> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abusix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Running the Comparison Tool

> Instructions for executing the Guardian Mail Comparison Tool in logfile or real-time mode to generate DNSBL performance reports and CSV-based analysis of IP blocklist coverage.

## **Running the Tool**

To use this mode, run the “Comparison Tool” by passing in the API\_KEY for querying Guardian Mail (which can be found at [app.abusix.com](http://app.abusix.com)), along with the [DNS](https://abusix.com/glossary/domain-name-system/) list you wish to compare against and the file containing the [IP](https://abusix.com/glossary/internet-protocol-address/) addresses to check.

Each lookup will result in the tool outputting a log line in CSV (comma-separated values) format, which can be later analyzed. Therefore, you need to redirect stdout to a CSV file.

**Example:**

```
$ ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.com ips_to_test > results.csv
Processed 27907 items
Processed 28104 items
Processed 28261 items
Processed 28367 items
Processed 28505 items
                             Blocked     %     Unique     % Blocked WL     %
Guardian Mail       21125  74.1      20234  95.8          0   0.0
bb.barracudacentral.org         1139   4.0        248  21.8          0   0.0
```

As shown above, the tool periodically outputs the number of completed lookups. Once finished, it provides a summary table and exits. The summary table includes the following fields:

| Field      | Description                                                                                                                                                                                                                                          |
| :--------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Blocked    | The number of [IPs](https://abusix.com/glossary/intrusion-prevention-systems/) found to be listed in the [blocklist](https://abusix.com/glossary/real-time-blocklist/), along with the percentage.                                                   |
| Unique     | The number of [IPs](https://abusix.com/glossary/intrusion-prevention-systems/) where the [IP](https://abusix.com/glossary/internet-protocol-address/) was only found to be listed on one list and not the other, along with the percentage.          |
| Blocked WL | The comparison list shows the number of listed [IPs](https://abusix.com/glossary/intrusion-prevention-systems/) that were found to be listed in the Guardian Mail [Whitelist](https://abusix.com/glossary/welcome-list/), along with the percentage. |

The “results.csv” file can be loaded into most spreadsheet applications. By using “Auto Filter,” you can analyze all of the results to look for false positives and investigate the results of the lookups.

## **Real-time/Streaming Mode**

One drawback of using the comparison tool with log files is that it only provides a simple way to compare Guardian Mail with another [blocklist](https://abusix.com/glossary/real-time-blocklist/). It does not replicate what would happen if you were to add Guardian Mail to your [SMTP](https://abusix.com/glossary/simple-mail-transfer-protocol/) server. To address this, we added real-time/streaming mode.

To use this mode, you must extract the [IP](https://abusix.com/glossary/internet-protocol-address/) addresses hitting your [MTAs](https://abusix.com/glossary/mail-transfer-agent/) in real-time. This can be done using UNIX commands such as “tail” and “grep” for a single node or system with a centralized log server. The requirement is that the extraction tool can extract one [IP](https://abusix.com/glossary/internet-protocol-address/) per line.

In real-time/streaming mode, UNIX pipes extract the necessary data, and then the comparison tool is placed at the end of the pipe. Use ‘-‘ as the filename to tell the tool to read input from stdin instead of a file.

For example, this is how to extract the necessary data from a Postfix log:

```
$ tail -f /var/log/mail.log | grep --line-buffered -P '\bconnect from\b' | grep --line-buffered -Po '\d+\.\d+\.\d+\.\d+' | ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.org - > results.csv
Processed 696 items, errors 0, cache hits 0, queue length 115


                               Count     %     Unique     % Blocked WL     %
Guardian Mail         663  95.3        240  36.2          0   0.0
bb.barracudacentral.org          423  60.8          0   0.0          0   0.0
Not Listed                        33     -          -     -          -     -
```

💡

**Tip:** If you use the GNU “grep” command, add the “–line-buffered” option to make grep flush its output on each line rather than buffering it. This ensures that the [DNS](https://abusix.com/glossary/domain-name-system/) lookups are dispatched immediately and spreads the [DNS](https://abusix.com/glossary/domain-name-system/) lookup load more efficiently.