Kent Oyer schreef op zo 28-07-2013 om 14:11 [-0400]: > I'm using SQL for lookups. Is there a way to record the names of the rules > that were hit on each message? I would like to generate stats on how my rules > are preforming. I have the same question about virus names. I would like to > see some stats on which viruses were found and blocked. It would be great to > have this information written to the database somehow. > > Thanks > Kent
As far as I know this isn't part of the schema yet, but I use the
following log_templ[1] to get all the information into syslog. Once in a
while I parse it for everything I need. You may also want to have a
closer look at logtail is you parse the logfile incrementally.
==BEGIN==
$log_templ = <<'EOD';
[?%#D|#|Passed #
[? [:ccat|major] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%D|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
[? %i ||, mail_id: %i]#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Za-z]+)$"]|["%1"]|["%
0"]]|/]#
#, Subject: [:dquote|[:mime2utf8|[:header_field|Subject]|100|1]]#
#, From: [:uquote|[:mime2utf8|[:header_field|From]|100|1]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]#
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
, %y ms#
]
[?%#O|#|Blocked #
[? [:ccat|major|blocking] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%O|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
[? %i ||, mail_id: %i]#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
#, Subject: [:dquote|[:mime2utf8|[:header_field|Subject]|100|1]]#
#, From: [:uquote|[:mime2utf8|[:header_field|From]|100|1]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]#
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
, %y ms#
]
===END===
Hans
[1] Someone posted it in the past on this mailinglist;
signature.asc
Description: This is a digitally signed message part
