#!/bin/bash ########################################################################### # (ba)sh script to create graphs from (exim) logs # # ----------------------------------------------------------------------- # # author: tom knaupp, mailto: tom -at- knaupp -dot- com 2009-03 # # url: http://tom.knaupp.com/2009/02/25/exim-graphs/ # # version: 0.9.5.1 # # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # # dependency: rrdtool [ http://oss.oetiker.ch/rrdtool/ ] # # ^ thanks to Tobias Oetiker : ) # # (e)grep # # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # # tested with: rrdtool 1.2.23, rrdtool 1.2.27 # # openSUSE 10.3 (i586), exim 4.69 main log # # openSUSE 11.0 (i586), exim 4.69 main log # # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # # Licensed under the The GNU General Public License, Version 2 # # see http://www.gnu.org/licenses/gpl-2.0.txt # ########################################################################### # # general settings # ------------------------------------------------------------------------- # # (exim) logfile to analyse LOGFILE="/var/log/exim/main.log" # # RRD-File RRD="/var/ucefilter/exim.rrd" # # where to place the graphs GRAPHDIR="/srv/www/htdocs" # # time spam graphs should be created for [see rrdtool manual for valid values] TIMESPANS="6hours 24hours 1week 1month 1year" # # how many entries (lines of logfile) are being written in 5 minutes avg. # (at least, double this to make sure that all entries of that past 5 mins are being processed) LOGLINES="10000" # # RRDtool RRDTOOL=`which rrdtool` # # ## only the past five minutes of the logfiles are wanted ## so there is need for the timestamps (i.e. 2008-05-22 16:09) ## To improve performance of "grep", all search results should ## be found on first search --> 2008-05-22 16:09|2008-05-22 16:08|2008-05-22 16:07 ... e= for (( i = 5; i >= 0; i-- )) ; do e=`date +\%Y-\%m-\%d" "\%H:\%M -d "-$i min"`'|'$e done # ## delete the last character (the last | isn't wanted) SEARCH=`echo $e | sed 's/.$//'` # ## extract given time span from log ## (to improve speed, only use the last lines) CONTENT=`tail $LOGFILE -n $LOGLINES | egrep "$SEARCH"` # # ########################################################################### # Strings to search for in (exim) logfile # ########################################################################### # # ALL accepted mails ACCEPTED=`echo "$CONTENT" | grep " <= " | wc -l` # # ALL blocked mails REJECTED=`echo "$CONTENT" | grep " rejected " | wc -l` # # Greylisted Mails GREYLISTED=`echo "$CONTENT" | grep "greylist.html" | wc -l` # # Spam caught within last hours SPAMRECENTLY=`echo "$CONTENT" | grep "spamrec.html" | wc -l` # # Known Dialup Networks DIALUP=`echo "$CONTENT" | grep " dialup network" | wc -l` # # Sender Verify Failed SENDERVERIFY=`echo "$CONTENT" | grep -i "Sender verify" | wc -l` # # RBL Blacklist BLACKLIST=`echo "$CONTENT" | grep "is in a black list" | wc -l` # # Spamassassin score too high SPAMFOUND=`echo "$CONTENT" | grep "spamblock.html" | wc -l` # # Virus found in mail VIRUS=`echo "$CONTENT" | grep "virusblock.html" | wc -l` # # ########################################################################### # If RRD-Database is not created yet - do it now if [ -e $RRD ] then # rrd database already exists [ debug ] echo "rrd db has been already created.. continue.." else # rrd db does not exist yet - create it now echo "creating rrd db now" $RRDTOOL create $RRD --start now --step 300 \ DS:accepted:GAUGE:600:U:U \ DS:rejected:GAUGE:600:U:U \ DS:greylisted:GAUGE:600:U:U \ DS:spamrecently:GAUGE:600:U:U \ DS:dialup:GAUGE:600:U:U \ DS:senderverify:GAUGE:600:U:U \ DS:blacklisted:GAUGE:600:U:U \ DS:spamscore:GAUGE:600:U:U \ DS:virus:GAUGE:600:U:U \ RRA:AVERAGE:0.5:1:6000 \ RRA:MIN:0.5:12:12000 \ RRA:MAX:0.5:12:12000 \ RRA:AVERAGE:0.5:12:12000 fi # ############################### debugging ################################# ## Statistic of past 5 minutes echo " " echo "Statistic of the past 5 minutes:" echo "--------------------------------" echo "All accepted mails: "$ACCEPTED echo "All rejected mails: "$REJECTED echo "Greylisted mails: "$GREYLISTED echo "Spam within last hours:"$SPAMRECENTLY echo "Known dialup networks: "$DIALUP echo "Sender verify failed: "$SENDERVERIFY echo "RBL Blacklist: "$BLACKLIST echo "Spam Score too high: "$SPAMFOUND echo "Virus found: "$VIRUS echo " " ########################################################################### # # # Update RRD file $RRDTOOL update $RRD N:$ACCEPTED:$REJECTED:$GREYLISTED:$SPAMRECENTLY:$DIALUP:$SENDERVERIFY:$BLACKLIST:$SPAMFOUND:$VIRUS # # # Update Graphs sleep 1 # ## Generate Graph (default size 497+221) ## LINE1 draws a 1px line, LINE2 draws a thicker line, and Line3 the thickest, ## otherwise they all work the same way. AREA is used to define a line that is "filled in". echo "creating graph for" for i in $TIMESPANS do echo -n "- $i ..." $RRDTOOL graph $GRAPHDIR/mail-$i.png --width=520 --height=200 --start=-$i \ --title "uce filter statistics" --vertical-label "No. of Mails (5 min average)" \ "DEF:rejected=$RRD:rejected:AVERAGE" "LINE1:rejected#dc2300:All rejected mails" \ "DEF:greylisted=$RRD:greylisted:AVERAGE" "AREA:greylisted#e6e6ff:Greylisted" \ "DEF:spamrecently=$RRD:spamrecently:AVERAGE" "STACK:spamrecently#b3b3b3:Spam received recently" \ "DEF:dialup=$RRD:dialup:AVERAGE" "STACK:dialup#ffcc99:Known dialup net" \ "DEF:senderverify=$RRD:senderverify:AVERAGE" "STACK:senderverify#ffb515:Sender not verified" \ "DEF:blacklisted=$RRD:blacklisted:AVERAGE" "STACK:blacklisted#ff6309:Listed in RBL" \ "DEF:spamscore=$RRD:spamscore:AVERAGE" "STACK:spamscore#ff0000:Content seems to be Spam" \ "DEF:virus=$RRD:virus:AVERAGE" "STACK:virus#996633:Virus" \ "DEF:accepted=$RRD:accepted:AVERAGE" "AREA:accepted#3deb3d:Accepted mails" \ "GPRINT:accepted:AVERAGE:Mails accepted (average)\: %2.1lf " \ "GPRINT:rejected:AVERAGE:Mails rejected (average)\: %2.1lf \j" done