[[Monitoring]]
Trace: » Monitoring

Documentation

  1. Introduction
  2. Installation
    1. Quick Start
    2. Config Files
  3. Concepts
  4. Spam Filtering
  5. Virus Filtering
  6. Miscelaneous
  7. Monitoring
  8. Command line Tools
  9. Maintenance
  10. Troubleshooting
  11. Tuning
  12. Security
  13. How To, FAQ & Tips
  14. ChangeLog & ReleaseNotes
  15. ToDo & Wish Lists
Table of Contents

Monitoring

System log (syslog) and j-chkmail log files

The main rule of j-chkmail logging is : Each unusual thing j-chkmail find or does, is recorded somewhere for further analysis.

Main logging is done using syslog resources. Every connection is logged using this ressource and all action taken by the filter, other than transparent handling, generates a log line with a summary of the action.

Other than system log, j-chkmail maintains some log files inside /var/jchkmail directory. Currently the following text files are used : j-files, j-virus, j-xreport, j-regex and j-stats. This is the default location, but j-chkmail may use a remote UDP server to log the corresponding data.

Command line tools

Using j-printstats

j-printstats works with old data dumped on disks in /var/jchkmail/files/

You can ask for a period of time, and it runs very fast.

Action command
Internal counters j-printstats -a
A “short” history j-printstats -ttd -m conn,rcpt,msgs,vol,svc
one day for that server j-printstats -q -l 1d listes.cru.fr
last 3 hours on bad recipient j-printstats -q -l 3h -m rb

Using j-ndc

j-ndc connects to the local filter by default. We can also use that command to ask for other network instance. j-ndc is able to show active client connections. We can see that the filter is active 

mx0:~/jchkmail/jchkmail-1.12.0-080204/src# j-ndc stats CONNOPEN
# [Connected to 127.0.0.1:2010]
200 OK - Waiting for commands !
200 OK for STATS CONNOPEN !
*** Open connections :
  138.102.122.218   :   1 : paris.inra.fr
  139.124.6.1       :   1 : iml.univ-mrs.fr
  206.190.49.39     :   1 : web53009.mail.re2.yahoo.com
  212.51.172.100    :   1 : srvmailgw.cci63.net
  216.239.58.190    :   1 : gv-out-0910.google.com
  62.193.216.46     :   1 : raq61.amenworld.com
  82.167.14.70      :   1 : unknown
  87.248.110.17     :   1 : omp101.mail.ukl.yahoo.com
    8 entries on database
200 STATS CONNOPEN done !

Which version do you run? 

mx0:~# j-ndc version
# [Connected to 127.0.0.1:2010]
200 OK - Waiting for commands !
200 Joe's j-chkmail v1.12.0-080224

Other "contrib" scripts

  1. j-xstat.pl - This script generate statistics about messages quarantined on the last 7 days. It uses /var/jchkmail/j-files or /var/jchkmail/j-virus to create statistics per file extension or virus type per day. It can also launch a CLI scanner (clamav, mcafee of sophos) to scan the quarantine directory to identify virus detected on messages containing attached XFILES.
  2. j-regex-stat.pl
  3. j-urlbl-stat.pl
  4. j-unwanted

Creating web pages

You can use the scripts found at contrib/rrd-jchkmail directory to greate graphical web pages representing the activity of the filter in real time. See an example at : http://j-chkmail.ensmp.fr/webgraph/

You can also use command line tools, launched by cron, to create text web pages.

doc/monitoring/start.txt · Last modified: 2008/03/04 09:11 by lalot
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0