Hi,
I sort of tried something like that that as well but my cut command went
wild. I ended up with a list of spoolfilenames (rulespool.log), without the
D/Q, but each line ending with 0D0D0A (CRCRLF) sequence. :-( The ruleD.log
file was ok.
grep "rulenum" snfXXXX.log > rule.log
grep "Final" rule.log > rulef.log
cut -f 3 rulef.log > ruleD.log
cut -b2- ruleD.log > rulespool.log
After some manual editing I ran a smal batchfile to move all files into the
spam old direcory and do a manual review. I had only a few dozen hits that
were held.
-------<quote>---------------------
@echo off
Set SpamDir=C:\IMail\Spool\Spam
Set SpamHold=C:\IMail\Spool\Spam\Hold
For /F %%a in (rulespool.log) do (
echo Testing %SpamDir%\D%%a
if exist %SpamDir%\D%%a (
echo %%a
move %SpamDir%\D%%a %SpamHold%\
move %SpamDir%\Q%%a %SpamHold%\
)
)
:end
-------<quote>---------------------
Groetjes,
Bonno Bloksma
----- Original Message -----
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To: <sniffer@SortMonster.com>
Sent: Wednesday, February 08, 2006 3:10 AM
Subject: RE: Re[4]: [sniffer] Bad Rule - 828931
OK to answer my own question. Run the following commands
grep -U "Final.828931" snf.log >1.txt
cut -b26-41 1.txt >2.txt
grep -U -f2.txt d:\spool\dec0207.log >3.txt
egrep -U "\smd Tests failed|\smd Subject" 3.txt >4.txt
notepad 4.txt
Now I have to read my 4.txt and figure out what I am going to do about
it.
Goran Jovanovic
Omega Network Solutions
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Goran Jovanovic
Sent: Tuesday, February 07, 2006 8:39 PM
To: sniffer@SortMonster.com
Subject: RE: Re[4]: [sniffer] Bad Rule - 828931
I just ran the grep command on my log and I got 850 hits.
Now is there a way to take the output of the grep command and use it
pull out the total weight of corresponding message from the declude
log
file, or maybe the subject?
Goran Jovanovic
Omega Network Solutions
> -----Original Message-----
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of David Sullivan
> Sent: Tuesday, February 07, 2006 7:47 PM
> To: Landry, William (MED US)
> Subject: Re[4]: [sniffer] Bad Rule - 828931
>
> Hello William,
>
> Tuesday, February 7, 2006, 7:39:05 PM, you wrote:
>
> LWMU> grep -c "Final.*828931" c:\imail\declude\sniffer\logfile.log
>
> That's what I tried. Just figured out I forgot to capitalize the
"F".
> It works.
>
> Confirmed - 22,055
>
> I'm writing a program now to parse the sniffer log file, extract the
> file ID, lookup the id in sql server, determine quarantine
> location, extract q/d pair from quarantine and send to user.
>
> --
> Best regards,
> David mailto:[EMAIL PROTECTED]
>
>
>
> This E-Mail came from the Message Sniffer mailing list. For
information
> and (un)subscription instructions go to
> http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For
information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
