Walkthrough on Postifx monitoring with Cacti

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
vinx
Posts: 18
Joined: Mon Mar 06, 2006 12:02 pm

#16 Post by vinx » Wed Mar 08, 2006 11:13 am

ok, I upgraded to latest cacti's version and now works.

the problem, is that the graph is empty.

Are steps from 1 to 5 to be done on mailserver?

vinx
Posts: 18
Joined: Mon Mar 06, 2006 12:02 pm

#17 Post by vinx » Thu Mar 09, 2006 2:44 am

I'm an idiot. I forgot to restart snmp daemon!

now the mail transporting graph is ok, but the mail filtering graph is empty, altough i'm receiveing both spam and viruses.

curtis001
Posts: 1
Joined: Fri Mar 10, 2006 6:40 am

#18 Post by curtis001 » Fri Mar 10, 2006 6:42 am

I have also follow the instruction but also no graph produced .... but no error come out :(

is there any setting in cacit itself ? thx all.

vinx
Posts: 18
Joined: Mon Mar 06, 2006 12:02 pm

#19 Post by vinx » Mon Mar 13, 2006 5:24 am

I had a look on fetch_mail_statistics.pl script:

Code: Select all

while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/ ) { $num_clean++; }
    elsif ( / Passed SPAM/ ) { $num_pspam++; }
    elsif ( / Blocked SPAM/ ) { $num_spam++; }
    elsif ( / Blocked INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }
Il looks for the above strings on maillog.

I searched above strings on mail.log, but there are no entries in file. I'm using amavis for email filtering.

Mathieu
Posts: 12
Joined: Mon Mar 13, 2006 5:40 am
Location: France

#20 Post by Mathieu » Mon Mar 13, 2006 11:45 am

Hi there,

i made this script work for my configuration of Postfix/ClamAv/Amavisd-New/SpamAssasin this morning (i am using a Sarge Debian fully upgraded). I had to modify both amavisd logformat and fetch_mail_statistics.pl scripts. Here are my modifications :

/etc/amavisd/amavisd.conf

Code: Select all

$log_templ = '[?%#D|Not-Delivered|Passed] [? %#V |[? %#F |[? %#X |CLEAN|BAD-HEADER]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
fetch_mail_statistics.pl

Code: Select all

  while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_pspam++ if ($hits > $tag_level);
        }

    elsif ( / Not-Delivered CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_spam++ if ($hits > $tag_level);
        }

    elsif ( / Passed INFECTED/ ) { $num_infected++; }
    elsif ( / Not-Delivered INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Not-Delivered BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }
    elsif ( / Not-Delivered BANNED/ ) { $num_banned++; }

    }


To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for
$tag2_level
parameter.
Here is an exemple of such a line :

Code: Select all

$SPAMLVL  = 2.0;
I hope this will help...

Mathieu
Attachments
fetch_mail_statistics.txt
Here is my version of fetch_mail_statistics.pl script for Debian users. It relies on particular amavisd log configuration :
$log_templ = '[?%#D|Not-Delivered|Passed] [? %#V |[? %#F |[? %#X |CLEAN|BAD-HEADER]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o
(5.97 KiB) Downloaded 1535 times

vinx
Posts: 18
Joined: Mon Mar 06, 2006 12:02 pm

#21 Post by vinx » Tue Mar 14, 2006 5:11 am

Mathieu wrote: To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for
$tag2_level
parameter.
Here is an exemple of such a line :

Code: Select all

$SPAMLVL  = 2.0;
Mathieu
Mathieu,
thanks for your help, but I cannot find such value in my amavid.conf file.

could please attach your amavisd.conf file to let me compare mine?

merci,
a bientôt

Mathieu
Posts: 12
Joined: Mon Mar 13, 2006 5:40 am
Location: France

#22 Post by Mathieu » Wed Mar 15, 2006 4:47 am

Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :

Code: Select all

# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level
Mathieu

dsmooth
Posts: 8
Joined: Fri Mar 17, 2006 2:01 pm

#23 Post by dsmooth » Fri Mar 17, 2006 2:03 pm

Instigater wrote:Fixed, tested, looks nice and right :D

Installation:
....
4) Add following line in snmpd.conf file

Code: Select all

pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255
...]
fetch_mail_statistics.pl requires 5 parameters, but there are only 3 here. Any idea how to get it work? I tried your posted version as well...

davea
Posts: 7
Joined: Sat Mar 18, 2006 12:11 pm

monitoring 2 instances of postfix on the same box?

