Hi Group ,
I am trying to process a Qmail Smtp session Log file (
multilog ).
The section of the Log file is give below :
@400000004123d44320c51f3c tcpserver: ok 9198
mailgateway.foo.com:10.10.0.1:25 :20.132.29.1::60433
@400000004123d44320c52edc qmail-smtpd 9198: connection
from 200.12.239.1 (unknown) to mailgateway.foo.com
@400000004123d4451529c72c qmail-smtpd 9198:
authentication success, user Authenticated
user:[EMAIL PROTECTED]
@400000004123d4452fcdffbc qmail-smtpd 9198: mail from:
[EMAIL PROTECTED]
@400000004123d4460f3cbbe4 qmail-smtpd 9198: rcpt to:
[EMAIL PROTECTED]
@400000004123d452240346c4 tcpserver: status: 4/150
@400000004123d455142c5844 qmail-smtpd 9198: message
queued: 1092867147 qp 9200 size 84902 bytes
@400000004123d455341b60dc tcpserver: end 9198 status 0
For every user that authenticates a "Authenticated
user:" line is generated also a "pid" is assigned to
this session .The pid is the number visible after the
"qmail-smtpd" field in this case it's "9198".After the
message is transferred the line " message queued " is
generated and the no of bytes transferred is printed
just before the "bytes" field .
The pid assigned is constant till the smtp session is
live . The start of any smtp session is the line
"tcpserver: ok <pid no> <hostname>...ipaddress ..."
The end of the smtp session is marked by the line
."tcpserver: end <pid> status 0".
I am trying to match this pid for the "Authenticated
user:" to the bytes transferred.
I have written following code ,which works a bit ,but
it fails if another smtp session start before the end
of the smtp session which I am processing .
My Code .
-------------------
#!/usr/bin/perl -w
# The Log File
$logfile = shift || die "Usage:$0 <logfile>";
open FLE, "< $logfile" if defined ($logfile);
# While Start
while (<FLE>) {
chomp;
# We get the Authenticated Line
if (/\s(\d{1,}): authentication success, user
Authenticated user:(.{1,})$/){ # Start IF
AUTHENTICATED
# We assign the Pid and Auth User
$authpid = $1; # Auth pid
$authuser = $2; # Auth User
$HoH{$authpid}{user} = $authuser; # Just
create a Hash for each Pid
print "Pid: $authpid User: $authuser \n";
} # END IF
AUTHENTICATED
# We search the bytes transferred line
if (/qmail-smtpd\s(\d{1,}):\smessage
queued:\s\d{1,}\sqp\s\d{1,}\ssize\s(\d{1,})\sbytes.*$/){
# IF MESSAGE QUEUED
# We define Pid and Bytes
$pid = $1;
$bytes = $2;
#$HoH{$pid}{Bytes} = $bytes if defined (
$HoH{$pid} );
if (defined ( $HoH{$pid})) { #
Check if it's pid of an authenticated smtp session ,if
not it's mostly a non authenticated session
print "Pid :$pid Bytes
:$bytes\n";
}
} # END IF QUEUED
}
-------------------
And the output is :
-----------------
Pid: 10554 User: [EMAIL PROTECTED]
Pid :10554 Bytes :6385
Pid: 11315 User: [EMAIL PROTECTED]
Pid :11315 Bytes :1605
Pid: 11547 User: [EMAIL PROTECTED]
Pid: 11842 User: [EMAIL PROTECTED]
Pid: 11844 User: [EMAIL PROTECTED]
Pid :11844 Bytes :1112
------------------
As you can see till [EMAIL PROTECTED] I am getting the
Username & bytes properly but later after [EMAIL PROTECTED]
the bytes are lost .
My questions are :
1. When I get a pid of Authenticated User how do I
store it till the bytes are found.
2. When I get the bytes how do I destroy the Hash so
that the bytes won't get overwritten
3. When handling more than one "Authenticated user:"
pids how to store them (pids) till the corresponding
"bytes" line is not received .
Thanx in advance for any help
BadApple
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
