Hello All,
A while ago we wrote some software that performs log parsing (analyzing) for SmarterMail which we are provided to the community for FREE via the old forum.
As the old forum is due to be removed shortly we have moved the information about our FREE tool to the SmarterTools community!
We decided to write the software to help us track down compromised accounts that have been sending SPAM from our SmarterMail server and thought that it might also be of some use to the community.
Here are a couple of screenshots of the software.
Features:
- Parse multiple un-compressed and compressed SMTP log files by a specified data range.
- Allows you to configure up to 6 filters to search the in-memory log files.
- Each filter allows you to search by Log Message Text, Connection IP, or Connection Number and can be set to either items matching or not matching your criteria.
- Allows you to view a list of the number of connections by IP Address (for all loaded logs, or your filtered results).
Download:
You can download the software from:
https://www.acumensystems.com/downloads/sm/AcumenSmarterMailLogParser.zip
System Requirements:
- Windows 32/64bit Operating System.
- Microsoft .NET Framework version 4 / 4.5 / 4.5.1 / 4.5.2 or higher (which must be installed in order for the software to run).
- As for hardware requirements well that would all depend on the size of your log files!
IMPORTANT - Before you begin using the software:
We highly recommend that you do not run this software on your Mail Server, as depending on your log files sizes, the software can use a very large amount of memory and be quite processor intensive when loading logs!
We highly recommend that you do not parse/analyze logs within your live SmarterMail logs folder! E.g. Please make a copy the logs you want to parse/analyze, and then parse/analyze the copies!
Installation:
- Download the zip file.
- Extract the zip file.
- Run AcumenSmarterMailLogParser.exe
Using the Software:
Step 1 - Loading your Log Files:
Within the "Load Log File Options" area:
- Use the "Folder Browse" button to select the folder which contains the logs to parse.
- Select "Use Date Range" and enter the date range of the files you want load, or select "All In Folder" to load all files in folder.
- Select the "Log Type"
- Select the "Load Method". You have two choices the first "Load Logs on Filter" – this will use less memory, but every time you perform a filter the logs have to the re-parsed. The second method is "Load Logs Into Memory" this loads all of the logs into memory and allows you to re-apply filtering to the in memory logs without the software having to re-parse the logs each time a filter is performed.
- Tick or un-tick the "Enable Multi-core" option - note ticking the option allows the software to parse logs much faster - but may be quite processor intensive, and cause the software to use a high volume of memory.
- Once you are happy with your options:
- If you are using the "Load Logs on Filter" load method you should apply a Filter (see Step 2) and then click the "Load & Perform Filter" button to filter your logs.
- If you are using the "Load Logs Into Memory" load method click the "Load Log Files" button to load the logs into memory. When your log files have loaded successfully, the information in the "In Memory Log Statistics" area will be updated. Note: You can click on Green coloured counts to provide further information - e.g. clicking on the Green count to the right of "Unique Connection IP Addresses:" will display a list of the number of connections by IP Address.
Step 2 - Filtering your Log Files:
Within the "Filter Options" area:
- To Apply a Filter tick the "Apply" box on the filter.
- When a filter has "Apply" ticked you can alter the values of the filter.
- When you are happy with your filter options click the "Load & Perform Filter" or "Perform Filter" button (the wording on the button is different depending on which "Load Method" has been selected).
- After clicking the "Perform Filter" button the results of the search will be displayed in "Filtered Log Information" area.
Note: If you are using the "Load Logs on Filter" load method the software requires you to apply at least one filter before you can load and filter your logs.
Note: If you are using the "Load Logs Into Memory" load method and no filters are applied when you click the "Perform Filter" button, information from ALL of loaded log files will we displayed in the "Filtered Log Information" area.
Note: If you have large log files, or your filter options yield a large amount of results it can take quite a while for the software to display the results in the "Filtered Log Information" area - so be patient.
Note: Multiple applied filters are combined using logical AND operations.
Step 3 - Interpreting Filtered Log Files:
The interpretation of your filtered logs shown in the "Filtered Log Information" area is down to you!
Support:
If you experience any issues with the software e.g. the software reports an error then please let us know.
We are also interested to hear for members of the community who have any suggestions for improving the software, so if you find the software useful and have a new feature request let us know and we'll see what we can do!
Software Disclaimer:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.