[Exim] mail log parsing

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Paul Miles
Date:  
To: exim-users
Subject: [Exim] mail log parsing
Hi All,

I don't know if this will help at all, but I've knocked together a quick and
dirty perl script that parses exim's mainlog file and outputs it on one
line.

It takes optionally two arguments, the first is the name/mailbox to search
for.
The second is the path to exim mainlog. defaults to
/var/spool/exim/log/main.log


Paul Miles.
Low Cost Domain and Webhosting at www.allsecuredomain.com

====

#!/usr/bin/perl

# Quick and dirty script that parses the exim log file and generates a
# more concise format.

use strict;

my $SEARCH_USER = "undefined";
my $MSG_FILE = "/var/spool/exim/log/main.log";
if (defined($ARGV[0])) { $SEARCH_USER = $ARGV[0]; }
if (defined($ARGV[1])) { $MSG_FILE = $ARGV[1]; }

my %all_msg_hash;

open (msg_file, "< $MSG_FILE") or die "unable to open $MSG_FILE";

while (<msg_file>)
{
my $line = $_; 

  # Message sent from
  if ($line =~ /<=/)
  {
    my ($date_sent, $time_sent, $msg_id, $direction, $from) = split(/ /,
$line);
    my %msg_hash;


    # Grab any details that already exist about this mail.
    if (defined($all_msg_hash{$msg_id}))
    {
      my $tmp = $all_msg_hash{$msg_id};
      my %old_hash = %$tmp;


      $msg_hash{'id'} = $old_hash{'id'};
      $msg_hash{'date sent'} = $old_hash{'date receive'};
      $msg_hash{'time sent'} = $old_hash{'time receive'};
      $msg_hash{'from'} = $old_hash{'email'};
    }


    $msg_hash{'id'} = $msg_id;
    $msg_hash{'date sent'} = $date_sent;
    $msg_hash{'time sent'} = $time_sent;
    $msg_hash{'from'} = $from;


    $all_msg_hash{$msg_id} = \%msg_hash;
  }



  # Message being delivered to
  elsif ($line =~ /=>/)
  {
    my ($date_receive, $time_receive, $msg_id, $direction, $mailbox, $email)
= split(/ /, $line);



    my %msg_hash;


    # Grab any details that already exist about this mail.
    if (defined($all_msg_hash{$msg_id}))
    {
      my $tmp = $all_msg_hash{$msg_id};
      my %old_hash = %$tmp;


      $msg_hash{'id'} = $old_hash{'id'};
      $msg_hash{'date sent'} = $old_hash{'date sent'};
      $msg_hash{'time sent'} = $old_hash{'time sent'};
      $msg_hash{'from'} = $old_hash{'from'};
    }


    if ($mailbox =~ /^hps\+/)
    {
      $mailbox =~ s/hps\+//;
      $mailbox = $mailbox."\@homelet.co.uk";
    }
    $msg_hash{'id'} = $msg_id;
    $msg_hash{'date receive'} = $date_receive;
    $msg_hash{'time receive'} = $time_receive;
    $msg_hash{'mailbox'} = $mailbox;
    $msg_hash{'email'} = $email;


    $all_msg_hash{$msg_id} = \%msg_hash;
  }
}


close msg_file;

# Iterate through the all_msg_hash
# sort the hash of hashes

my @MyArray;

foreach my $msg_id (keys(%all_msg_hash))
{
push @MyArray, $all_msg_hash{$msg_id};
}


my @SortedArray = sort {my %aa = %$a; my %bb = %$b; $aa{'date sent'} cmp
$bb{'date sent'}} @MyArray;

# Calculate/guess the first date.
my %FirstDateHash;
my $count = 0;
while ($FirstDateHash{'date sent'} eq "")
{
my $msg_id = $SortedArray[$count];
%FirstDateHash = %$msg_id;
$count ++;
}

my $msg_id = $SortedArray[scalar(@SortedArray)-1];
my %LastDateHash = %$msg_id;

print "For the Period : $FirstDateHash{'date sent'} to $LastDateHash{'date
sent'}\n";

foreach my $msg_id (@SortedArray)
{
my %msg_hash = %$msg_id; 

  if (($SEARCH_USER eq "undefined") or ($msg_hash{'from'} =~
/$SEARCH_USER/i) or ($msg_hash{'mailbox'} =~ /$SEARCH_USER/i))
  {
    print "$msg_hash{'id'} $msg_hash{'date sent'} $msg_hash{'time sent'}
$msg_hash{'from'} => $msg_hash{'mailbox'} $msg_hash{'date receive'}
$msg_hash{'time receive'}\n";
  }


}

----- Original Message -----
From: <exim-users-request@???>
To: <exim-users@???>
Sent: Friday, August 23, 2002 4:09 PM
Subject: Exim-users digest, Vol 2 #949 - 19 msgs


> Send Exim-users mailing list submissions to
> exim-users@???
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.exim.org/mailman/listinfo/exim-users
> or, via email, send a message with subject or body 'help' to
> exim-users-request@???
>
> You can reach the person managing the list at
> exim-users-admin@???
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Exim-users digest..."
>
>


----------------------------------------------------------------------------
----


> Today's Topics:
>
>    1. Re: relaying part2 :) (zabbe)
>    2. Re: relaying part2 :) (Sheldon Hearn)
>    3. Re: relaying part2 :) (Matthew Byng-Maddick)
>    4. Re: AW: [Exim] Interesting "attack" on my exim server... (Dave C.)
>    5. file expansion (Adam Cassar)
>    6. Howto set up an internet email for a group of users ? (S. Ancelot)
>    7. mainlog deliveries parser (edouard.boucher@???)
>    8. Re: mainlog deliveries parser (Tamas TEVESZ)
>    9. Re: file expansion (Philip Hazel)
>   10. Re: mainlog deliveries parser (Philip Hazel)
>   11. exim rejecting form mail (Tony VanScoy)
>   12. RE: exim rejecting form mail (Jeff Breitner)
>   13. mailog parsing (edouard.boucher@???)
>   14. RE: mailog parsing (Jan Johansson)
>   15. Re: mailog parsing (Tamas TEVESZ)
>   16. maillog parsing (edouard.boucher@???)
>   17. Re[2]: [Exim] Documentation error - quote_ldap example (Peter A.
Savitch)
> 18. Re: maillog parsing (Tabor J. Wells)
> 19. Re: maillog parsing (Tamas TEVESZ)
>


----------------------------------------------------------------------------
----


> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##
>
>
>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] eximstatRe: [Exim] exim rejecting form mail->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)