Fetch the particular columns in Postfix /var/log/maillog

1
votes

I'm using Postfix in my local.I'm writing a script to fetch the deferred/bounced mail report for daily basis.If I'm correct,usually logs are printed like columns in log file.

My proposal is I want to grep the previous day's "to","status","said" and it's Message for example "said: 550 Invalid Recipient".And the thing is the same log is printed several times,But i need to grep any one of similar logs from all.

Feb 13 13:40:35 ganga11 postfix/smtp[12098]: 3371F2BF52: to=, relay=none, delay=1.2, delays=0.84/0.01/0.27/0.07, dsn=5.1.1, status=bounced (host said: 550 5.1.1 Recipient not found. http://x.co/irbounce (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[6923]: 3371F2BF52: to=, relay=none, delay=1.5, delays=0.84/0/0.46/0.19, dsn=5.0.0, status=bounced (host said: 550 No such user ( [email protected] (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[29489]: 3371F2BF52: to=, relay=none, delay=1.3, delays=0.84/0.01/0.38/0.1, dsn=5.0.0, status=bounced (host said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

Feb 13 08:14:45 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to aaaaaa.co.in Connection refused)

Feb 13 13:40:36 ganga11 postfix/smtp[6940]: 3371F2BF52: to=, relay=none, delay=2.3, delays=0.84/0.01/0.17/1.3, dsn=5.1.1, status=bounced (host said: 550 5.1.1 Recipient not found. http://x.co/irbounce (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[6923]: 3371F2BF52: to=, relay=none, delay=1.5, delays=0.84/0/0.46/0.23, dsn=5.0.0, status=bounced (host said: 550 No such user ([email protected]) (in reply to RCPT TO command))

Feb 13 04:14:24 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to xyzz.com Connection refused)

Feb 13 17:14:11 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to bbbbb.com Connection refused)

1
postfix-mtalogfilepostfixlogfileslogfile-analysis
Hi kometen, I have tried with sed,awk and grep,But I cannot find the proper command. This is the one that seemed somewhat but fetches all logs. awk -F, '{print $7 $12}' /home/samplelog.txt | awk -F\ f=14 -v t=25 '{for(i=14;i<=t;i++) printf("%s%s",$i,(i==t)?"\n":OFS)}' |sort|uniqNarasimman
I suggest you use grep to get the lines you want and and pipe it to cut to extract the columns with the -f parameter and using space as delimiter. Somewhere like 'grep "foo|bar|baz" | cut -d " " -f 1,2,3'. serverfault.com is a better place to ask.kometen

1 Answers

2
votes

Here's something that may help you.

cat mail.log | grep "postfix/smtp" | grep -P 'status=(?!sent)' | 
sed "s/^.*: \(.\+\):.* to=<\(.\+\)>.* status=\([^ ]\+\) (\(.*\))$/[\1] <\2> \3: \4/" |
sort | uniq

grep "postfix/smtp" filters SMTP related messages.

grep -P "status=(?\!sent)" filters messages that have status other than sent.

sed ... extracts queue id, recipient address, status and remainings as a status message.

sort | uniq filters duplicate entries.