[Mimedefang] Re: graphdefang logging question
Vincent Jaussaud
tatooin at kelkoo.com
Fri Jan 10 14:32:00 EST 2003
On Fri, 2003-01-10 at 18:26, John Kirkland wrote:
> Hi, Vincent,
>
Hi John, and thanks for your reply.
> If there are log lines in your mail log file like:
>
> /^.* (\<\S+\>)\.\.\. User unknown$/
>
Yes, these are log lines from sendmail.
> which matches:
>
> gAHC2iEA006157: <laches at moi.net>... User unknown
>
> Then, they will get added to your SummaryDB.db database file. You can
> graph them by adding a new graph to your graphdefang-config file. I use
> the following:
Ok, I've added the following:
#--------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['user_unknown'],
'graph_type' => 'stacked_bar',
'grouping' => 'value1',
'top_n' => '9',
'value1_title' => 'Domain',
'grouping_times'=> ['hourly','daily','monthly'],
'filter' => '/^.* (\<\S+\>)\.\.\. User unknown$/'
);
push @GRAPHS, { %GraphSettings };
It seems to work, since in my first graph a new line has been added
corresponding to "User unknown" sendmail logs.
However, the new graph which is created is empty :(
See by yourself:
https://mail.kelkoo.net/mimedefang/index.php?view=daily
> sender = NA;
> recipient = email address of unknown recipient
> value1 = domain of the unknown recipient
>
I'm not sure to understand what you mean, so please forgive me if my
question is stupid; but do I need to add a new md_log function within my
mimedefang-filter config file ?
> Regards,
> John
Thanks again,
Regards,
Vincent.
>
> > Message: 7
> > From: Vincent Jaussaud <tatooin at kelkoo.com>
> > To: mimedefang at lists.roaringpenguin.com
> > Organization: Kelkoo.com
> > Date: 09 Jan 2003 18:23:08 +0100
> > Subject: [Mimedefang] graphdefang logging question
> > Reply-To: mimedefang at lists.roaringpenguin.com
> >
> > Hi !
> >
> > I saw that it's possible to use Graphdefang with sendmail's "User
> > unknown" log entries; but I don't know how.
> >
> > I currently use graphdefang for Spam & Virus monitoring, and I would
> > like to use it as well to monitor possible user dictionary attack on my
> > mail server.
> >
> > Any pointer for this ?
> >
> > Thanks in advance,
> > Regards.
> >
> > --
> > Vincent Jaussaud
> > Kelkoo.com Security Manager
> > email: tatooin at kelkoo.com
> >
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin at kelkoo.com
"The UNIX philosophy is to design small tools that do one thing, and do
it well."
More information about the MIMEDefang
mailing list