Am 24.10.2008 22:45 Uhr, Felix Buenemann schrieb:
>> Here's what I'd prefer to see as output
>> > format:
>> >
>> > spamdyke-stats.pl v???
>> > Total : 122154
>> > Allowed: 19514 15.97%
>> > Timeout: 141 0.12%
>> > Denied : 102499 83.91%
>> > ____Denied Breakdown____
>> > RDNS_MISSING 34229 33.39%
>> > IP_IN_CC_RDNS 26702 26.05%
>> > RBL_MATCH 21848 21.32%
>> > RDNS_RESOLVE 14910 14.55%
>> > SENDER_NO_MX 2684 2.62%
>> > OTHER 2123 2.07%
>> > TOO_MANY_RECIPIENTS 3 0.00%
>> >
>> > Or something along those lines. ;) Note the Denied percentages are
>> > percents of Denied, not percents of Total.
> It's certainly possible to add this kind of output. I'll look into it,
> but I have some commercial projects coming up, so it'll have to be
> postponed for a while, unless you wanna add it yourself.
>
Attached is a new versionl, that does approcimately what you want
(percentages are total no relative to DENIED or whatever):
spamdyke-stats build 2008102607
173123 41.20% DENIED_RDNS_MISSING
130998 31.18% DENIED_IP_IN_CC_RDNS
37253 8.86% DENIED_IP_IN_RDNS
--------------- Breakdown ---------------
25200 81.68% .net
5533 17.93% .com
87 0.28% .in-addr.arpa
13 0.04% host
13 0.04% pool
5 0.01% dial
1 0.00% dhcp
-----------------------------------------
35246 8.38% DENIED_RBL_MATCH
--------------- Breakdown ---------------
24814 88.72% zen.spamhaus.org
1778 6.35% ix.dnsbl.manitu.net
1374 4.91% bl.spamcop.net
-----------------------------------------
34045 8.10% DENIED_RDNS_RESOLVE
5731 1.36% ALLOWED
2316 0.55% TIMEOUT
831 0.19% DENIED_OTHER
474 0.11% ERROR
114 0.02% DENIED_SENDER_NO_MX
---------------- Summary ----------------
Allowed: 5731 1.36%
Timeout: 2316 0.55%
Errors : 474 0.11%
Denied : 411610 97.97%
Total : 420131 100.00%
-- Felix
#!/usr/bin/perl -w
my $build = "2008102607";
use diagnostics;
use strict;
use Getopt::Long;
my $tldtop = 0;
my $detailed = 1;
my $syslog = 1;
GetOptions (
"tld=i" => \$tldtop,
"detail!" => \$detailed
) or exit 1;
# Usage: # cat /var/log/qmail/smtpd/current | ./this_file
my %status = (); # hash of status connections
my %origin = (); # hash of tld per status code
my %originsum = (); # hash of tld per status code sums
my %rblstat = (); # hash of DNSBL lists matched
my %rhsblstat = (); # hash of RHSBL lists matched
my %rdnsblstat = (); # hash of patterns in IP_IN_RDNS_BLACKLIST matched
my ($allow, $deny, $timeout, $error, $allowpercentage, $timeoutpercentage,
$errorpercentage, $spampercentage, $sum, $rblsum, $rhsblsum, $rdnsblsum);
sub percentage {
my $num = pop;
my $sum = pop;
return " 0.00%" unless $sum;
$num = $num/$sum*100.0;
return sprintf("%3d.%02d%%", $num, ($num - int($num))*100);
}
print "spamdyke-stats build $build\n\n";
while(<>){
# Oct 21 05:11:11 h1423590 spamdyke[12904]: DENIED_SENDER_NO_MX
# @4000000048fa5dfc34b1ebec DENIED_SENDER_NO_MX
if( substr($_,0,1) eq '@' ) {
$_ = substr $_,26;
} else {
my ($month,$day,$time,$hostname,$id,$line) = split / /, $_, 6;
next unless substr($id,0,9) eq 'spamdyke[';
$_ = $line;
}
if( m/^(ALLOWED|ERROR|TIMEOUT|((DENIED|FILTER)_[^ ]+))/ ) {
my $line = substr $_,length $1;
#my $sdstatus = $1;
$_ = $1;
if( $detailed ) {
if( m/FILTER_RBL_MATCH/ ){
$line =~ m/rbl: (\S+)/;
$rblstat{$1}++;
$rblsum++;
}
elsif( m/FILTER_RHSBL_MATCH/ ){
$line =~ m/rhsbl: (\S+)/;
$rhsblstat{$1}++;
$rhsblsum++;
}
elsif( m/FILTER_IP_IN_RDNS_BLACKLIST/ ){
$line =~ m/keyword: (\S+)/;
$rdnsblstat{$1}++;
$rdnsblsum++;
}
}
next if m/^FILTER_/;
$status{$_}++;
if($tldtop and $line =~ m/ origin_rdns: ([^ ]+)/) {
my $rdns = $1;
$originsum{$_}++;
if($rdns =~ m/^\(unknown\)$/){
#$origin{$_}{'unknown'}++;
next;
} elsif($rdns =~ m/\.(com|net)$/){
$origin{$_}{$1}++;
} elsif($rdns =~
m/\.([a-z]{2,2}\.[a-z]{2,2})$/){ # co.uk
$origin{$_}{$1}++;
} elsif($rdns =~ m/\.([a-z]{2,})$/){ # de, ru,
...
