In lack of an "official" policyd mib, I try to summarize all policyd statuses logged to syslog, publish them trough an snmpd enterprise oid, and plot them trough zenoss as:
http://tanso.net/policyd/mx.png http://tanso.net/policyd/smarthost.png I have a perl-script that parse the syslog every 5 minute, and try to match on these: /policyd:.*rcpt.*greylist=new/ /policyd:.*rcpt.*whitelist=bypass/ /policyd:.*rcpt.*whitelist=update/ /policyd:.*rcpt.*greylist=abuse/ /policyd:.*rcpt.*greylist=awl/ /policyd:.*rcpt.*whitelist_dnsname=update/ /policyd:.*rcpt.*greylist=update/ /policyd:.*rcpt.*throttle=new\(a\)/ /policyd:.*rcpt.*throttle=new\(w\)/ /policyd:.*rcpt.*throttle=update\(a\)/ /policyd:.*rcpt.*throttle=update\(w\)/ /policyd:.*rcpt.*throttle=clear\(a\)/ /policyd:.*rcpt.*throttle=clear\(w\)/ /policyd:.*rcpt.*blacklist=block/ /policyd:.*rcpt.*throttle=blacklisted\(f\)/ /policyd:.*rcpt.*throttle=update\(p\)/ /policyd:.*rcpt.*throttle=abuse\(f\)/ These are all the messages I've seen so far, but there will probably be more when we enable other features in policyd. Is there somewhere a list of all possible classifications policyd might put a connection in? Or is there something obvious I've missed above ? Also I miss some explanation for what the various messages mean, f.ex. what's these: throttle=update(a) throttle=update(p) throttle=clear(a) throttle=abuse(f) throttle=blacklisted(f) etc.. -jf ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users