Spamassassin 3.0 and syslog

Joost van Baal joostvb at logreport.org
Thu Feb 3 09:21:55 CET 2005 

Hi,

On Wed, Feb 02, 2005 at 09:30:51PM -0600, Rice, Kevin wrote:
>
> I just recently installed lire 2.01 in hopes of creating reports from
> syslog information from spamassassin 3.0 (spamd). I executed the
> following commands "lr_run lr_log2report -o txt spamassassin <maillog.1
> &". The reports for either text or html remain blank. 
> Can the latest version of lire create reports from Spamassasin 3.0 logs?
> I've included a snippet of the large logfile I'm attempting to report
> on.
> Thanks in advance for reviewing and providing suggestions.
> 

spamassassin2dlf just takes the spamd[PID] lines from your log, I've
snipped the other lines.

> Jan 23 04:02:04 mserver spamd[21448]: connection from mserver
>   [127.0.0.1] at port 36985
> Jan 23 04:02:04 mserver spamd[21448]: checking message
>   <c4aa01c5012a$e2b0d420$45e8eb09 at webline.sk> for smmsp:25.
> Jan 23 04:02:06 mserver spamd[21448]: identified spam (18.0/8.0) for
>   smmsp:25 in 1.6 seconds, 1306 bytes.
> Jan 23 04:02:06 mserver spamd[21448]: result: Y 18 -
>   BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,DRUGS_ERECTILE,RAZOR2_CF_RANGE_51_100
>   ,RAZOR2_CHECK,SUBJECT_CLARIS,SUBJECT_DRUG_GAP_C
>   scantime=1.6,size=1306,mid=<c4aa01c5012a$e2b0d420$45e8eb09 at webline.sk>,b
>   ayes=1,autolearn=spam

spamassassin2dlf features:

    if ($line=~/^processing message \<(.+?)\> for (.+?):\d+(, expecting (\d+) bytes)?\. *$/) {

In your case, that should be something like

    if ($line=~/^checking message \<(.+?)\> for (.+?):\d+(, expecting
(\d+) bytes)?\. *$/) {

Could you see if this change in
/usr/lib/lire/convertors/spamassassin2dlf works for you?  Could you try
to find out when the spamd log format was changed?  E.g. in which
spamassassin release?

Thanks, Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20050203/1276f0c6/attachment.bin

More information about the Questions mailing list