In lack of an "official" policyd mib, I try to summarize all policyd
statuses logged to syslog, publish them trough an snmpd enterprise oid,
and plot them trough zenoss as:
http://tanso.net/policyd/mx.png
http://tanso.net/policyd/smarthost.png
I have a perl-script that parse the syslog every 5 minute,
and try to match on these:
/policyd:.*rcpt.*greylist=new/
/policyd:.*rcpt.*whitelist=bypass/
/policyd:.*rcpt.*whitelist=update/
/policyd:.*rcpt.*greylist=abuse/
/policyd:.*rcpt.*greylist=awl/
/policyd:.*rcpt.*whitelist_dnsname=update/
/policyd:.*rcpt.*greylist=update/
/policyd:.*rcpt.*throttle=new\(a\)/
/policyd:.*rcpt.*throttle=new\(w\)/
/policyd:.*rcpt.*throttle=update\(a\)/
/policyd:.*rcpt.*throttle=update\(w\)/
/policyd:.*rcpt.*throttle=clear\(a\)/
/policyd:.*rcpt.*throttle=clear\(w\)/
/policyd:.*rcpt.*blacklist=block/
/policyd:.*rcpt.*throttle=blacklisted\(f\)/
/policyd:.*rcpt.*throttle=update\(p\)/
/policyd:.*rcpt.*throttle=abuse\(f\)/
These are all the messages I've seen so far, but there will
probably be more when we enable other features in policyd. Is
there somewhere a list of all possible classifications policyd
might put a connection in? Or is there something obvious I've
missed above ?
Also I miss some explanation for what the various messages mean, f.ex.
what's these:
throttle=update(a)
throttle=update(p)
throttle=clear(a)
throttle=abuse(f)
throttle=blacklisted(f)
etc..
-jf
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
policyd-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/policyd-users
