On Sun, Sep 13, 2009 at 2:16 PM, alexandre <alxgomz@???> wrote:
> This is part of a regex that I wrote for a python script.
> You'll certainly need to adapt it for perl and complete it for your own
> mailservers/network but may be a good start.
> As is, IP is the 3rd subgroup of th regex.
>
> 'Received:\ from\ ([\[\w\-_]+\.)*\w+\]?\s*\(([\w\-\_]+\.)*\w*\s*
> \[((\d{1,3}\.){3}\d{1,3})\]\)\s+by\s+'
Is long as the IP address reverse resolves, it will be the third
group. If the host does not reverse resolve, then there will only be
two groups. In my log parsing script, I use this:
my $host_in3_regex='(\S+) \([\w.]+\)( \[[\d.]+\])';
my $host_in2_regex='\(\S+\) (\[[\d.]+\])';
my $host_out2_regex='(\S+ \[[\d.]+\])\*?';
my $host_in2b_regex=$host_out2_regex;
In the first, I capture the hostname, reverse hostname, and IP
separately. In the second I capture the hostname and IP separately.
In the last one, I capture the hostname and IP together (has to do
with how I stuff it in the database).
--
Regards... Todd
