[Mimedefang] Re: graphdefang logging question

Vincent Jaussaud tatooin at kelkoo.com
Fri Jan 10 14:32:00 EST 2003 

On Fri, 2003-01-10 at 18:26, John Kirkland wrote:
> Hi, Vincent,
> 
Hi John, and thanks for your reply.
 
> If there are log lines in your mail log file like:
> 
> /^.* (\<\S+\>)\.\.\. User unknown$/
> 
Yes, these are log lines from sendmail.

> which matches:
> 
> gAHC2iEA006157: <laches at moi.net>... User unknown
> 
> Then, they will get added to your SummaryDB.db database file.  You can
> graph them by adding a new graph to your graphdefang-config file.  I use
> the following:
Ok, I've added the following:

#--------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
                'data_types'    => ['user_unknown'],
                'graph_type'    => 'stacked_bar',
                'grouping'      => 'value1',
                'top_n'         => '9',
                'value1_title'  => 'Domain',
                'grouping_times'=> ['hourly','daily','monthly'],
                'filter'        => '/^.* (\<\S+\>)\.\.\. User unknown$/'
                );
push @GRAPHS, { %GraphSettings };

It seems to work, since in my first graph a new line has been added
corresponding to "User unknown" sendmail logs. 
However, the new graph which is created is empty :(

See by yourself:
https://mail.kelkoo.net/mimedefang/index.php?view=daily

> sender = NA;
> recipient = email address of unknown recipient
> value1 = domain of the unknown recipient
> 
I'm not sure to understand what you mean, so please forgive me if my
question is stupid; but do I need to add a new md_log function within my
mimedefang-filter config file ?

> Regards,
> John
Thanks again,
Regards,
Vincent.

> 
> > Message: 7
> > From: Vincent Jaussaud <tatooin at kelkoo.com>
> > To: mimedefang at lists.roaringpenguin.com
> > Organization: Kelkoo.com
> > Date: 09 Jan 2003 18:23:08 +0100
> > Subject: [Mimedefang] graphdefang logging question
> > Reply-To: mimedefang at lists.roaringpenguin.com
> >
> > Hi !
> >
> > I saw that it's possible to use Graphdefang with sendmail's "User
> > unknown" log entries; but I don't know how.
> >
> > I currently use graphdefang for Spam & Virus monitoring, and I would
> > like to use it as well to monitor possible user dictionary attack on my
> > mail server.
> >
> > Any pointer for this ?
> >
> > Thanks in advance,
> > Regards.
> >
> > --
> > Vincent Jaussaud
> > Kelkoo.com Security Manager
> > email: tatooin at kelkoo.com
> >
> 
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin at kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."

More information about the MIMEDefang mailing list