Tim Litwiller <[EMAIL PROTECTED]> wrote on 09/30/2004 07:14:13 PM:
> I've been admiring the new logging that SA 3.* does and wondered if
> anyone has rewritten thier stats packages to take advantage of this yet.
> Especially the logging of the tests that hit.
>
> Also I haven't found yet where it details what each section of the log
> file line is - most parts are obvious but some I haven't been able to
guess.
>
[snip]
I use an older version of a script written by Dallas Engelken available at:
http://www.rulesemporium.com/programs/sa-stats.txt
Search the archives for SA 3.0 Maillog parser. Gives you top 20 rules, #
of spam/ham, avg scan time, etc. Not sure what happened, but the latest
version doesn't work on my system, that's why I'm using an older one.
Andy
