stackoom
  简体   繁体   中英

How can I extract all conversations in a Postfix log from a particular relay using awk?

 原文  2010-11-18 04:57:36       regex/ awk/ postfix-mta

Question

I am trying to extract the from address from the sending relay IP address in a postfix log file

Any ideas???

Much appreciated for any help

Ken 

Nov 16 00:05:10 mailserver pfs/smtpd[4365]: 925D54E6D9B: client=client1[1.2.3.4]   
Nov 16 00:05:10 mailserver pfs/cleanup[4413]: 925D54E6D9B: message-id=<11414>    
Nov 16 00:05:10 mailserver pfs/qmgr[19118]: 925D54E6D9B: from=<11414@localhost>, size=40217, nrcpt=1 (queue active)    
Nov 16 00:05:10 mailserver pfs/smtp[4420]: 925D54E6D9B: to, relay=[1.3.5.7]:25, delay=0.02, delays=0.02/0/0/0, dsn=5.0.0, status=bounced (host [1.3.5.7] refused to talk to me: 550 Please remove this address from your list)   
Nov 16 00:05:10 mailserver pfs/bounce[4310]: 925D54E6D9B: sender non-delivery notification: 972E34E6D9F   
Nov 16 00:05:10 mailserver pfs/qmgr[19118]: 925D54E6D9B: removed

2 answers

solution1
 0  2010-11-18 05:54:12

Hmm, if you just want to collect the from and relay fields with their display bling, you could use this: 

/: from=/ { lastFrom = $7 }
/relay=/ { print lastFrom, $8 }

If you really want to extract the core addresses, it gets slightly more complex... 

/: from=/ { lastFrom = $7 }
/relay=/ {
  r = $8
  gsub(/from=</, "", lastFrom)
  gsub(/>,*/, "", lastFrom)
  gsub(/relay=\[/, "", r)
  gsub(/\].*/, "", r)
  print lastFrom, r
}

$ awk -f mail2.awk mail.dat
11414@localhost 1.3.5.7

As usual, these solutions work in both The One True Awk as well as gawk.

solution2
 0  2010-11-27 08:11:45

$7 ~ /^from=,$/ {
    from[$6] = substr($7, 7, length($7) - 8)
} 
$8 ~ /^relay=\[/ { 
    if (substr($8, "[1.3.5.7]")) 
        print from[$6]
    delete from[$6]}
}

Each time a from-recording line is seen, this saves it in an associative array, indexed by the queue ID of the message. When a relay line is seen, if it's for the relay you're interested in the associated from line is printed. substr() is used just so you don't have to \\-escape all of the metacharacters - "[", "]", ".". Whether it's a relay you're interested in or not, the from data is cleaned up so that the array doesn't grow without bounds.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I extract all conversations in a Postfix log from a particular client using awk? How can I extract data from HTML table cells using sed, awk, or grep? How to extract this particular string using Unix/Awk/grep Extract specific XML pattern from log file using 'awk' Extract conversations using regex Extract substring from strings (in a particular format) from a file using bash or sed or awk Extract a particular string from a file and output to another file using grep, awk, sed Extract all email in line using awk How do I extract text from awk results? How can I extract all non-alphanumeric characters from an input string using Regular Expressions?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM