Qmail: Newanalyse

Newanalyse - Analysis of Qmail logs

newanalyse

is a tool to post-process and archive the log information produced by qmail-send, qmail-smtpd, and qmail-pop3d written by multilog to disk.
In addition, even in the archived (qmail-send) log files particular emails can be easily found accordingly to the sender (originator) and/or the recipient by means of findmail.

Thus, Qmail together with multilog and newanalyse conforms with the current legislative changes of the European Community requiring archival of the email connection data for a certain period.
For a discussion of the political implications and those concerning the personal rights regarding the required storage of electronic communication data see: "Vorratsspeicherung von Verbindungsdaten in der Telekommunikation" (in German).

Requirements and Features:

Requirements:

Qmail (of course)

Qmailanalog

Daemontools

The Korn-shell and PERL

Note:

Qmail has to 'supervised'

newanalyse does not require the common (LWQ) 'qmail-ctl' script; though happily co-exists with it

newanalyse is aligned with the current logging of SPAMCONTROL

Features:

Analysis of qmail-send logfiles by means of Qmailanalog

Adaption for particular senders/recipients/conditions
Counters for Bounces, (discarded) Double-Bounces, and Nullsender messages
Counters for successful remote and local deliveries
Counters for local and remote recipients
Display of top senders and recipients according to number of messages and volume
Display of any (customized) verbose messages in qmail-send log (for error tracking)

Analysis of qmail-smtpd and qmail-pop3d

log files.

Logfile processing

Secure and long-haul archival of logfiles and/or the analysis results
Customizable purge of old log files after N days
Support for several multilog serviced log directories
Setup of scratch directories not to be archieved

Apart from a generic .newanlyse.profile the following particluar profiles can be used (and customized):

[qmail-send]: newanalyse.senders
[qmail-send]: newanalyse.recipients
[qmail-send]: newanalyse.mtas
[qmail-send]: newanalyse.failures
[qmail-send]: newanalyse.deferrales
[qmail-send]: newanalyse.verbose
[qmail-smtpd]: newanalyse.smtpmessages

Reporting

Reporting of the results by E-Mail to the sysadmin (newanalyse.logadmin)
Verbose output for instant error/failure analysis

Logfile parsing

Search in the (archived) log files w.r.t. Sender/Recipients by means of findmail/qmFind

Usage:

newanalyse handels any number of logfiles (at least up to 1023 per call)

newanalyse is easy customizable and extendable and supports multiple Qmail instances

newanalyse can be simply called by cron to perform the daily logfile processing; it is not suited for a multilog !processor directive

Typical newanalyse crontab entry:

59 23 * * * /usr/local/bin/newanalyse -DAZK 1>/dev/null 2>&1

Download and Installation:

newanalyse 1.6.2 (MD5: 114a127a1a97c1e70cd988f553dd361b)

Make sure, you meet the installation requirements

Expand the packed tar-archive at an appropriate location; an installation directory will be created

Edit conf-pop3dlog, conf-qmail, conf-qmailanalog, conf-sendlog, and conf-smtpdlog to your needs

Execute ./install; maybe warnings and errors are displayed - fix them

The executables newanalyse, findmail, and qmFind are installed at /var/qmail/bin/ (symlinks provided in /usr/local/bin/) man-pages at /usr/local/man/, and the profiles at /var/qmail/etc/

Adjust to newanalyse profiles to your need; verify settings by means of 'newanalyse -h'

Documentation:

newanalyse and findmail include comprehensive man-pages

newanalyse and findmail use get-opts style arguments; the current settings are displayed via '-h'

[Impressum]

[FEHCom]

[top]