Potential Log Analyzer?

jglazer
Posts: 228
Joined: Thu Mar 17, 2005 5:48 pm

Potential Log Analyzer?

Postby jglazer » Wed Apr 11, 2018 1:05 pm

I am thinking about writing a log analyzer that would alert me to potential email server abuse. Before I do this I thought I'd ask the group if something like this already exists.

Specifically, I would like to know if a mailbox is sending an unusual (based on a threshold) amount of outgoing emails as well as perhaps a few other criteria. I am trying to avoid the poor mail rep resulting in a spammer "guessing" a mailbox password. This seems to happen about 4 times a year.

Any thoughts? A program like this would not be difficult to write.

bitechbobbrenner
Posts: 26
Joined: Tue Jan 20, 2015 4:57 pm

Re: Potential Log Analyzer?

Postby bitechbobbrenner » Wed Apr 11, 2018 7:11 pm

Sounds like a good idea. Currently we are just keeping an eye on the ME Audit daily file, \Mail Enable\Config\Audit\ , and dumping it into a database file for review of excessive IP violators. Then sending an email to the IP owner and sometimes to IC3. So far it's working for us but automating it in a GUI with admin email alerts would be welcomed.

Maur0V
Posts: 39
Joined: Thu May 09, 2013 10:26 am

Re: Potential Log Analyzer?

Postby Maur0V » Wed Apr 11, 2018 7:50 pm

hi, i've already developed an nagios check looking in log and in queue to see if sending rate (globaly, not divided by user) is abnormaly high compared to the previus week and to check if sending queue is holding to much mail.
don't seems to be too difficoult to count mail sent by single user.
Which other criteria could be useful to you?

Who is online

Users browsing this forum: No registered users and 8 guests