1

I'm using Postfix in my local.I'm writing a script to fetch the deferred/bounced mail report for daily basis.If I'm correct,usually logs are printed like columns in log file.

My proposal is I want to grep the previous day's "to","status","said" and it's Message for example "said: 550 Invalid Recipient".And the thing is the same log is printed several times,But i need to grep any one of similar logs from all.

Feb 13 13:40:35 ganga11 postfix/smtp[12098]: 3371F2BF52: to=, relay=none, delay=1.2, delays=0.84/0.01/0.27/0.07, dsn=5.1.1, status=bounced (host said: 550 5.1.1 Recipient not found. http://x.co/irbounce (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[6923]: 3371F2BF52: to=, relay=none, delay=1.5, delays=0.84/0/0.46/0.19, dsn=5.0.0, status=bounced (host said: 550 No such user ( grace@mmn.com (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[29489]: 3371F2BF52: to=, relay=none, delay=1.3, delays=0.84/0.01/0.38/0.1, dsn=5.0.0, status=bounced (host said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

Feb 13 08:14:45 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to aaaaaa.co.in Connection refused)

Feb 13 13:40:36 ganga11 postfix/smtp[6940]: 3371F2BF52: to=, relay=none, delay=2.3, delays=0.84/0.01/0.17/1.3, dsn=5.1.1, status=bounced (host said: 550 5.1.1 Recipient not found. http://x.co/irbounce (in reply to RCPT TO command))

Feb 13 13:40:35 ganga11 postfix/smtp[6923]: 3371F2BF52: to=, relay=none, delay=1.5, delays=0.84/0/0.46/0.23, dsn=5.0.0, status=bounced (host said: 550 No such user (raj@yahoo.in) (in reply to RCPT TO command))

Feb 13 04:14:24 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to xyzz.com Connection refused)

Feb 13 17:14:11 ganga11 postfix/smtp[6736]: F093B2BCA3: to=, relay=none, delay=6139, delays=6139/0.02/0.15/0, dsn=4.4.1, status=deferred (connect to bbbbb.com Connection refused)

Narasimman
  • 11
  • 3
  • Hi kometen, I have tried with sed,awk and grep,But I cannot find the proper command. This is the one that seemed somewhat but fetches all logs. awk -F, '{print $7 $12}' /home/samplelog.txt | awk -F\ f=14 -v t=25 '{for(i=14;i<=t;i++) printf("%s%s",$i,(i==t)?"\n":OFS)}' |sort|uniq – Narasimman Feb 15 '17 at 06:23
  • I suggest you use grep to get the lines you want and and pipe it to cut to extract the columns with the -f parameter and using space as delimiter. Somewhere like 'grep "foo|bar|baz" | cut -d " " -f 1,2,3'. http://serverfault.com/ is a better place to ask. – kometen Feb 15 '17 at 07:20

1 Answers1

2

Here's something that may help you.

cat mail.log | grep "postfix/smtp" | grep -P 'status=(?!sent)' | 
sed "s/^.*: \(.\+\):.* to=<\(.\+\)>.* status=\([^ ]\+\) (\(.*\))$/[\1] <\2> \3: \4/" |
sort | uniq

grep "postfix/smtp" filters SMTP related messages.

grep -P "status=(?\!sent)" filters messages that have status other than sent.

sed ... extracts queue id, recipient address, status and remainings as a status message.

sort | uniq filters duplicate entries.

Joe
  • 1,656
  • 11
  • 10
  • Hi Joe,Thanks for the answer.But btw I get this when I execute the command.Could you please correct it,what i missed out? cat /home/samplelog.txt | grep "postfix/smtp" | grep -P "status=(?\!sent)" | sed "s/^.*: \(.\+\):.* to=<\(.\+\)>.* status=\([^ ]\+\) (\(.*\))$/[\1] <\2> \3: \4/" | sort | uniq grep: unrecognized character after (? or (?- – Narasimman Feb 15 '17 at 12:50
  • Looks like you choked on backslash. Does changing the second grep to `grep -P 'status=(?!sent)'` help? Or `grep -E "status=(bounced|deferred)"`? – Joe Feb 15 '17 at 12:59
  • Ahhhhh Man!!! It worked like a boss!!! Thanks a lot Joe :) You saved my head today – Narasimman Feb 15 '17 at 13:20