extract message-id's from logfile
Hi! bit offtopic, but maybe it's easy and someone is able to drop me the *magic* snippet of code: My logile looks like: Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 - AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML _ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost= mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447 [EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost =mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED] hikoi.com,bayes=1.66533453693773e-16,autolearn=no ... i do need to extract the message-id's from there to get the following list: [EMAIL PROTECTED] [EMAIL PROTECTED] How to realize ?? Any skilled grep'ers / awk'ers / sed'ers alive here ? Ove Starckjohann
Re: extract message-id's from logfile
PERL: #!/usr/bin/perl while(STDIN) { if(/mid=(.*)/) { print $1\n; } } cat spamd.log | whatever you name above perl script will give you all of your 'mid' (message ids) from the spamd.log file (or whatever you call you spam log file for SA). Starckjohann, Ove wrote: Hi! bit offtopic, but maybe it's easy and someone is able to drop me the *magic* snippet of code: My logile looks like: Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 - AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML _ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost= mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447 [EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost =mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED] hikoi.com,bayes=1.66533453693773e-16,autolearn=no ... i do need to extract the message-id's from there to get the following list: [EMAIL PROTECTED] [EMAIL PROTECTED] How to realize ?? Any skilled grep'ers / awk'ers / sed'ers alive here ? Ove Starckjohann
RE: extract message-id's from logfile
Starckjohann, Ove wrote: Hi! bit offtopic, but maybe it's easy and someone is able to drop me the *magic* snippet of code: My logile looks like: Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 - AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML _ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost= mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447 [EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost =mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED] hikoi.com,bayes=1.66533453693773e-16,autolearn=no ... i do need to extract the message-id's from there to get the following list: [EMAIL PROTECTED] [EMAIL PROTECTED] How to realize ?? Any skilled grep'ers / awk'ers / sed'ers alive here ? Perl'ers? Use grep or whatever to find the right lines and then pipe it to a perl script like this: grep (whatever) maillog | perl -ne 'if (/mid=([^]+)/) { print $1\n }' -- Bowie