Spamassassin 3.0 and syslog

Rice, Kevin Kevin.Rice at atkearney.com
Thu Feb 3 13:30:28 CET 2005 

Joost, 
Recommended changes did work, although reporting for " Top 10 People
Receiving SPAM" references only the local "smmsp" id? 
Any Ideas???
Thanks again... 

Kevin Rice
Global Network Architect - KnowledgeNet
AT Kearney
Phone (312) 223-7160
Email - Kevin.Rice at atkearney.com
Fax (312) 223-6436

-----Original Message-----
From: Joost van Baal [mailto:joostvb at logreport.org] 
Sent: Thursday, February 03, 2005 2:22 AM
To: Rice, Kevin
Cc: LogReport Questions List
Subject: Re: Spamassassin 3.0 and syslog

Hi,

On Wed, Feb 02, 2005 at 09:30:51PM -0600, Rice, Kevin wrote:
>
> I just recently installed lire 2.01 in hopes of creating reports from
> syslog information from spamassassin 3.0 (spamd). I executed the
> following commands "lr_run lr_log2report -o txt spamassassin
<maillog.1
> &". The reports for either text or html remain blank. 
> Can the latest version of lire create reports from Spamassasin 3.0
logs?
> I've included a snippet of the large logfile I'm attempting to report
> on.
> Thanks in advance for reviewing and providing suggestions.
> 

spamassassin2dlf just takes the spamd[PID] lines from your log, I've
snipped the other lines.

> Jan 23 04:02:04 mserver spamd[21448]: connection from mserver
>   [127.0.0.1] at port 36985
> Jan 23 04:02:04 mserver spamd[21448]: checking message
>   <c4aa01c5012a$e2b0d420$45e8eb09 at webline.sk> for smmsp:25.
> Jan 23 04:02:06 mserver spamd[21448]: identified spam (18.0/8.0) for
>   smmsp:25 in 1.6 seconds, 1306 bytes.
> Jan 23 04:02:06 mserver spamd[21448]: result: Y 18 -
>
BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,DRUGS_ERECTILE,RAZOR2_CF_RANGE_51_100
>   ,RAZOR2_CHECK,SUBJECT_CLARIS,SUBJECT_DRUG_GAP_C
>
scantime=1.6,size=1306,mid=<c4aa01c5012a$e2b0d420$45e8eb09 at webline.sk>,b
>   ayes=1,autolearn=spam

spamassassin2dlf features:

    if ($line=~/^processing message \<(.+?)\> for (.+?):\d+(, expecting
(\d+) bytes)?\. *$/) {

In your case, that should be something like

    if ($line=~/^checking message \<(.+?)\> for (.+?):\d+(, expecting
(\d+) bytes)?\. *$/) {

Could you see if this change in
/usr/lib/lire/convertors/spamassassin2dlf works for you?  Could you try
to find out when the spamd log format was changed?  E.g. in which
spamassassin release?

Thanks, Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/

-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list