diff options
Diffstat (limited to 'debian/man')
-rw-r--r-- | debian/man/readme.md | 3 | ||||
-rw-r--r-- | debian/man/rspamd_stats.8 | 153 | ||||
-rw-r--r-- | debian/man/rspamd_stats.8.md | 120 |
3 files changed, 276 insertions, 0 deletions
diff --git a/debian/man/readme.md b/debian/man/readme.md new file mode 100644 index 0000000..d4c9b68 --- /dev/null +++ b/debian/man/readme.md @@ -0,0 +1,3 @@ +How to generate: + +`pandoc -s -t man rspamd_stats.8.md -o rspamd_stats.8` diff --git a/debian/man/rspamd_stats.8 b/debian/man/rspamd_stats.8 new file mode 100644 index 0000000..902ad8f --- /dev/null +++ b/debian/man/rspamd_stats.8 @@ -0,0 +1,153 @@ +.\" Automatically generated by Pandoc 1.19.2.4 +.\" +.TH "RSPAMD_STATS" "8" "March 5, 2018" "" "" +.hy +.SH NAME +.PP +rspamd_stats \- analyze Rspamd rules by parsing log files +.SH SYNOPSIS +.PP +rspamd_stats [\f[I]options\f[]] [\f[I]\-\-symbol=SYM1\f[] +[\f[I]\-\-symbol=SYM2\f[]...]] [\f[I]\-\-log file\f[]] +.SH DESCRIPTION +.PP +rspamd_stats will read the given log file (or standard input) and +provide statistics for the specified symbols: +.IP +.nf +\f[C] +Symbol:\ BAYES_SPAM\ (weight\ 3.763)\ (381985\ hits,\ 26.827%) +Ham\ hits:\ 184557\ (48.315%),\ total\ ham:\ 1095487\ (ham\ with\ BAYES_SPAM:\ 16.847%) +Spam\ hits:\ 15134\ (3.962%),\ total\ spam:\ 16688\ (spam\ with\ BAYES_SPAM:\ 90.688%) +Junk\ hits:\ 182294\ (47.723%),\ total\ junk:\ 311699\ (junk\ with\ BAYES_SPAM:\ 58.484%) +Spam\ changes\ (ham/junk\ \->\ spam):\ 7026\ (1.839%),\ total\ percentage\ (changes\ /\ spam\ hits):\ 42.102% +Junk\ changes\ (ham\ \->\ junk):\ 95192\ (24.920%),\ total\ percentage\ (changes\ /\ junk\ hits):\ 30.540% +\f[] +.fi +.PP +Where there are the following attributes: +.IP \[bu] 2 +Weight: average score for a symbols +.IP \[bu] 2 +Total hits: total number of hits and percentage of symbol hits divided +by total number of messages +.IP \[bu] 2 +HAM hits: provides the following information about HAM messages with the +specified symbol (from left to right): +.IP "1." 3 +total symbol hits: number of messages that has this symbol and are HAM +.IP "2." 3 +ham percentage: number of symbol hits divided by overall HAM messages +count +.IP "3." 3 +total ham hits: overall number of HAM messages +.IP "4." 3 +ham with symbol percentage: percentage of number of hits with specified +symbol in HAM messages divided by total number of HAM messages. +.IP \[bu] 2 +SPAM hits: provides the following information about SPAM messages \- +same as previous but for SPAM class. +.IP \[bu] 2 +Junk hits: provides the following information about Junk messages \- +same as previous but for JUNK class. +.IP \[bu] 2 +Spam changes: displays data about how much messages switched their class +because of the specific symbol weight. +.IP \[bu] 2 +Junk changes: displays data about how much messages switched their class +because of the specific symbol weight. +.SH OPTIONS +.TP +.B \-\-log +Specifies log file or directory to read data from. +If a directory is specified rspamd_stats analyses files in the directory +including known compressed file types. +Number of log files can be limited using \-\-num\-logs and +\-\-exclude\-logs options. +This assumes that files in the log directory have newsyslog(8)\- or +logrotate(8)\-like name format with numeric indexes. +Files without indexes (generally it is merely one file) are considered +the most recent and files with lower indexes are considered newer. +.RS +.RE +.TP +.B \-\-reject\-score +Specifies the reject (spam) threshold. +.RS +.RE +.TP +.B \-\-junk\-score +Specifies the junk (add header or rewrite subject) threshold. +.RS +.RE +.TP +.B \-\-alpha\-score +Specifies the minimum score for a symbol to be considered by this +script. +.RS +.RE +.TP +.B \-\-symbol +Add symbol or pattern (pcre format) to analyze. +.RS +.RE +.TP +.B \-\-num\-logs +If set, limits number of analyzed logfiles in the directory to the +specified value. +.RS +.RE +.TP +.B \-\-exclude\-logs +Number of latest logs to exclude (0 by default). +.RS +.RE +.TP +.B \-\-correlations +Additionally print correlation rate for each symbol displayed. +This routine calculates merely paired correlations between symbols. +.RS +.RE +.TP +.B \-\-search\-pattern +Do not process input unless finding the specified regular expression. +Useful to skip logs to a certain position. +.RS +.RE +.TP +.B \-\-exclude +Exclude log lines if certain symbols are fired (e.g. +GTUBE). +You may specify this option multiple time to skip multiple symbols. +.RS +.RE +.TP +.B \-\-start +Select log entries after this time. +Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired +accuracy). +If used with \-\-end select entries between \-\-start and \-\-end. +The omitted date defaults to the current