On Fri, May 30, 2003 at 02:38:18PM -0400, Kris Deugau wrote:
> With all the talk about problems tracking spamd log entries, I'm curious
> why nobody has simply tried "grep spamd /var/log/maillog" and done some
> *very* basic sorting on the resulting output. I don't see why that
Of course I tried. That's why I started the topic...
> should be so hard to do. Each message that passes through spamc/spamd
> has four log lines; for each set of four they should have the same PID
> and timestamps that are fairly close together.
Fairly close together is already becoming fuzzy.
> Unless you're running tens of thousands of messages per *second*, you
> should be able to use the PID and timestamp to correlate spamd log
> lines, and use those to go back and find any other log entries you're
> interested in.
And how do I prevent host "mail1" to use a certain pid at a certain time
if host "mail2" also uses that pid? Granted, I can then use the hostname
and sort on that, next sort on time, next sort on pid, find the related
lines, combine them, extract the message-id and the spam score
-or-
insert a custom string, which could be the local queue-id as provided
by the MTA -or- write the message-id on the same line as the score, then:
awk '
/spamd.[0-9]*.: clean / {print "ham "$8" "$9}
/spamd.[0-9]*.: identified / {print "spam "$8" "$9}
'
which looks as if it would require less resources and result in less
chance for error. It works on a single line per message so it cannot
be wrong and no expensive sort is required.
Example: clean message D53D7161EA2 (-5.8/5.0) for <x:y> in 1.0 seconds, 4928 bytes
would result in "spam D53D7161EA2 (-5.8/5.0)" without much fuss.
Sorting the syslog output using three different keys is not what I would
call "*very* basic". Sorry.
Alex
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
