Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Sawmill log analysis problems
  FAQ FAQ  Forum Search   Register Register  Login Login

Sawmill log analysis problems
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
sirrar View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: Denmark
Status: Offline
Points: 44 		Post Options Post Options   Thanks (0) Thanks(0)   Quote sirrar Quote  Post ReplyReply Direct Link To This Post Topic: Sawmill log analysis problems
    Posted: 24 November 2004 at 12:37am

Hi

I'm running sawmill 6.5.3. I was very pleased to see that I could get my logs parsed with my sawmill. So I put in the SpamfilterISP log to the sawmill.

Here comes the problem. After pointing out my log dir sawmill can't autodetect the log format, ok i pointed it out to sawmill, to use Logsat Spamfilter .... After running through my logs sawmill ends up by telling that none of my log entries fitted into the filter.

Here's a a few lines of my logfiles. I have a logfile per day:

11-23-04 00:03:38:568 -- (3736) Connection from: 69.6.18.41  -  Originating country : Ukraine
11-23-04 00:03:40:047 -- (3736) Resolving 69.6.18.41 - mx1841.aa02.com
11-23-04 00:03:40:766 -- (3736) found SPF record: v=spf1 a mx ptr ~all
11-23-04 00:03:40:766 -- (3736) SPF query result:
11-23-04 00:03:40:766 -- (3736) - SPF analysis for aa02.com done: - pass
11-23-04 00:03:40:766 -- (3736) Mail from: b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com
11-23-04 00:03:41:635 -- (3736) - MAPS search done... 521 The IP 69.6.18.41 is Blacklisted by sbl.spamhaus.org.3http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 521 The IP 69.6.18.41 is Blacklisted by dnsbl.njabl.org.dWholesaleBandwidth, Inc. spam house...lots of individual spammers, lots of bogus swips -
11-23-04 00:03:41:635 -- (3736) 69.6.18.41 - Mail from: b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com To: bs@sirrar.dk will be rejected
11-23-04 00:03:42:864 -- (3736) EMail from b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com to bs@sirrar.dk was received and quarantined. Size: 1 KB, 1024 bytes
11-23-04 00:03:42:914 -- (7556) Time to add Msg to Bayes corpus:9
11-23-04 00:03:42:934 -- (3736) Disconnect

I have tried just to pare one file, same result. Sawmill see a lot of entries but can't fit them into a filter.

Here's the excat error message from sawmill, when building the database first time:

No valid log entries found

Sawmill did not find any valid log entries, so the statistics are not available.

Here is some info on the database (this one with only one days log:

Files in current Log Source: D:\Program Files\SpamFilter\logfiles\test\20041122.log
Number of entries in current Log Source: 9242
Entries accepted by the filters: 0

Hope you can help me!!!

Best regards...

Torsten Christiansen

 

BTW: Running SFI 2.1.2.395 still Eval, about to get the last things OK before registering.
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 24 November 2004 at 1:20am

I am running Sawminn 6.5.10 and it detect the logs properly.  However,  I need to send a new log sample over to Sawmill to get the filter updated with all the new log entries.

 

Dan S.

 
Back to Top
Alain View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alain Quote  Post ReplyReply Direct Link To This Post Posted: 25 November 2004 at 6:09am

Hi,

Have the same problem with sawmil 6.5.11 (test version)

one log per day (isp .395)

Thanks

Alain
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.098 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us