date if you supply the time. +.RS +.RE +.TP +.B \-\-end +Select log entries before this time. +Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired +accuracy). +If used with \-\-start select entries between \-\-start and \-\-end. +The omitted date defaults to the current date if you supply the time. +.RS +.RE +.TP +.B \-\-help +Print a brief help message and exits. +.RS +.RE +.TP +.B \-\-man +Prints the manual page and exits. +.RS +.RE +.SH AUTHORS +Vsevolod Stakhov. diff --git a/debian/man/rspamd_stats.8.md b/debian/man/rspamd_stats.8.md new file mode 100644 index 0000000..fc573e7 --- /dev/null +++ b/debian/man/rspamd_stats.8.md @@ -0,0 +1,120 @@ +% RSPAMD_STATS(8) +% Vsevolod Stakhov +% March 5, 2018 + +# NAME + +rspamd_stats - analyze Rspamd rules by parsing log files + +# SYNOPSIS + +rspamd_stats [*options*] [*--symbol=SYM1* [*--symbol=SYM2*...]] [*--log file*] + +# DESCRIPTION + +rspamd_stats will read the given log file (or standard input) and provide +statistics for the specified symbols: + + Symbol: BAYES_SPAM (weight 3.763) (381985 hits, 26.827%) + Ham hits: 184557 (48.315%), total ham: 1095487 (ham with BAYES_SPAM: 16.847%) + Spam hits: 15134 (3.962%), total spam: 16688 (spam with BAYES_SPAM: 90.688%) + Junk hits: 182294 (47.723%), total junk: 311699 (junk with BAYES_SPAM: 58.484%) + Spam changes (ham/junk -> spam): 7026 (1.839%), total percentage (changes / spam hits): 42.102% + Junk changes (ham -> junk): 95192 (24.920%), total percentage (changes / junk hits): 30.540% + +Where there are the following attributes: + +* Weight: average score for a symbols + +* Total hits: total number of hits and percentage of symbol hits divided + by total number of messages + +* HAM hits: provides the following information about HAM messages with + the specified symbol (from left to right): + + 1. total symbol hits: number of messages that has this symbol and are + HAM + + 2. ham percentage: number of symbol hits divided by overall HAM + messages count + + 3. total ham hits: overall number of HAM messages + + 4. ham with symbol percentage: percentage of number of hits with + specified symbol in HAM messages divided by total number of + HAM messages. + +* SPAM hits: provides the following information about SPAM messages - + same as previous but for SPAM class. + +* Junk hits: provides the following information about Junk messages - + same as previous but for JUNK class. + +* Spam changes: displays data about how much messages switched their + class because of the specific symbol weight. + +* Junk changes: displays data about how much messages switched their + class because of the specific symbol weight. + +# OPTIONS + +\--log +: Specifies log file or directory to read data from. If a directory + is specified rspamd_stats analyses files in the directory + including known compressed file types. Number of log files can be + limited using \--num-logs and \--exclude-logs options. This assumes + that files in the log directory have newsyslog(8)- or + logrotate(8)-like name format with numeric indexes. Files without + indexes (generally it is merely one file) are considered the most + recent and files with lower indexes are considered newer. + +\--reject-score +: Specifies the reject (spam) threshold. + +\--junk-score +: Specifies the junk (add header or rewrite subject) threshold. + +\--alpha-score +: Specifies the minimum score for a symbol to be considered by this + script. + +\--symbol +: Add symbol or pattern (pcre format) to analyze. + +\--num-logs +: If set, limits number of analyzed logfiles in the directory to the + specified value. + +\--exclude-logs +: Number of latest logs to exclude (0 by default). + +\--correlations +: Additionally print correlation rate for each symbol displayed. + This routine calculates merely paired correlations between + symbols. + +\--search-pattern +: Do not process input unless finding the specified regular + expression. Useful to skip logs to a certain position. + +\--exclude +: Exclude log lines if certain symbols are fired (e.g. GTUBE). You + may specify this option multiple time to skip multiple symbols. + +\--start +: Select log entries after this time. Format: "YYYY-MM-DD HH:MM:SS" + (can be truncated to any desired accuracy). If used with \--end + select entries between --start and \--end. The omitted date + defaults to the current date if you supply the time. + +\--end +: Select log entries before this time. Format: "YYYY-MM-DD HH:MM:SS" + (can be truncated to any desired accuracy). If used with + \--start select entries between \--start and \--end. The omitted date + defaults to the current date if you supply the time. + +\--help +: Print a brief help message and exits. + +\--man +: Prints the manual page and exits. |