Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exim mail log parser 1

Status
Not open for further replies.
nixxbg

nixxbg

Technical User
Aug 14, 2009
4
BG
Hi,

I am looking for a relatively simple Perl script that can parse the Exim mainlog file and outputs the entries matching a certain criteria such as username or email address.

So far I have been able to find exigrep and exim-analyzer, but they seem to be way too complicated and serve different purpose.

What I need is a script that takes the username or email address as a parameter, parses the exim_mainlog, compares the lines that contain the username/email address to a bunch of key words such as "blacklisted" or "as SPAM", etc. and outputs the results in the following manner:

date time - email_address (or username) - error (based on the keywords) - Suggested solution

Best regards,
Nixx
 
Sort by date Sort by votes
nixxbg said:
I am looking for a relatively simple Perl script ...
Click to expand...

The purpose of this forum is generally to help people write their own scripts, not supply them.

Have you attempted to write this relatively simple script yet? If so, where are you stuck? Some sample input data may help since not everyone uses exim.

Annihilannic.
 
Upvote 0 Downvote
Hello Annihilannic,

Your remark is reasonable. I do have to write my own script and by no means have I tried to ask someone to do that for me by posting this thread. I apologize if I have left such an impression with it.

So far I have managed to do that following:

#! /usr/bin/perl -w
use strict;

my $search_user = "undefined";
my $mlog = '/var/log/exim_mainlog';
my %k_words = ('as spam' => 'Tagged as Spam by SA',
'as NOT spam' => 'Accepted as NOT Spam',
'spamcop.net' => 'Blocked by Spamcop',
'\.autorespond' => 'Mail autoresponded to',
'rejected RCPT' => 'rejected RCPT',
'Retry time' => 'Retry time not yet reached',
'relay not permitted' => 'Attempted Relay',
'Host is ratelimited' => 'Rate Limited Hosts');

if (defined($ARGV[0])) { $search_user = $ARGV[0]; }

open (MLOG, "< $mlog") or die "unable to open $mlog";

while (<MLOG>){
my $line = $_;
my @MyArray;
foreach ($search_user){
foreach my $reason (keys %k_words){
if ($line =~ /$reason/ && $line =~ /$search_user/){
push @MyArray, $line;
}
}
}
print @MyArray;
}

If I run the script in its current state, it parse the Exim log and stores the lines, which contain references to both the search pattern and one of the keywords into an array called @MyArray.

A sample line of the Exim log looks like this:

2009-08-17 05:32:05 1McIQW-0001Pt-QL == root@somehost.net R=localuser T=local_delivery defer (-52): Retry time not yet reached

What I have not figured out yet is how to print such a line from @MyArray in the above mentioned manner, i.e.:

date time - email_address (or username) - error (based on the keywords) - Suggested solution.

The date and time are always logged in the Exim log first, which means that I should be able to cut the first 20 characters of each line and print them out. The search pattern has its own variable and I should be able to print it easily too. However the k_word that is contained in each line is what I am having problems with. It seems that I have to cycle the @MyArray again in some way in order to be able to determine the key word in each line and print it out.

Best regards,
Nixx
 
Upvote 0 Downvote
at this point
Code: 
       foreach my $reason (keys %k_words){            if ($line =~ /$reason/ && $line =~ /$search_user/){                push @MyArray, $line;            }        }
change it to
Code: 
       foreach my $reason (keys %k_words){ if ($line =~ /$reason/ && $line =~ /$search_user/){   
my @data = split(/\s+/, $line);             
push @MyArray, "$data[0] $data[1] $data[4] $k_words{$reason}";            
}        
}

There's not much in the way of output to verify that will work, but you should get the idea.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[noevil]
Travis - Those who say it cannot be done are usually interrupted by someone else doing it; Give the wrong symptoms, get the wrong solutions;
 
Upvote 0 Downvote
Hello Travs69,

Not only that it works, but it works exactly as I need it to. Thank you so very much Travs69 :) You saved my day! Cheers :)

Nixx
 
Upvote 0 Downvote
Hi

Here on Tek-Tips we used to thank for the received help by giving stars. Please click the

* [navy]Thank travs69
for this valuable post![/navy]

at the bottom of travs69's post. That way you both show your gratitude and indicate this thread as helpful.

Feherke.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mayur09
  • Locked
  • Question
Logon server detail
Replies
0
Views
148
Mayur09
Mayur09
whn
  • Locked
  • Question
Construct a hash from a log file. 2
Replies
11
Views
202
whn
whn
mmiah1982
  • Locked
  • Question
Extract out of Log file 1
Replies
10
Views
264
mmiah1982
mmiah1982
PinkeyNBrain
  • Locked
  • Question
Reading Event Logs in Win2008 2
Replies
1
Views
109
PinkeyNBrain
PinkeyNBrain
drimades
  • Locked
  • Question
Question on get_tag usage (HTML::Toke::Parser)
Replies
0
Views
104
drimades
drimades

Part and Inventory Search

Sponsor

Back
Top