
This is for people who either want to do graphing themselves, or want to use 
the data-collecting tools directly. 

(Are you looking for the format of the RRD databases? Skip to the 
"The RRDTool databases")


The data-collecting tools
=========================

The data-collecting tools are all these binaries:

dlogaxfr dlogrtqueries dlogcache dlogcacheclients dlogcachequeries
dlogpublic dlogqmail dlogqpsmtpd dlogqmailadd dlogqmaildom dlogqsmtp 
dlogqsmtphosts dlogratclients dlogrbl dlogtiny dlogpublicdom

There are two different kinds of tools; one that provides a summary of 
information and one that generates a list of clients, queries or domains.

The following tools provide a summary of information:

dlogaxfr dlogcache dlogpublic dlogqmail dlogqsmtp dlogrbl dlogtiny dlogqpsmtpd

The following tools generates some kind of list:

dlogaxfrqueries dlogcacheclients dlogcachequeries dlogqmailadd 
dlogqmaildom dlogqsmtphosts dlogratclients dlogrtqueries dlogpublicdom

All commands needs the same arguments: 

	./<command> <starttime> <endtime> <logfile> <logfile> ..

<command> is the tool you want to use. E.g.: dlogaxfr.

<starttime> and <endtime> is given in Julian format, and tell the tool which 
records it should include in the statistics. They need to be specified and
cannot be omitted, as they can with dodlog.pl.

<logfile> Full path to a logfile. You can specify multiple logfiles to the
same command if you append them (seperated by a space) to the command line. If
your shell supports it you can use * and ? as you like. The logfiles don't 
have to be in sequence.


You can still use the dodlog.pl script if you just want the last 5 minutes of
data - the raw command is almost like running the tool by hand, but you don't
have to specify timestamps:

./dodlog.pl tinydns raw /service/tinydns/log/mail/

But it is primarily intended for integration with other tools. It's faster (and
almost as easy) to run the tool by hand - and you don't need to invoke perl.


The tools provide information to STDOUT. Errors are echoed to STDERR. Here is
a detailed describtion of what information they can give you; the information 
sourrounded by three stars (***) is a describtion of the actual output from 
the tool:

dlogaxfr:
	Tells you how many successful transfer, disallowed transfers and
        how many fatal errors that has occured.
	***
	TRANSFERS:<number>
	DISALLOWED:<number>
	FATAL:<number>
	***

dlogcache:
	Gives you a summary of which types of queries that has been delivered
	(one line for each different type), total number of queries received, 
	total number of answers, total number of queries dnscache has 
	performed to answer the clients, how many request was dropped, how 
	many errors occured and how many unknown types we delivered (should 
	be 0).
	***
	TYPE:<type>:<number>
	QUERIES:<number>
	OURQUERIES:<number>
	DROPPED:<number>
	ERRORS:<number>
	UNKNOWN:<number>
	***
	
dlogpublic:
	Tells you how many successful request publicfile has had, how many
	unsuccessful and the maximum number of connections publicfile has had
	within the given period.
	***
	SUCCESS:<number>
	FAILURES:<number>
	MAXCON:<number>
	***

dlogqmail:
	Tells you how many incoming mails qmail had, how many deliveries 
	(one mail can spawn multiple deliveries), how many bytes qmail has
	tranferred, the maximum number of concurrent local deliveries and
	the maximum number of concurrent remote deliveries.
	***
	INCOMING:<number>
	DELIVERIES:<number>
	BYTES:<number>
	LOCALCON:<number>
	REMOTECON:<number>
	***

dlogqsmtp:
	Tells you how many requests tcpserver for qmail-smtpd has had, how
	many of them that were listed in RBL and the maximum number of 
	concurrent incoming connections.
	***
	REQUESTS:<number>
	RBLREQ:<number>
	MAXCON:<number>
	***
	
dlogrbl:
	Gives you a summary of how many requests there have been for a given 
	type that was answered (one line for each type) and how many requests 
	there have been for a given type that was invalid (one line for each 
	type).
	***
	ANSWERED:<type>:<number>
	INVALID:<type>:<number>
	***

dlogtiny:
	Brace yourself. This tool tells you how many request there have been 
	for a given type that was answered (one line for each type), how many 
	requests there have been for a given type for which tinydns was not 
	authoritative (one line for each type), how manu request there have 
	been for a given type that was not of type IN (one line for each type), 
	how many requests there have been for a given type where tinydns had 	
	not implemented the feature (one line for each type) and how many 
	queries that were malformed.
	***
	ANSWER:<type>:<number>
	NOTAUTH:<type>:<number>
	NONIN:<type>:<number>
	NOTIMP:<type>:<number>
	MALFORMED:<number>
	***

