On Tue, 2016-01-05 at 11:13 -0500, Reinier Carmona Lizana wrote:
> I am looking a tool to get stats about spamassassin but I cant find
> nothing to work with Exim 4.84 on a Debian 8 server. I am reading
> about it (https://wiki.apache.org/spamassassin/StatsAndAnalyzers) but
> all this scripts are outdated or dont work with exim. My scenario
> are 3 servers with Debian 8.02 with Exim 4.84+Clamav
> 0.98.7+Spamassassin 3.4.0-6 .
>
I don't understand why you need to process Exim log messages since all
the information you need to analyse SA performance is contained in the
spamd log messages.
I wrote my own SA performance analyser, a bash scripts that uses awk to
do its heavy lifting and that works entirely off spamd log messages
extracted from /var/log/maillog. As it stands it produces much simpler
stats than you are asking for:
Processing file /var/log/maillog*
679 Messages found
678 Results (99.9%)
1 SIGCHLDs caught (0.1%)
min avg max
Message size: 802 18313 875464
Scan time (secs): 0.3 2.7 10.5
> I would prefer a report like this or better by email and not
> a graphic report.
>
Since it sends output to stdout, it would be trivial to run it or a
derivative as a cronjob: anything written to stdout or stderr by these
is automatically mailed to the user.
I also have a Perl script that analyses the performance of local rules:
Accepted messages: 47 (92%)
Spam : 4
Total : 51
Top scoring rules Hits
================= ====
MG_WRONG_DOMAIN 33
MG_UNUSUALTHING 10
MG_PHISH 9
MG_GMAIL 4
MG_SALESOFFER 3
MG_WRONGDOMSPAM 3
MG_PRICE 2
MG_SPLIT322 2
MG_YAHOO_FS 1
MG_LOTTERY 1
This script is designed to be included as part of the overnight
logwatch run, so it relies on the logwatch report generator to select
the previous day's log messages for analysis. Its output is then
emailed to me as part of the daily logwatch report.
You're welcome to a copies of these scripts if they would be useful as
they stand or as a starting point for writing your own customised
scripts.
IMO any performance analysis or report that's going to be run on a
daily basis is best set up as an extension to the logwatch system
because logwatch's reporting period starts immediately after the
previous report ended and processes all events in the specified logs up
to the start of the current logwatch run before emailing the combined
report to root. You can, of course use /etc/aliases to redirect root's
mail to yourself if you don't want to log in as root just to read it.
Martin
