[Mimedefang] RE: graphdefang and remote syslogs question

Sun Jun 22 18:14:00 EDT 2003

Howdy Dan,

I've made some additional changes to graphdefang to support timezones and
fix the typo in the graphdefang-config file for FILENAMES.

The download is available at:

http://www.bl.org/~jpk/graphdefang/download/graphdefang-0.9-beta2.tgz

You set the configuration in your graphdefang-config file.  You can set a
timezone per logging hostname and also for the final output of
graphdefang.

Section from graphdefang-config-mimedefang-example file:

#
# Optional Timezone variable by host name.  The host name must match
# the host name presented in the syslog file(s).  This variable is
# useful when you have a central syslog server collecting logs for
# machines that are in different timezones.  By default, graphdefang
# uses the timezone that is local to the machine upon which it is
# running.  It is not necessary to define the TZ for EVERY host, but
# only for the ones that aren't in the same timezone as the log
# server.  The timezone must be understood by the Time::Zone perl
# module.
#
# $TZ{'westover'} = 'cst6cdt';
# $TZ{'GD_Display'} = 'cst6cdt';
#

The changelog is:

2003-06-22      John Kirkland <jpk at bl.org>

        * Release 0.9-beta2
        * Added support for setting timezones in the mimedefang-config
          file.  This is useful if you have 2 different hosts logging
          to a given syslog file, and the hosts are in 2 different time
          zones.

2003-06-19      John Kirkland <jpk at bl.org>

        * Changed $DATAFILE[0] to $DATAFILES[0] in mimedefang-config-
          mimedefang-example.

Regards,
John

On Wed, 18 Jun 2003, Dan Tulovsky wrote:

> Hi...
>
> Also, while this helps with multiple log files, it doesn't solve the
> time zone issue.  I added the following code into graphdefanglib.pl:
>
>                 if ($host eq "smtp1") {
>                         $unixtime = $unixtime + 10800;
>                         # print $unixtime . " - smtp1\n";
>                 }
>
> Right before:
>
>                 # don't examine the line if it is greater than 5 minutes
>                 # older than the maximum time in our DB.  The 5 minutes
>                 # comes from the PID, From, and Relay caching with
> sendmail
>                 # and spamd that occurs below.
>                 last if ($unixtime < ($MaxDBUnixTime-60*5));
>
> Which add 3 hours to the host logging from california.... Otherwise the
> graphs come out wrong, as they thing that it is local time, but 3 hours
> before...
>
> So if you are going to keep track of the max time on a per host basis,
> there should probably be some way of setting the proper time zone for
> each host and take that into account for the graphs...
>
> Thank you,
> Dan