<html>
<b>NAME</b><br>
slowedit summarize - summarize by IP number
<p>
<b>SYNOPSIS</b><br>
<code><ul>
<b>slowlist</b> switches <b>summarize</b> IPnumber [interval [units] ]
</ul></code>
<p>
<b>DESCRIPTION</b><br>
<b>slowedit summarize</b> prints to standard out a human friendly summary
of the behavior of a particular IP number. Unless you specify otherwise,
all event records for the IP number are gathered into a single summary.
<p>
If the IPnumber specified does not exist in the database, an error
like the following prints and <b>summarize</b> is done.
<code><ul><pre>
slowedit summarize: 1.2.3.4: not in the database
</pre></ul></code>
Otherwise the events are summarized like this:
<code><ul><pre>
% <b>slowedit summarize 209.31.233.176</b>
209.31.233.176: 347 records:
Whitelisted Address = 0 (0%)
Envelope Recipients = 347 (100%)
Header Recipients = 207 (59%)
Honey Pot Recipients = 0 (0%)
Bad Recipients = 0 (0%)
Excess Header Recipients = 0 (0%)
Excess Envelope Recipients = 0 (0%)
Any Honey Pot Recipients = 0 (0%)
Bad Message-Id Headers = 25 (7%)
Bad Connecting Hosts = 0 (0%)
Realtime Black Hole Rejects = 0 (0%)
Milter Aborts = 164 (47%)
Illegal Pipe-Lining Attempts = 0 (0%)
Sendmail said "forged" = 0 (0%)
Received from our MX server = 2 (0%)
Not An IP Network = 0 (0%)
An Aliased IP entry = 0 (0%)
::
</pre></ul></code>
If the IP number is whitelisted, only that summary line will contain
a value. The first line printed is always the IPnumber followed
by a colon and then the count of the records found, then a final colon.
The last line is always two colons. This allows multiple summaries
to be reported (as with a shell script) and the result easily parsed
by a <i>perl</i> script.
<p>
In the event you wish to limit the number (date range) of records
summarized, you may do so by adding an <code>interval</code>
argument, like this:
<code><ul><pre>
slowedit summarize 209.31.233.176 1
</pre></ul></code>
The interval specified is presumed to be the number of days, unless you
also specify units following the interval. For example, the following
limits the interval to five hours:
<code><ul><pre>
slowedit summarize 209.31.233.176 5 hours
</pre></ul></code>
The interval specifies how far into the past from now we should
search for records. Thus, "5 hours" means that only the most recent
five hours of records will be printed.
<p>
The units may be selected from: "seconds," "minutes," "hours," "days,"
and "weeks." Only the first character of units is examined, so "s" and
"secs" and "soda" all set the units to seconds. You may not combine
units. That is, "5 hours 30 minutes" will evaluate to five hours.
<p>
Note that there is no way to indicate an offset from now into the
past for the interval, thus you may not summarize "5 hours one week ago."
If such a mechanism is needed, it may be added to a future release.
<p>
Finally note that if no records are found (within the interval specified),
but the IP number does exist in the database, the summary prints that it
found zero records and prints its summary values as zeros.
</body>
</html>
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #1 | 4052 | bryan_costales |
Implimented: whitelisting AddMXHost for MX servers that lie Converted to thread safe DNS routines garbage collection RunAsUser and RunAsGroup for root startups rebuild the database summarize by IP number Finished all documentation. Moved release from alpha to beta |