1

I am looking for a fast script that will parse a large mail.log, and return the portion between two specified timestamps. I would like to run it on all of my mailservers, and have them copy the relevent log portions to a central location for further analysis.

I have written something in bash that works, but is slow.

Does anybody know of anything that already exists to accomplish this - or do I need to learn perl and make something up myself?

(I am not putting this on SO, as I am not yet at the point where I want to write any code - just looking for something somebody else is already using)

Improve this question

2 Answers 2

Reset to default
7

I love awk :)

For my logs, which are in the format:

Jul 14 12:49:10 xxxxxx sendmail[31337]: ...........

I would use:

awk '$3 >= "12:00:00" && $3 <= "13:00:00" {print;}' < /var/log/maillog

Presumably you can adapt that as necessary, for instance if you don't split logs by day.

Bonus:

Apache format, which I happen to have kicking around:

xxx.xxx.xxx.xxx - - [01/Jul/2009:03:06:24 -0400] "GET /favicon.ico HTTP/1.1" 200 3638 awk '$4 >= "[01/Jul/2009:03:00:00" && $4 <= "[01/Jul/2009:04:00:00" {print;}' < access_log
Improve this answer
0

For a specific day range and to print > output-file

(I can not put as a comment in the above answer otherwise I will have done that)

HTH

awk '$2 >= "21" && $3 >= "09:00:00" && $2 >= "21" && $3 <= "11:00:10" {print > "m_range.log";}' < /var/log/m.log cat m_range.log ... Nov 21 09:00:17 mail postfix/qmgr[1694]: 1C50D276524A: from=<[email protected]>, size=2378, nrcpt=1 (queue active) ...
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.