#!/usr/bin/perl -w # ### Introduction ### # sa-stats : SpamAssassin logfile analyser # Version : 1.1.7 # Date : 30th March, 2006 # Author : David Ramsden, david@hexstream.co.uk # Credits : - Andrew Berry for asking about such a # script and giving me the idea. # - D. Scott Barninger for producing a patch # to fix the strftime() problem in <= 1.1.4 # - Mike Jackson for his patch to add SA 3.1.0 # compatibility and the limit option. # - Jack Scagnetti for two fixes. # # Usage: # ./sa-stats.pl -h # # sa-stats.pl reads input in from STDIN: # ./sa-stats.pl \ my $opt_help, "today|t" =>\ my $opt_today, "yesterday|y" =>\ my $opt_yesterday, "limit|l=i" =>\ my $opt_limit); if ($opt_help) { print "Usage: $0 [options] )) { if (defined($filter)) { if ($line !~ /^$filter/) { next; } } if ($line =~ m/spamd\[([0-9].*?)\]: clean message $(.*?)\/(.*?)$ for (.*?):/) { &update_stats("ham", $4, $2, $3); } elsif ($line =~ m/spamd: clean message $(.*?)\/(.*?)$ for (.*?):/) { &update_stats("ham", $3, $1, $2); } elsif ($line =~ m/spamd\[([0-9].*?)\]: identified spam $(.*?)\/(.*?)$ for (.*?):/) { &update_stats("spam", $4, $2, $3); } elsif ($line =~ m/spamd: identified spam $(.*?)\/(.*?)$ for (.*?):/) { &update_stats("spam", $3, $1, $2); } } &show_stats(); exit 0; ### Sub-routines ### sub show_stats() { if ($opt_today) { print "SpamAssassin statistics for today ($filter)\n"; } elsif ($opt_yesterday) { print "SpamAssassin statistics for yesterday ($filter)\n"; } else { print "SpamAssassin statistics for entire logfile\n"; } draw_line(70); print "\n"; if (exists($global_stats{'spam'}) && exists($global_stats{'ham'})) { printf("%-30s %-10s %-10s %-10s\n", "Total messages:", "Ham:", "Spam:", "% Spam:"); draw_line(70); printf("%-30d %-10d %-10d %1.2f%%\n", $global_stats{'ham'}{'count'} + $global_stats{'spam'}{'count'}, $global_stats{'ham'}{'count'}, $global_stats{'spam'}{'count'}, 100 * ($global_stats{'spam'}{'count'} / ($global_stats{'ham'}{'count'} + $global_stats{'spam'}{'count'}))); print "\n"; printf("%-30s: %1.2f/%1.2f\n", "Average spam score", $global_stats{'spam'}{'score'} / $global_stats{'spam'}{'count'}, $global_stats{'spam'}{'threshold'} / $global_stats{'spam'}{'count'}); printf("%-30s: %1.2f/%1.2f\n", "Average ham score", $global_stats{'ham'}{'score'} / $global_stats{'ham'}{'count'}, $global_stats{'ham'}{'threshold'} / $global_stats{'ham'}{'count'}); } else { if (!exists($global_stats{'ham'})) { print "No ham (clean) messages found in logfile.\n"; } if (!exists($global_stats{'spam'})) { print "No spam (identified) messages found in logfile.\n"; } print "Due to the above, not enough information is available to calculate\nglobal statistics.\n"; } print "\n"; printf("%-30s %-7s %-7s %-7s %-7s\n", "Username:", "Total:", "Ham:", "Spam:", "% Spam:"); draw_line(70); if($opt_limit) { my $userdisp = 0; my %sorthash; foreach my $username (sort keys %user_stats) { $sorthash{$username} = $user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}; } foreach my $username (sort { $sorthash{$b} <=> $sorthash{$a} } keys %user_stats) { printf("%-30s %-7d %-7d %-7d %1.2f%%\n", $username, $user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}, $user_stats{$username}{'ham'}{'count'}, $user_stats{$username}{'spam'}{'count'}, 