[Tutor] parsing sendmail logs

Kent Johnson kent37 at tds.net
Mon Jul 14 12:47:15 CEST 2008


On Mon, Jul 14, 2008 at 3:29 AM, nibudh <nibudh at gmail.com> wrote:
> Hi List,
>
> I'm looking for some support libraries that will help me to parse sendmail
> logs.

Lire looks like it might be useful:
http://www.logreport.org/lire.html

> Initially I'm wanting to be able to report on who the recipients of a
> particular email where based on an email address or host.
> Another report I'm interested in creating is who sent email to a particular
> email address.
>
> These simple reports i have written already using unix tools like grep,
> sort, awk :
>
> ---
> 1. grep  'email_address' ../maillog* |awk '{print $6}' |sort -u |awk -F:
> '{print $1}' >phis.txt
> 2. for i in `cat ./phis.txt` ; do grep $i ../maillog* >>./maillog; done
> 3. grep "to=<" maillog |awk '{print $7}' |sort -u >recipients
>
> 'email _address' is user supplied and it would be nice to default to just
> maillog but to let the user specify maillog.* or maillog.[1..6]
>
> How do i go about representing the structure of the sendmail log file to my
> script. I'm imagining having to filter through the logs and building up some
> kind of data structure which i can use to report from. should this just be
> as simple as a dash of regex and str.split() ? or are there better tools
> that provide a richer framework to work within?

These should all be pretty straightforward to program in Python using
standard facilities for file reading and writing, lists and
dictionaries, and string operations. You probably don't need regular
expressions unless you want to build a regex that will find all mail
ids of interest.

To begin with I don't think you need to be parsing the log lines into
a structure. If you decide that is useful, you might want to look at
the loghetti project as a starting point. It parses web server logs
but it might be a useful model.
http://code.google.com/p/loghetti/

Kent


More information about the Tutor mailing list