-
Notifications
You must be signed in to change notification settings - Fork 3
/
pflogrep
executable file
·94 lines (72 loc) · 2.01 KB
/
pflogrep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/perl
=head1 NAME
pflogrep -- Postfix log grep complete activity
=head1 SYNOPSIS
pflogrep [-i] [-s] [-v] PATTERN [FILE]....
=head1 DESCRIPTION
Allows to grep complete activity where PATTERN was found.
Get nice stats of filtered output using pflogsumm:
http://jimsun.linxnet.com/postfix_contrib.html
=head1 AUTHOR
Ondrej Brablc <https://github.com/brablc/>
https://github.com/brablc/postfix-tools
=cut
use Getopt::Long;
($me = $0) =~ s%.*/%%;
$Usage = "
$me [-i] [-s] [-v] PATTERN [FILE]....
-i -- ignore case distinctions when matching
-s -- add separator between messages
-v -- selected lines are those not matching
Examples:
# Get only communication related to one email
$me info\@example.com mail.log | pflogsumm
# Get communication for whole domain - print only from and to lines and color email and status
$me example.com mail.log | grep -e from= -e to= | grep --color -P \\<.*\\>\\|status
";
die $Usage unless &GetOptions( 'i', 's', 'v' ) && (@ARGV >= 1 );
my $ptn = shift;
my $regex = ( $opt_i ) ? qr/$ptn/io : qr/$ptn/o;
my %P;
my $found = 0;
$exstat = 1;
$|++; #turn off buffering for STDOUT
sub checkMatch() {
my $q = shift;
my $matches = $P{$q} =~ $regex;
if ( ($matches && !$opt_v) || (!$matches && $opt_v)) {
print $P{$q};
print '-' x 50, "\n" if $opt_s;
$found++;
}
delete $P{$q};
}
sub handleStream() {
my $fh = shift;
while (<$fh>) {
next unless /: (([0-9A-Zb-z]{10,15})|NOQUEUE)/;
$q = $1;
$P{$q} .= $_;
if (/: (removed$|milter-reject:)/ || $q eq 'NOQUEUE') {
&checkMatch($q);
}
}
# handle unfinished quids
foreach my $q (keys %P) {
&checkMatch($q);
}
return $found;
}
if (@ARGV==0) {
$exstat = 0 if &handleStream(\*STDIN);
exit( $exstat );
}
for $f ( @ARGV ) {
unless ( open( INP, '<', $f )) {
warn "Unable to open input file $f: $!\n";
next;
}
$exstat = 0 if &handleStream(\*INP);
close INP;
}
exit( $exstat );