Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Tue Sep 26, 2017 5:01 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 85 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject:
PostPosted: Wed Mar 08, 2006 11:13 am 
Offline

Joined: Mon Mar 06, 2006 12:02 pm
Posts: 18
ok, I upgraded to latest cacti's version and now works.

the problem, is that the graph is empty.

Are steps from 1 to 5 to be done on mailserver?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Mar 09, 2006 2:44 am 
Offline

Joined: Mon Mar 06, 2006 12:02 pm
Posts: 18
I'm an idiot. I forgot to restart snmp daemon!

now the mail transporting graph is ok, but the mail filtering graph is empty, altough i'm receiveing both spam and viruses.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Mar 10, 2006 6:42 am 
Offline

Joined: Fri Mar 10, 2006 6:40 am
Posts: 1
I have also follow the instruction but also no graph produced .... but no error come out :(

is there any setting in cacit itself ? thx all.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 13, 2006 5:24 am 
Offline

Joined: Mon Mar 06, 2006 12:02 pm
Posts: 18
I had a look on fetch_mail_statistics.pl script:

Code:
while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/ ) { $num_clean++; }
    elsif ( / Passed SPAM/ ) { $num_pspam++; }
    elsif ( / Blocked SPAM/ ) { $num_spam++; }
    elsif ( / Blocked INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }


Il looks for the above strings on maillog.

I searched above strings on mail.log, but there are no entries in file. I'm using amavis for email filtering.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 13, 2006 11:45 am 
Offline

Joined: Mon Mar 13, 2006 5:40 am
Posts: 12
Location: France
Hi there,

i made this script work for my configuration of Postfix/ClamAv/Amavisd-New/SpamAssasin this morning (i am using a Sarge Debian fully upgraded). I had to modify both amavisd logformat and fetch_mail_statistics.pl scripts. Here are my modifications :

/etc/amavisd/amavisd.conf
Code:
$log_templ = '[?%#D|Not-Delivered|Passed] [? %#V |[? %#F |[? %#X |CLEAN|BAD-HEADER]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';


fetch_mail_statistics.pl
Code:
  while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_pspam++ if ($hits > $tag_level);
        }

    elsif ( / Not-Delivered CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_spam++ if ($hits > $tag_level);
        }

    elsif ( / Passed INFECTED/ ) { $num_infected++; }
    elsif ( / Not-Delivered INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Not-Delivered BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }
    elsif ( / Not-Delivered BANNED/ ) { $num_banned++; }

    }


To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for
Quote:
$tag2_level
parameter.
Here is an exemple of such a line :
Code:
$SPAMLVL  = 2.0;


I hope this will help...

Mathieu


Attachments:
File comment: Here is my version of fetch_mail_statistics.pl script for Debian users. It relies on particular amavisd log configuration :
$log_templ = '[?%#D|Not-Delivered|Passed] [? %#V |[? %#F |[? %#X |CLEAN|BAD-HEADER]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o

fetch_mail_statistics.txt [5.97 KiB]
Downloaded 1398 times
Top
 Profile  
 
 Post subject:
PostPosted: Tue Mar 14, 2006 5:11 am 
Offline

Joined: Mon Mar 06, 2006 12:02 pm
Posts: 18
Mathieu wrote:
To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for
Quote:
$tag2_level
parameter.
Here is an exemple of such a line :
Code:
$SPAMLVL  = 2.0;


Mathieu


Mathieu,
thanks for your help, but I cannot find such value in my amavid.conf file.

could please attach your amavisd.conf file to let me compare mine?

merci,
a bientôt


Top
 Profile  
 
 Post subject:
PostPosted: Wed Mar 15, 2006 4:47 am 
Offline

Joined: Mon Mar 13, 2006 5:40 am
Posts: 12
Location: France
Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :
Code:
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level


Mathieu


Top
 Profile  
 
 Post subject:
PostPosted: Fri Mar 17, 2006 2:03 pm 
Offline

Joined: Fri Mar 17, 2006 2:01 pm
Posts: 8
Instigater wrote:
Fixed, tested, looks nice and right :D

Installation:
....
4) Add following line in snmpd.conf file
Code:
pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255

...]


fetch_mail_statistics.pl requires 5 parameters, but there are only 3 here. Any idea how to get it work? I tried your posted version as well...


