Re: Parse a syslog to get the size
- From: spcecdt@xxxxxxxxxx (John DuBois)
- Date: Mon, 24 Mar 2008 21:51:28 -0000
In article <68a27acc-9fac-4537-9386-bfcc975a6a95@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
explor <bhaveshah@xxxxxxxxx> wrote:
I've a syslog with thousands of entries as listed below. I need to get....
the size for each message. I can do this by awk like:
grep "size=" /var/log/syslog | grep "stat=Delivered" | awk '{print $13}'
but the issue here is, if the mailbox= paramater doesn't a space in it
will work fine but if it does, then awk '{print $13}' fails to grab
the size= parameter.
Mar 23 03:35:04 mailhost.test.com lmtpd: [ID 583609 mail.notice] session=1 msgid=<200803231035.m2NAZ1q05926@xxxxxxxxxxxxxx> recipient=<hubertp+Trash@xxxxxxxx> mailbox=!users/hubertp/Trash size=1769 uid=449961 stat=Delivered
Mar 23 03:35:04 mailhost.test.com lmtpd: [ID 583609 mail.notice] session=2 msgid=<000601c88cd9$0789818b$d72c7da3@fbqan> recipient=<"rachels+Junk E-mail"@test.com> mailbox=!user s/rachels/Junk E-mail size=3094 uid=3899 stat=Delivered
Mar 23 03:35:05 mailhost.test.com lmtpd: [ID 583609 mail.notice] session=2 msgid=<200803231035.m2NAZ3uT013941@xxxxxxxxxxxxxxxxxxx> recipient=<chata+test@xxxxxxxx> mailbox=!users/chata/Genie size=1943 uid=398167 stat=Delivered
Mar 23 03:35:06 mailhost.test.com lmtpd: [ID 583609 mail.notice] session=2 msgid=<200803231035.m2NAZ3uT013941@xxxxxxxxxxxxxxxxxxx> recipient=<"chrisj+ROOT MAIL"@test.COM> mailbox=!users/chrisj/ROOT MAIL size=1943 uid=384947 stat=Delivered (linked)
Mar 23 03:35:06 mailhost7.test.com lmtpd: [ID 583609 mail.notice] session=1 msgid=<200803231035.m2NAZ1q05926@xxxxxxxxxxxxxx> recipient=<"chrisj+ROOT MAIL"@test.com> mailbox=!users/chrisj/ROOT MAIL size=1769 uid=384946 stat=Delivered
There are straightforward solutions to this as described in other posts, but
I'll also mention a tool I wrote specifically to extract/display fields from
logfiles with the format you show, since it's a common format:
ftp://ftp.armory.com/pub/scripts/dparamlog
In this case you would do:
dparamlog -I -nsize /var/log/syslog
or, to avoid false matches on other services that log with a size field:
awk '$5 == "lmtpd:"' /var/log/syslog | dparamlog -I -nsize
or to get output exactly as "awk '{print $13}'" would display:
awk '$5 == "lmtpd:"' /var/log/syslog | dparamlog -A= -N- -I -nsize
John
--
John DuBois spcecdt@xxxxxxxxxx KC6QKZ/AE http://www.armory.com/~spcecdt/
.
- References:
- Parse a syslog to get the size
- From: explor
- Parse a syslog to get the size
- Prev by Date: Running script after logging out of SSH
- Next by Date: Re: changing extention
- Previous by thread: Re: Parse a syslog to get the size
- Next by thread: Re: Parse a syslog to get the size
- Index(es):
