Cacti and Exim – a (mostly) complete guide – Part 1

I recently had to set up monitoring for a new Exim MX server at work. I wanted to make exim statistics available over SNMP such that I can easily hook it into cacti and nagios. Having recently been though the whole process from beginning to end, I thought I’d take the time to document the process, so that others can not only download and use my scripts/templates – but also modify it to suit their needs and learn some cacti whilst doing so.

Download my script and template: – exim_cacti_v1.tar.gz

This guide does assume you have some knowledge in system administration, and debugging issues. I obviously can’t cover everything from ground up – if you have any questions leave a comment and I might reply, but hopefully another reader will reply (hint 😉 )

Creating the data collection script

The first step in the process is to make a script to collect the statistics we want to monitor. I started from a script I found on the University of Leicester’s site. This script did almost everything I needed, and was easy to modify to my own needs, so formed a good base. The idea behind this script is reasonably simple, it opens the exim log file, goes though it line by line, and increments counts when it finds certain things. These counters are written out to a text file, and the position of the log file is recorded such that next time the script runs, it will start where it last left off. The script also handles log files being rotated which is a nice feature. To see the full script, download my bundle (linked above) and have a look.

This snippet below shows how I’m parsing the log file looking for things of interest, and incrementing counters.

  while ($line = ) {
    if (defined $prevline) {
      if ($line =~ /greylist result: [01]/) {
      } elsif ($line =~ /rejected RCPT/) {
      } elsif ($line =~ /<=/) {
      } elsif ($line =~ /[=-]>/) {
      } elsif ($line =~ /Rejected SPAM/) {
      } elsif ($line =~ /[DATA] Virus/) {

At the end of the script, a function is called to write out all these counters, one per line, into a file. This script should be added to cron to run every 5 minutes.

# cat /etc/crontab | grep exim
*/5 * * * * Debian-exim /usr/local/bin/

Configuring SNMP

Our next task is to configure SNMP to make our statistics available remotely. This is pretty easy, but I’ll explain it as best I can anyway. Here is my snmpd.conf in full, notice especially the last time where we ‘extend’ snmp to include our data.

#  source          community
com2sec paranoid  default         whatever-you-like

#                sec.model
group MyROGroup   v2c        paranoid

#           incl/excl subtree                          mask
view all    included  .1                               80

access MyROGroup ""      any       noauth    exact  all    none   none

syslocation Timico Ltd
syscontact Timico Network Operations 

disk /

extend . mx-stats /bin/cat /var/run/exim4/statistics

Having configured snmpd.conf, you’ll want to test it. You can do this using the snmpwalk tool as follows.

$ snmpwalk -v2c -c your-communited  hostname.of.server  .
SNMPv2-SMI::enterprises.8607.64.1.0 = INTEGER: 1
SNMPv2-SMI::enterprises.8607. = STRING: "/bin/cat"
SNMPv2-SMI::enterprises.8607. = STRING: "/var/run/exim4/statistics"
SNMPv2-SMI::enterprises.8607. = ""
SNMPv2-SMI::enterprises.8607. = INTEGER: 5
SNMPv2-SMI::enterprises.8607. = INTEGER: 1
SNMPv2-SMI::enterprises.8607. = INTEGER: 1
SNMPv2-SMI::enterprises.8607. = INTEGER: 4
SNMPv2-SMI::enterprises.8607. = INTEGER: 1
SNMPv2-SMI::enterprises.8607. = STRING: "33"
SNMPv2-SMI::enterprises.8607. = STRING: "33
SNMPv2-SMI::enterprises.8607. = INTEGER: 8
SNMPv2-SMI::enterprises.8607. = INTEGER: 0
SNMPv2-SMI::enterprises.8607. = STRING: "33"
SNMPv2-SMI::enterprises.8607. = STRING: "95"
SNMPv2-SMI::enterprises.8607. = STRING: "13"
SNMPv2-SMI::enterprises.8607. = STRING: "54"
SNMPv2-SMI::enterprises.8607. = STRING: "0"
SNMPv2-SMI::enterprises.8607. = STRING: "0"
SNMPv2-SMI::enterprises.8607. = STRING: "19"
SNMPv2-SMI::enterprises.8607. = STRING: "19"

The useful output starts at line 22, there you can see the number 33. This is the first line in the statistics file generated by the script above, and in my case refers to ‘greylistdefer’ – the OID for this static is ‘SNMPv2-SMI::enterprises.8607.’. The first part of this OID, is ‘SNMPv2-SMI::enterprises.’, which is the textual representation of ‘.’ which we used in our snmpd.conf’s extend line. This is the typical place to extend SNMP. Next we have ‘8607.64’, which I invented. There’s a few more numbers until we see ‘’, which is ‘mx-stats’ expressed in it’s ASCII value. If you don’t understand all this, don’t worry – it’s not actually that important to know.

In part 2, I’ll go over how to configure cacti to make use of this data. Read part 2 now!

8 thoughts on “Cacti and Exim – a (mostly) complete guide – Part 1”

  1. In Part 1 I covered getting Exim statistics into SNMP. In this part I’ll walk though setting up cacti so that it can monitor your exim server. There’s various stages in setting up cacti to be able to access and graph the statistics we made avail

  2. Hi Ian,

    Thanks for these handy snippets of code. Thanks to your guide I had Exim integrated in Cacti in no time.

    I believe I have found a minor typo, causing recipient reject graphs to err ‘NaN’ when reporting on a low traffic machine like mine.
    Changeing line 77 of your perl script:
    $stats{“rcptrejectr”} = 0;
    $stats{“rcptreject”} = 0;
    fixed it.



  3. One more typo.
    There is missing “$” in
    at the of the script. It should be $$stats{“out”}.


  4. I came across this while looking for mail stats monitoring. After trying out the script above, it seems that the definition of in/out in the script may not be what some of us are expecting.

    The code as it is, by using the directional arrows in the log, count all deliveries as “out” even if it’s a local delivery which isn’t an “out” from my POV since I was trying to monitor actual outgoing (which impacts bandwidth and a sudden rise could indicate a spambot infected client)

    And similarly, all mails are counted as “in” whether it’s an incoming mail from external source or an outgoing mail i.e. sent from a local user to external domain.

    Only noted this because it seemed odd to me that I’m seeing much higher “out” than “in”.

    1. Yeah, you’re right. Depending on what you want to see, you might be better off looking for which transport/router was used for a mail, and having counters for that.

  5. thanks for your effort into writing this doc, I found the leics site before yours and realised quickly it was outdated, for old snmp and cacti, yours is updated for newer versions with more detailed docs, so much appreciated. Also it works fine, I need to adjust some of the regex I think but the cacti side of things is working perfect. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.