#24 Post by davea » Sat Mar 18, 2006 12:15 pm

Thanks for the PF monitoring with Cacti.

I had it working in a short time.

How can I monitor a 2nd instance of PF on the same box? I have 2 PF instance setups:

/etc/postfix
/etc/postfix-outbound

The *outbound* is for relay for outbound email only.

What changes are needed?

TIA
Dave

dsmooth
Posts: 8
Joined: Fri Mar 17, 2006 2:01 pm

ack

#25 Post by dsmooth » Sat Mar 18, 2006 1:04 pm

so you got that perl script running already?! rats... i seem to be having trouble as the script demands 5 parameters, but the instructions only provide three! Maybe you could PM me any details or edits you had to make?
For your PF#2... you could have it log to a separate log file (e.g. /var/log/maillogOB) then parse it separately.

Mathieu
Posts: 12
Joined: Mon Mar 13, 2006 5:40 am
Location: France

#26 Post by Mathieu » Sun Mar 19, 2006 1:11 pm

To monitor 2 Postfix Instance You will have to change the snmpd pass setting to use an alternative OID ( dont use the .255 one but the .254 for example).

You will have to change the DataSource template to pass the new snmp OID.

I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.

dsmooth
Posts: 8
Joined: Fri Mar 17, 2006 2:01 pm

#27 Post by dsmooth » Sun Mar 19, 2006 4:31 pm

...I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.
I would really appreciate that; thank you

Mathieu
Posts: 12
Joined: Mon Mar 13, 2006 5:40 am
Location: France

#28 Post by Mathieu » Mon Mar 20, 2006 4:25 am

Hi dsmooth,

On my snmpd pass configuration line, i only have 3 argument after the script name. Here is the extract :

Code: Select all

pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255

As i thought, it is the snmpd daemon that pass the 2 more arguments to the script. Here is an extract of snmpd.conf manpage explaining the process:
PASS-THROUGH CONTROL
pass MIBOID EXEC
(If you're writing perl scripts, please see the embedded perl
support information later in this manual page). Passes entire
control of MIBOID to the EXEC program. The EXEC program is
called in one of the following three ways:

EXEC -g MIBOID

EXEC -n MIBOID

These call lines match to SNMP get and getnext requests.
It is expected that the EXEC program will take the argu-
ments passed to it and return the appropriate response
through it's stdout.
You can simply check that the pass configuration line is working by executing the following command from a local or remote host ( note that you have to adjust it for your personnal snmpd authentication configuration is your are not using SNMP V1 Community Authentification):
snmpwalk -v 1 -c public <host> .1.3.6.1.4.1.2021.255
Here is the result of such a command on my system :
computer01:/home/math# snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
UCD-SNMP-MIB::ucdavis.255.0 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.1 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.2 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.3 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.4 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.5 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.6 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.7 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.8 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.9 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.10 = INTEGER: 0
On more test can be to call the fectch script as snmpd would :
computer01:/usr/local/bin# ./fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255 -n .1.3.6.1.4.1.2021.255.1
.1.3.6.1.4.1.2021.255.2
integer
0
I hope that will help !

Mathieu

vinx
Posts: 18
Joined: Mon Mar 06, 2006 12:02 pm

#29 Post by vinx » Mon Mar 20, 2006 9:33 am

Mathieu wrote:Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :

Code: Select all

# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level
Mathieu
ah! ok. I have the following values:

Code: Select all

$sa_tag_level_deflt  = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level

Mathieu
Posts: 12
Joined: Mon Mar 13, 2006 5:40 am
Location: France

#30 Post by Mathieu » Mon Mar 20, 2006 9:42 am

You configuration mean that :
  • - mail with SpamAssasin hitscore below 3.0 will not be tagged as 'spam analyzed'
    - mail with SpamAssasin hitscore between 3.0 and 4.0 will be tagged as 'spam analyzed'
    - mail with SpamAssasin hitscore above 4.0 will be tagged as 'spam detected'
To be more precise, i mean by 'tagged' that an SMTP header will be added to the Email. Look at SpamAssassin documentation for more details about it.

You just have to set $SPAMLVL = 4.0 ; and it must work. In fine, $SPAMLVL = ' the value of $sa_tag2_level_deflt in /etc/amavisd/amavisd.conf';

Hope this will help too.

Mathieu

Post Reply