[CLUE-Tech] spam assassin

Casagrande, Steve Steve.Casagrande at echostar.com
Wed Dec 17 18:26:18 MST 2003 

Mike;

If you use your approach (one grep per user out of a temporary file), that
will work until you add a user, then you'll have to update your script.  My
one-line example (which was split due to the line wrap - it's supposed to be
one line) will work when you add/remove users.  The grep/cut/sort/uniq
sequence is a pretty useful way to count items/lines in a file.

I don't know why syslog would change the maillog as it rotates it... Just
look in there and see what the file looks like.  

You also usually don't need the grep "-e" option, as it's implied (although
it helps if you are searching for a string that starts with "-").

(Boy, I miss having a unix machine on my desktop.)

Regards,

Steve Casagrande

-----Original Message-----
From: Mike Staver [mailto:staver at fimble.com] 
Sent: Wednesday, December 17, 2003 5:32 PM
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] spam assassin


Thanks steve, I have decided use that type of logic for a script like this:

grep -e "identified spam" /var/log/maillog* > spam.txt
grep -e "for bart" spam.txt | wc -l
grep -e "for staver" spam.txt | wc -l
etc

This has brought up a very interesting issue for me... I just started 
checking maillog.1, maillog.2, etc.  They are all void of spam assassin 
messages, when I *know* I got spam during those time periods.  Is syslog 
doing something to strip those log files of the messages I'm looking for 
when it rotates the logs from maillog to maillog.x?  I'm using Red Hat 9 
BTW.

Casagrande, Steve wrote:

> Why not just do this:
> 
>  $ grep -e "identified spam" /var/log/maillog* | grep "for bart" | wc -l
> 
> Your example found the union, you want the intersection.
> 
> You might also want to play with "cut", "sort", and "uniq" to print out
the
> list of spam counts for each user.  I'm away from a unix box right now
(and
> it's been a while), but how about this (not sure about the cut part... I
can
> never seem to remember if it starts with f0 or f1!)
> 
> 	$ grep "identified spam" /var/log/maillog* | cut -d' ' -f5 |cut -d:
> -f1 | sort | uniq -c
> 
> First grep pulls only the spam lines
> First cut jumps to the user name (5th field)
> Second cut pulls out everything after the ":" (didn't want that)
> Sort the names so that
> Uniq can count them.
> 
> I think some versions of uniq can handle unsorted lists... but this should
> always work.
> 
> Steve Casagrande
> 
> 
> -----Original Message-----
> From: Mike Staver [mailto:staver at fimble.com] 
> Sent: Wednesday, December 17, 2003 3:46 PM
> To: clue-tech at clue.denver.co.us
> Subject: Re: [CLUE-Tech] spam assassin
> 
> 
> Jeremy - I have modified the command slightly here to this:
> 
> grep "identified spam" /var/log/maillog* | wc -l
> 
> That way it gets all my mail logs... my only other question is, I'm 
> trying to figure out how to make so that it does this for a specific 
> user.  In the logs, I see this:
> 
> identified spam (7.9/5.0) for bart:506 in 0.4 seconds, 1792 bytes.
> 
> So, using "identified spam (7.9/5.0) for bart" won't work because of the 
> changing numbers.  Is there a way to use an expression of some kind 
> while using grep?  I've tried
> 
> grep -e "identified spam" -e "for bart" /var/log/maillog* | wc -l
> 
> And it returned a number, I just have no idea if it's correct.  It seems 
> very high to me, and I'm sure it's not correct, as you can see from the 
> results below:
> 
> [root at fimble staver]# grep -e "identified spam" -e "for bart" 
> /var/log/maillog* | wc -l
>    10736
> [root at fimble staver]# grep "identified spam" /var/log/maillog* | wc -l
>     8755
> 
> My end goal is to write a small perl script I can submit to a cron job 
> and have it dump the results in a mysql table.  I'll then write a php 
> script to graph the data, and show results based on each user vs the 
> grand total for certain weeks, etc.
> 
> Jeremy Huber wrote:
> 
> 
>>The EASIEST way I've found is to watch /var/log/maillog for the spamd
>>messages.. `grep "identified spam" maillog | wc -l` for the number of
> 
> spam,
> 
>>`grep "clean message" maillog | wc -l` for the number of ham.  There's
>>various stat scripts that come with spamassasin, but I've never gotten
> 
> them
> 
>>to work under a sitewide configuration as I use... You're probably better
>>off writing your own.
>>
>>Jeremy
>>----- Original Message ----- 
>>From: "Mike Staver" <staver at fimble.com>
>>To: "CLUE LUG" <clue-tech at clue.denver.co.us>
>>Sent: Tuesday, December 16, 2003 1:32 PM
>>Subject: [CLUE-Tech] spam assassin
>>
>>
>>
>>
>>>Is there a way to get statistics of spam assassin's work?  For example,
>>>I'm just curious how many emails have been sent through it and how many
>>>are spam vs real, etc.
>>>-- 
>>>
>>>                                -Mike Staver
>>>                                 staver at fimble.com
>>>                                 mstaver at globaltaxnetwork.com
>>>_______________________________________________
>>>CLUE-Tech mailing list
>>>Post messages to: CLUE-Tech at clue.denver.co.us
>>>Unsubscribe or manage your options:
>>
>>http://clue.denver.co.us/mailman/listinfo/clue-tech
>>
>>
>>_______________________________________________
>>CLUE-Tech mailing list
>>Post messages to: CLUE-Tech at clue.denver.co.us
>>Unsubscribe or manage your options:
> 
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com
_______________________________________________
CLUE-Tech mailing list
Post messages to: CLUE-Tech at clue.denver.co.us
Unsubscribe or manage your options:
http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list