[Mimedefang] RE: graphdefang and remote syslogs question
John Kirkland
jpk at bl.org
Sun Jun 22 18:14:00 EDT 2003
Howdy Dan,
I've made some additional changes to graphdefang to support timezones and
fix the typo in the graphdefang-config file for FILENAMES.
The download is available at:
http://www.bl.org/~jpk/graphdefang/download/graphdefang-0.9-beta2.tgz
You set the configuration in your graphdefang-config file. You can set a
timezone per logging hostname and also for the final output of
graphdefang.
Section from graphdefang-config-mimedefang-example file:
#
# Optional Timezone variable by host name. The host name must match
# the host name presented in the syslog file(s). This variable is
# useful when you have a central syslog server collecting logs for
# machines that are in different timezones. By default, graphdefang
# uses the timezone that is local to the machine upon which it is
# running. It is not necessary to define the TZ for EVERY host, but
# only for the ones that aren't in the same timezone as the log
# server. The timezone must be understood by the Time::Zone perl
# module.
#
# $TZ{'westover'} = 'cst6cdt';
# $TZ{'GD_Display'} = 'cst6cdt';
#
The changelog is:
2003-06-22 John Kirkland <jpk at bl.org>
* Release 0.9-beta2
* Added support for setting timezones in the mimedefang-config
file. This is useful if you have 2 different hosts logging
to a given syslog file, and the hosts are in 2 different time
zones.
2003-06-19 John Kirkland <jpk at bl.org>
* Changed $DATAFILE[0] to $DATAFILES[0] in mimedefang-config-
mimedefang-example.
Regards,
John
On Wed, 18 Jun 2003, Dan Tulovsky wrote:
> Hi...
>
> Also, while this helps with multiple log files, it doesn't solve the
> time zone issue. I added the following code into graphdefanglib.pl:
>
> if ($host eq "smtp1") {
> $unixtime = $unixtime + 10800;
> # print $unixtime . " - smtp1\n";
> }
>
> Right before:
>
> # don't examine the line if it is greater than 5 minutes
> # older than the maximum time in our DB. The 5 minutes
> # comes from the PID, From, and Relay caching with
> sendmail
> # and spamd that occurs below.
> last if ($unixtime < ($MaxDBUnixTime-60*5));
>
> Which add 3 hours to the host logging from california.... Otherwise the
> graphs come out wrong, as they thing that it is local time, but 3 hours
> before...
>
> So if you are going to keep track of the max time on a per host basis,
> there should probably be some way of setting the proper time zone for
> each host and take that into account for the graphs...
>
> Thank you,
> Dan
More information about the MIMEDefang
mailing list