# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. spamd = { plugin_version = "1.0.1" # 2007-01-25 - 1.0beta - KBB - initial creation # 2007-09-14 - 1.0 - KBB - renumbered per new beta policy # 2011-07-19 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "OpenBSD" info.1.device = "spamd (SpamAssassin Daemon)" info.1.version.1 = "" # The name of the log format log.format.format_label = "spamd (SpamAssassin Daemon) Log Format" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if any of the first ten lines match this regular expression #Nov 6 04:15:09 adevice spamd[410]: spamd: checking message <20061105230020.B0DF8778115Z@here.there.com> for jack@somewhere.com:99 log.format.autodetect_regular_expression = "spamd\[[0-9]+\]: spamd: checking message" log.format.autodetect_lines = 1000 # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { scantime = "" size.type = "size" user = "" uid = "" required_score = "" rhost = "" raddr = "" rport = "" mid = "" autolearn = "" score = "" rules = "" spam_status = "" } # log.fields log.parsing_filters.parse = ` # Note that all needed information is in the result lines except the fractional Spam Assassin score, # so ignoring "clean message" and "identified spam" lines for now. #Nov 6 04:15:15 adevice spamd[410]: spamd: clean message (-99.1/5.0) for radha@somewhere.com:99 in 5.9 seconds, 4541 bytes. #Nov 6 04:15:15 adevice spamd[410]: spamd: result: . -99 - ALL_TRUSTED,INVALID_DATE,NO_REAL_NAME,USER_IN_WHITELIST scantime=5.9,size=4541,user=radha@somewher.com,uid=99,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47778,mid=<20061105230200.0DBF8178711Z@here.there.com>,autolearn=no #Nov 6 04:15:17 adevice spamd[4082]: spamd: identified spam (22.3/5.0) for smith@somewhere.com:99 in 5.6 seconds, 3445 bytes. #Nov 6 04:15:17 adevice spamd[4082]: spamd: result: Y 22 - RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_SBL,SUBJ_ILLEGAL_CHARS,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=5.6,size=3445,user=smith@somewhere.com,uid=99,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47781,mid=<719373.138141103.1621174576@nearby.com>,autolearn=failed #if (matches_regular_expression(v.syslog_message, '^spamd\\\\[[0-9]+\\\\]: spamd: result: (.) ([0-9-]+) - ([A-Z0-9_,]+) (.*)')) then ( if (matches_regular_expression(v.syslog_message, '^spamd\\\\[[0-9]+\\\\]: spamd: result: (.) ([0-9-]+) - ([^ ]*) (.*)')) then ( v.result = $1; v.syslog_message = $4; set_collected_field('', 'score', $2); set_collected_field('', 'rules', $3); if (v.result eq 'Y') then ( set_collected_field('', 'spam_status', 'yes'); ); else ( set_collected_field('', 'spam_status', 'no'); ); collect_listed_fields('', v.syslog_message, ',', '=', ''); accept_collected_entry('', false); ); ` # Database fields database.fields = { user = "" uid = "" required_score = "" rhost = "" raddr = "" rport = "" mid = "" autolearn = "" score = "" rules = "" spam_status = "" } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'messages = 1;' } # mark_entry } # log.filters database.numerical_fields = { messages = { default = true requires_log_field = false entries_field = true } # messages size = { type = "int" integer_bits = 64 display_format_type = "bandwidth" } # size scantime = { type = "int" integer_bits = 64 display_format_type = "duration_compact" } # scantime average_scan_time = { log_field = "scantime" type = "int" integer_bits = 64 display_format_type = "duration_compact" aggregation_method = "average" average_denominator_field = "messages" } # average_scan_time average_message_score = { log_field = "score" aggregation_method = "average" average_denominator_field = "messages" } # average_message_score } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # spamd