blob: 902ad8f5eab342f509ca726ac7f726ba9999de41 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
.\" Automatically generated by Pandoc 1.19.2.4
.\"
.TH "RSPAMD_STATS" "8" "March 5, 2018" "" ""
.hy
.SH NAME
.PP
rspamd_stats \- analyze Rspamd rules by parsing log files
.SH SYNOPSIS
.PP
rspamd_stats [\f[I]options\f[]] [\f[I]\-\-symbol=SYM1\f[]
[\f[I]\-\-symbol=SYM2\f[]...]] [\f[I]\-\-log file\f[]]
.SH DESCRIPTION
.PP
rspamd_stats will read the given log file (or standard input) and
provide statistics for the specified symbols:
.IP
.nf
\f[C]
Symbol:\ BAYES_SPAM\ (weight\ 3.763)\ (381985\ hits,\ 26.827%)
Ham\ hits:\ 184557\ (48.315%),\ total\ ham:\ 1095487\ (ham\ with\ BAYES_SPAM:\ 16.847%)
Spam\ hits:\ 15134\ (3.962%),\ total\ spam:\ 16688\ (spam\ with\ BAYES_SPAM:\ 90.688%)
Junk\ hits:\ 182294\ (47.723%),\ total\ junk:\ 311699\ (junk\ with\ BAYES_SPAM:\ 58.484%)
Spam\ changes\ (ham/junk\ \->\ spam):\ 7026\ (1.839%),\ total\ percentage\ (changes\ /\ spam\ hits):\ 42.102%
Junk\ changes\ (ham\ \->\ junk):\ 95192\ (24.920%),\ total\ percentage\ (changes\ /\ junk\ hits):\ 30.540%
\f[]
.fi
.PP
Where there are the following attributes:
.IP \[bu] 2
Weight: average score for a symbols
.IP \[bu] 2
Total hits: total number of hits and percentage of symbol hits divided
by total number of messages
.IP \[bu] 2
HAM hits: provides the following information about HAM messages with the
specified symbol (from left to right):
.IP "1." 3
total symbol hits: number of messages that has this symbol and are HAM
.IP "2." 3
ham percentage: number of symbol hits divided by overall HAM messages
count
.IP "3." 3
total ham hits: overall number of HAM messages
.IP "4." 3
ham with symbol percentage: percentage of number of hits with specified
symbol in HAM messages divided by total number of HAM messages.
.IP \[bu] 2
SPAM hits: provides the following information about SPAM messages \-
same as previous but for SPAM class.
.IP \[bu] 2
Junk hits: provides the following information about Junk messages \-
same as previous but for JUNK class.
.IP \[bu] 2
Spam changes: displays data about how much messages switched their class
because of the specific symbol weight.
.IP \[bu] 2
Junk changes: displays data about how much messages switched their class
because of the specific symbol weight.
.SH OPTIONS
.TP
.B \-\-log
Specifies log file or directory to read data from.
If a directory is specified rspamd_stats analyses files in the directory
including known compressed file types.
Number of log files can be limited using \-\-num\-logs and
\-\-exclude\-logs options.
This assumes that files in the log directory have newsyslog(8)\- or
logrotate(8)\-like name format with numeric indexes.
Files without indexes (generally it is merely one file) are considered
the most recent and files with lower indexes are considered newer.
.RS
.RE
.TP
.B \-\-reject\-score
Specifies the reject (spam) threshold.
.RS
.RE
.TP
.B \-\-junk\-score
Specifies the junk (add header or rewrite subject) threshold.
.RS
.RE
.TP
.B \-\-alpha\-score
Specifies the minimum score for a symbol to be considered by this
script.
.RS
.RE
.TP
.B \-\-symbol
Add symbol or pattern (pcre format) to analyze.
.RS
.RE
.TP
.B \-\-num\-logs
If set, limits number of analyzed logfiles in the directory to the
specified value.
.RS
.RE
.TP
.B \-\-exclude\-logs
Number of latest logs to exclude (0 by default).
.RS
.RE
.TP
.B \-\-correlations
Additionally print correlation rate for each symbol displayed.
This routine calculates merely paired correlations between symbols.
.RS
.RE
.TP
.B \-\-search\-pattern
Do not process input unless finding the specified regular expression.
Useful to skip logs to a certain position.
.RS
.RE
.TP
.B \-\-exclude
Exclude log lines if certain symbols are fired (e.g.
GTUBE).
You may specify this option multiple time to skip multiple symbols.
.RS
.RE
.TP
.B \-\-start
Select log entries after this time.
Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired
accuracy).
If used with \-\-end select entries between \-\-start and \-\-end.
The omitted date defaults to the current date if you supply the time.
.RS
.RE
.TP
.B \-\-end
Select log entries before this time.
Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired
accuracy).
If used with \-\-start select entries between \-\-start and \-\-end.
The omitted date defaults to the current date if you supply the time.
.RS
.RE
.TP
.B \-\-help
Print a brief help message and exits.
.RS
.RE
.TP
.B \-\-man
Prints the manual page and exits.
.RS
.RE
.SH AUTHORS
Vsevolod Stakhov.
|
