comment on

Being a sysadmin a very large percentage of what I do with perl is parsing log files to make some sort of report. While I've been sucessfully doing this, I'm wondering how others might accomplish this task. I'm reasonably sure my methods are not the best. So, I'm looking for a better way to accomplish the task.

Jul  6 14:36:41 moe postfix/smtp[15107]: A73DC113B63: to=<oetiker@conc
+entric.com>, relay=adamant.concentric.com[207.155.248.168], delay=17,
+ status=bounced (host adamant.concentric.com[207.155.248.168] said: 5
+54 <oetiker@concentric.com>: Recipient address rejected: Unknown or i
+nvalid user oetiker@concentric.com (in reply to RCPT TO command))
[download]

Using the example above, let's say the data that I'm interested in is "A73DC113B63, 554, oetiker@concentric.com".

One way I can get this is:

while(<FILE>){
  chomp;
  my @text=split /:/, $_;
   warn Dumper(@text);     
}
[download]

My new friend Data::Dumper(::Simple) is your friend tells me:

@text = (
          'Jul  6 14',
          '36',
          '41 moe postfix/smtp[15107]',
          ' A73DC113B63',
          ' to=<oetiker@concentric.com>, relay=adamant.concentric.com[
+207.155.248.168], delay=17, status=bounced (host adamant.concentric.c
+om[207.155.248.168] said',
          ' 554 <oetiker@concentric.com>',
          ' Recipient address rejected',
          ' Unknown or invalid user oetiker@concentric.com (in reply t
+o RCPT TO command))'
        );
[download]

Fine (almost). My desired information is in:

$text[3] and $text[5]
print "($text[3])\t($text[5])\n";
[download]

Thanks itub I was paying attention Re: Data::Dumper(::Simple) is your friend
This tells me: ( A73DC113B63) ( 554 <oetiker@concentric.com>)

Using this method I still have to remove the space in $text[3] AND do another split on $text[5], then remove the < > before my data is really what I'm looking for. And perhaps had I split differently to start with I would have better results. (I think I can see merlyn banging his head on the monitor now.)

Ok, I know what you guys and gals who do this everyday are thinking (maybe). Why didn't you use a regex and just pull out only the pieces of data that you wanted? Simple, my regex talents still suck Regex Tagging (newbie).

Perhaps the answer I'm going to get is something like, "learn to use regex and simplify your life" (hmmmmm???). Maybe not. This is the reason I'm asking. I want to know if there is a better, easier, more efficient way to accomplish the task.

Thanks,
Mike

Update: Thanks ikegami. I had been experimenting with the split since posting and was actually going to update that 'split /: /' would have been a better choice. But your way is likely better.

Thanks Kanji What I'm currently working on is customizing some SpamAssassin rules. Pflogsumm just won't give me the type of information I really need to do this.

In reply to Parsing log files (still) by cajun

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.