[collectd] Re: New plugin "email" to collectd ham, spam, ... statistics

Sebastian Harl sh<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>tokkee.org
Tue Nov 28 22:41:20 CET 2006 

Hi,

On Tue, Nov 28, 2006 at 08:02:55PM +0100, Florian Forster wrote:
> On Tue, Nov 28, 2006 at 05:52:07PM +0100, Stan??k Lubo?? wrote:
> > Could you provide some example to start from?

Well, for some quick tests you can use a perl script like this:

  #!/usr/bin/perl --
  use strict;
  use warnings;

  use Socket;

  use IO::Handle;

  if (! socket(SOCK, PF_UNIX, SOCK_STREAM, 0)) {
	  print STDERR "socket() failed: $!\n";
	  exit 1;
  }

  if (! connect(SOCK, sockaddr_un("/tmp/.collectd-email"))) {
	  print STDERR "connect() failed: $!\n";
	  exit 1;
  }

  SOCK->autoflush(1);

  while (<STDIN>) {
	  print SOCK $_;
  }

  exit 0;

Alexander Wirt is currently working on a plugin for spamassassin (and possibly
amavis) which is going to be released along with collectd.

> > I am currently trying to accommodate 'swatch' but I am not fluent in
> > perl scripting and log parsing.

I'm not sure what you're talking about... :-/

> See, Sebastian, I _knew_ someone would want that ;)

Yes, that was a great suggestion to make this plugin as powerful as I hope
it's going to be :-)

> Lubos, that's why I waskes Sebastian to not hardcode the type in the
> plugin. If you want to differenciate incoming and outgoing mail, you
> will need to submit something like this:
>   e:incoming:1234
>   e:outgoing:2345
> 
> With graylisting and SPF and stuff, you could submit something like
> this:
>   e:inc_graylisted:...
>   e:inc_spf_failed:...
>   e:inc_virus:...
>   e:inc_dsbl:...
>   etc.

Ack!

> > I think that the line buffer limit is not big enough.
> 
> As far as I understood what's going on, this is only used to increase a
> counter for the specified rule.

Right.

> So you need to break the line after 256 characters, which shouldn't be a 
> big deal.

Well, you have to break the _list_ of checks before the line reaches the 256
characters limit.

E.g. suppose you have the following line, which would exceed this limit:

  c:FOO,BAR[...],BAZ,QUX

You would have to change this into (with each line being less than 256
characters):

  c:FOO,BAR[...]
  c:[...],BAZ,QUX

If you do not want to worry about that, you can even do:

  c:FOO
  c:BAR
  [...]
  c:BAZ
  c:QUX

> Also, increasing the buffersize to 1024 shouldn't be a problem. However,
> there will always be someone who needs `n+1' bytes.

Ack!

> How's the SpamAssassin-Plugin coming along?

I think Alexander started coding today. I will keep you up to date - stay
tuned ;-)

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl
GnuPG-ID: 0x8501C7FC
http://tokkee.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20061128/f061040e/attachment.pgp

More information about the collectd mailing list