[CLUE-Tech] spam assassin
Casagrande, Steve
Steve.Casagrande at echostar.com
Wed Dec 17 16:34:00 MST 2003
Why not just do this:
$ grep -e "identified spam" /var/log/maillog* | grep "for bart" | wc -l
Your example found the union, you want the intersection.
You might also want to play with "cut", "sort", and "uniq" to print out the
list of spam counts for each user. I'm away from a unix box right now (and
it's been a while), but how about this (not sure about the cut part... I can
never seem to remember if it starts with f0 or f1!)
$ grep "identified spam" /var/log/maillog* | cut -d' ' -f5 |cut -d:
-f1 | sort | uniq -c
First grep pulls only the spam lines
First cut jumps to the user name (5th field)
Second cut pulls out everything after the ":" (didn't want that)
Sort the names so that
Uniq can count them.
I think some versions of uniq can handle unsorted lists... but this should
always work.
Steve Casagrande
-----Original Message-----
From: Mike Staver [mailto:staver at fimble.com]
Sent: Wednesday, December 17, 2003 3:46 PM
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] spam assassin
Jeremy - I have modified the command slightly here to this:
grep "identified spam" /var/log/maillog* | wc -l
That way it gets all my mail logs... my only other question is, I'm
trying to figure out how to make so that it does this for a specific
user. In the logs, I see this:
identified spam (7.9/5.0) for bart:506 in 0.4 seconds, 1792 bytes.
So, using "identified spam (7.9/5.0) for bart" won't work because of the
changing numbers. Is there a way to use an expression of some kind
while using grep? I've tried
grep -e "identified spam" -e "for bart" /var/log/maillog* | wc -l
And it returned a number, I just have no idea if it's correct. It seems
very high to me, and I'm sure it's not correct, as you can see from the
results below:
[root at fimble staver]# grep -e "identified spam" -e "for bart"
/var/log/maillog* | wc -l
10736
[root at fimble staver]# grep "identified spam" /var/log/maillog* | wc -l
8755
My end goal is to write a small perl script I can submit to a cron job
and have it dump the results in a mysql table. I'll then write a php
script to graph the data, and show results based on each user vs the
grand total for certain weeks, etc.
Jeremy Huber wrote:
> The EASIEST way I've found is to watch /var/log/maillog for the spamd
> messages.. `grep "identified spam" maillog | wc -l` for the number of
spam,
> `grep "clean message" maillog | wc -l` for the number of ham. There's
> various stat scripts that come with spamassasin, but I've never gotten
them
> to work under a sitewide configuration as I use... You're probably better
> off writing your own.
>
> Jeremy
> ----- Original Message -----
> From: "Mike Staver" <staver at fimble.com>
> To: "CLUE LUG" <clue-tech at clue.denver.co.us>
> Sent: Tuesday, December 16, 2003 1:32 PM
> Subject: [CLUE-Tech] spam assassin
>
>
>
>>Is there a way to get statistics of spam assassin's work? For example,
>>I'm just curious how many emails have been sent through it and how many
>>are spam vs real, etc.
>>--
>>
>> -Mike Staver
>> staver at fimble.com
>> mstaver at globaltaxnetwork.com
>>_______________________________________________
>>CLUE-Tech mailing list
>>Post messages to: CLUE-Tech at clue.denver.co.us
>>Unsubscribe or manage your options:
>
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
http://clue.denver.co.us/mailman/listinfo/clue-tech
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
_______________________________________________
CLUE-Tech mailing list
Post messages to: CLUE-Tech at clue.denver.co.us
Unsubscribe or manage your options:
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list