Scroll to navigation

RSPAMD_STATS(8) RSPAMD_STATS(8)

NAME

rspamd_stats - analyze Rspamd rules by parsing log files

SYNOPSIS

rspamd_stats [options] [--symbol=SYM1 [--symbol=SYM2...]] [--log file]

DESCRIPTION

rspamd_stats will read the given log file (or standard input) and provide statistics for the specified symbols:

Symbol: BAYES_SPAM (weight 3.763) (381985 hits, 26.827%)
Ham hits: 184557 (48.315%), total ham: 1095487 (ham with BAYES_SPAM: 16.847%)
Spam hits: 15134 (3.962%), total spam: 16688 (spam with BAYES_SPAM: 90.688%)
Junk hits: 182294 (47.723%), total junk: 311699 (junk with BAYES_SPAM: 58.484%)
Spam changes (ham/junk -> spam): 7026 (1.839%), total percentage (changes / spam hits): 42.102%
Junk changes (ham -> junk): 95192 (24.920%), total percentage (changes / junk hits): 30.540%

Where there are the following attributes:

Weight: average score for a symbols
Total hits: total number of hits and percentage of symbol hits divided by total number of messages
HAM hits: provides the following information about HAM messages with the specified symbol (from left to right):
1.
total symbol hits: number of messages that has this symbol and are HAM
2.
ham percentage: number of symbol hits divided by overall HAM messages count
3.
total ham hits: overall number of HAM messages
4.
ham with symbol percentage: percentage of number of hits with specified symbol in HAM messages divided by total number of HAM messages.
SPAM hits: provides the following information about SPAM messages - same as previous but for SPAM class.
Junk hits: provides the following information about Junk messages - same as previous but for JUNK class.
Spam changes: displays data about how much messages switched their class because of the specific symbol weight.
Junk changes: displays data about how much messages switched their class because of the specific symbol weight.

OPTIONS

Specifies log file or directory to read data from. If a directory is specified rspamd_stats analyses files in the directory including known compressed file types. Number of log files can be limited using --num-logs and --exclude-logs options. This assumes that files in the log directory have newsyslog(8)- or logrotate(8)-like name format with numeric indexes. Files without indexes (generally it is merely one file) are considered the most recent and files with lower indexes are considered newer.
Specifies the reject (spam) threshold.
Specifies the junk (add header or rewrite subject) threshold.
Specifies the minimum score for a symbol to be considered by this script.
Add symbol or pattern (pcre format) to analyze.
If set, limits number of analyzed logfiles in the directory to the specified value.
--exclude-logs
Number of latest logs to exclude (0 by default).
Additionally print correlation rate for each symbol displayed. This routine calculates merely paired correlations between symbols.
Do not process input unless finding the specified regular expression. Useful to skip logs to a certain position.
Exclude log lines if certain symbols are fired (e.g. GTUBE). You may specify this option multiple time to skip multiple symbols.
Select log entries after this time. Format: "YYYY-MM-DD HH:MM:SS" (can be truncated to any desired accuracy). If used with --end select entries between --start and --end. The omitted date defaults to the current date if you supply the time.
Select log entries before this time. Format: "YYYY-MM-DD HH:MM:SS" (can be truncated to any desired accuracy). If used with --start select entries between --start and --end. The omitted date defaults to the current date if you supply the time.
Print a brief help message and exits.
Prints the manual page and exits.

AUTHORS

Vsevolod Stakhov.

March 5, 2018