Re: [exim] exim "top" utility

Top Pagina
Delete this message
Reply to this message
Auteur: Troy Settle
Datum:  
Aan: Matthew Newton
CC: exim-users
Onderwerp: Re: [exim] exim "top" utility
Matthew Newton wrote:
> Hi all,
>
> I've been looking around the web to find a utility that will
> display the current mail moving through an exim server, similar to
> the "top" utility, or "ratop" for network data (Argus). As I
> couldn't find anything, I've written something myself.
>
> It displays the most frequent (for the last 5 minutes) of sending
> address, domain, host, subject, and receiving address, domain and
> host in the terminal window. So far it seems fairly good in what
> it does, but there are many improvements that can be made, I'm
> sure.
>
> If you want to play it's available from the following URL. I'd be
> interested in feedback for how to improve it, or ways of detecting
> anomalies in the data (for alerting purposes).
>
> http://www.le.ac.uk/its/mcn4/exitop/
>
> It currently has to be fed data, so, as all our mail servers
> syslog to a common location, I run it with
>
> tail -n10000 -f /mail/log/dir/*mail | syslog2exim | exitop
>
> where -n10000 means you get some instant results, and syslog2exim
> converts back to exim log format (small utility I wrote, on the
> web site).
>
> Hope it's useful to someone.
>
> Cheers,
>
> Matthew
>
>
>

Very cool utility! It took me a while to figure out that I had to add
+subject to the log_selector to get anything in the subject window, but
once done, I saw some interesting things.

I'm wondering though, how can I get $spam_score along with the subject
line. From what I can tell, I can't add it to the log_selector, but I
can do this:

log_message = SCORE=$spam_score SUBJECT="$h_Subject:"

What would I need to do to the script to use this information? I think
I'd want to show a count, max score, and subject string.

Thinking further into it... some other stats might be useful along with
the subjects:
# of unique from addresses / senders
# of unique from hosts

--
Troy Settle
Pulaski Networks ~ http://www.psknet.com
866.477.5638 ~ 540.994.4254