100 * ($user_stats{$username}{'spam'}{'count'} / ($user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}))); $userdisp++; last if $userdisp >= $userlimit; } } else { foreach my $username (sort keys %user_stats) { printf("%-30s %-7d %-7d %-7d %1.2f%%\n", $username, $user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}, $user_stats{$username}{'ham'}{'count'}, $user_stats{$username}{'spam'}{'count'}, 100 * ($user_stats{$username}{'spam'}{'count'} / ($user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}))); } } print "\n"; printf("%-30s %-20s %-20s\n", "Username:", "Avg. ham score:", "Avg. spam score:"); draw_line(70); if($opt_limit) { my $userdisp = 0; my %sorthash; foreach my $username (sort keys %user_stats) { $sorthash{$username} = $user_stats{$username}{'ham'}{'count'} + $user_stats{$username}{'spam'}{'count'}; } foreach my $username (sort { $sorthash{$b} <=> $sorthash{$a} } keys %sorthash) { my $ham_average = "None"; my $spam_average = "None"; if ($user_stats{$username}{'ham'}{'count'}) { $ham_average = sprintf("%1.2f/%1.2f", $user_stats{$username}{'ham'}{'score'} / $user_stats{$username}{'ham'}{'count'}, $user_stats{$username}{'ham'}{'threshold'} / $user_stats{$username}{'ham'}{'count'}); } if ($user_stats{$username}{'spam'}{'score'}) { $spam_average = sprintf("%1.2f/%1.2f", $user_stats{$username}{'spam'}{'score'} / $user_stats{$username}{'spam'}{'count'}, $user_stats{$username}{'spam'}{'threshold'} / $user_stats{$username}{'spam'}{'count'}); } printf("%-30s %-20s %-20s\n", $username, $ham_average, $spam_average); $userdisp++; last if $userdisp >= $userlimit; } } else { foreach my $username (sort keys %user_stats) { my $ham_average = "None"; my $spam_average = "None"; if ($user_stats{$username}{'ham'}{'count'}) { $ham_average = sprintf("%1.2f/%1.2f", $user_stats{$username}{'ham'}{'score'} / $user_stats{$username}{'ham'}{'count'}, $user_stats{$username}{'ham'}{'threshold'} / $user_stats{$username}{'ham'}{'count'}); } if ($user_stats{$username}{'spam'}{'score'}) { $spam_average = sprintf("%1.2f/%1.2f", $user_stats{$username}{'spam'}{'score'} / $user_stats{$username}{'spam'}{'count'}, $user_stats{$username}{'spam'}{'threshold'} / $user_stats{$username}{'spam'}{'count'}); } printf("%-30s %-20s %-20s\n", $username, $ham_average, $spam_average); } } } sub update_stats() { my $stat = shift; my $username = shift; my $score = shift; my $threshold = shift; $username = lc($username); if (!exists($global_stats{$stat})) { $global_stats{$stat}{'count'} = 0; $global_stats{$stat}{'score'} = 0; $global_stats{$stat}{'threshold'} = 0; } $global_stats{$stat}{'count'}++; $global_stats{$stat}{'score'} += $score; $global_stats{$stat}{'threshold'} += $threshold; if (!exists($user_stats{$username})) { $user_stats{$username}{'ham'}{'count'} = 0; $user_stats{$username}{'ham'}{'score'} = 0; $user_stats{$username}{'ham'}{'threshold'} = 0; $user_stats{$username}{'spam'}{'count'} = 0; $user_stats{$username}{'spam'}{'score'} = 0; $user_stats{$username}{'spam'}{'threshold'} = 0; } $user_stats{$username}{$stat}{'count'}++; $user_stats{$username}{$stat}{'score'} += $score; $user_stats{$username}{$stat}{'threshold'} += $threshold; } sub draw_line() { my $length = shift; print "-" x $length; print "\n"; }