On Thu, Nov 23, 2006, Philip Hazel wrote:
>>> I'm having a problem with log parsing. I'm trying to take some
>>> assumptions, I'd like you to correct or confirm them.
>>> Field `H=' contains connecting host name. If host doesn't resolve and
>> [...]
>> your best bet is probably to read the bit of the source
>> that generates those lines -- src/deliver.c looks like it
>> from a quick grep.
> Or how about reading the documentation? There's a whole chapter called
> "Log files", which has a section called "Logging message reception". Are
> these hard to find?
They aren't hard to find. I made a mistake of asking without reading the
docs for no real reason. Sorry.
I wrote a log parser in Perl. If anyone is interested, here are
recognized switches:
-f <sender>
-r <recipient>
-s <subject> # subject header
-u <luser> # authenticated sender luser
-l <luser> # from/to luser
-h <host> # sender host name
-m <mx> # receiving host
-i <id> # message ID
-s <regexp> # any part
-a # print everything
Produces output in the following format:
mesg: [1GnH2C-0007FM-LJ] at 2006-11-23 17:02:58
conn: c182-250.icpnet.pl [85.221.182.250] P=esmtpsa HELO=enkidu.local X=TLS-1.0 A=plain:sthalik S=1275
from: <sthalik@???>; id=20061123160240.GA5985@???
subj: log parsing question
sent: <exim-users@???>; at 2006-11-23 17:02:58; H=sesame.csx.cam.ac.uk DT=14s QT=14s
It's available at <
http://tehran.lain.pl/stuff/exisearch>
I'd love to hear from those who decide to use it, as well as those who
see any room for improvements.
