Producing and viewing mailserver statistics with isoqlog

Posted by Steve on Sat 27 Aug 2005 at 12:41

If you wish to keep track of the mail sent and received by a machine then isoqlog is a nice solution allowing you to view your top mail senders and receivers. It works with exim, postfix, sendmail, and qmail.

Whilst it doesn't provide a full monitoring solution in the same way that munin, or cacti would it does allow you to keep track of mailserver performance and throughput in a readable fashion.

On many hosts keeping statistics on your mailserver, and performing webserver logfiles analysis is all that is required anyway.

For a look at what it offers please see the sample output. This shows you the kind of behaviour you can expect to see upon your hosts.

Output is broken down into three fields:

• Sent
  • Keeping track of mails sent from your host.
• Received
  • Keeping track of incoming mails addressed to your host.
• Size
  • The size of mails sent or received.

The outputs is further broken down by domain name.

To install the software you can simply run:

apt-get install isoqlog

(Or if you wish "aptitude install isoqlog".)

Once installed you may be prompted by debconf to configure it. On my Debian Sarge installation this did not occur, but it did on the two Debian Sid hosts I tested it upon. Currently the same version will be installed on Sid, and Sarge, so I'm not sure where the difference comes from - and your result may vary.

To configure the software we need to setup several variables:

• The logtype exim/sendmail/etc.
• The input logfile to use.
• The domain names to include in the output.
• The system's hostname.
• The directory to place output files in.

If prompted by debconf enter your choices. If you're not then you can setup the various configuration settings in the file /etc/isoqlog/isoqlog.conf manually.

The domain names you wish to monitor should instead be entered, one per line, in /etc/isoqlog/isoqlog.domains.

For example this sample shows the setup I use upon an exim4 mailserver:

logtype     = "exim"
logstore    = "/var/log/exim4/mainlog"
domainsfile = "/etc/isoqlog/isoqlog.domains"
outputdir   = "/var/www/isoqlog"
htmldir     = "/usr/share/isoqlog/htmltemp"
langfile    = "/usr/share/isoqlog/lang/english"
hostname    = "mystery"

maxsender   = 100
maxreceiver = 100
maxtotal    = 100

maxbyte     = 100

Here I've changed the "logstore" to point to exim4's logfile, and setup the output directory to /var/www/isoqlog - where my Apache installation can serve it from - with appropriate access control in place to avoid leaking private information.

The only other change I made was to set the langfile to /usr/share/isoqlog/lang/english - the default was to use English (with a capital "E") which didn't exist.

That is sufficient to setup the software.

By default there is a cronjob installed in /etc/cron.daily/isoqlog to generate the statistics once per day.

If you do not wish to wait, and wish to generate some immediately run the following command manually, as root:

/usr/bin/isoqlog

This article can be found online at the Debian Administration website at the following bookmarkable URL:

• http://www.debian-administration.org/articles/230

This article is copyright 2005 Steve - please ask for permission to republish or translate.