[Mimedefang] Sample Graphing Scripts on the mimedefang website
David F. Skoll
dfs at roaringpenguin.com
Wed May 15 09:56:20 EDT 2002
On Wed, 15 May 2002, Anthony Giggins wrote:
> Do you have these sample logging scripts available for us the
> programming impaired?
Oh, sure; they're tiny.
Prerequisites:
- Tcl 8.0 or higher
- Gnuplot
(I really like Tcl, and would have written mimedefang in Tcl instead of
Perl were it not for all the great CPAN modules. :-()
Also, when you bounce a virus, the filter must do something like this:
syslog('info', "$MsgID from $Sender via $RelayAddr ($RelayHostname) " .
"re: ($Subject) bounced because of attachment $fname");
because the graphing script keys on the "bounced because of" phrase.
Grapher attached. It's rather specific to my mail server, but
should be relatively easy to modify.
Regards,
David.
#----------------- Cut here ------------------------------------------
#!/usr/bin/tclsh
#***********************************************************************
#
# count-viruses.tcl
#
# Analyzes mail and web log files to look for virus hits.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# $Id: count-viruses.tcl,v 1.4 2002/05/07 03:22:10 dfs Exp $
#***********************************************************************
# Mail viruses per day are indexed in $MailViruses(yyyy/mm/dd)
catch { unset MailViruses }
catch { unset MailTotal }
#***********************************************************************
# %PROCEDURE: parseMailLog
# %ARGUMENTS:
# fname -- name of mail log file
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Increments MailViruses(yyyy/mm/dd) for each bounced virus.
#***********************************************************************
proc parseMailLog { fname } {
global MailViruses MailTotal
if {[catch {set fp [open $fname "r"]}]} {
return
}
while {[gets $fp line] >= 0} {
if {[regexp "sendmail.*: from=<" $line]} {
set time [string range $line 0 6]
set time [clock format [clock scan $time] -format "%Y/%m/%d"]
if {[info exists MailTotal($time)]} {
incr MailTotal($time)
} else {
set MailTotal($time) 1
}
}
if {![regexp -expanded -nocase "mimedefang.pl.*bounced.*.(pif|exe|bat|com|scr|wsh|dll)" $line]} {
continue
}
set time [string range $line 0 6]
set time [clock format [clock scan $time] -format "%Y/%m/%d"]
if {[info exists MailViruses($time)]} {
incr MailViruses($time)
} else {
set MailViruses($time) 1
}
}
close $fp
}
#***********************************************************************
# %PROCEDURE: plotMailLog
# %ARGUMENTS:
# Nothing
# %RETURNS:
# Calls gnuplot to plot mail virus statistics
#***********************************************************************
proc plotMailLog {} {
global MailViruses
set fp [open "|gnuplot" w]
puts $fp "set xdata time"
puts $fp {set yrange [0:*]}
puts $fp "set size 1,0.5"
puts $fp "set timefmt \"%Y/%m/%d\""
puts $fp "set xlabel 'Date'"
puts $fp "set ylabel \"Viruses per day\""
puts $fp "set title 'Microsoft Virus Arrival Frequency'"
puts $fp "set format x '%d/%b'"
puts $fp "set xtics 86400*7"
puts $fp "set mxtics 7"
puts $fp "set grid mxtics xtics ytics"
puts $fp "set terminal png small color"
puts $fp "set output 'mail-viruses.png'"
puts $fp "plot '-' using 1:2 title 'Viruses' with lines"
set keys [lsort [array names MailViruses]]
foreach thing $keys {
set val $MailViruses($thing)
puts $fp "$thing $val"
}
puts $fp "e"
flush $fp
close $fp
}
#***********************************************************************
# %PROCEDURE: plotMailPercentage
# %ARGUMENTS:
# Nothing
# %RETURNS:
# Calls gnuplot to plot mail virus statistics
#***********************************************************************
proc plotMailPercentage {} {
global MailViruses MailTotal
set fp [open "|gnuplot" w]
puts $fp "set xdata time"
puts $fp {set yrange [0:*]}
puts $fp "set size 1,0.5"
puts $fp "set timefmt \"%Y/%m/%d\""
puts $fp "set xlabel 'Date'"
puts $fp "set ylabel \"Percentage\""
puts $fp "set title 'Microsoft Viruses as Percentage of Messages'"
puts $fp "set format x '%d/%b'"
puts $fp "set xtics 86400*7"
puts $fp "set mxtics 7"
puts $fp "set grid mxtics xtics ytics"
puts $fp "set terminal png small color"
puts $fp "set output 'mail-percent.png'"
puts $fp "plot '-' using 1:2 title 'Viruses' with lines"
set keys [lsort [array names MailViruses]]
foreach thing $keys {
set val $MailViruses($thing)
if {[catch { set total $MailTotal($thing) }]} {
continue
}
if {$total == 0} {
continue
}
set val [expr (100.0 * $val) / (1.0 * $total)]
puts $fp "$thing $val"
}
puts $fp "e"
flush $fp
close $fp
}
parseMailLog "/var/log/maillog.4"
parseMailLog "/var/log/maillog.3"
parseMailLog "/var/log/maillog.2"
parseMailLog "/var/log/maillog.1"
parseMailLog "/var/log/maillog"
foreach thing [lsort [array names MailTotal]] {
if {![info exists MailViruses($thing)]} {
set MailViruses($thing) 0
}
}
plotMailLog
plotMailPercentage
More information about the MIMEDefang
mailing list