From: eldy <> Date: Mon, 5 Jan 2004 14:40:31 +0000 (+0000) Subject: More postfix format record reconized. X-Git-Tag: AWSTATS_6_0_RELEASE~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25ed1c929ff30e267609542ed7ebdfcfb8cff84d;p=thirdparty%2FAWStats.git More postfix format record reconized. --- diff --git a/tools/maillogconvert.pl b/tools/maillogconvert.pl index 28d11e84..11ef636e 100644 --- a/tools/maillogconvert.pl +++ b/tools/maillogconvert.pl @@ -1,18 +1,18 @@ #!/usr/bin/perl -#------------------------------------------------------- +#------------------------------------------------------- # Convert a mail log file to a common log file for analyzing with any log # analyzer. -#------------------------------------------------------- +#------------------------------------------------------- # Tool built from original work of Odd-Jarle Kristoffersen # Note 1: QMail must log in syslog format for timestamps to work. # Note 2: QMail logging is not 100% accurate. Some messages might # not be logged correctly or completely. # -# A mail received to 2 different receivers, report 2 records. +# A mail received to 2 different receivers, report 2 records. # A mail received to a forwarded account is reported as to the original receiver, not the "forwarded to". # A mail locally sent to a local alias is reported as n mails to all addresses of alias. -#------------------------------------------------------- -use strict;no strict "refs"; +#------------------------------------------------------- +use strict;no strict "refs"; #------------------------------------------------------- @@ -246,7 +246,7 @@ while (<>) { $MailType||='postfix'; # Example: # postfix: Jan 01 04:19:04 apollon postfix/smtpd[26553]: 1954F3B8A4: reject: RCPT from unknown[80.245.33.2]: 450 : User unknown in local recipient table; from= to= proto=ESMTP helo= - # postfix: Jan 01 04:26:39 halley postfix/smtpd[9245]: reject: RCPT from unknown[203.156.32.33]: 554 : Recipient address rejected: Relay access denied; from=<1126448365@aol.com> to= + # postfix: Jan 01 04:26:39 halley postfix/smtpd[9245]: reject: RCPT from unknown[203.156.32.33]: 554 : Recipient address rejected: Relay access denied; from=<1126448365@aol.com> to= my ($mon,$day,$time,$id,$code,$from,$to)=m/(\w+)\s+(\d+)\s+(\d+:\d+:\d+)\s+[\w\-]+\s+(?:postfix\/(?:local|lmtp|smtpd|smtp|virtual|pipe))\[\d+\]:\s+(.*?):\s+(.*)\s+from=([^\s,]*)\s+to=([^\s,]*)/; $mailid=($id eq 'reject'?'999':$id); # id not provided in log, we take '999' # $code='reject: RCPT from c66.191.66.89.dul.mn.charter.com[66.191.66.89]: 450 : User unknown in local recipient table;' @@ -355,9 +355,10 @@ while (<>) { # Matched incoming sendmail or postfix message # elsif (/: from=/) { - # sm-mta: Jul 28 06:55:13 androneda sm-mta[28877]: h6SDtCtg028877: from=<4cmkh79eob@webtv.net>, size=2556, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=smtp.easydns.com [205.210.42.50] + # sm-mta: Jul 28 06:55:13 androneda sm-mta[28877]: h6SDtCtg028877: from=, size=2556, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=smtp.easydns.com [205.210.42.50] # postfix: Jul 3 15:32:26 apollon postfix/qmgr[13860]: 08FB63B8A4: from=, size=3302, nrcpt=1 (queue active) - my ($id,$from,$size)=m/\w+\s+\d+\s+\d+:\d+:\d+\s+[\w\-]+\s+(?:sm-mta|sendmail(?:-in|)|postfix\/qmgr|postfix\/nqmgr)\[\d+\]:\s+(.*?):\s+from=(.*?),\s+size=(.*?),/; + # postfix: Sep 24 14:45:15 wideboy postfix/qmgr[22331]: 7E0E6196: from=, size=1141 (queue active) + my ($id,$from,$size)=m/\w+\s+\d+\s+\d+:\d+:\d+\s+[\w\-]+\s+(?:sm-mta|sendmail(?:-in|)|postfix\/qmgr|postfix\/nqmgr)\[\d+\]:\s+(.*?):\s+from=(.*?),\s+size=(\d+)/; $mailid=$id; if (! $mail{$id}{'code'}) { $mail{$id}{'code'}=1; } # If not already defined, we define it if (! $mail{$id}{'from'} || $mail{$id}{'from'} ne '<>') { $mail{$id}{'from'}=$from; } @@ -371,7 +372,7 @@ while (<>) { # elsif (/^([^\t]+)\t([^\t]+)\t[^\t]+\t([^\t]+)\t([^\t]+)\t([^\t]+)\t[^\t]+\t([^\t]+)\t([^\t]+)\t([^\t]+)\t[^\t]+\t[^\t]+\t([^\t]+)\t[^\t]+\t[^\t]+\t[^\t]+\t[^\t]+\t[^\t]+\t[^\t]+\t([^\t]+)/) { # date hour GMT ip_s relay_s partner relay_r ip_r to code id size from - # Example: 2003-8-12 0:58:14 GMT 66.218.66.69 n14.grp.scd.yahoo.com - PACKRAT 192.168.1.2 christina@pirnie.org 1019 bh9e3f+5qvo@eGroups.com 0 0 4281 1 2003-8-12 0:58:14 GMT 0 Version: 6.0.3790.0 - [SRESafeHaven] Re: More Baby Stuff jtluvs2cq@wmconnect.com - + # Example: 2003-8-12 0:58:14 GMT 66.218.66.69 n14.grp.scd.yahoo.com - PACKRAT 192.168.1.2 christina@pirnie.org 1019 bh9e3f+5qvo@eGroups.com 0 0 4281 1 2003-8-12 0:58:14 GMT 0 Version: 6.0.3790.0 - [SRESafeHaven] Re: More Baby Stuff jtluvs2cq@wmconnect.com - $MailType||='exchange'; my $date=$1; my $time=$2; @@ -454,7 +455,7 @@ while (<>) { # elsif (/starting delivery/) { # Example: Sep 14 09:58:09 gandalf qmail: 1063526289.574100 starting delivery 251: msg 270182 to local spamreport@john.do - # Example: 2003-09-27 11:22:07.039237500 starting delivery 3714: msg 163844 to local name_also_removed@maildomain.com + # Example: 2003-09-27 11:22:07.039237500 starting delivery 3714: msg 163844 to local name_also_removed@maildomain.com $MailType||='qmail'; my ($yea,$mon,$day,$time,$delivery,$id,$relay_r,$to)=(); ($mon,$day,$time,$delivery,$id,$relay_r,$to)=m/^(\w+)\s+(\d+)\s+(\d+:\d+:\d+)\s+.*\s+\d+(?:\.\d+)?\s+starting delivery (\d+):\s+msg\s+(\d+)\s+to\s+(.*)?\s+(.*)$/; @@ -477,7 +478,7 @@ while (<>) { # elsif (/delivery (\d+): (\w+):/) { # Example: Sep 14 09:58:09 gandalf qmail: 1063526289.744259 delivery 251: success: did_0+0+1/ - # Example: 2003-09-27 11:22:07.070367500 delivery 3714: success: did_1+0+0/ + # Example: 2003-09-27 11:22:07.070367500 delivery 3714: success: did_1+0+0/ $MailType||='qmail'; my ($delivery,$code)=($1,$2); my $id=$qmaildelivery{$delivery}; @@ -502,7 +503,7 @@ while (<>) { # Matched MDaemon log file record # elsif (/^\"(\d\d\d\d)-(\d\d)-(\d\d) (\d\d:\d\d:\d\d)\",\"[^\"]*\",(\w+),\d+,\"([^\"]*)\",\"([^\"]*)\",\"([^\"]*)\",\"[^\"]*\",\"([^\"]*)\",\"([^\"]*)\",\"([^\"]*)\",([\.\d]+),(\d+),(\d+)/) { - # Example: "2003-11-06 00:00:42","2003-11-06 00:00:45",SMTPI,9443,"dillon_fm@aaaaa.net","cpeltier@domain.com","","","10.0.0.16","","",0,4563,1 + # Example: "2003-11-06 00:00:42","2003-11-06 00:00:45",SMTPI,9443,"dillon_fm@aaaaa.net","cpeltier@domain.com","","","10.0.0.16","","",0,4563,1 $MailType||='mdaemon'; my ($id)=($numrecord); if ($5 eq 'SMTPI' || $5 eq 'SMTPO') {