Thanks to the excellent input I received, I made something that appears to work - it may be ugly, but it's saved me a big job. The interesting part is that the client host (originating server) is only mentioned with reference to the first message ID, and the external delivery status only goes with the second message ID. The line that has both IDs comes halfway through the logging sequence (and other unrelated message transactions are interpolated in between).
#!/usr/bin/perl use warnings; use strict; my @logfiles = qw(maillog.4 maillog.5 maillog.6 [..]); my $line; my $file; my $key; my $value; open (CLIENTOUT, ">>client.txt") or die "Cannot open output file: $!"; for $file ( @logfiles ) { open (FH, $file ) or die "Cannot open file: $!"; print "$file\n"; my %msgids; while (my $line = <FH>) { chomp($line); if ( $line =~ /client=(ourhost1|ourhost2)/ ) { no warnings 'uninitialized'; #I don't care about warnings about something uninitialised in line 23 my @id = ($line =~ /\_([0-9A-F]{11,12})/); $msgids{ $id[0] } = (); } if ( $line =~ /to=<.*\.gov>.*relay=localhost/ ) { if ( $line !~ /to=<.*(ourdomain\.gov)/i) { while ( ($key, $value) = each(%msgids) ) { if ($line =~ /$key/) { my @id = ($line =~ /\ ([0-9A-F]{11,12})/g); $msgids{$key} = $id[1]; } } } } if ( $line =~ /to=<.*\.gov*.status=sent/ ) { if ( $line !~ /to=<.*(ourdomain\.gov|relay=localhost)/i) { while ( ($key, $value) = each(%msgids) ) { if ( defined $value ) { if ($line =~ /$value/) { print CLIENTOUT "$line\n"; } } } } } } close FH; }
In reply to Re: Structuring maillog data - hopefully simple question on arrays/hashes
by billie_t
in thread Structuring maillog data - hopefully simple question on arrays/hashes
by billie_t
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |