I'm not very good with these unix tools in general, but my set of unxutils doesn't include usort, and if I try using sort instead, I get a steady stream of errors from gawk.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, 20 November 2003 12:00 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Parse Log File If you have the Win32 UNIX tool (if not, you can get them at: http://unxutils.sourceforge.net/), you can run the following script: grep "From:" spam\dec1119.log | gawk "{print $(NF-2)}" | usort | uniq -c | usort which will produce output like: 86 38.113.200.29 88 38.113.200.28 94 207.244.68.34 95 66.111.231.82 98 205.157.110.11 100 66.111.231.76 106 66.35.250.206 113 64.253.207.50 125 65.168.38.245 126 209.239.38.196 with the count in the first column followed by the IP address. If you want the IP address only, remove the "-c" from the script above. Bill ----- Original Message ----- From: "Chuck Cahill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 20, 2003 8:18 AM Subject: [Declude.JunkMail] Parse Log File > I'm hoping someone can point me in the right direction. I'm looking for a > way to parse the IP Address out of the Spam Log file, DecMMDD.log. Then, I > would like to tally the amount of messages received from each unique IP > address. > > I'm using the option "LOG_OK NONE" in the config file so only those > messages marked as spam should have their IP addresses in the log file > > By getting this information I can place the largest violators IP address > into IMail's Control file to offset some of the overhead with processing > messages. > > Anyone have something like this in place? Does this sound logical or flawed? > > Thanks > Chuck Cahill > > > > ******************************** > Visit us at www.yfcs.com > ******************************** > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
