[Esd-l] Need To Graph Usage on Rules

John D. Hardin jhardin at impsec.org
Fri Dec 19 18:44:54 PST 2003


On Fri, 19 Dec 2003, Vadim Pushkin wrote:

> I am using the email sanitizer plus three of my own procmail
> filters and I would like to begin extracting rule hits, which
> would eventually get graphed, preferably via mrtg/laard. Has
> anyone done this or something similiar? If so, could y ou please
> assist with details and or screenshots?

See the sanitizer code that logs the MSGID on quarantines. You can
copy the same rule out for your own use (changing the filename, of
course) and it will work after the sanitizer runs (as the sanitizer is
what sets $MSGID).

I've been graphing the quarantined messages at my place of work for a
while now - the hits are *way* down, I think because we're DNSBL-ing
open relays, and that takes care of a lot of the worm-infected
systems.

	http://boundary.aproposretail.com/~johnh/quarantine.html

(If I remember it correctly...)

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
-----------------------------------------------------------------------
   319 days until the Presidential Election



More information about the esd-l mailing list