I am trying to do some auditing on an old MercuryMail server which we are attempting to phaze out. What I'd like to do is generate a file containing all the accounts which have received mail over a given period, all the addresses which mailed them, and the dates so that we might mail that information out to the users who still have active forwards on the server.

The problem is that the logger on Mercury is pretty terrible. There are no unique transaction numbers like in Sendmail and the SMTP traffic tends to overlap. The end result is a logfile which looks like this: 

Connection from 111.222.333.444, Mon Feb 12 08:53:27 2001
EHLO mhub6.tc.umn.edu
MAIL FROM:<user1@myotherhost.mydomain.net>
RCPT TO:<user2@myhost.mydomain.net>
DATA - 1216 lines, 83052 bytes.
Connection from 64.4.15.226, Mon Feb 12 08:53:34 2001
EHLO hotmail.com
MAIL FROM:<paica@hotmail.com>
RCPT TO:<user4@myhost.mydomain.net>
DATA - 29 lines, 1215 bytes.
QUIT - 1 sec. elapsed, connection closed Mon Feb 12 08:53:36 2001

QUIT - 19 sec. elapsed, connection closed Mon Feb 12 08:53:46 2001

Connection from 208.1.71.165, Mon Feb 12 08:54:01 2001
Connection from 208.1.71.165, Mon Feb 12 08:54:01 2001
Connection from 208.1.71.165, Mon Feb 12 08:54:01 2001
EHLO ancmail02.ancestry.com
MAIL FROM:<Reminder@MyFamilyInc.com>
MAIL FROM:<Reminder@MyFamilyInc.com>
MAIL FROM:<Reminder@MyFamilyInc.com>
RCPT TO:<user3@myhost.mydomain.net>
RCPT TO:<user3@myhost.mydomain.net>
DATA - 249 lines, 14229 bytes.
DATA - 217 lines, 12388 bytes.
DATA - 217 lines, 12403 bytes.
QUIT - 2 sec. elapsed, connection closed Mon Feb 12 08:54:03 2001

QUIT - 2 sec. elapsed, connection closed Mon Feb 12 08:54:03 2001

QUIT - 2 sec. elapsed, connection closed Mon Feb 12 08:54:03 2001

[download]
Anyone have suggestions on how to tackle something like this? i tried to reads with an unless MAIL From but that doesn't solve the problem of overlap. This is what I have been playing with: 

sub ParseIt {
        my $text = '';
        open (MERLOG,$log) || die "Unable to open $log:$!\n";
        while (<MERLOG>) {
          unless (/MAIL From.*?\n/smi) {
            # Continuation of record in progress
            $text .= $_;
          } else {
            # Found a new record
            examine_record($text);
#           $text = $_;
          }
        }
        # caveat for the last record because it will not be followed b
+y a new record
        examine_record($text);
}

[download]
I'm a newbie, be gentle.

Edit: 2001-03-05 chipmunk

In reply to Parsing MercuryMail logs by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.