You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Gerard Earley <ge...@whitecurve.com> on 2005/10/04 11:46:35 UTC
Proposed Mysql logging
I am debating building a logging tool to record the spamassassin scan
results to a MySQL DB.
This would allow Admins to build get a more graphical view of how their
Spamassassin is being used.
PLEASE NOTE: This is NOT a proposal to replace the standard debugging
but rather to record already produced information in a new form.
The DB structure I'm planning would be something like :
Example mail:
2005-10-03 13:43:22 [21988] I: processing message
<43...@whitecurve.com> for user@domainname.com:513.
2005-10-03 13:43:25 [21988] I: result: . -5 -
ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TITLE_EMPTY
scantime=2.8,size=15282,mid=<43...@domainname.com>,bayes=4.00800836963811e-10,autolearn=ham
MESSAGE (to hold the details of each message scanned)
Column name Data type Description From example
ID int A unique ID. 123
timescanned datetype YYYY-MM-DD HH:MM:SS Time the scan was performed
2005-10-03 13:43:25
pid int Process IP of the spamassassin scanning process 21988
score int(3,2) -5.9
threshold int(2,2) 5.0
scantime int(2,2) Time taken to scan the message 2.8
size int Size of scanned message 15282
mid varchar(255) The unique message ID of the message
<43...@domain.com>
bayes varchar(255) Bayes string returned for the message.
4.00800836963811e-10
autolearn char(4) whether the mail is a ham or spam ham
PASSEDRULE (Details on every rule passed by a message)
Column name Data type Description
ID int A unique ID.
message_ID int A foreign key which is the ID of the message.
rule varchar(50) The name of the test passed.
RULES (Description on each rule)
Column name Data type Description
ID int the unique ID for each test passed.
passedrule_ID varchar(50)
A foreign key which is the ID of the passedrule table.
describe varchar(50) Description of the test
type
varchar(6)
What the rule checks "body", "header", "uri", "meta" or "rawbody"
score
int(2,2)
The score for a rule
rulefile
varchar(50)
The file containing the rule
rule
varchar(255)
the text of the actual rule
There are three ways that I can see to do this.
1. Plugin which dumps the info from directly within SA itself.
2. A script ala sa-learn which parses an existing log file.
3. A logger perl module like File.pm, Stderr.pm or Syslog.pm.
So what I'm wondering now is
* Has this been done before?
* Which of the the above solutions would:
o be the least expensive in system resources (CPU, I/O)
o be the easiest to implement (require the least hacking of
existing SA files)
o be able to have access to the needed information (as in
plugins seems only to be about the scanning process, not the
reporting of results and may not easily have access to the
needed data)
Many thanks.
Regards
Gerard Earley
Technical Director
Whitecurve.com <http://www.whitecurve.com>
Internet Design Development
PS) Our email security-cert was renewed on 1/8/2005 and only emails
containing this serial number "0F:3A:F0" should be considered valid.
Re: Proposed Mysql logging
Posted by Michael Parker <pa...@pobox.com>.
Gerard Earley wrote:
>I am debating building a logging tool to record the spamassassin scan
>results to a MySQL DB.
>
>
>
>
I've had this on my TODO list for awhile, glad to see someone looking at it.
> 1. Plugin which dumps the info from directly within SA itself.
>
>
Do this. There may not be a plugin hook at the appropriate place. If
not, then feel free to add one and supply a patch, I'll seriously
consider it.
Then the implementation details don't really matter that much.
Michael