> > I've tried using: > * sa-stats 1.3 by Brad Rathbun (get zeroed stats when i run it) > * sa-stats 0.5 by Dallas Engelken (this actually claims to > work with SA v3, but i cant actually work out how to use it > coz cant find docs and cant get a usage statement)
Well I know mine works with 3.0.. The reason I wrote mine sa-stats was to show top rule hitters. Here is what it looks like on my box. [EMAIL PROTECTED] bin]# perl sa-stats.pl Email: 473 Autolearn: 168 AvgScore: 3.89 AvgScanTime: 0.00 sec Spam: 154 Autolearn: 22 AvgScore: 15.39 AvgScanTime: 0.00 sec Ham: 319 Autolearn: 146 AvgScore: -1.66 AvgScanTime: 0.00 sec Time Spent Running SA: 0.00 hours Time Spent Processing Spam: 0.00 hours Time Spent Processing Ham: 0.00 hours TOP SPAM RULES FIRED ------------------------------------------------------------ RANK RULE NAME COUNT PERCENT ------------------------------------------------------------ 1 HTML_MESSAGE 126 7.80% 2 URIBL_OB_SURBL 107 6.63% 3 DCC_CHECK 93 5.76% 4 URIBL_WS_SURBL 90 5.57% 5 MIME_HTML_ONLY 84 5.20% 6 URIBL_JP_SURBL 81 5.02% 7 BAYES_50 72 4.46% 8 URIBL_SBL 70 4.33% 9 BAYES_99 55 3.41% 10 URIBL_SC_SURBL 55 3.41% 11 MIME_BASE64_TEXT 51 3.16% 12 RATWARE_ZERO_TZ 51 3.16% 13 URIBL_AB_SURBL 46 2.85% 14 HTML_10_20 39 2.41% 15 RCVD_NUMERIC_HELO 31 1.92% 16 HTML_50_60 17 1.05% 17 MPART_ALT_DIFF 16 0.99% 18 HTML_TAG_EXIST_TBODY 16 0.99% 19 HTML_30_40 16 0.99% 20 FORGED_OUTLOOK_TAGS 15 0.93% ------------------------------------------------------------ TOP HAM RULES FIRED ------------------------------------------------------------ RANK RULE NAME COUNT PERCENT ------------------------------------------------------------ 1 BAYES_00 306 27.64% 2 AWL 202 18.25% 3 HTML_MESSAGE 124 11.20% 4 NO_REAL_NAME 67 6.05% 5 HTML_80_90 36 3.25% 6 MIME_HTML_ONLY 31 2.80% 7 HTML_90_100 19 1.72% 8 HTML_FONT_BIG 18 1.63% 9 USER_IN_WHITELIST 18 1.63% 10 HTML_NONELEMENT_00_10 17 1.54% 11 DCC_CHECK 16 1.45% 12 HTML_50_60 12 1.08% 13 MIME_QP_LONG_LINE 11 0.99% 14 HTML_IMAGE_RATIO_02 10 0.90% 15 HTML_TAG_EXIST_TBODY 10 0.90% 16 HTML_TEXT_AFTER_HTML 9 0.81% 17 HTML_TEXT_AFTER_BODY 9 0.81% 18 USER_IN_DEF_WHITELIST 8 0.72% 19 URI_REDIRECTOR 8 0.72% 20 HTML_WEB_BUGS 6 0.54% ------------------------------------------------------------ I actually send spamd logs to stdout via daemontools, so my logs show up in /var/log/spamd/current (vs /var/log/maillog). So I change a couple things in my script. my $LOG_DIR="/var/log"; to my $LOG_DIR="/var/log/spamd"; And my @logs = grep /^maillog/i, readdir DIR; to my @logs = grep /^current/i, readdir DIR; Could it be more intuitive, probably. Could it support a Getopt::Long and Pod::Usage to explain and accept command line options, sure. But I'm lazy and it does what I need :) Try reading the code in the script and modify it to fit your needs. It should be click-and-run if you have SA 3.x and log to /var/log/maillog (SA 3 logs using syslog by default, and /var/log is the common syslog dir). Dallas