Top
 Profile  
 
 Post subject: monitoring 2 instances of postfix on the same box?
PostPosted: Sat Mar 18, 2006 12:15 pm 
Offline

Joined: Sat Mar 18, 2006 12:11 pm
Posts: 7
Thanks for the PF monitoring with Cacti.

I had it working in a short time.

How can I monitor a 2nd instance of PF on the same box? I have 2 PF instance setups:

/etc/postfix
/etc/postfix-outbound

The *outbound* is for relay for outbound email only.

What changes are needed?

TIA
Dave


Top
 Profile  
 
 Post subject: ack
PostPosted: Sat Mar 18, 2006 1:04 pm 
Offline

Joined: Fri Mar 17, 2006 2:01 pm
Posts: 8
so you got that perl script running already?! rats... i seem to be having trouble as the script demands 5 parameters, but the instructions only provide three! Maybe you could PM me any details or edits you had to make?
For your PF#2... you could have it log to a separate log file (e.g. /var/log/maillogOB) then parse it separately.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Mar 19, 2006 1:11 pm 
Offline

Joined: Mon Mar 13, 2006 5:40 am
Posts: 12
Location: France
To monitor 2 Postfix Instance You will have to change the snmpd pass setting to use an alternative OID ( dont use the .255 one but the .254 for example).

You will have to change the DataSource template to pass the new snmp OID.

I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Mar 19, 2006 4:31 pm 
Offline

Joined: Fri Mar 17, 2006 2:01 pm
Posts: 8
Quote:
...I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.


I would really appreciate that; thank you


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 20, 2006 4:25 am 
Offline

Joined: Mon Mar 13, 2006 5:40 am
Posts: 12
Location: France
Hi dsmooth,

On my snmpd pass configuration line, i only have 3 argument after the script name. Here is the extract :
Code:
pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255



As i thought, it is the snmpd daemon that pass the 2 more arguments to the script. Here is an extract of snmpd.conf manpage explaining the process:
Quote:
PASS-THROUGH CONTROL
pass MIBOID EXEC
(If you're writing perl scripts, please see the embedded perl
support information later in this manual page). Passes entire
control of MIBOID to the EXEC program. The EXEC program is
called in one of the following three ways:

EXEC -g MIBOID

EXEC -n MIBOID

These call lines match to SNMP get and getnext requests.
It is expected that the EXEC program will take the argu-
ments passed to it and return the appropriate response
through it's stdout.


You can simply check that the pass configuration line is working by executing the following command from a local or remote host ( note that you have to adjust it for your personnal snmpd authentication configuration is your are not using SNMP V1 Community Authentification):
Quote:
snmpwalk -v 1 -c public <host> .1.3.6.1.4.1.2021.255


Here is the result of such a command on my system :
Quote:
computer01:/home/math# snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
UCD-SNMP-MIB::ucdavis.255.0 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.1 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.2 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.3 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.4 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.5 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.6 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.7 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.8 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.9 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.10 = INTEGER: 0


On more test can be to call the fectch script as snmpd would :
Quote:
computer01:/usr/local/bin# ./fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255 -n .1.3.6.1.4.1.2021.255.1
.1.3.6.1.4.1.2021.255.2
integer
0


I hope that will help !

Mathieu


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 20, 2006 9:33 am 
Offline

Joined: Mon Mar 06, 2006 12:02 pm
Posts: 18
Mathieu wrote:
Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :
Code:
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level


Mathieu


ah! ok. I have the following values:

Code:
$sa_tag_level_deflt  = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 20, 2006 9:42 am 
Offline

Joined: Mon Mar 13, 2006 5:40 am
Posts: 12
Location: France
You configuration mean that :
    - mail with SpamAssasin hitscore below 3.0 will not be tagged as 'spam analyzed'
    - mail with SpamAssasin hitscore between 3.0 and 4.0 will be tagged as 'spam analyzed'
    - mail with SpamAssasin hitscore above 4.0 will be tagged as 'spam detected'

To be more precise, i mean by 'tagged' that an SMTP header will be added to the Email. Look at SpamAssassin documentation for more details about it.

You just have to set $SPAMLVL = 4.0 ; and it must work. In fine, $SPAMLVL = ' the value of $sa_tag2_level_deflt in /etc/amavisd/amavisd.conf';

Hope this will help too.

Mathieu


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 85 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Yahoo [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group