$origin{$_}{$1}++
} else {
#$origin{$_}{'unknown'}++;
next;
}
}
}
}
$allow = 0;
$deny = 0;
$error = 0;
$timeout = 0;
foreach my $stat (sort keys %status){
if( $stat =~ m/ALLOWED/ ){
$allow = $status{$stat};
}
elsif( $stat =~ m/TIMEOUT/ ){
$timeout += $status{$stat};
}
elsif( $stat =~ m/ERROR/ ){
$error += $status{$stat};
}
else{
$deny += $status{$stat};
}
}
$sum = ($deny + $error + $timeout + $allow);
foreach my $key (sort { $status{$b} <=> $status{$a} || $a cmp $b; } keys
%status){
printf "%8d %s $key\n", $status{$key}, percentage($sum,
$status{$key});
if(length %rblstat and $key eq "DENIED_RBL_MATCH" ){
print "--------------- Breakdown ---------------\n";
foreach my $key (sort { $rblstat{$b} <=> $rblstat{$a} || $a cmp
$b; } keys %rblstat){
printf "%8d %s $key\n", $rblstat{$key},
percentage($rblsum,$rblstat{$key});
#printf " %s $key\n",
percentage($rblsum,$rblstat{$key});
}
print "-----------------------------------------\n";
}
elsif(length %rhsblstat and $key eq "DENIED_RHSBL_MATCH" ){
print "--------------- Breakdown ---------------\n";
foreach my $key (sort { $rhsblstat{$b} <=> $rblstat{$a} || $a
cmp $b; } keys %rhsblstat){
printf "%8d %s $key\n", $rhsblstat{$key},
percentage($rhsblsum,$rhsblstat{$key});
#printf " %s $key\n",
percentage($rhsblsum,$rhsblstat{$key});
}
print "-----------------------------------------\n";
}
elsif(length %rdnsblstat and $key eq "DENIED_IP_IN_RDNS" ){
print "--------------- Breakdown ---------------\n";
foreach my $key (sort { $rdnsblstat{$b} <=> $rdnsblstat{$a} ||
$a cmp $b; } keys %rdnsblstat){
printf "%8d %s $key\n", $rdnsblstat{$key},
percentage($rdnsblsum,$rdnsblstat{$key});
#printf " %s $key\n",
percentage($rdnsblsum,$rdnsblstat{$key});
}
print "-----------------------------------------\n";
}
if($tldtop && $origin{$key}) {
my $top = $tldtop;
print "--------------- Top $top TLD ---------------\n";
my $tldsum = 0;
my $lastsum = 0;
my @tldgroup = ();
my %neworigin = ();
foreach my $tld (sort { $origin{$key}{$a} <=> $origin{$key}{$b}
} keys %{$origin{$key}}){
if(($origin{$key}{$tld}/$originsum{$key}*100) ==
$lastsum) {
#print "push tldgroup, $tld
($origin{$key}{$tld})\n";
push(@tldgroup, $tld);
} else {
if(scalar @tldgroup) {
$neworigin{join(', ', @tldgroup)} =
$lastsum;
#print "tldgroup=". join(', ',
@tldgroup) ." ($lastsum)\n";
@tldgroup = ();
}
#print "push tldgroup, $tld
($origin{$key}{$tld})\n";
push(@tldgroup, $tld);
}
$lastsum = $origin{$key}{$tld}/$originsum{$key}*100;
$tldsum += $origin{$key}{$tld};
}
if(scalar @tldgroup) {
$neworigin{join(', ', @tldgroup)} = $lastsum * length
@tldgroup;
#print "tldgroup=". join(', ', @tldgroup) ."
($lastsum)\n";
}
foreach my $tld (sort { $neworigin{$b} <=> $neworigin{$a} }
keys %neworigin){
printf "%s\t$tld\n", percentage($originsum{$key},
$neworigin{$tld}/100.0*$originsum{$key});
last unless --$top;
}
#printf "%2.2f%%\t(unknown/illegal)\n",
(($originsum{$key}-$tldsum)/$originsum{$key}*100) if $tldsum &&
($originsum{$key}-$tldsum);
print "-----------------------------------------\n";
}
}
my $format_summary = "%8d %s";
print "\n";
print "---------------- Summary ----------------\n";
printf "Allowed: $format_summary\n", $allow, percentage($sum, $allow);
printf "Timeout: $format_summary\n", $timeout, percentage($sum, $timeout);
printf "Errors : $format_summary\n", $error, percentage($sum, $error);
printf "Denied : $format_summary\n", $deny, percentage($sum, $deny);
printf "Total : $format_summary\n", $sum, percentage($sum, $sum);
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
