堆栈内存溢出
  简体   繁体   English

如何使用awk从特定中继中提取Postfix日志中的所有对话?

[英]How can I extract all conversations in a Postfix log from a particular relay using awk?

 原文  2010-11-18 04:57:36       regex/ awk/ postfix-mta

问题描述

I am trying to extract the from address from the sending relay IP address in a postfix log file 我正在尝试从Postfix日志文件中的发送中继IP地址提取发件人地址

Any ideas??? 有任何想法吗???

Much appreciated for any help 非常感谢您的帮助

Ken 

Nov 16 00:05:10 mailserver pfs/smtpd[4365]: 925D54E6D9B: client=client1[1.2.3.4]   
Nov 16 00:05:10 mailserver pfs/cleanup[4413]: 925D54E6D9B: message-id=<11414>    
Nov 16 00:05:10 mailserver pfs/qmgr[19118]: 925D54E6D9B: from=<11414@localhost>, size=40217, nrcpt=1 (queue active)    
Nov 16 00:05:10 mailserver pfs/smtp[4420]: 925D54E6D9B: to, relay=[1.3.5.7]:25, delay=0.02, delays=0.02/0/0/0, dsn=5.0.0, status=bounced (host [1.3.5.7] refused to talk to me: 550 Please remove this address from your list)   
Nov 16 00:05:10 mailserver pfs/bounce[4310]: 925D54E6D9B: sender non-delivery notification: 972E34E6D9F   
Nov 16 00:05:10 mailserver pfs/qmgr[19118]: 925D54E6D9B: removed

2 个解决方案

解决方案1
 0  2010-11-18 05:54:12

Hmm, if you just want to collect the from and relay fields with their display bling, you could use this: 嗯,如果你只是想收集,并用它们的显示金光闪闪继电器领域,你可以这样做: 

/: from=/ { lastFrom = $7 }
/relay=/ { print lastFrom, $8 }

If you really want to extract the core addresses, it gets slightly more complex... 如果您真的要提取核心地址,它将变得稍微复杂一些。 

/: from=/ { lastFrom = $7 }
/relay=/ {
  r = $8
  gsub(/from=</, "", lastFrom)
  gsub(/>,*/, "", lastFrom)
  gsub(/relay=\[/, "", r)
  gsub(/\].*/, "", r)
  print lastFrom, r
}

$ awk -f mail2.awk mail.dat
11414@localhost 1.3.5.7

As usual, these solutions work in both The One True Awk as well as gawk. 与往常一样,这些解决方案可在The One True Awk和gawk中使用。

解决方案2
 0  2010-11-27 08:11:45

$7 ~ /^from=,$/ {
    from[$6] = substr($7, 7, length($7) - 8)
} 
$8 ~ /^relay=\[/ { 
    if (substr($8, "[1.3.5.7]")) 
        print from[$6]
    delete from[$6]}
}

Each time a from-recording line is seen, this saves it in an associative array, indexed by the queue ID of the message. 每次看到一条来自记录的行,这会将其保存在一个关联数组中,该数组由消息的队列ID索引。 When a relay line is seen, if it's for the relay you're interested in the associated from line is printed. 当看到中继线时,如果它是用于中继的,则您对关联的from行感兴趣。 substr() is used just so you don't have to \\-escape all of the metacharacters - "[", "]", ".". 使用substr()只是这样,您不必\\-转义所有元字符-“ [”,“]”,“。”。 Whether it's a relay you're interested in or not, the from data is cleaned up so that the array doesn't grow without bounds. 无论您是否对中继感兴趣,都会清理from数据,以便数组不会无限制地增长。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用awk从特定客户端提取Postfix日志中的所有会话? - How can I extract all conversations in a Postfix log from a particular client using awk? 如何使用sed,awk或grep从HTML表格单元格中提取数据? - How can I extract data from HTML table cells using sed, awk, or grep? 如何使用Unix / Awk / grep提取此特定字符串 - How to extract this particular string using Unix/Awk/grep 使用“ awk”从日志文件中提取特定的XML模式 - Extract specific XML pattern from log file using 'awk' 使用正则表达式提取对话 - Extract conversations using regex 使用bash或sed或awk从文件的字符串(以特定格式)中提取子字符串 - Extract substring from strings (in a particular format) from a file using bash or sed or awk 从文件中提取特定字符串,然后使用grep,awk,sed输出到另一个文件 - Extract a particular string from a file and output to another file using grep, awk, sed 使用 awk 提取所有 email - Extract all email in line using awk 如何从awk结果中提取文本? - How do I extract text from awk results? 如何使用正则表达式从输入字符串中提取所有非字母数字字符? - How can I extract all non-alphanumeric characters from an input string using Regular Expressions?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM