[Tutor] parsing sendmail logs

nibudh nibudh at gmail.com
Tue Jul 15 02:25:08 CEST 2008 

On Tue, Jul 15, 2008 at 4:10 AM, Monika Jisswel <monjissvel at googlemail.com>
wrote:

> lire & logethy are an option.
> but if you want to go on your own I believe awk, grep, sort  are extremely
> extremely  extremely (yes 3 times !) powerfulI tools, so giving them up is a
> bad decision I guess either talking about thier speed or what they would
> allow you to do in few lines of code.

Hi monika,

You are right. awk, grep and sort etc. are extremely powerful. As a unix
sysadmin i use them everyday. I guess i'm looking for a couple of simple
projects to strengthen my python scripting. so whilst i usually look for the
best tool for the job in this case python is my hammer and everything looks
like a nail <grin>



> so  what I would advice is to  write a python program that uses them thru
> subprocess module, this way you have the best of both worlds, finaly you
> should set up some sort of database to hold your data & to have a real-time
> view of whats going on.
>

>
Initially i was thinking of writing some python scripts to do some of the
automation tasks that i have a need to do. I'll still do this because i want
to write more code to keep the practice up.

But what I'd really like to do is write some scripts that analyze my email
logs and catch anomalies and report them to me. Like someone emailing 500
recipients in a day or one external person emailing 500 of my users.

so thinking it through, my first thought was how do i get the data from the
mail logfiles into usable state for analysis?

It seems some people just break down the data with regex.

I made an assumption that because i wanted to parse (in a generic sense) the
sendmail logs then perhaps using a "parser" would be of some benefit. But
from researching this angle, there are a lot of choices and  "parser land"
has lots of terminology that i just simply don't understand yet.

I guess I'm trying to figure out what i don't know.

Any pragmatic advice on building or working with a framework to get to the
point where i can do analysis on my logs would be cool.

Cheers,

nibudh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20080715/ce19fd55/attachment-0001.htm>

More information about the Tutor mailing list