mailstats and firestats - linux syslog statistics

Last Updated June 16, 2004

mailstats and firestats produce a webpage with graphs of various mail (pop3, imap, relay denied, smtp, spam), and iptables (packets blocked) statistics. The two scripts run separatly, but are packaged together. Obviously you could combine the two scripts into one. I created the two scripts separately to run one on a mail server and another on a firewall; but in fact I run them both on a central syslog server. On a 400MHz PII with 512MB RAM, the scripts take about 5 seconds to churn through 66MB of mail and system logs.

First make sure you have a working copy of gnuplot installed with PNG support. If it isn't in /usr/local/bin/gnuplot, you will need to edit the scripts.
To get png to work, pick up LibPNG and zlib. If you get the error 'PNG library not found' on config, the images will not work.
You will also need the bash shell, or make adjustments.

Download the stats-040616.tgz file and unpack it locally. In it you will find the mailstats and firestats scripts, and the etc-gnuplot directory. Copy the two scripts to your /usr/bin/ directory. Edit the scripts to fit your directory structure. By default, they are looking in /var/log/messages for iptables messages, and in /var/log/maillog for sendmail messages. You can edit the scripts to use just about any MTA, or grab any statistic with a little editing. By default they will place the files into /var/www/html/. I would suggest you alter this to a secure subdirectory once you have everything working.

Copy the etc-gnuplot files into a new /etc/gnuplot/ directory. These are base configs as defined in the scripts.

Execute the scripts in crontab. In Redhat, edit /etc/crontab to add the following entries :

59 * * * * /usr/bin/mailstats
59 * * * * /usr/bin/firestats

Now, while in /etc, run "crontab crontab" to put it in memory.

Originally I wrote them to look at the last full hour by grabbing date +%H and subtracting 1 (adjusted for midnight) but found it to be a great deal easier just to lose the last 50 seconds of stats for the hour.

Sample output graphs: