blob: fc573e7e699882c8cb58508049c6e23512820dc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
% RSPAMD_STATS(8)
% Vsevolod Stakhov
% March 5, 2018
# NAME
rspamd_stats - analyze Rspamd rules by parsing log files
# SYNOPSIS
rspamd_stats [*options*] [*--symbol=SYM1* [*--symbol=SYM2*...]] [*--log file*]
# DESCRIPTION
rspamd_stats will read the given log file (or standard input) and provide
statistics for the specified symbols:
Symbol: BAYES_SPAM (weight 3.763) (381985 hits, 26.827%)
Ham hits: 184557 (48.315%), total ham: 1095487 (ham with BAYES_SPAM: 16.847%)
Spam hits: 15134 (3.962%), total spam: 16688 (spam with BAYES_SPAM: 90.688%)
Junk hits: 182294 (47.723%), total junk: 311699 (junk with BAYES_SPAM: 58.484%)
Spam changes (ham/junk -> spam): 7026 (1.839%), total percentage (changes / spam hits): 42.102%
Junk changes (ham -> junk): 95192 (24.920%), total percentage (changes / junk hits): 30.540%
Where there are the following attributes:
* Weight: average score for a symbols
* Total hits: total number of hits and percentage of symbol hits divided
by total number of messages
* HAM hits: provides the following information about HAM messages with
the specified symbol (from left to right):
1. total symbol hits: number of messages that has this symbol and are
HAM
2. ham percentage: number of symbol hits divided by overall HAM
messages count
3. total ham hits: overall number of HAM messages
4. ham with symbol percentage: percentage of number of hits with
specified symbol in HAM messages divided by total number of
HAM messages.
* SPAM hits: provides the following information about SPAM messages -
same as previous but for SPAM class.
* Junk hits: provides the following information about Junk messages -
same as previous but for JUNK class.
* Spam changes: displays data about how much messages switched their
class because of the specific symbol weight.
* Junk changes: displays data about how much messages switched their
class because of the specific symbol weight.
# OPTIONS
\--log
: Specifies log file or directory to read data from. If a directory
is specified rspamd_stats analyses files in the directory
including known compressed file types. Number of log files can be
limited using \--num-logs and \--exclude-logs options. This assumes
that files in the log directory have newsyslog(8)- or
logrotate(8)-like name format with numeric indexes. Files without
indexes (generally it is merely one file) are considered the most
recent and files with lower indexes are considered newer.
\--reject-score
: Specifies the reject (spam) threshold.
\--junk-score
: Specifies the junk (add header or rewrite subject) threshold.
\--alpha-score
: Specifies the minimum score for a symbol to be considered by this
script.
\--symbol
: Add symbol or pattern (pcre format) to analyze.
\--num-logs
: If set, limits number of analyzed logfiles in the directory to the
specified value.
\--exclude-logs
: Number of latest logs to exclude (0 by default).
\--correlations
: Additionally print correlation rate for each symbol displayed.
This routine calculates merely paired correlations between
symbols.
\--search-pattern
: Do not process input unless finding the specified regular
expression. Useful to skip logs to a certain position.
\--exclude
: Exclude log lines if certain symbols are fired (e.g. GTUBE). You
may specify this option multiple time to skip multiple symbols.
\--start
: Select log entries after this time. Format: "YYYY-MM-DD HH:MM:SS"
(can be truncated to any desired accuracy). If used with \--end
select entries between --start and \--end. The omitted date
defaults to the current date if you supply the time.
\--end
: Select log entries before this time. Format: "YYYY-MM-DD HH:MM:SS"
(can be truncated to any desired accuracy). If used with
\--start select entries between \--start and \--end. The omitted date
defaults to the current date if you supply the time.
\--help
: Print a brief help message and exits.
\--man
: Prints the manual page and exits.
|
