Re: [exim] log parsing question

Top Page
Delete this message
Reply to this message
Author: Stanislaw Halik
Date:  
To: exim-users
Subject: Re: [exim] log parsing question
On Thu, Nov 23, 2006, Philip Hazel wrote:
>>> I'm having a problem with log parsing. I'm trying to take some
>>> assumptions, I'd like you to correct or confirm them.


>>> Field `H=' contains connecting host name. If host doesn't resolve and
>> [...]


>> your best bet is probably to read the bit of the source
>> that generates those lines -- src/deliver.c looks like it
>> from a quick grep.


> Or how about reading the documentation? There's a whole chapter called
> "Log files", which has a section called "Logging message reception". Are
> these hard to find?


They aren't hard to find. I made a mistake of asking without reading the
docs for no real reason. Sorry.

I wrote a log parser in Perl. If anyone is interested, here are
recognized switches:

   -f <sender>
   -r <recipient>
   -s <subject>    # subject header
   -u <luser>      # authenticated sender luser
   -l <luser>      # from/to luser
   -h <host>       # sender host name
   -m <mx>         # receiving host
   -i <id>         # message ID
   -s <regexp>     # any part
   -a              # print everything


Produces output in the following format:

mesg: [1GnH2C-0007FM-LJ] at 2006-11-23 17:02:58
conn: c182-250.icpnet.pl [85.221.182.250] P=esmtpsa HELO=enkidu.local X=TLS-1.0 A=plain:sthalik S=1275
from: <sthalik@???>; id=20061123160240.GA5985@???
subj: log parsing question
sent: <exim-users@???>; at 2006-11-23 17:02:58; H=sesame.csx.cam.ac.uk DT=14s QT=14s

It's available at <http://tehran.lain.pl/stuff/exisearch>

I'd love to hear from those who decide to use it, as well as those who
see any room for improvements.