maillog 分析

分析

透過 Unix-like 常見的指令或是強大的 perl 來作進行 log 檔的分析。底下有幾個簡單的例子。

查詢伺服器收了幾封信件？
$ grep "from=" /var/log/maillog | wc -l

查詢記錄檔中的某些日期的郵件數量，例如 Oct 11
$ grep "Oct 11" /var/log/maillog | grep "from="| wc -l

查詢某使用者的某封信件狀況
$ grep "xxx@mail.net" /var/log/maillog
Oct 11 00:08:31 shona sendmail[28590]: [ID 801593 mail.info] j2VG8UoI028560: to=, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=121310, relay=[10.115.1.15] [10.115.1.15], dsn=2.0.0, stat=Sent (j2VG8RjQ013936 Message accepted for delivery
接著利用 Message-ID 做搜尋
$ grep "j2VG8UoI028560" /var/log/mail
Oct 11 00:08:30 shona sendmail[28560]: [ID 801593 mail.info] j2VG8UoI028560: from=, size=1310, class=0, nrcpts=1, msgid=<20051011160826.3451.qmail@mail.fakeurl.net>, proto=SMTP, daemon=MTA, relay=mail.fakeurl.net [192.168.20.15]
Oct 11 00:08:31 shona sendmail[28590]: [ID 801593 mail.info] j2VG8UoI028560: to=, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=121310, relay=[10.115.1.15] [10.115.1.15], dsn=2.0.0, stat=Sent (j2VG8RjQ013936 Message accepted for delivery)
可得知該封信件寄出成功r

如果想要得到較完整豐富的分析，可以寫個 perl 程式來作處理，網路上也許多免費軟體或收費商業軟體可使用。

免費軟體
SMA - Sendmail log analyzer (written in C, for Sendmail)
sendmail_stat (written in C, for Sendmail)
pflogsumm (written in perl, for Postfix)
eximstats (for exim)

商業軟體
Sawmill ( supports 600 different log formats)

本篇參考http://enews.cc.ncu.edu.tw/enews/post_view2.php?unit=1&sn=155