Differences between revisions 2 and 3
Revision 2 as of 2008-02-29 16:40:49
Size: 9787
Editor: localhost
Comment: converted to 1.6 markup
Revision 3 as of 2018-06-01 10:15:23
Size: 9785
Editor: dz
Comment:
Deletions are marked like this. Additions are marked like this.
Line 76: Line 76:
    * '''cacti''': Print the output in a way suitable for Cacti ([[http://www.cacti.net]]). No header line is printed and the time interval is ignored. Please note that no linefeed is printed at the end of the line!
    * '''munin''': Print the output in a way suitable for Munin ([[http://munin.projects.linpro.no]]). No header line is printed and the time interval is ignored.
    * '''cacti''': Print the output in a way suitable for Cacti ([[https://www.cacti.net]]). No header line is printed and the time interval is ignored. Please note that no linefeed is printed at the end of the line!
    * '''munin''': Print the output in a way suitable for Munin ([[http://munin-monitoring.org/]]). No header line is printed and the time interval is ignored.

NAME

maillogstat -- a vmstat-like statistics printer for mail server logfiles

SYNOPSIS

maillogstat 'args' < /var/log/maillog > output

DESCRIPTION

Maillogstat scans through a mail server logfile and prints various statistics

delivery statistics
Print the number of received, sent, deferred, undeliverable, deliverable, bounced, and expired mails
reject code statistics
Print how many mails were rejected with each numeric reject code
reject reason statistics
Configure a set of reject reasons and print how many mails were rejected with each reason
domain statistics
Configure a set of domains an print how many mails to or from these domains occur.

The following options are available:

Mode Selection

-s, --stats
Print statistics about the delivery status. The followind delivery stati are available:
  • receive: Number of messages, that are successfully received and placed into the incoming queue. XXXX or active queue?

  • sent: Number of messages, that are successfully sent to the recipient MTA (lines with status=sent)

  • deferred: Number of delivery attempts, that were not successful because of an temporary (4xx) error. The message was placed into the deferred queue (lines with status=deferred)

  • undeliverable: verify(8) daemon sais "undeliverable" (lines with status=undeliverable)

  • deliverable: verify(8) deamon sais "deliverable" (lines with status=deliverable)

  • bounced: Number of messages that bounced because of an permanent (5xx) failure. The message wase placed into the bounce queue (lines with status=bounced)

  • expired: Number of messages that expired from the deferred queue, i.e. too many unsuccessful delivery attempts (lines with status=expired). XXX

-n, --numeric
Select statistics mode and print statistics about the numeric reject reasons.

Use maillogstat -l to see a short explanation of the codes or see RFC 2821 (ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt), Section 4.2 'SMTP Replies'.

-r 'file', -reject 'file'

Select statistics mode and print statistics about the reject reason. You must configure the reject reasons, that you are interested in in file. See CONFIG FILES below. If maillogstat finds rejects, that were tagged with warn_if_reject in Postfix' main.cf, these statistics are printed in parenthesis. -d 'file', --domain 'file' Select statistics mode and print the percentage of how many domains that are configured in file appear as domain in a 'To' address. See CONFIG FILES below.

General Configuration

-f 'filter-expr', --filter 'filter-expr'
Collect only lines with matching server names. Not fully implemented yet.
-i 'interval-expr', --interval 'interval-expr'

Set the interval for statistics mode. Default is 1h (one hour). The interval expression is a sequence of value timeunit, where timeunit can be 'd', 'h', 'm', or 's' for 'day', 'hour', 'minute', 'second' respectively. value must be in the appropriate range. 'dhms' must appear in this order, 's' can be ommited!

Additinally interval-expr can be 'all', effectively switching off intervals.

Printing Configuration

-t, --time

Print a timestamp in front of each printed line (format HH:MM:SS).

-T, --full-time

Print a datestamp and a timestamp in front of each printed line (format YYYY-MM-DD HH:MM:SS).

-q, --queueid
Print the queue-id in front of each printed line. You can use the queue-id to grep for the raw logfile data, then.
-Q, --full-queueid
Print the 'extended' queue-id in front of each printed line. The extended queue-id consists out of server name from the logfile prepended to the real queue-id. The extended queue-id is necessary, when you collect the log output from multiple servers into one logfile.
-w, --wrap
Wrap long lines of output. Unfortunately you cannot set the maximum line length, so wrapped lines are still very long.
-o 'method', --output 'method'
Select a output method. The following output methods are available:
  • plain: Print the output in a way similar to vmstat and iostat. First a line with column headers is printed, and then for each time interval a line with corresponding values. (default)

  • cacti: Print the output in a way suitable for Cacti (https://www.cacti.net). No header line is printed and the time interval is ignored. Please note that no linefeed is printed at the end of the line!

