1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
#!/usr/bin/perl -w
#
# GraphDefang -- a set of tools to create graphs of your mimedefang
# spam and virus logs.
#
# Written by: John Kirkland
# jpk@bl.org
#
# Copyright (c) 2002-2003, John Kirkland
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#=============================================================================
#
# Path to incoming log file or log files
# If you have only one log file, use $DATAFILE.
#
# If you have more than one log file to parse, say from different hosts,
# use @DATAFILES as follows and you MUST COMMENT OUT OR DELETE $DATAFILE:
#
# $DATAFILES[0] = '/var/log/maillog.host1';
# $DATAFILES[1] = '/var/log/maillog.host2';
$DATAFILE = '/var/log/mail.log';
#
# Optional Timezone variable by host name. The host name must match
# the host name presented in the syslog file(s). This variable is
# useful when you have a central syslog server collecting logs for
# machines that are in different timezones. By default, graphdefang
# uses the timezone that is local to the machine upon which it is
# running. It is not necessary to define the TZ for EVERY host, but
# only for the ones that aren't in the same timezone as the log
# server. The timezone must be understood by the Time::Zone perl
# module.
#
# $TZ{'westover'} = 'cst6cdt';
# $TZ{'GD_Display'} = 'cst6cdt';
#
#
# Output directory for png files that are created
#
$OUTPUT_DIR = '/var/lib/graphdefang';
# Set graph settings
#
# Possible settings:
#
# Name: data_types (required)
# Description: Array of events from the mimedefang log file to
# graph.
# Supported Values: These event names are not fixed. If you put an event
# in mimedefang-filter with md_log('event'), then you
# can use it here. The values used in the example
# mimedefang-filter are 'spam', 'virus',
# 'suspicious_chars', 'message/partial', 'bad_filename',
# 'non_rfc822', 'non_multipart'.
# 'all' is also supported, but it must be listed by itself.
#
# Name: graph_type (required)
# Description: Type of graph to output.
# Supported Values: 'line' or 'stacked_bar'
#
# Name: grouping (required)
# Description: Which value to graph from the md_log file.
# Supported Values: 'summary', 'value1', 'value2', 'sender', 'recipient'
# 'subject'. value1 and value2 are the optional
# parameters that can be logged with the md_log command
# from mimedefang-filter.
#
# Name: grouping_times (required)
# Description: Array of Time intervals to use for grouping
# Supported Values: 'hourly', 'daily', or 'monthly'
#
# Name: top_n (optional)
# Description: Limit number of values to the top n. This
# value is recommended when looking at
# senders, recipients, or subjects.
#
# Name: value1_title (optional)
# Description: Title used in the header if value1 is
# graphed.
#
# Name: value2_title (optional)
# Description: Title used in the header if value2 is
# graphed.
#
# Name: filter (optional)
# Description: Regular expression filter that can be
# used with value1, value2, sender,
# recipient, and subject
# Common uses:
# '@westover.org' to filter sender or recipient by domain
# '^(?:(?!klez).)*$' to filter OUT klez in a virusname
#
# Name: filter_name (optional)
# Description: If a filter is used, the filtername will be appended
# to the Graph Title as "filtered by $filter_name" and
# appended to the end of the filename.
#
# Name: $GraphSettings{'title'} (optional)
# Description: Assigns a title for the chart.
#
# Name: $GraphSettings{'filename'} (optional)
# Description: Sets the filename for a given chart (note:
# the grouping_time is appended to this variable
# to determine the final file name.
#
# Name: $GraphSettings{'x_graph_size'} (optional)
# Name: $GraphSettings{'y_graph_size'} (optional)
# Description: Size, in pixels, for this graph. This overrides the
# default.
#
# Name: $GraphSettings{'num_hourly_values'} (optional)
# Name: $GraphSettings{'num_daily_values'} (optional)
# Name: $GraphSettings{'num_monthly_values'} (optional)
# Description: Number of data points for this graph. This overrides
# the default.
my %GraphSettings;
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['spam', 'probable_spam', 'virus', 'mail_in'],
'graph_type' => 'line',
'grouping' => 'summary',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['virus'],
'graph_type' => 'stacked_bar',
'grouping' => 'value1',
'value1_title' => 'VirusName',
'grouping_times'=> ['hourly','daily','monthly'],
#'filter' => '^(?:(?!klez).)*$',
#'filter_name' => 'Not Klez',
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['spam'],
'graph_type' => 'stacked_bar',
'grouping' => 'recipient',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
'filter' => '^(?:(?!westover.org).)*$',
'filter_name' => 'Heartlight Traffic',
'title' => 'Heartlight Spam Traffic',
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['spam', 'virus'],
'graph_type' => 'stacked_bar',
'grouping' => 'recipient',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['spam'],
'graph_type' => 'stacked_bar',
'grouping' => 'sender',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['spam'],
'graph_type' => 'stacked_bar',
'grouping' => 'value2',
'value2_title' => 'Relay Address',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['virus'],
'graph_type' => 'stacked_bar',
'grouping' => 'value2',
'value2_title' => 'Relay Address',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
|
