NAME
slowedit summarize - summarize by IP number

SYNOPSIS


slowlist switches summarize IPnumber [interval [units] ]

DESCRIPTION
slowedit summarize prints to standard out a human friendly summary of the behavior of a particular IP number. Unless you specify otherwise, all event records for the IP number are gathered into a single summary.

If the IPnumber specified does not exist in the database, an error like the following prints and summarize is done.

slowedit summarize: 1.2.3.4: not in the database

Otherwise the events are summarized like this:

% slowedit summarize 209.31.233.176
209.31.233.176:                              347 records:
        Whitelisted Address           =        0 (0%)
        Envelope Recipients           =      347 (100%)
        Header Recipients             =      207 (59%)
        Honey Pot Recipients          =        0 (0%)
        Bad Recipients                =        0 (0%)
        Excess Header Recipients      =        0 (0%)
        Excess Envelope Recipients    =        0 (0%)
        Any Honey Pot Recipients      =        0 (0%)
        Bad Message-Id Headers        =       25 (7%)
        Bad Connecting Hosts          =        0 (0%)
        Realtime Black Hole Rejects   =        0 (0%)
        Milter Aborts                 =      164 (47%)
        Illegal Pipe-Lining Attempts  =        0 (0%)
        Sendmail said "forged"        =        0 (0%)
        Received from our MX server   =        2 (0%)
        Not An IP Network             =        0 (0%)
        An Aliased IP entry           =        0 (0%)
::

If the IP number is whitelisted, only that summary line will contain a value. The first line printed is always the IPnumber followed by a colon and then the count of the records found, then a final colon. The last line is always two colons. This allows multiple summaries to be reported (as with a shell script) and the result easily parsed by a perl script.

In the event you wish to limit the number (date range) of records summarized, you may do so by adding an interval argument, like this:

slowedit summarize 209.31.233.176 1

The interval specified is presumed to be the number of days, unless you also specify units following the interval. For example, the following limits the interval to five hours:

slowedit summarize 209.31.233.176 5 hours

The interval specifies how far into the past from now we should search for records. Thus, "5 hours" means that only the most recent five hours of records will be printed.

The units may be selected from: "seconds," "minutes," "hours," "days," and "weeks." Only the first character of units is examined, so "s" and "secs" and "soda" all set the units to seconds. You may not combine units. That is, "5 hours 30 minutes" will evaluate to five hours.

Note that there is no way to indicate an offset from now into the past for the interval, thus you may not summarize "5 hours one week ago." If such a mechanism is needed, it may be added to a future release.

Finally note that if no records are found (within the interval specified), but the IP number does exist in the database, the summary prints that it found zero records and prints its summary values as zeros.