1------------------------------------------------------------------------ 2amavis-stats - generate amavis scan statistics from logfiles 3------------------------------------------------------------------------ 4 5Licence 6------- 7Copyright (C) 2003, Mark Lawrence (nomad@null.net) 8 9amavis-stats is free software; you can redistribute it and/or modify 10it under the terms of the GNU General Public License as published by 11the Free Software Foundation; either version 2 of the License, or 12(at your option) any later version. 13 14 15Author 16------ 17Mark Lawrence <nomad@null.net>. Aussie living in Switzerland. 18Comments are welcome. So would somewhere else to host this. 19 20 21Description 22----------- 23amavis-stats is a simple amavis statistics generator based on rrdtool. It 24produces graphs of clean emails, spam emails and infected emails broken 25down by virus, from amavis log entries (such as /var/log/mail.info). 26 27You can see an example of this in action here: 28 29 http://rekudos.net/amavis-stats/ 30 31The RRD files are created and updated by a perl script. Since the script 32uses the date/time values from the log entries it can be run (ir)regularly 33from cron(8) or by hand as desired. Graphs are generated by a php script. 34 35 36Dependencies 37------------ 38As of version 0.1.3 amavis-stats works with amavisd and amavisd-new on linux 39and Solaris. There has also been one confirmed report of this working on 40MacOS 10.3! For amavisd I believe you need to have the log level set at 5. 41 42The perl script uses nothing which probably isn't in the standard perl 43installation. 44 45Graphs are generated by php in combination with either the command-line 46rrdtool or the php4-rrdtool shared library. 47 48 49Download 50-------- 51Raw Source: 52 http://rekudos.net/download/amavis-stats.tar.gz 53 54Debian Apt (package name "amavis-stats"): 55 sources.list: "deb http://rekudos.net/debian ./" 56 root# apt-get update; apt-get install amavis-stats 57 58#RPM (EXPERIMENTAL!): 59# http://rekudos.net/amavis-stats/amavis-stats.rpm 60# root# rpm -i amavis-stats.rpm 61 62 63Install (not debian or rpm) 64------- 651. Download and extract the source: 66 67 root# wget http://rekudos.net/download/amavis-stats.tar.gz 68 root# tar -xvf amavis-stats.tar.gz 69 root# cd amavis-stats-0.X.X/ 70 712. Install the program by typing (as root): 72 73 root# ./configure [options] 74 root# make 75 root# make -n install (optional) 76 root# make install 77 root# make installapache 78 79The options to configure (apart from the standard prefix's) can be: 80 81 --prefix=DIR installation prefix [/usr/local] 82 --with-install-prefix=DIR (not normally used - mostly for Debian) 83 --with-var-prefix=DIR /var prefix 84 --with-amavis-user=USER specify user to run as [amavis] 85 --with-amavis-group=GROUP specify group to run as [amavis] 86 --with-web-user=USER specify user which webserver runs as [www] 87 --with-web-group=GROUP specify group which webserver runs as [www] 88 89The amavis-user,group and web-user,group must already exist - they will 90*not* be automatically created. 91 924. If you do not already have a user "amavis" you should create one (or 93decide on another user to run amavis-stats as). You should also check that 94the user has permissions to read your particular log file. On debian, this 95means that in the .deb I have to add the "amavis" user to the "adm" group. 96Otherwise you can run it as root, but no responsibility lies here for that. 97 985. As your user "amavis" simply run amavis-stats on the log file that 99contains the amavis entries. You should see something like the following: 100 101 root# su amavis 102 amavis# /usr/sbin/amavis-stats /var/log/mail.info 103 ./amavis-stats: First Time Run 104 ./amavis-stats: First seen virus #1 (passed) at 1064126856 105 ./amavis-stats: First seen virus #2 (infected) at 1064127319 106 ./amavis-stats: First seen virus #3 (W32/Swen.A@mm) at 1064127319 107 ./amavis-stats: First seen virus #4 (Forten.F@m) at 1064131924 108 ./amavis-stats: First seen virus #5 (W32/Lentin.H@mm) at 1064133728 109 ./amavis-stats: First seen virus #6 (W32/Bugbear.B@mm) at 1064146880 110 ... 111 112You should then see a bunch of rrd files in /var/lib/amavis-stats. 113 1144. If this looks right then you can copy the debian/amavis-stats.cron.d 115file to the appropriate location (sometimes /etc/cron.d/amavis-stats) 116so that it runs every five minutes. Check that this format of contab 117is compatible with whatever version you are running. 118 1195. If all has gone well you should be able to hit 120http://localhost/amavis-stats/ with your web-browser and see some nice 121looking graphs. 122 1236. You could also run the php script by hand to check for obvious 124errors. Afterwards there should be eight "png" files in your directory: 125 126 root# php4 /usr/share/amavis-stats/amavis-stats.php 127 X-Powered-By: PHP/4.1.2 128 Content-type: text/html 129 130 131 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> 132 <html> 133 <head> 134 ... 135 </html> 136 137 root# ls *png 138 passed-day.png passed-week.png virus-day.png virus-week.png 139 passed-month.png passed-year.png virus-month.png virus-year.png 140 1417. I suggest that you send mail for the "amavis" user to another account on 142the system as amavis-stats generates text each time it sees a new virus. 143 144I am also thinking of possibly generating further statistical information 145for a days worth of events. Such things as: 146 147- Top 10 recipients of SPAM, BANNED, INFECTED, Passed emails 148- Top 10 senders of SPAM, BANNED, INFECTED, Passed emails 149 150If you would find this useful please let me know. 151 152 153Problems/FAQ 154------------ 155Q. What is the best way to handle rotated (*.gz) logfiles? How do I 156get all of the history in the graphs and not just the latest log? 157 158A. amavis-stats doesn't handle .tar or .gz files at the moment. What it 159expects is just the name of a single uncompressed file. So when I first 160install it on a machine I usually do the following to get the history: 161 162amavis$ ls mail.info* 163mail.info mail.info.0 mail.info.1.gz mail.info.2.gz mail.info.3.gz 164 165amavis$ sudo gzip -d mail.info.*.gz 166amavis$ /usr/sbin/amavis-stats -r mail.info.3 167amavis$ /usr/sbin/amavis-stats -r mail.info.2 168amavis$ /usr/sbin/amavis-stats -r mail.info.1 169amavis$ /usr/sbin/amavis-stats -r mail.info.0 170amavis$ /usr/sbin/amavis-stats -r mail.info 171amavis$ sudo gzip mail.info.[1-3] 172 173ie, you have to manually run ammavis-stats (as your "amavis" user) on each 174file in the correct chronological order 175 176 177Q. We restarted the amavisd with another loglevel (the default one: 0) and 178now I dont get any spam info in the amavis-stats. Where did it go? 179 180A. Spam information is only generated in some versions of amavis when the 181log level is set to a higher value. There is an effort underway to 182standardise the log output of all the Amavis, but please be patient, this 183will take some time. 184 185 186Q. The rrd files seem to get generated ok but I when I try and display the 187web page I get the error: amavis-stats::error: rrd_graph(): 127 188 189A. I believe that the error code 127 is returned from bash when it can't find 190the program to execute. I guess in this case that your web user (www-data 191or www or web) is unable to find the "rrdtool" executable. Perhaps it is 192not in the standard location, or the path for that user is not set? 193 194You could try the following to see if the tool can be found. 195 196 root# su -c env - www | grep PATH 197 root# su -c rrdtool - www 198 199 200