OT: Sendmail Log Search Engine

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Wed Jun 23 16:41:23 IST 2004 

Rose, Bobby wrote:

>I'm curious if anyone knows of a pseudo sendmail log search engine type
>app.  There are lots of log analyzers but what I'm looking for is a
>better way to search the logs for particular messages.  Currently, it's
>a case of grepping for the sender, getting the message ID's and grepping
>each one until I found the one I'm looking for to see all the log
>entries for that message ID.  It would be easier and quicker with a gui
>where you enter the address, get a list of hyper-linked messages Ids
>that when clicked give the details.
>
>I don't have a problem continuing to use grep techniques but it would be
>nice if I could just dump this task off to our helpdesk people.
>
>So anyone seen something like this out there?
>
>Thanks
>-=Bobby
>  
>
Bobby,

I wrote the following (pretty ugly) script that does the grepping for 
you.  It uses the following Perl modules:
Getopt::Long
Pod::Usage

$ ./search-maillog -h
Usage:
    search-maillog [--maillog /path/to/maillog] [--debug] pattern1 ...
  or
    search-maillog [--help]

Options:
    --maillog /path/to/maillog
        Use this maillog file instead of the active one.

    --debug
        Print debug messages while searching.

    --help
        show usage information

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045


-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
#!/usr/bin/perl -w

use strict;

######################################################################
#
# File: search-maillog
#
# By:   Denis Beauchemin, STI
# Date: 2003-10-28
#
######################################################################
#
# $Id: search-maillog,v 1.1 2003/11/27 18:52:06 bead2306 Exp $
#
# $Log: search-maillog,v $
# Revision 1.1  2003/11/27 18:52:06  bead2306
# Added search-log
#
# Revision 1.2  2003/11/21 20:33:43  root
# Version initiale pour linback
#
######################################################################
#
# This program used to read the maillog file by itself but performance
# was abysmal!!!
#
# It now leaves the searching to experts: e?grep
#
######################################################################

=head1 NAME

search-maillog - searches the maillog file for patterns

=head1 SYNOPSIS

B<search-maillog> [B<--maillog /path/to/maillog>] [B<--debug>] B<pattern1 ... >
  or
B<search-maillog> [B<--help>]

=head1 DESCRIPTION

B<search-maillog> searches the maillog for the patterns listed on the command
line; it returns all matching lines and all related lines (all lines with the
same sendmail ID).

=head1 OPTIONS

=over 4

=item B<--maillog /path/to/maillog>

Use this maillog file instead of the active one.

=item B<--debug>

Print debug messages while searching.

=item B<--help>

show usage information

=head1 DIAGNOSTICS

=over 4

=item Cannot open maillog

(E) Error while reading from a pipe from the grep command

=back

=head1 AUTHOR

Denis Beauchemin, STI

=cut

######################################################################

use Getopt::Long;

my( $optDebug, $optMaillog, $optHelp ) = ( 0, "/var/log/maillog", 0 );

MAIN: {
    GetOptions( 'debug' =>     \$optDebug,
                'maillog=s' => \$optMaillog,
                'help' =>      \$optHelp,
              );

    if ( $optHelp ) {
        use Pod::Usage;

        pod2usage( {
            -exitval => 0,
            -verbose => 1,
        } );
    }

    # Sanitize environment
    $ENV{PATH} = "/bin:/usr/bin";
    $ENV{BASH_ENV} = "";

    my @matched = ();
    my $searchPattern = join '|', @ARGV;
    # Use grep to find matching lines
    open MAILLOG, "egrep -i \" sendmail.*?($searchPattern)\" $optMaillog |" or die "Cannot open a pipe from grep in $optMaillog";
    while ( my $logLine = <MAILLOG> ) {
        ( my $sendmailID = $logLine ) =~ s/^.*sendmail\[\d+\]: (\w+): .*$/$1/;
        unless ( grep /$sendmailID/, @matched ) {
            chomp( $sendmailID );
            push @matched, $sendmailID;
            print "Found <$sendmailID>\n" if ( $optDebug );
        }
    }
    close MAILLOG;

    # Now build the new search pattern with sendmail IDs
    $searchPattern = join '|', @matched;
    if ( $optDebug ) {
        print "=== Found: $searchPattern\n";
    }

    exit if ( $searchPattern eq "" );

    # Call egrep for final search
    system( "egrep \"$searchPattern\" $optMaillog " );
}

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list