Graphdefang is a nice little tool to graph your log files. It is a perl utility and is most often used by Mimedefang. Most example configuration files you will find on the Internet come with built-in graphdefang function calls – making the use of graphdefang quite snappy.
The way it works is that you enable graphdefang support in mimedefang and start capturing events using the graphdefang routines. After that, graphdefang can be run out-of-band, say via cron, to parse those log files and spit out graphs.
What I do not like about graphdefang is the quality of graphs generated and the static nature of the images. Ideally for me, graphdefang should process the raw log files and simply stuff the data into a RRD file. That will let me generate the graphs of what I want, when I want and how I want.
Then I found mailgraph, a RRD front end tool that is designed to work with Sendmail and Postfix. Mailgraph parses the log files, sticks them in an RRD tool and then generates the images. What I like about this is that the RRD tool is there for me to work with — If I want a different graph, I can easily generate it using the rrdgraph or any one of the various graphing utils that are available for RRD, such as drraw.
Incoming vs Outgoing mail
Before one can use mailgraph, you’ll have to slightly modify it to work with graphdefang style log format. Out of the box, mailgraph will not work with your graphdefang log files. In addition, make sure that your mimedefang-filter actually makes a distinction between what is incoming and what is outgoing and log that as such. As you can see from my code sippet below, I tag all my outgoing as mail_out and all incoming as mail_in.
Mailgraph modifications
Here’s a diff of the modifications that will allow for mailgraph to read and process graphdefang log files.
> /usr/local/bin/diff -u mailgraph.pl mailgraph.pl.orig
— mailgraph.pl 2006-09-07 08:11:22.116750482 -0400
+++ mailgraph.pl.orig 2006-09-07 08:10:50.471594512 -0400
@@ -731,20 +731,6 @@
event($time, ‘spam’);
}
}
- elsif($prog eq ‘mimedefang.pl’) {
- if ($text =~ /\bmail_in\b/) {
- event($time, ‘received’);
- }
- elsif($text =~ /\bmail_out\b/) {
- event($time, ‘sent’);
- }
- elsif($text =~ /\bspam\b/) {
- event($time, ‘spam’);
- }
- elsif($text =~ /\bvirus\b/) {
- event($time, ‘virus’);
- }
- }
}sub event($$)
Save this as a patch file, say mailgraph.patch and copy it to the mailgraph source directory
To apply this patch, you can run
cdpatch -p0 < mailgraph.patch
Once done, you can get pretty graphs such as this
Recent Comments