dlogqpsmtpd:
	Tells you how many requests qpsmtpd has had and the maximum number of 
	concurrent incoming connections (supports both tcpserver and forkserver
	output in your logfiles). Furthermore all plugins that are
	configured will be listed along with the status and the number of 
	times that plugin has returned that status.
	***
	REQUESTS:<number>
	RBLREQ:<number>
	<plugin> returned <status>:<number>
	***

dlogaxfrqueries:
        lists which domains are requested from your axfrdns setup

dlogcacheclients:
        lists which clients makes most use of your dnscache setup

dlogcachequeries:
        lists which domains are requested from your dnscache setup

dlogqmailadd:
        lists which e-mail addresses are active in your qmail setup.
        This includes both from and to.

dlogqmaildom:
	lists which domains are active in your qmail setup. This include
	domains we receive mail for and which we deliver to.

dlogpublicdom:
	lists which domains are active in your publicfile setup. 

dlogqsmtphosts:
	lists which hosts that have contacted tcpserver in the qmail setup.

dlogratclients:
	this command can examine rbldns, axfrdns and tinydns logfiles, and 
	lists which clients that have contacted the given service

dlogrtqueries:
	this command can examine rbldns and tinydns logfiles, and lists which
	queries the given service has received.



The RRDTool databases
=====================

The following should help you getting info from the rrd databases yourself. 
All data sources are created like so:

DS:<datasource>:GAUGE:600:U:U

And all databases has one RRA like so:

RRA:AVERAGE:0.5:1:210240

Here are the datasources for each type:

axfrdns:
	TRANSFERS
	DISALLOWED
	FATAL	

dnscache:
	queries
	answers
	ourqueries
	dropped
	errors
	unknown
	TYPE0
	TYPE1
	TYPE2
	TYPE5
	TYPE6
	TYPE12
	TYPE15
	TYPE16
	TYPE28
	TYPE252
	TYPE255
	TOTHITS

publicfile:
	SUCCESS
	MAXCON
	FAILURES	

qmail:
	INCOMING
	DELIVERIES
	BYTES
	LOCALCON
	REMOTECON

qmailqueue:
	QUEUE
	NOTPREPRO

qsmtp:
	REQUESTS
	MAXCON
	RBLREQ

qpsmtpd:
	REQUESTS
	MAXCON
	DNSBL
	CBMF
	CBMFT
	BRT
	BH
	ET
	LOOP
	NORELAY
	RELAY
	SPAMHELO
	UNREGCOM
	WLS
	GREYLIST
	HOSTSALLOW
	RHSBL
	SENDERPF
	SPAMASS
	TLS
	VIRUS
	RESOLVEFH

rbldns:
	ANSWER1
	ANSWER2
	ANSWER5
	ANSWER6
	ANSWER12
	ANSWER15
	ANSWER16
	ANSWER28
	ANSWER252
	ANSWER255
	TOTANSWER
	INVALID1
	INVALID2
	INVALID5
	INVALID6
	INVALID12
	INVALID15
	INVALID16
	INVALID28
	INVALID252
	INVALID255
	TOTINVALID

tinydns:
	ANSWER1
	ANSWER2
	ANSWER5
	ANSWER6
	ANSWER12
	ANSWER15
	ANSWER16
	ANSWER28
	ANSWER252
	ANSWER255
	TOTANSWER
	NOTAUTH1
	NOTAUTH2
	NOTAUTH5
	NOTAUTH6
	NOTAUTH12
	NOTAUTH15
	NOTAUTH16
	NOTAUTH28
	NOTAUTH252
	NOTAUTH255
	TOTNOTAUTH
	NONIN1
	NONIN2
	NONIN5
	NONIN6
	NONIN12
	NONIN15
	NONIN16
	NONIN28
	NONIN252
	NONIN255
	TOTNONIN
	NOTIMP1
	NOTIMP2
	NOTIMP5
	NOTIMP6
	NOTIMP12
	NOTIMP15
	NOTIMP16
	NOTIMP28
	NOTIMP252
	NOTIMP255
	TOTNOTIMP
	MALFORMED


The types are chosen from which types that are en broad use today:

1 = A record
2 = NS record
5 = CNAME record
6 = SOA record
12 = PTR record
15 = MX record
16 = TXT record
28 = AAAA record (IPv6)
252 = AXFR (transfer of an entire zone)
255 = Request for all records


