Hi monks,

Here is the task:
There is a Postfix mail log over 20 megabytes. You should write a perl5 script that will parse it and print results out.

Parsing: The script tracks one particular message in the log file. There are 3 parameters passed to the script: time interval(its' start and end), 'message-id', 'from' or 'to' message parameter's value. The script should find an unique message identifier for the very first message in the log file that suits the passed conditions (time interval and the field's value: message-id, from or to). Then our script prints out all messages from the log file that corresponds to the selected unique MTA message ID in the defined time period. If there are several messages with the same 'from' or 'to' fields that are good for us, then the very first message is selected.

Our script is called like parser.pl START END MESSAGE-ID|ADDRESS
START and END - the time period defined in ISO 8601 restricted time format

ISO 8601 restricted time format
The lead-in character for a restricted ISO 8601 time is an '@'-sign. The particular format of the time in restricted ISO 8601 is: [[[[[cc]yy]mm]dd][T[hh[mm[ss]]]]]. Optional date fields default to the appropriate component of the current date; optional time fields default to midnight; hence if today is January 22, 1999, the following date specifications are all equivalent:
`19990122T000000'
`990122T000000'
`0122T000000'
`22T000000'
`T000000'
`T0000'
`T00'
`22T'
`T'
`'


I'll post my solution in my next post. Any ideas how to improve it or implement it in a different way?
Log file:
Apr 26 00:00:00 edge newsyslog[25697]: logfile turned over
Apr 26 00:00:53 hosting postfix/smtpd[26207]: connect from ef.egroups.
+com[64.211.240.229]
Apr 26 00:00:54 hosting postfix/smtpd[26207]: 86E511176AE: client=ef.e
+groups.com[64.211.240.229]
Apr 26 00:00:55 hosting postfix/cleanup[23958]: 86E511176AE: message-i
+d=<F203JO4rvQPKG1NBSxW0000c981@hotmail.com>
Apr 26 00:00:55 hosting postfix/qmgr[22567]: 86E511176AE: from=<anisim
+ov@hotmail.com>, size=7002, nrcpt=1 (queue active)
Apr 26 00:00:55 hosting postfix/lmtp[25547]: 86E511176AE: to=<porto1@h
+osting.agava.ru>, relay=/var/spool/cyrus/run/lmtp[/var/spool/cyrus/ru
+n/lmtp], delay=1, status=sent (250 2.1.5 Ok)
Apr 26 00:00:55 hosting postfix/smtpd[26207]: disconnect from ef.egrou
+ps.com[64.211.240.229]
Apr 26 00:01:10 hosting postfix/smtpd[26207]: connect from adsl-20-151
+-106.sdf.bellsouth.net[66.20.151.106]
Apr 26 00:01:11 hosting postfix/smtpd[26207]: 45FC11176AE: client=adsl
+-20-151-106.sdf.bellsouth.net[66.20.151.106]
Apr 26 00:01:11 hosting postfix/smtpd[26207]: reject: RCPT from adsl-2
+0-151-106.sdf.bellsouth.net[66.20.151.106]: 504 <Hinvest>: Helo comma
+nd rejected: need fully-qualified hostname; from=<hin_vest_@moscowmai
+l.com> to=<webmaster@rc5.agava.ru>
Apr 26 00:01:17 hosting postfix/smtpd[26207]: lost connection after RC
+PT from adsl-20-151-106.sdf.bellsouth.net[66.20.151.106]
Apr 26 00:01:17 hosting postfix/smtpd[26207]: disconnect from adsl-20-
+151-106.sdf.bellsouth.net[66.20.151.106]
Apr 26 00:05:53 hosting postfix/smtpd[30369]: connect from adsl-20-151
+-106.sdf.bellsouth.net[66.20.151.106]
Apr 26 00:05:54 hosting postfix/smtpd[30369]: B4ECD1176AE: client=adsl
+-20-151-106.sdf.bellsouth.net[66.20.151.106]

[download]

In reply to Postfix maillog parser by nikos

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.