Re: [policyd-users] policyd.mib

Sun, 10 Feb 2008 10:09:39 -0800 


Jan-Frode Myklebust escreveu:

In lack of an "official" policyd mib, I try to summarize all policyd
statuses logged to syslog, publish them trough an snmpd enterprise oid,
and plot them trough zenoss as:

        http://tanso.net/policyd/mx.png
        http://tanso.net/policyd/smarthost.png

I have a perl-script that parse the syslog every 5 minute,
and try to match on these:

        /policyd:.*rcpt.*greylist=new/
        /policyd:.*rcpt.*whitelist=bypass/
        /policyd:.*rcpt.*whitelist=update/
        /policyd:.*rcpt.*greylist=abuse/
        /policyd:.*rcpt.*greylist=awl/
        /policyd:.*rcpt.*whitelist_dnsname=update/
        /policyd:.*rcpt.*greylist=update/
        /policyd:.*rcpt.*throttle=new\(a\)/
        /policyd:.*rcpt.*throttle=new\(w\)/
        /policyd:.*rcpt.*throttle=update\(a\)/
        /policyd:.*rcpt.*throttle=update\(w\)/
        /policyd:.*rcpt.*throttle=clear\(a\)/
        /policyd:.*rcpt.*throttle=clear\(w\)/
        /policyd:.*rcpt.*blacklist=block/
        /policyd:.*rcpt.*throttle=blacklisted\(f\)/
        /policyd:.*rcpt.*throttle=update\(p\)/
        /policyd:.*rcpt.*throttle=abuse\(f\)/


These are all the messages I've seen so far, but there will 
probably be more when we enable other features in policyd. Is

there somewhere a list of all possible classifications policyd
might put a connection in? Or is there something obvious I've
missed above ?



   i have done some changes on policyd to allow those statistics to be 
directly stored on a new MySQL table, thus making it available in 'real 
time' and avoiding the logs processing every N minutes.



   I have deployed it on some servers and it's giving me some great 
graphics. I havent made the templates as i would like to do, but patch 
is already there if you want to download and watch it.


--


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [EMAIL PROTECTED]
        My SPAMTRAP, do not email it







Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users






















					Reply via email to