服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 从日志中提取
Intereting Posts
Xen HVM Windows 2008networking桥接器 如何build立一个安全的Git仓库? Process Explorer中的“Process I / O”是什么? 什么是一个简单的方法来设置经过身份validation的HTTP或SOCKS代理? 通过cron运行Ruby方法有问题 F5 Big-IP和WSS WebSockets 覆盖默认的nginx httpconfiguration,而不更改默认的nginx.conf (111连接被拒绝),同时连接到上游 无法在我的EC2实例的端口25上连接 ESXi能否将video卡传递给VM来做CUDA? 将Apache 500状态转发到404 如何让cron免受踩踏? Sql Server 2005 Express和Sql Server 2008并排 从两台交换机到路由器的两个中继线 通过Watchguard多vlan互联网访问

从日志中提取

我想从下面的原始日志grep下面的信息: 

2016-05-23 11:01:40 [1005583] 1b4ivg-004DZf-GX ** [email protected] F=<abbas@DomainName> P=<abbas@DomainName> R=dkim_lookuphost T=dkim_remote_smtp H=mx2.hotmail.com [65.54.188.72]:25 I=[IP Address]:56910 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes DN="/CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<abbas@DomainName> SIZE=275286: 421 RP-001 (BAY004-MC1F14) Unfortunately, messages from 16.23.21.111 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. 2016-05-23 11:12:53 [1015989] 1b4j6h-004GIq-Ob ** [email protected] F=<corporate-kbl@DomainName> P=<corporate-kbl@DomainName> R=lookuphost T=remote_smtp H=mx3.hotmail.com [65.55.37.120]:25 I=[IP Address]:51605 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes DN="/CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<corporate-kbl@DomainName> SIZE=17484: 550 SC-001 (COL004-MC4F44) Unfortunately, messages from 16.23.21.111 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. 2016-05-23 11:13:19 [1020551] 1b4j76-004HUH-Nr ** [email protected] (muhammad.yousuf@DomainName) <muhammad.yousuf@DomainName> F=<saeed.ahmed@DomainName> P=<saeed.ahmed@DomainName> R=dkim_lookuphost T=dkim_remote_smtp H=mx3.hotmail.com [134.170.2.199]:25 I=[IP Address]:55971 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=yes DN="/CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<saeed.ahmed@DomainName> SIZE=24006: 550 DY-001 (BLU004-MC1F21) Unfortunately, messages from 16.23.21.111 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

由于我有以下一组错误代码,他们可能会发生,如果他们发生错误字段显示错误: 

 421 RP-001 421 RP-002 421 RP-003 550 SC-001 550 SC-002 550 SC-003 550 SC-004 550 DY-001 550 DY-002 550 DY-001 550 OU-001 550 OU-002

正如我从前面的命令获得前三个字段输出: 

  echo "Timestamp emailto: emailfrom:" && awk 'NF>6 { d=6 ; while ( ! ($d ~ /^F=/ ) ) d++ ; printf "%s\t%s\t%s\n",$1,$6,substr($d,4,length($d)-4) ;} ' logs | column -t

我想要得到什么: 

  Timestamp: Email To: Email From: Messages From: Error Codes: 2016-05-23 [email protected] abbas@DomainName 16.23.21.111 421 RP-001 2016-05-23 [email protected] corporate-kbl@DomainName 16.23.21.111 550 SC-001 2016-05-23 [email protected] saeed.ahmed@DomainName 16.23.21.111 550 DY-001

你不会使用grep,你可以使用awk,但是我更喜欢sed的一个很好的正则expression式。 

 # <logs sed -nE 's,^([-0-9]{10})[^@]* ([^@]*@[^[:space:]]*)[^=]*F=<([^@]*@[^[:space:]]*)>.*SIZE=[^[:space:]]* (... ..-...) .*([[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+).*,\1 \2 \3 \5 \4,p'

看起来很吓人,但它捕获括号中的位(\ 1 \ 2等),所以第一个是date(10位或 – ),然后跳到下一个@符号([^ @]意味着任何不匹配@),将电子邮件地址分组,跳到下一个=,返回到F,分组F地址,然后跳到SIZE,然后抓取错误代码(任何东西,空格,任何东西,连字符,三任何东西,然后跳到一个IP地址(练习读者)。'p'命令使sed打印任何替代行。

它并没有做太多的validation,例如9.9.99.999是一个有效的IP,但是这不在任务的范围之内。

这有帮助吗?

您可以将制表符replace为最后一部分中的空格进行alignment。