  • munin: Print the output in a way suitable for Munin (http://munin-monitoring.org/). No header line is printed and the time interval is ignored.

-R 'filedesc', --remaining 'filedesc'
Print all lines, that were not considered or counted by maillogstat on

filehandle filedesc. E.g. other messages, messages from a POP or IMAP server, etc.

Use it e.g. with a sh-like shell in a command like maillogstat ... -R 3 3> maillog-rest.

Help

-h, --help
Print usage information
-l, --list
List possible status and reject codes and explain them.
-D, --debug
Enable debug output.

If no option is given, maillogstat waits on stdin for input.

CONFIG FILES

Reject reasons

A reject-resaons file must be given after --reject (-r).

This file consists out of two columns, separated by the first (non leading) white space.

  • The first column contains a string that describes this reject reason.

The first 7 characters of this string are uses as column heading in the statistics output.

  • The second column contains a regular expression (PCRE manpage? XXX), that

is applied to the part of a log entry between 'NOQUEUE: ' (or queue-ID) and '; from='.

Example: spf  Please see http://spf.pobox.com/why.html?sender=

Domains

A domains file must be given after -d.

This file is simply a list of domain names, one name per line.

All config files honour '#' as comment character and leading and trailing white space as non present.

FILTER SYNTAX

The filter syntax is used in the --filter (-f) option (not yet) and as output format in the -output grep output method.

It is a sequence of key=value pairs separated with on space and put into one long line. One 'From' line and multiple 'To' lines are expressed in one line as one 'from=' and multiple 'to=' chunks.

The following keywords are available:

  • begin: 'HH:DD:SS' or 'YYYY-MM-DDTHH:DD:SS' dependig on --full-time

  • end: 'HH:DD:SS' or 'YYYY-MM-DDTHH:DD:SS' dependig on --full-time

  • qid: queue-id or extended queue-id depending on --full-queue

  • from: sender address, '<>' if empty (= mailer-daemon)

  • size: in bytes

  • recipient: number of recipients

  • pickup-uid: UID of local user who has sent the mail

  • client: Sending MTA or MUA

  • message-id: Message-Id

  • user: SMTP Auth username

  • to: recipient address

  • relay: recipient MTA

  • delay: in seconds

  • tries: number of deliveries until success or bounce

  • status: see above or maillogstat -l for status codes

Filter syntax

not yet implemented

EXAMPLES

delivery statistics

% maillogstat -s /var/log/maillog

Time receive sent deferre undeliv deliver bounced expired 00:00:00 11117 5681 2162 1965 589 491 0 01:00:00 36075 18341 5011 6591 2498 1707 0 02:00:00 45920 20438 3630 11503 2586 2013 0 03:00:00 43008 18776 6137 9892 2887 1580 0 04:00:00 39730 19016 5202 8861 2517 1269 0

reject code statistics

% maillogstat -n /var/log/maillog

Time            450     451     501     503     504     550     552     554    rest
00:00:00        7563    0       0       1       2301    0       0       281    0
01:00:00        25988   0       0       0       7038    0       0       814    0
02:00:00        32760   0       0       1       9310    0       0       986    0
03:00:00        31013   0       0       0       11368   1       0       1249   0
04:00:00        29877   0       0       1       9198    0       0       1128   0

reject reason statistics

% maillogstat -r reject.conf /var/log/maillog

Time            grey    helo    spf     unknown
00:00:00        1915    2297    0       278
01:00:00        7452    7032    0       984
02:00:00        8417    9301    0       1006
03:00:00        8631    11360   0       1089
04:00:00        8791    9197    0       1103

domain statistics

% maillogstat -d domain.conf /var/log/maillog

Time            %domain
00:00:00         0.00
01:00:00         0.01
02:00:00         0.01
03:00:00         0.03
04:00:00         0.01

On http://426.ch/maillogpp/examples you can see how the output looks on a wide screen.

REQUIREMENTS

Perl, tested with versions > XXX

/usr/bin/env should be in place. If it is not there, replace the first line of maillogstat with the full path to your perl binary, for example #!/usr/bin/perl.

DIAGNOSTICS

Maillogstat exits 0 on success, and 1 if an error ocurrs. XXX really?

SEE ALSO

WWW: http://426.ch/maillogpp

BUGS

At the moment it only works with postfix logfiles.

maillogstat ... -R fd fd> file works only when fd is < 10, except when using bash.

see TODO

AUTHOR

Maillogstat is copyright (c) 2007 Derik van Zuetphen <[dz@426.ch]>. All rights reserved.

Maillogpp/maillogstat(1) (last edited 2018-06-01 10:15:23 by dz)