I made a quick few modifications to our Zabbix installation to monitor mail coming in and spam counts/day and such...
This could still use a lot of improvements, but for now at least I am happy :)
Do notice the Exim queue count is the only data that's always on spot. The other values like spam and such are dependant on how log rotation is setup for exim4. With us that was daily, so I gave all the items a description like 'today's rejected spam' which basically sums up exactly what it is :)
Also, I place my values in /tmp which probably has some security issues, but tbh, it seems safe enough to me.. and as the values are so small, I wont have any space issues (besides... I monitor /tmp afaik ;)
put the following in a crontab: (make sure user has enough rights, and do crontab -e)
*/2 * * * * /usr/sbin/exim -bpc > /tmp/eximcount.txt
*/5 * * * * grep -c "Message rejected as spam" /var/log/exim4/rejectlog > /tmp/exim_spamcount.txt
*/5 * * * * grep -c "Unrouteable address" /var/log/exim4/rejectlog > /tmp/exim_unrouteable.txt
*/5 * * * * grep -c "This message contains malware" /var/log/exim4/rejectlog > /tmp/exim_malware.txt
*/5 * * * * grep -c "relay not permitted" /var/log/exim4/rejectlog > /tmp/exim_relay.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep webster.nl | wc -l > /tmp/exim_incoming_internal.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep webster.nl | grep exchange.webster.nl | wc -l > /tmp/exim_incoming_exchange.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep webster.nl | grep -v exchange.webster.nl | wc -l > /tmp/exim_incoming_nonexchange.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep -v webster.nl | wc -l > /tmp/exim_incoming_external.txt
*/5 * * * * grep -c Completed /var/log/exim4/mainlog > /tmp/exim_completed.txt
(note: some of these values, especially where i grep our company name are kinda specific to my situation)
Part of the above text falls off the article, no worries, you can still copy/paste all the info :)
then add the following to your zabbix_agentd.conf (located at /etc/zabbix-agent), and afterwards restart zabbix-agent (/etc/init.d/zabbix-agent restart):
UserParameter=exim4.mailq,cat /tmp/eximcount.txt
UserParameter=exim4.spamq,cat /tmp/exim_spamcount.txt
UserParameter=exim4.unrouteq,cat /tmp/exim_unrouteable.txt
UserParameter=exim4.malwareq,cat /tmp/exim_malware.txt
UserParameter=exim4.relayq,cat /tmp/exim_relay.txt
UserParameter=exim4.incintq,cat /tmp/exim_incoming_internal.txt
UserParameter=exim4.incexchangeq,cat /tmp/exim_incoming_exchange.txt
UserParameter=exim4.incnonexchangeq,cat /tmp/exim_incoming_nonexchange.txt
UserParameter=exim4.incexternalq,cat /tmp/exim_incoming_external.txt
UserParameter=exim4.completedq,cat /tmp/exim_completed.txt
Then go to Zabbix, create a template exim4:
- Go to Configuration
- Go to Hosts (left above)
- Change Hosts into Templates (right above, the pulldown box)
- Create template:
- Name: exim4
- save
- Now on the topright corner, set Group to templates (host should default to All)
- Locate Template_Exim4 and click Items on the rightside.
- Now topright you have the option Create Item, click it.
- Host: Template_Exim4 (automatically filled in, i check this to make sure i'm actually editing the template, not directly a host)
- Description: Exim4: Today's messages rejected as spam
- Type: Zabbix agent
- key: exim4.spamq
- Type of information: Numeric (unsigned)
- Data type: Decimal
- Update interval (in sec): 300
- Leave other values as they are...or whatever you want... and Save
Have fun! (i plan to do more Zabbix related articles at a later point :)
woops, user parameters for the last few values were incorrect...
ReplyDeletecorrected just after the update mail went out... sorry! :)
later noticed that my previous edit had converted any greater or smaller then signs to the usual > type html conversions... apparently a blogspot thing.
ReplyDeleteConverted all those back to what they should be, and removed some useless "wc -l" commands by just added -c on the grep command line.
Not enough of this item:
ReplyDeleteExim: Today's completed messages
No idea, haven't used exim in a while (at least not in a work environment),
Deletethey could have changed the logging a bit since 2010 ;)