Print Page | Close Window

Sawmill log analysis problems

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=4632
Printed Date: 18 September 2025 at 8:07am


Topic: Sawmill log analysis problems
Posted By: sirrar
Subject: Sawmill log analysis problems
Date Posted: 24 November 2004 at 12:37am

Hi

I'm running sawmill 6.5.3. I was very pleased to see that I could get my logs parsed with my sawmill. So I put in the SpamfilterISP log to the sawmill.

Here comes the problem. After pointing out my log dir sawmill can't autodetect the log format, ok i pointed it out to sawmill, to use Logsat Spamfilter .... After running through my logs sawmill ends up by telling that none of my log entries fitted into the filter.

Here's a a few lines of my logfiles. I have a logfile per day:

11-23-04 00:03:38:568 -- (3736) Connection from: 69.6.18.41  -  Originating country : Ukraine
11-23-04 00:03:40:047 -- (3736) Resolving 69.6.18.41 - mx1841.aa02.com
11-23-04 00:03:40:766 -- (3736) found SPF record: v=spf1 a mx ptr ~all
11-23-04 00:03:40:766 -- (3736) SPF query result:
11-23-04 00:03:40:766 -- (3736) - SPF analysis for aa02.com done: - pass
11-23-04 00:03:40:766 -- (3736) Mail from: mailto:b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com
11-23-04 00:03:41:635 -- (3736) - MAPS search done... 521 The IP 69.6.18.41 is Blacklisted by sbl.spamhaus.org.3 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 521 The IP 69.6.18.41 is Blacklisted by dnsbl.njabl.org.dWholesaleBandwidth, Inc. spam house...lots of individual spammers, lots of bogus swips -
11-23-04 00:03:41:635 -- (3736) 69.6.18.41 - Mail from: mailto:b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com To: mailto:bs@sirrar.dk" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bs@sirrar.dk will be rejected
11-23-04 00:03:42:864 -- (3736) EMail from mailto:b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - b.TailWaggingOffer.0-45c1f07-5ac.sirrar.dk.-bs@mx1841.aa02.com to mailto:bs@sirrar.dk" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bs@sirrar.dk was received and quarantined. Size: 1 KB, 1024 bytes
11-23-04 00:03:42:914 -- (7556) Time to add Msg to Bayes corpus:9
11-23-04 00:03:42:934 -- (3736) Disconnect

I have tried just to pare one file, same result. Sawmill see a lot of entries but can't fit them into a filter.

Here's the excat error message from sawmill, when building the database first time:

No valid log entries found

Sawmill did not find any valid log entries, so the statistics are not available.

Here is some info on the database (this one with only one days log:

Files in current Log Source: D:\Program Files\SpamFilter\logfiles\test\20041122.log
Number of entries in current Log Source: 9242
Entries accepted by the filters: 0

Hope you can help me!!!

Best regards...

Torsten Christiansen

 

BTW: Running SFI 2.1.2.395 still Eval, about to get the last things OK before registering.


Replies:
Posted By: Desperado
Date Posted: 24 November 2004 at 1:20am

I am running Sawminn 6.5.10 and it detect the logs properly.  However,  I need to send a new log sample over to Sawmill to get the filter updated with all the new log entries.

 

Dan S.

 

Posted By: Guests
Date Posted: 25 November 2004 at 6:09am

Hi,

Have the same problem with sawmil 6.5.11 (test version)

one log per day (isp .395)

Thanks

Alain


Print Page | Close Window