RE: [Declude.JunkMail] Log Information
Goran, I use Sawmill and if I have a chance, I will do a graph and send you a screen shot within a couple of days. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, August 25, 2004 8:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Log Information Darrell I was hoping for more of a histogram of the number of messages processed by hour or half hour. My first thought would be to just get info on simply messages by hour and then maybe if I see a spike I could rerun it to see who was sending/receiving during that time. Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, August 25, 2004 10:22 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Log Information Goran, You can grep your logs out and use DLAnalyzer for this. For example: grep -i 8/13/2004 14: dec0813.log newlogfile.txt Than rename the log file to dec0813.log and than process.. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 6:52 PM Subject: [Declude.JunkMail] Log Information Hi, Is there a log file analyzer that will report on messages received by hour. I am interested in knowing how many e-mails came in between 3 and 4 and then between 4 and 5 etc. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log Information
Hi Bill,
Thanx for the little script. I ran it and got some weird results. Looks
like my log is fairly corrupted. I took what you suggested and ran it on
the imail logs. Not as elegant as your one liner but it works for me.
Thanx
set send=c:\imail\imail1.exe
set [EMAIL PROTECTED]
for /f Tokens=2-4 Delims=/ %%i in ('date /t') do set
IFileName=SYS%%i%%j.txt
set DecludeLogName=C:\imail\spool\%IFileName%
grep -i ehlo bigdee.com %decludelogname% | cut -b 7-8 | usort
HourSend.txt
grep -i 230.43] connect %decludelogname% | cut -b 7-8 | usort
HourRecv.txt
cat HourSend.txt HourRecv.txt | usort HourAll.txt
echo Messages sent and received by hour ByHour.txt
uniq -c HourAll.txt ByHour.txt
echo . ByHour.txt
echo . ByHour.txt
echo Messages sent by hour ByHour.txt
uniq -c HourSend.txt ByHour.txt
echo . ByHour.txt
echo . ByHour.txt
echo Messages received by hour ByHour.txt
uniq -c HourRecv.txt ByHour.txt
%send% -f ByHour.txt -s Messages processed by hour report for
%IFileName% on BIGDEE.COM -t %dest1% -u [EMAIL PROTECTED]
1 $8000
378 00
348 01
354 02
306 03
332 04
355 05
378 06
416 07
593 08
2 08/25/2004
939 09
986 10
1 10)).
1 10.).
879 11
885 12
766 13
889 14
1 146.82.220.34
1183 15
890 16
628 17
876 18
494 19
1 19,
405 20
1 206.71.58.36
1 209.226.175.54
1 209.226.175.73
382 21
1 216.39.87.110
369 22
347 23
1 27.).
1 286,
1 30.).
1 35
1 35.).
1 37
1 40
1 40)).
1 41
1 44
1 46
1 50
1 52
1 61.163.67.199
1 64
1 64.106.241.73
1 69.9.161.194
1 82
1 9.0808/25/2004
Goran Jovanovic
The LAN Shoppe
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Thursday, August 26, 2004 12:00 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Log Information
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
I was hoping for more of a histogram of the number of
messages processed by hour or half hour. My first thought
would be to just get info on simply messages by hour and
then maybe if I see a spike I could rerun it to see who was
sending/receiving during that time.
This little script can give you a no frills, hourly, unique message
count
(does not account for a single message that is sent to multiple
recipients):
=
gawk {print $3,$2} spam\dec0824.log | usort | uniq -w 18 | gawk
{print
$2} | cut -d : -f1 | grep -v [[:alpha:]] | egrep [[:digit:]]{2} |
usort
|
uniq -c
=
Watch for word-wrapping - the script should be executed as one long
line.
These two entries: grep -v [[:alpha:]] | egrep [[:digit:]]{2} are
simply
there to help filter out garbage from log corruption. The output will
look
like:
1212 00
1251 01
1218 02
1244 03
1244 04
1317 05
1400 06
1514 07
1757 08
1880 09
1777 10
1837 11
1785 12
1743 13
1830 14
1657 15
1530 16
1378 17
1367 18
1272 19
1312 20
1325 21
1289 22
1297 23
Bill
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log Information
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
Thanx for the little script. I ran it and got some weird results. Looks
like my log is fairly corrupted. I took what you suggested and ran it on
the imail logs. Not as elegant as your one liner but it works for me.
Yep, nasty log file corruption can get in the way of running nice clean
reports against your log files. The Declude JunkMail logs are the only ones
I ever have corruption issues with. If you want to try this script, it
should give you better/cleaner output:
gawk {print $3,$2} l:\spam\dec0820.log | usort | uniq -w 18 | gawk {print
$2} | cut -d : -f1 | egrep -v [[:alpha:]]|[[:punct:]] | egrep
[[:digit:]]{2} | usort | uniq -c
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log Information
Goran, You can grep your logs out and use DLAnalyzer for this. For example: grep -i 8/13/2004 14: dec0813.log newlogfile.txt Than rename the log file to dec0813.log and than process.. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 6:52 PM Subject: [Declude.JunkMail] Log Information Hi, Is there a log file analyzer that will report on messages received by hour. I am interested in knowing how many e-mails came in between 3 and 4 and then between 4 and 5 etc. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log Information
Darrell I was hoping for more of a histogram of the number of messages processed by hour or half hour. My first thought would be to just get info on simply messages by hour and then maybe if I see a spike I could rerun it to see who was sending/receiving during that time. Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, August 25, 2004 10:22 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Log Information Goran, You can grep your logs out and use DLAnalyzer for this. For example: grep -i 8/13/2004 14: dec0813.log newlogfile.txt Than rename the log file to dec0813.log and than process.. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 6:52 PM Subject: [Declude.JunkMail] Log Information Hi, Is there a log file analyzer that will report on messages received by hour. I am interested in knowing how many e-mails came in between 3 and 4 and then between 4 and 5 etc. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log Information
If your looking for more of a histogram of the number of messgaes processed we have MRTG scripts that interface with Imail/Declude to provide you this information. This may or may not be what your looking for... Darrell Goran Jovanovic writes: Darrell I was hoping for more of a histogram of the number of messages processed by hour or half hour. My first thought would be to just get info on simply messages by hour and then maybe if I see a spike I could rerun it to see who was sending/receiving during that time. Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, August 25, 2004 10:22 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Log Information Goran, You can grep your logs out and use DLAnalyzer for this. For example: grep -i 8/13/2004 14: dec0813.log newlogfile.txt Than rename the log file to dec0813.log and than process.. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 6:52 PM Subject: [Declude.JunkMail] Log Information Hi, Is there a log file analyzer that will report on messages received by hour. I am interested in knowing how many e-mails came in between 3 and 4 and then between 4 and 5 etc. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log Information
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
I was hoping for more of a histogram of the number of
messages processed by hour or half hour. My first thought
would be to just get info on simply messages by hour and
then maybe if I see a spike I could rerun it to see who was
sending/receiving during that time.
This little script can give you a no frills, hourly, unique message count
(does not account for a single message that is sent to multiple recipients):
=
gawk {print $3,$2} spam\dec0824.log | usort | uniq -w 18 | gawk {print
$2} | cut -d : -f1 | grep -v [[:alpha:]] | egrep [[:digit:]]{2} | usort |
uniq -c
=
Watch for word-wrapping - the script should be executed as one long line.
These two entries: grep -v [[:alpha:]] | egrep [[:digit:]]{2} are simply
there to help filter out garbage from log corruption. The output will look
like:
1212 00
1251 01
1218 02
1244 03
1244 04
1317 05
1400 06
1514 07
1757 08
1880 09
1777 10
1837 11
1785 12
1743 13
1830 14
1657 15
1530 16
1378 17
1367 18
1272 19
1312 20
1325 21
1289 22
1297 23
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
