1

I am currenlty trying to extract all the sender domains from maillog. I am able to do some of that with the below command but the output is not quite what I desired. What would be the best approach to retrieve a unique list of sender domain from maillog?

grep from= /var/log/maillog | awk '{print $7}' | sort | uniq -c | sort -n

output

1 from=<user@test.com>,
1 from=<apache@app1.com>,
2 from=<bounceld_5BFa-bx0p-P3tQ-67Nn@example.com>,
2 from=<bounceld_19iI-HqaS-usVU-fqe5@example.com>,
12 reject:
666 from=<>,

desired output

test.com
app1.com
example.com
MaryCoding
  • 624
  • 1
  • 9
  • 31

2 Answers2

0

This should give you the answer:

grep from= /var/log/maillog | awk '{print $7}' | grep -Po '(?=@).{1}\K.*(?=>)' | sort -n | uniq -c

... change last items to "| sort | uniq" to remove the counts.


References:

https://www.baeldung.com/linux/bash-remove-first-characters {1}\K use

Extract email addresses from log with grep or sed -Po grep function

David Fear
  • 11
  • 2
0

See useless use of grep; if you are using Awk anyway, you don't really need grep at all.

awk '$7 ~ /from=.*@/{split($7, a, /@/); ++count[a[2]] }
  END { for(dom in count) print count[dom], dom }' /var/log/maillog

Collecting the counts in an associative array does away with the need to call sort and uniq, too. Obviously, if you don't care about the count, don't print count[dom] at the end.

tripleee
  • 175,061
  • 34
  • 275
  • 318