.\" Automatically generated by Pandoc 1.19.2.4
.\"
.TH "RSPAMD_STATS" "8" "March 5, 2018" "" ""
.hy
.SH NAME
.PP
rspamd_stats \- analyze Rspamd rules by parsing log files
.SH SYNOPSIS
.PP
rspamd_stats [\f[I]options\f[]] [\f[I]\-\-symbol=SYM1\f[]
[\f[I]\-\-symbol=SYM2\f[]...]] [\f[I]\-\-log file\f[]]
.SH DESCRIPTION
.PP
rspamd_stats will read the given log file (or standard input) and
provide statistics for the specified symbols:
.IP
.nf
\f[C]
Symbol:\ BAYES_SPAM\ (weight\ 3.763)\ (381985\ hits,\ 26.827%)
Ham\ hits:\ 184557\ (48.315%),\ total\ ham:\ 1095487\ (ham\ with\ BAYES_SPAM:\ 16.847%)
Spam\ hits:\ 15134\ (3.962%),\ total\ spam:\ 16688\ (spam\ with\ BAYES_SPAM:\ 90.688%)
Junk\ hits:\ 182294\ (47.723%),\ total\ junk:\ 311699\ (junk\ with\ BAYES_SPAM:\ 58.484%)
Spam\ changes\ (ham/junk\ \->\ spam):\ 7026\ (1.839%),\ total\ percentage\ (changes\ /\ spam\ hits):\ 42.102%
Junk\ changes\ (ham\ \->\ junk):\ 95192\ (24.920%),\ total\ percentage\ (changes\ /\ junk\ hits):\ 30.540%
\f[]
.fi
.PP
Where there are the following attributes:
.IP \[bu] 2
Weight: average score for a symbols
.IP \[bu] 2
Total hits: total number of hits and percentage of symbol hits divided
by total number of messages
.IP \[bu] 2
HAM hits: provides the following information about HAM messages with the
specified symbol (from left to right):
.IP "1." 3
total symbol hits: number of messages that has this symbol and are HAM
.IP "2." 3
ham percentage: number of symbol hits divided by overall HAM messages
count
.IP "3." 3
total ham hits: overall number of HAM messages
.IP "4." 3
ham with symbol percentage: percentage of number of hits with specified
symbol in HAM messages divided by total number of HAM messages.
.IP \[bu] 2
SPAM hits: provides the following information about SPAM messages \-
same as previous but for SPAM class.
.IP \[bu] 2
Junk hits: provides the following information about Junk messages \-
same as previous but for JUNK class.
.IP \[bu] 2
Spam changes: displays data about how much messages switched their class
because of the specific symbol weight.
.IP \[bu] 2
Junk changes: displays data about how much messages switched their class
because of the specific symbol weight.
.SH OPTIONS
.TP
.B \-\-log
Specifies log file or directory to read data from.
If a directory is specified rspamd_stats analyses files in the directory
including known compressed file types.
Number of log files can be limited using \-\-num\-logs and
\-\-exclude\-logs options.
This assumes that files in the log directory have newsyslog(8)\- or
logrotate(8)\-like name format with numeric indexes.
Files without indexes (generally it is merely one file) are considered
the most recent and files with lower indexes are considered newer.
.RS
.RE
.TP
.B \-\-reject\-score
Specifies the reject (spam) threshold.
.RS
.RE
.TP
.B \-\-junk\-score
Specifies the junk (add header or rewrite subject) threshold.
.RS
.RE
.TP
.B \-\-alpha\-score
Specifies the minimum score for a symbol to be considered by this
script.
.RS
.RE
.TP
.B \-\-symbol
Add symbol or pattern (pcre format) to analyze.
.RS
.RE
.TP
.B \-\-num\-logs
If set, limits number of analyzed logfiles in the directory to the
specified value.
.RS
.RE
.TP
.B \-\-exclude\-logs
Number of latest logs to exclude (0 by default).
.RS
.RE
.TP
.B \-\-correlations
Additionally print correlation rate for each symbol displayed.
This routine calculates merely paired correlations between symbols.
.RS
.RE
.TP
.B \-\-search\-pattern
Do not process input unless finding the specified regular expression.
Useful to skip logs to a certain position.
.RS
.RE
.TP
.B \-\-exclude
Exclude log lines if certain symbols are fired (e.g.
GTUBE).
You may specify this option multiple time to skip multiple symbols.
.RS
.RE
.TP
.B \-\-start
Select log entries after this time.
Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired
accuracy).
If used with \-\-end select entries between \-\-start and \-\-end.
The omitted date defaults to the current date if you supply the time.
.RS
.RE
.TP
.B \-\-end
Select log entries before this time.
Format: "YYYY\-MM\-DD HH:MM:SS" (can be truncated to any desired
accuracy).
If used with \-\-start select entries between \-\-start and \-\-end.
The omitted date defaults to the current date if you supply the time.
.RS
.RE
.TP
.B \-\-help
Print a brief help message and exits.
.RS
.RE
.TP
.B \-\-man
Prints the manual page and exits.
.RS
.RE
.SH AUTHORS
Vsevolod Stakhov.