DaemonForums  

Go Back   DaemonForums > Miscellaneous > Programming

Programming C, bash, Python, Perl, PHP, Java, you name it.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st June 2008
marco64 marco64 is offline
Real Name: Marco
Port Guard
 
Join Date: May 2008
Location: Italy
Posts: 15
Thanked 1 Time in 1 Post
Default how extract specific test from Postfix logs with PHP or Perl

Hi,
I extract (in different file) several informations from Postfix logs.

more /var/log/maillog | grep NOQUEUE > /tmp/estract.txt

this extract looks like this:
PHP Code:
Jun 21 00:37:16 PUMA postfix/smtpd[29244]: NOQUEUErejectRCPT from unknown[200.141.33.198]: 504 5.5.2 <62.123.142.124>: Helo command rejectedneed fully-qualified hostnamefrom=<bey@brainpod.comto=<52366@0email.itproto=SMTP helo=<62.123.142.124>
Jun 21 00:39:51 PUMA postfix/smtpd[29303]: NOQUEUErejectRCPT from unknown[92.47.96.48]: 504 5.5.2 <62.123.142.124>: Helo command rejectedneed fully-qualified hostnamefrom=<impeller@lissamail.comto=<52366@0email.itproto=SMTP helo=<62.123.142.124>
Jun 21 00:50:26 PUMA postfix/smtpd[29449]: NOQUEUErejectRCPT from unknown[190.244.138.229]: 450 4.1.2 <52366@0email.it>: Recipient address rejectedDomain not foundfrom=<Sascha.Taddeusz@evisibility.comto=<52366@0email.itproto=ESMTP helo=<229-138-244-190.fibertel.com.ar>
Jun 21 00:51:27 PUMA postfix/smtpd[29449]: NOQUEUErejectRCPT from unknown[190.244.138.229]: 450 4.1.2 <52366@0email.it>: Recipient address rejectedDomain not foundfrom=<Sascha.Taddeusz@evisibility.comto=<52366@0email.itproto=ESMTP helo=<229-138-244-190.fibertel.com.ar
I would like to extract the IPs. For example from:
PHP Code:
Jun 21 00:51:27 PUMA postfix/smtpd[29449]: NOQUEUErejectRCPT from unknown[190.244.138.229]: 450 4.1.2 <52366@0email.it>: Recipient address rejectedDomain not foundfrom=<Sascha.Taddeusz@evisibility.comto=<52366@0email.itproto=ESMTP helo=<229-138-244-190.fibertel.com.ar
I want 190.244.138.229 for furthere handling.

Started to handle it with a PHP script but this is not solved and is becoming a time-consuming job. Though that maybe there is something ready-to-use or a good advice could help.
Reply With Quote
  #2   (View Single Post)  
Old 21st June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
Spam Deminer
 
Join Date: Apr 2008
Location: NYC
Posts: 298
Thanked 31 Times in 25 Posts
Default

Hrrm, this will work, but boy is it ugly.
Code:
cat /var/log/maillog |grep reject|awk -F : '{print $6}'|cut -d [ -f 2|cut -d ] -f 1
explanation in case you're not familiar with these commands (and for newcomers who find this thread, so the explanation will cover things you know.)

cat /var/log/maillog just echoes the whole maillog. Then it's piped to grep reject, only getting the lines that have reject in them.
Then, send that to awk, using a : as a delinator. (After some experimentation, that seemed the easiest and got the least amount of extra stuff.) Get the 6th field which gives us
RECEIPT from unknown[78.93.134.157]
Then, using cut (at this point, there's probably a better way to just get the numbers, but it's early in the morning) using [ as delinator and taking the second field, which gives us the 78.93.134.157 with the ] on the end. The last pipe to cut gets rid of that.

There has to be a better way, and I'm sure one of the more skilled people will have a suggestion, but this could get you started. I can't think clearly yet.

Edit: I know you said php or perl, but I don't know either of them. I have a feeling perl would be the best choice.
Reply With Quote
  #3   (View Single Post)  
Old 21st June 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

perl -ne 'print "$1\n" if /NOQUEUE:.*?\[(\d+?\.\d+?\.\d+?\.\d+?)\]/' /var/log/maillog

Last edited by ephemera; 21st June 2008 at 12:40 PM.
Reply With Quote
  #4   (View Single Post)  
Old 21st June 2008
marco64 marco64 is offline
Real Name: Marco
Port Guard
 
Join Date: May 2008
Location: Italy
Posts: 15
Thanked 1 Time in 1 Post
Default

Tks to both.
Will use the second one that I can even schedule with a cron job. TKU

Ciao
Marco
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Script to test whether an IP address has been listed in a DNSBL J65nko Guides 9 12th March 2013 04:40 PM
scompat extract failed rtwingfield FreeBSD Ports and Packages 2 22nd June 2009 05:15 PM
test port connection carpman FreeBSD Security 5 9th February 2009 11:12 AM
tftp logs syrushcw FreeBSD General 1 25th June 2008 04:06 PM
How do I get network logs? Johnny2Bad FreeBSD General 2 22nd May 2008 05:37 PM


All times are GMT. The time now is 05:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick