ehrlich@cs.psu.edu (Dan Ehrlich) (02/27/91)
Does anyone have or know of any tools that will analyze a sendmail log? I am looking for statistics like number of messages/bytes to/from by host/user. If there is something out there that will do this (do not really care if its C code, awk, perl, etc) I would appreciate hearing from you. Thanks in advance. -- Dan Ehrlich - Sr. Systems Programmer - Penn State Computer Science <ehrlich@cs.psu.edu>/Voice: +1 814 863 1142/FAX: +1 814 865 3176
rbj@uunet.UU.NET (Root Boy Jim) (02/27/91)
In article <wi7G7z7x@cs.psu.edu> ehrlich@cs.psu.edu (Dan Ehrlich) writes: >Does anyone have or know of any tools that will analyze a sendmail log? I >am looking for statistics like number of messages/bytes to/from by >host/user. If there is something out there that will do this (do not really >care if its C code, awk, perl, etc) I would appreciate hearing from you. Well, yes and no. Rick wants us to log downtime. Sometimes I forget the exact minute we go down and come back up. We have a slightly different perspective on mail than most people. If we aren't delivering mail, we're down! The following script checks for sendmail messages differing by more than one minute. Of course it barfs on 2359-0000, but who cares? I suppose it could be adapted to any similar log. #! /usr/local/bin/perl # # Scan sendmail log for missing intervals # This usually means downtime # `date`=~ /^....(...)/; $mon=$1; $old="0000"; $ARGV = shift || '/var/log/sendmail'; open(LOG,$ARGV) || die "can't open $ARGV"; while (<LOG>) { s/^$mon .. (..):(..):.*\n/$1$2/o; next if $_ eq $old; print "$old-$_\n" if $_ ne $new; $new = $old = $_; $new =~ s/(..)59/${1}99/; $new++; } -- [rbj@uunet 1] stty sane unknown mode: sane
utashiro@sran84.sra.co.jp (Kazumasa Utashiro) (02/27/91)
In article <wi7G7z7x@cs.psu.edu> ehrlich@cs.psu.edu (Dan Ehrlich) writes: >> Does anyone have or know of any tools that will analyze a sendmail log? I >> am looking for statistics like number of messages/bytes to/from by >> host/user. If there is something out there that will do this (do not really >> care if its C code, awk, perl, etc) I would appreciate hearing from you. I have a tool which reports from/to list from syslog file like this: Feb 27 02:05 root -> utashiro Feb 27 04:01 utashiro -> utashiro Feb 27 04:59 root@sragwa.sra.co.jp -> utashiro@sran84.sra.co.jp Feb 27 06:23 root@sranha.sra.co.jp -> utashiro@sran84.sra.co.jp Feb 27 06:23 root@sranha.sra.co.jp -> utashiro@sran84.sra.co.jp ... I think this is not exactly what you want, but it could be a base for your own command. It is available for anonymous ftp from sh.wide.ad.jp(133.4.11.11):~ftp/pub/fromto.0.1.shar This command, fromto, is written in perl and come with brief man page. Since I didn't touch this command for a long time, some of its features might be out-of-date. --- K. Utashiro utashiro@sra.co.jp
paul@uxc.cso.uiuc.edu (Paul Pomes - UofIllinois CSO) (02/28/91)
ehrlich@cs.psu.edu (Dan Ehrlich) writes: >Does anyone have or know of any tools that will analyze a sendmail log? I >am looking for statistics like number of messages/bytes to/from by >host/user. If there is something out there that will do this (do not really >care if its C code, awk, perl, etc) I would appreciate hearing from you. ======== #! /usr/local/bin/perl # Print a weekly summary of email activity. Written by Paul Vixie, DEC $logdir = "/usr/spool/mqueue"; $secperday = 24 * 60 * 60; $shortdelay = $secperday / 2; $K = 1024; format q_top = Syslog Input: (total) (mail11) Output Statistics: File Date Msgs Kbytes AvgSz Sndrs Rcips Sent AvgDelay Dferd Que'd Other . format q_line = @< @<<<<< @>>>> @>>>>> @>>>> @>>>> @>>>> @>>>> @>>>>>>> @>>>> @>>>> @>>>> $logfn,$date,$msgs,$kbytes,$avgsiz,$m11sndr,$m11rcip,$sent,$avgdly,$dferd,$queued,$other . $^ = "q_top"; $~ = "q_line"; chdir($logdir) || die "can't chdir to $logdir: $!"; foreach $logfn (<syslog.*>) { open(stdin, "<$logfn") || die "can't open $logfn: $!"; &mailstats(); close(stdin); $logfn =~ s/^.*\./\./; write(); } exit(0); sub mailstats { ($msgs,$bytes,$delay,$m11sndr,$m11rcip) = (0,0,0,0,0); $date = ""; %stati = (); while (<>) { ($mon,$dd,$time,$host,$client,$qid,@rest) = split; @rest=split(/, /,join(' ',@rest)); $date = sprintf("%s %2d", $mon, $dd) if ($date eq ""); if ($client =~ /sendmail\[[0-9]+\]:/) { if ($rest[0] =~ /^from=/ && $rest[1] =~ /^size=(\d+)/) { $msgs++; $bytes += $1; } elsif ($rest[0] =~ /^to=/) { if ($rest[2] =~ /Deferred/) { if ($deferred{$qid}) { next; } else { $deferred{$qid}++; } } $rest[1] =~ /^delay=([^,]+)/; $md = $1; $d = 0; if ($md =~ /(\d+)\+(.+)/) { $d += $md * $secperday; $md =~ s/\d+\+//; } $md =~ /^delay=(\d+):(\d+):(\d+)/; $d += ($1 * 3600 + $2 * 60 + $3); $delay += $d if ($d < $shortdelay); $rest[2] =~ /^stat=(.+)(.*)/; $stat = $1." ".$2; $stati{$stat}++; } } if ($client eq "mail11d:") { if ($rest[0] =~ /^from=/) { $m11sndr++; } elsif ($rest[0] =~ /^to=/) { $m11rcip++; } } } #printf "total input: %d msgs, %dKB (%d bytes avg)\n", # $msgs, $bytes/$K, $bytes/$msgs; #printf "mail11 input: %d senders (msgs), %d recips\n", # $mail11_senders, $mail11_recips; if ($msgs == 0) { $avgdly = &fmt_time(0); } else { $avgdly = &fmt_time($delay / $msgs); } $kbytes = int(0.5+$bytes/$K); if ($msgs == 0) { $avgsiz = 0; } else { $avgsiz = int(0.5+$bytes/$msgs); } $sent = $stati{"Sent "}; ($dferd, $other, $queued) = (0, 0, 0); foreach $stat (keys(%stati)) { next if ($stat eq "Sent "); if ($stat eq "queued ") { $queued += $stati{$stat}; next; } if ($stat =~ /^Deferred/) { $dferd += $stati{$stat}; next; } $other += $stati{$stat}; } return; } sub fmt_time { local($t) = @_; local($s) = int($t); local($h) = int($s / 3600); $s -= $h*3600; local($m) = int($s / 60); $s -= $m*60; local($x) = ""; if ($s || $m || $h) { $x = sprintf("%02d", $s) .$x; } if ($m || $h) { $x = sprintf("%02d:", $m) .$x; } if ($h) { $x = sprintf("%2d:", $h) .$x; } return $x; } -- Paul Pomes UUCP: {att,iuvax,uunet}!uiucuxc!paul Internet, BITNET: paul@uxc.cso.uiuc.edu US Mail: UofIllinois, CSO, 1304 W Springfield Ave, Urbana, IL 61801-2910
siebeck@infoac.rmi.de (Wolfgang Siebeck) (02/28/91)
ehrlich@cs.psu.edu (Dan Ehrlich) writes: >Does anyone have or know of any tools that will analyze a sendmail log? I >am looking for statistics like number of messages/bytes to/from by >host/user. If there is something out there that will do this (do not really >care if its C code, awk, perl, etc) I would appreciate hearing from you. >Thanks in advance. >-- >Dan Ehrlich - Sr. Systems Programmer - Penn State Computer Science ><ehrlich@cs.psu.edu>/Voice: +1 814 863 1142/FAX: +1 814 865 3176 I just have finished a packet for this with awk and c routines. If wanted, I will post (or mail). Sample of output follows: root~02~03~12~11~576~root~service@infohh~(atreju->infohh) root~02~03~13~47~722~root~xandi@edicom~(atreju->edicom) root~02~03~22~07~434~service@infohh~root@atreju~(infohh->atreju) uucp~02~03~23~45~383~uucp~root~(atreju->atreju) uucp~02~03~23~45~383~uucp~roof~(atreju->atreju) uucp~02~03~23~45~383~uucp~root@infoac~(atreju->infoac) 1. sender/receiver to be charged 2. month 3. day 4. hour 5. minute 6. bytes 7. sender 8. receiver (9. from host -> to hosts) This output-format can be parsed, inputted to dbm's etc. Still under developement. Regards, Wolfgang -- ***************************************************************** ___ ____ ___ _ _ ___ ___ ___ ___ ___ ___ _ _ /__/ / / / / /\ / /__ / /__//__// /__//__ /\ / / \ / / __/_ / / /__ / / // //__ / //__ / /
dlee@pallas.athenanet.com (Doug Lee) (02/28/91)
In article <wi7G7z7x@cs.psu.edu> ehrlich@cs.psu.edu (Dan Ehrlich) writes: >Does anyone have or know of any tools that will analyze a sendmail log? I >am looking for statistics like number of messages/bytes to/from by >host/user. If there is something out there that will do this (do not really >care if its C code, awk, perl, etc) I would appreciate hearing from you. If you don't send/receive your mail via uucp, this probably won't help; but it sounds like you're asking for a report like: Incoming Outgoing User System Nfiles Size Time Nfiles Size Time CPS daemon uunet 8 14187 00:00:28 0 0 00:00:00 499.7 dlee uunet 0 0 00:00:00 2 1217 00:00:01 1644.6 fred bradley 2 1587 00:00:05 0 0 00:00:00 327.9 kabra437 bradley 0 0 00:00:00 6 4439 00:00:03 1700.8 lbert359 bradley 0 0 00:00:00 2 1371 00:00:01 1651.8 lbert359 uunet 0 0 00:00:00 2 1398 00:00:01 1664.3 news bradley 260 10642428 03:15:00 0 0 00:00:00 909.6 uucp bradley 6 2022 00:00:12 0 0 00:00:00 171.5 uucp uunet 4 3263 00:00:11 0 0 00:00:00 304.7 I just wrote this a couple of days ago! The only problem I can see is that the "user" field is *not necessarily* the user responsible for the transfer (my outbound mail shows up as "dlee"; it returns as "uucp" or "daemon"). At any rate, I can send it to you (or anyone else) if you are interested. I would also be willing to modify it to eat your sendmail logs, as this should not be too complicated. Mail me a sample. This is one of the tasks I found hard in PERL, since there are no (officially, anyway) multi-dimensional arrays. That's one of the *few* things I miss in PERL. -- Doug Lee (dlee@athenanet.com or {bradley,uunet}!pallas!dlee)
rbt@tous.uucp (Robert B. Tate) (03/03/91)
In article <1006@pallas.athenanet.com> dlee@pallas.athenanet.com (Doug Lee) writes: >In article <wi7G7z7x@cs.psu.edu> ehrlich@cs.psu.edu (Dan Ehrlich) writes: >>Does anyone have or know of any tools that will analyze a sendmail log? I [...] >any rate, I can send it to you (or anyone else) if you are interested. I would >also be willing to modify it to eat your sendmail logs, as this should not [...] > Would you please send it to me also! I have been wanting something like this and haven't had time to look at doing it... -- rbt@tous.UUCP Robert B. Tate | A little knowledge is a dangerous {ucf-cs,peora,uunet}!tarpit!tous!rbt | thing. Any less can kill you.
sfreed@ariel.unm.edu (Steven Freed CIRT) (03/04/91)
In article <1991Mar3.042937.20935@tous.uucp>, rbt@tous.uucp (Robert B. Tate) writes:
-> Would you please send it to me also! I have been wanting something like
-> this and haven't had time to look at doing it...
Same here... sounds like time to post it!!
--
Steve. sfreed@ariel.unm.edu