*nice* maillog output

|TF20|Shockwave shockwave at clan-tf20.com
Tue Jun 22 20:14:14 UTC 2004 

----- Original Message ----- 
From: "Craig Tinson" <craig at 8010.co.uk>
To: <fedora-list at redhat.com>
Sent: Tuesday, June 22, 2004 3:25 PM
Subject: *nice* maillog output


> this is probably asking a bit much.. but no harm in asking..
>
> I currently have a spare 14" monitor connected to the mail server so I
> can monitor whats going on..
>
> it is permanently running the following:
>
> tail -f /var/log/maillog | grcat conf.log
>
> this displays the following in various colors:
>
> Jun 22 20:19:26 www spamd[19421]: processing message
> <200406222219.09205.blogs at joe.com> for craig at 8010.co.uk:510.
> Jun 22 20:19:27 www spamd[19421]: clean message (-4.8/5.0) for
> craig at 8010.co.uk:510 in 1.4 seconds, 3206 bytes.
> Jun 22 20:20:20 www spamd[2904]: connection from localhost.localdomain
> [127.0.0.1] at port 33969
> Jun 22 20:20:20 www spamd[19441]: processing message
> <200406221521.59668.joe at blogs.com> for craig at 8010.co.uk:510.
> Jun 22 20:20:23 www spamd[19441]: clean message (-3.9/5.0) for
> craig at 8010.co.uk:510 in 2.1 seconds, 3484 bytes.
>
>
> etc etc
>
> this is more info than I need and just clutters up (and wraps around) on
> the 14" monitor..
>
> is there an obvious/easy way to trim it.. for example:
>
> Jun 22 - (20:19:26) Mail From: <someone at somedomain.com> to
> <craig at 8010.co.uk> (Clean)
> Jun 22 - (20:20:30) Mail From: <someone at somedomain.com> to
> <craig at 8010.co.uk> (Spam)
>
> colored and columned?
>
> I know this is asking a bit much.. but thought I'd ask...
>
> Cheers
>
> Craig
>

You can always try using awk, sed, and grep to manipulate the output stream.
Here's something to get you started:

tail /var/log/maillog | awk '{print $1" "$2" - ("$3")"}'

Awk can automatically separate elements of a line when they are separated by
whitespace.  The first element is referred to as $1, the second $2, etc.
The above command will print out the date like you wanted:

Jun 22 - (20:20:30)

Use quotation marks to create static values in the output.  Grep will allow
you to easily select lines that you want in the output but you'll have to be
sure you accurately identify only those lines you want.  It can also be used
in the format "grep -v" to output everything BUT the pattern that follows.
You can pipe the stream though grep first to limit the lines you process
like this:

tail /var/log/maillog | grep message | grep -v sent | awk '{print $1" "$2" -
("$3")"}'

The above will only process lines that have the word "message" in them and
also don't contain the word "sent".  The solution you will need will really
depend on how many different types of line formats you need to process and
how different they are from one another with respect to the relative
positions of the pieces of the line you want to use.  If the types of lines
you are looking to extract are too different, then this apporach won't work
too well.  At that point you might want to look into using something like
Perl which was built for tasks like this.

Another useful command to use is sed, but regular expressions are a bit more
complicated and difficult to cover adequately in an email message.
Basically, they allow extremely complex pattern matching and replacement
once you learn the syntax.  Again, your success rate will depend on the
relative differences between line formats.  If you do some digging and look
up these commands, you'll find some really cool stuff even if it doesn't
help with this particular problem.

I hope this helps.  :)


Shockwave

More information about the fedora-list mailing list