[Tutor] parsing sendmail logs

nibudh nibudh at gmail.com
Mon Jul 14 09:29:16 CEST 2008 

Hi List,

I'm looking for some support libraries that will help me to parse sendmail
logs.

I'm confused about whether i need a "parser" per se, and if i do which
parser to use. I found this website
http://nedbatchelder.com/text/python-parsers.html which compares a slew of
python parsers.

Initially I'm wanting to be able to report on who the recipients of a
particular email where based on an email address or host.
Another report I'm interested in creating is who sent email to a particular
email address.

These simple reports i have written already using unix tools like grep,
sort, awk :

---
1. grep  'email_address' ../maillog* |awk '{print $6}' |sort -u |awk -F:
'{print $1}' >phis.txt
2. for i in `cat ./phis.txt` ; do grep $i ../maillog* >>./maillog; done
3. grep "to=<" maillog |awk '{print $7}' |sort -u >recipients

'email _address' is user supplied and it would be nice to default to just
maillog but to let the user specify maillog.* or maillog.[1..6]

I whipped these up in a few minutes.
'phis.txt' contains a unique list of message ID's
'maillog' is a filtered raw log of matching lines based on the message ID's.
'recipients' gives me a list of email addresses, sometimes with multiple
email addresses on one line comma separated.
---

I really want to just tidy this up into a python script as a programming
exercise.

so that's the background.

How do i go about representing the structure of the sendmail log file to my
script. I'm imagining having to filter through the logs and building up some
kind of data structure which i can use to report from. should this just be
as simple as a dash of regex and str.split() ? or are there better tools
that provide a richer framework to work within?

I would love to extend or write further scripts to analyze the logs and pick
up things like someone suddenly emailing to 500 people. but crawling before
running seems like the order of the day.

Cheers,

nibudh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20080714/3a4b2679/attachment.htm>

More information about the Tutor mailing list