Provided by: rspamd_3.2-3_amd64 
NAME
rspamd_stats - analyze Rspamd rules by parsing log files
SYNOPSIS
rspamd_stats [options] [--symbol=SYM1 [--symbol=SYM2...]] [--log file]
DESCRIPTION
rspamd_stats will read the given log file (or standard input) and provide statistics for
the specified symbols:
Symbol: BAYES_SPAM (weight 3.763) (381985 hits, 26.827%)
Ham hits: 184557 (48.315%), total ham: 1095487 (ham with BAYES_SPAM: 16.847%)
Spam hits: 15134 (3.962%), total spam: 16688 (spam with BAYES_SPAM: 90.688%)
Junk hits: 182294 (47.723%), total junk: 311699 (junk with BAYES_SPAM: 58.484%)
Spam changes (ham/junk -> spam): 7026 (1.839%), total percentage (changes / spam hits): 42.102%
Junk changes (ham -> junk): 95192 (24.920%), total percentage (changes / junk hits): 30.540%
Where there are the following attributes:
• Weight: average score for a symbols
• Total hits: total number of hits and percentage of symbol hits divided by total number
of messages
• HAM hits: provides the following information about HAM messages with the specified
symbol (from left to right):
1. total symbol hits: number of messages that has this symbol and are HAM
2. ham percentage: number of symbol hits divided by overall HAM messages count
3. total ham hits: overall number of HAM messages
4. ham with symbol percentage: percentage of number of hits with specified symbol in HAM
messages divided by total number of HAM messages.
• SPAM hits: provides the following information about SPAM messages - same as previous but
for SPAM class.
• Junk hits: provides the following information about Junk messages - same as previous but
for JUNK class.
• Spam changes: displays data about how much messages switched their class because of the
specific symbol weight.
• Junk changes: displays data about how much messages switched their class because of the
specific symbol weight.
OPTIONS
--log Specifies log file or directory to read data from. If a directory is specified
rspamd_stats analyses files in the directory including known compressed file types.
Number of log files can be limited using --num-logs and --exclude-logs options.
This assumes that files in the log directory have newsyslog(8)- or
logrotate(8)-like name format with numeric indexes. Files without indexes
(generally it is merely one file) are considered the most recent and files with
lower indexes are considered newer.
--reject-score
Specifies the reject (spam) threshold.
--junk-score
Specifies the junk (add header or rewrite subject) threshold.
--alpha-score
Specifies the minimum score for a symbol to be considered by this script.
--symbol
Add symbol or pattern (pcre format) to analyze.
--num-logs
If set, limits number of analyzed logfiles in the directory to the specified value.
--exclude-logs
Number of latest logs to exclude (0 by default).
--correlations
Additionally print correlation rate for each symbol displayed. This routine
calculates merely paired correlations between symbols.
--search-pattern
Do not process input unless finding the specified regular expression. Useful to
skip logs to a certain position.
--exclude
Exclude log lines if certain symbols are fired (e.g. GTUBE). You may specify this
option multiple time to skip multiple symbols.
--start
Select log entries after this time. Format: "YYYY-MM-DD HH:MM:SS" (can be
truncated to any desired accuracy). If used with --end select entries between
--start and --end. The omitted date defaults to the current date if you supply the
time.
--end Select log entries before this time. Format: "YYYY-MM-DD HH:MM:SS" (can be
truncated to any desired accuracy). If used with --start select entries between
--start and --end. The omitted date defaults to the current date if you supply the
time.
--help Print a brief help message and exits.
--man Prints the manual page and exits.
AUTHORS
Vsevolod Stakhov.
March 5, 2018 RSPAMD_STATS(8)