On Sun, Jan 28, 2001 at 02:00:00PM -0500, Dave C. wrote:
> > The logs are way to big for a human to parse :-)
>
> Well, I didnt mean to inspect them visually. The following would do
> the job nicely..
>
> for sender in `cat main | grep "<=" | cut -f 5 -d" " | sort | uniq`; do
> count=`cat main | grep "<= $sender" | wc --lines | sed 's/ //g'`;
> echo "$count : $sender" ;
> done
Yes, this is what I wanted to do (although in shell, it would probably take
several hours to run on my mail logs :-)
> > That's why I need to hack eximstats to output stats per sender (sender
> > Email, not sender host)
and I just took the time to do that:
(Phillip, feel free to merge that in with the current eximstats)
--- eximstats.debian Tue Sep 12 17:40:18 2000
+++ eximstats.me Fri Feb 2 16:16:27 2001
@@ -291,6 +291,9 @@
my($m_data) = $_[2];
my($name) = ($topcount == 1)? "$text" : "$topcount ${text}s";
my($temp) = "Top $name by message count";
+my $totcount=0;
+my $totbytes=0;
+
printf ("%s\n%s\n\n", $temp, "-" x length($temp));
$count = 1;
@@ -303,9 +306,16 @@
keys %{$m_count})
{
printf("%7d %10d %s\n", $$m_count{$key}, $$m_data{$key}, $key);
+ $totcount+=$$m_count{$key};
+ $totbytes+=$$m_data{$key};
last if $count++ >= $topcount;
}
+print " ","_"x78,"\n";
+printf("%7d %10d\n", $totcount, $totbytes);
+$totcount=0;
+$totbytes=0;
+
$temp = "Top $name by volume";
printf ("\n%s\n%s\n\n", $temp, "-" x length($temp));
@@ -319,9 +329,13 @@
keys %{$m_count})
{
printf("%7d %10d %s\n", $$m_count{$key}, $$m_data{$key}, $key);
+ $totcount+=$$m_count{$key};
+ $totbytes+=$$m_data{$key};
last if $count++ >= $topcount;
}
+print " ","_"x78,"\n";
+printf("%7d %10d\n", $totcount, $totbytes);
print "\n";
}
@@ -438,6 +452,13 @@
$thissize = 0 if !defined($thissize);
$size{$id} = $thissize;
($host) = /\sH=(\S+)/;
+ ($envfromemail) = /(\S+)\s[RHU]=/;
+ # Crap, this is the envelope sender too...
+ #($hdrfromemail) = /\sfrom <(\S*)>\s/;
+ #$hdrfromemail = "<>" if (defined ($hdrfromemail) and not $hdrfromemail);
+ #print "$envfromemail and $hdrfromemail\n";
+ print "Couldn't get envelope sender: line is $_\n" if (not defined $envfromemail);
+ #print "hdr: Line is $_\n" if (not defined $hdrfromemail);
if (defined $host)
{
if ($show_relay) # Save incoming information
@@ -464,6 +485,12 @@
$received_count{$host}++;
$received_data{$host} = 0 if !defined $received_data{$host};
$received_data{$host} += $thissize;
+ $envfromemail_count{$envfromemail}++;
+ $envfromemail_data{$envfromemail} = 0 if !defined $envfromemail_data{$envfromemail};
+ $envfromemail_data{$envfromemail} += $thissize;
+# $hdrfromemail_count{$hdrfromemail}++;
+# $hdrfromemail_data{$hdrfromemail} = 0 if !defined $hdrfromemail_data{$hdrfromemail};
+# $hdrfromemail_data{$hdrfromemail} += $thissize;
$received_count_total++;
$received_data_total += $thissize;
if ($received_data_total > $gig)
@@ -724,6 +751,7 @@
if ($topcount > 0)
{
&print_league_table("sending host", \%received_count, \%received_data);
+ &print_league_table("envelope sender", \%envfromemail_count, \%envfromemail_data);
&print_league_table("local sender", \%received_count_user,
\%received_data_user) if $local_league_table;
&print_league_table("destination", \%delivered_count, \%delivered_data);
It prints some nice info, but I find that I needed to bump the count to
about 1000, to get totals that were close to the totals at the beginning of
the mail.
In the meantime, I found my problem: the rotation of /var/log/exim/mainlog
was switched from once a day to once a week and eximstats was showing
compounded logs every day, saying they were daily logs.
Excuse me while I go in the back and shoot myself :-)
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key
