combining exim, spamassassin and clamav analysis over multiple servers (was: Re: exim log analysis)
Tom Northeast
tnortheast at quadteq.com
Tue Aug 23 11:52:14 CEST 2005
On Mon, Aug 22, 2005 at 02:19:50PM +0200, Tom Northeast wrote:
>> This is true, but before I can combine and generate statistics, I
need
>> to add to the exim2dlf converter so that it extracts the spamassassin
>> and clamAV messages from the exim log.
> You _do_ know there is spamfiltering in Lire, don't you? If your
> spamassassin logfile is rich enough, you might be able to simply drop
> the exim log.
The Spamd daemon has been logging in debug mode to mail.log so there is
huge amounts of detail which I don't need and the spamassassin dlf
converter does not like the log file. It also does not contain any virus
information, so I think I'm going to have to stick to the exim log file.
> If not, you'd have to fiddle with stuff like queue-id or message-id,
> present in both exim and spamassassin/clamav logs. Are these present?
Yes the message Id's are present in both logs although a pain to find in
the spamd logs due to debug being enabled.
There is enough information in the exim logs to satisfy my requirements
without having to link messages between log files for both spam and
virus statistics.
> It is possible to extend dlf scheme's. The www scheme is extended,
for
> example. It might be useful while tackling your problem.
To extract the information from the exim log file, can I not add to the
exim DLF converter then use an extended schema similar to that of the
spamassassin schema, this seems the easiest way of doing it rather than
developing multiple schemas for clamav and spamd
> Since Lire 2.0, there is support for multiple schema's: more than one
> superservice can be featured in a report. The lire(1) command is the
> interface for this. I've however never used this feature myself.
I will look into this but I fear it will be way over my head!
Cheers.
--
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of
"unsubscribe". Trouble? Send an email with subject "help" to
questions-request at logreport.org
More information about the Questions
mailing list