Bill has pointed out that you must rename the unix 'sort.exe' command in the
archive to 'usort.exe'. This way, it won't conflict with the Windows 'sort'
command. Then his scripts will run as posted.
--
Scot
----- Original Message -----
From: "Chuck Cahill" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 20, 2003 5:05 PM
Subject: Re[2]: [Declude.JunkMail] Parse Log File
> It kinda works if you use sort instead of usort. But beware, it's not
quite
> accurate.
>
> Grep will break it down to records in which have the From: line in
> it. When Gawk executes, it will respond with the 2nd to the last field,
> which is fine unless your log is like mine. Sometimes "ID: will have an
> entry, sometimes it won't which throws off the field numbering.
>
>
> Chuck Cahill
> YFCS, Inc
>
> At 04:52 PM 11/20/2003 -0500, you wrote:
> >ya, i'm getting the same error:
> >
> >R:\decludelogs\spam>grep "From:" dec1119.log | gawk "{print $(NF-2)}" |
> >usort | uniq -c | usort
> >'usort' is not recognized as an internal or external command,
> >operable program or batch file.
> >
> >has any one got this to work?
> >
> >
> >
> >
> >Thursday, November 20, 2003, 2:56:49 PM, you wrote:
> >
> >JS> I'm not very good with these unix tools in general, but my set of
unxutils
> >JS> doesn't include usort, and if I try using sort instead, I get a
steady
> >JS> stream of errors from gawk.
> >
> >JS> -----Original Message-----
> >JS> From: [EMAIL PROTECTED]
> >JS> [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry
> >JS> Sent: Thursday, 20 November 2003 12:00 PM
> >JS> To: [EMAIL PROTECTED]
> >JS> Subject: Re: [Declude.JunkMail] Parse Log File
> >
> >
> >JS> If you have the Win32 UNIX tool (if not, you can get them at:
> >JS> http://unxutils.sourceforge.net/), you can run the following script:
> >
> >JS> grep "From:" spam\dec1119.log | gawk "{print $(NF-2)}" | usort |
uniq -c |
> >JS> usort
> >
> >JS> which will produce output like:
> >
> >JS> 86 38.113.200.29
> >JS> 88 38.113.200.28
> >JS> 94 207.244.68.34
> >JS> 95 66.111.231.82
> >JS> 98 205.157.110.11
> >JS> 100 66.111.231.76
> >JS> 106 66.35.250.206
> >JS> 113 64.253.207.50
> >JS> 125 65.168.38.245
> >JS> 126 209.239.38.196
> >
> >JS> with the count in the first column followed by the IP address. If
you
> >want
> >JS> the IP address only, remove the "-c" from the script above.
> >
> >JS> Bill
> >JS> ----- Original Message -----
> >JS> From: "Chuck Cahill" <[EMAIL PROTECTED]>
> >JS> To: <[EMAIL PROTECTED]>
> >JS> Sent: Thursday, November 20, 2003 8:18 AM
> >JS> Subject: [Declude.JunkMail] Parse Log File
> >
> >
> > >> I'm hoping someone can point me in the right direction. I'm looking
for a
> > >> way to parse the IP Address out of the Spam Log file, DecMMDD.log.
Then,
> >JS> I
> > >> would like to tally the amount of messages received from each unique
IP
> > >> address.
> > >>
> > >> I'm using the option "LOG_OK NONE" in the config file so only those
> > >> messages marked as spam should have their IP addresses in the log
file
> > >>
> > >> By getting this information I can place the largest violators IP
address
> > >> into IMail's Control file to offset some of the overhead with
processing
> > >> messages.
> > >>
> > >> Anyone have something like this in place? Does this sound logical or
> >JS> flawed?
> > >>
> > >> Thanks
> > >> Chuck Cahill
> > >>
> > >>
> > >>
> > >> ********************************
> > >> Visit us at www.yfcs.com
> > >> ********************************
> > >> ---
> > >> [This E-mail was scanned for viruses by Declude Virus
> >JS> (http://www.declude.com)]
> > >>
> > >> ---
> > >> This E-mail came from the Declude.JunkMail mailing list. To
> > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >> type "unsubscribe Declude.JunkMail". The archives can be found
> > >> at http://www.mail-archive.com.
> > >>
> >
> >JS> ---
> >JS> [This E-mail was scanned for viruses by Declude Virus
> >JS> (http://www.declude.com)]
> >
> >JS> ---
> >JS> This E-mail came from the Declude.JunkMail mailing list. To
> >JS> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >JS> type "unsubscribe Declude.JunkMail". The archives can be found
> >JS> at http://www.mail-archive.com.
> >
> >JS> ---
> >JS> [This E-mail was scanned for viruses by Declude Virus
> >(http://www.declude.com)]
> >
> >JS> ---
> >JS> This E-mail came from the Declude.JunkMail mailing list. To
> >JS> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >JS> type "unsubscribe Declude.JunkMail". The archives can be found
> >JS> at http://www.mail-archive.com.
> >JS> ---
> >JS> [This E-mail scanned for viruses by Declude Virus]
> >
> >
> >
> >
> >--
> >Best regards,
> > Administration
mailto:[EMAIL PROTECTED]
> >
> >---
> >[This E-mail scanned for viruses by Declude Virus]
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
> >(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.JunkMail mailing list. To
> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.JunkMail". The archives can be found
> >at http://www.mail-archive.com.
>
>
> ********************************
> Visit us at www.yfcs.com
> ********************************
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
