GREPing Maillog
Rick Cooper
rcooper at dwford.com
Wed Oct 1 18:17:00 IST 2008
Don't know about FreeBSD but plain 'ole grep -A would be what you are
looking for. grep -A 4 something maillog will return what you are looking
for plus the next four lines. If there is more than one match the matches
will be separated by a line of "---" chars. Of course you can redirect
output to a file as normal, or you can pipe through tee if you want it going
to stdout and a file(s)
Rick
_____
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Josh Kidd
Sent: Wednesday, October 01, 2008 12:00 PM
To: mailscanner at lists.mailscanner.info
Subject: GREPing Maillog
May not be the best place to submit this question but wondered if anyone had
any suggestions on how I could find an entry in my maillog and then copy
that line and the next 4 lines into a text file.
I know I can grep on the string I'm looking for, "grep Message delivery
request rate limit exceeded /var/log/maillog", but I also want to record the
statistics after that then somehow copy all of it into a file that I can
access to show me what IPs may be abusing our server (don't mind the limit
below it's low for testing). I'm using the Postfix anvil daemon to record
these statistics, that seems to be working fine but we want to know if there
is a computer that is sending out more than our pre-determined limit in case
that computer has been infected.
The server is FreeBSD 7, with Postfix, MailScanner (ClamAV and SA), and
MailWatch. The log entries I'm looking for are these.
Sep 28 17:41:24 fred postfix/smtpd[38086]: warning: Message delivery request
rate limit exceeded: 6 from unknown[10.30.0.11] for service smtp
Sep 28 17:41:24 fred postfix/smtpd[38086]: disconnect from
unknown[10.30.0.11]
Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection rate
6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24
Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection count
1 for (smtp:10.30.0.11) at Sep 28 17:41:24
Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max message rate
6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081001/21fedde4/attachment.html
More information about the MailScanner
mailing list