools directory for sa-stats.pl or grab my hacked-up copy at http://www.cynistar.net/~apthorpe/code/sa-contrib/sa-stats.pl This scans mail logs from syslog for min/avg/max score, size, and processing time, and shows hourly mail load and ham/spam ratio. It doesn't look at rule hits (not logged to syslog) or write to MRTG/RRDTool (not difficult but not yet a requested feature.) Check the SA wiki or SATalk mail archives for a lead on a rule frequency analyzer. That requires reading previously-tagged messages which is beyond the scope of sa-stats.pl. hth, -- Bob
