Thanks for pointing that out Scot, guess I should have clarified the file
name change with my last post. Sorry for the confusion.
Bill
----- Original Message -----
From: "Scot Desort" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 20, 2003 3:20 PM
Subject: Re: Re[2]: [Declude.JunkMail] Parse Log File
> Bill has pointed out that you must rename the unix 'sort.exe' command in
the
> archive to 'usort.exe'. This way, it won't conflict with the Windows
'sort'
> command. Then his scripts will run as posted.
>
>
> --
> Scot
>
>
> ----- Original Message -----
> From: "Chuck Cahill" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, November 20, 2003 5:05 PM
> Subject: Re[2]: [Declude.JunkMail] Parse Log File
>
>
> > It kinda works if you use sort instead of usort. But beware, it's not
> quite
> > accurate.
> >
> > Grep will break it down to records in which have the From: line in
> > it. When Gawk executes, it will respond with the 2nd to the last field,
> > which is fine unless your log is like mine. Sometimes "ID: will have an
> > entry, sometimes it won't which throws off the field numbering.
> >
> >
> > Chuck Cahill
> > YFCS, Inc
> >
> > At 04:52 PM 11/20/2003 -0500, you wrote:
> > >ya, i'm getting the same error:
> > >
> > >R:\decludelogs\spam>grep "From:" dec1119.log | gawk "{print $(NF-2)}" |
> > >usort | uniq -c | usort
> > >'usort' is not recognized as an internal or external command,
> > >operable program or batch file.
> > >
> > >has any one got this to work?
> > >
> > >
> > >
> > >
> > >Thursday, November 20, 2003, 2:56:49 PM, you wrote:
> > >
> > >JS> I'm not very good with these unix tools in general, but my set of
> unxutils
> > >JS> doesn't include usort, and if I try using sort instead, I get a
> steady
> > >JS> stream of errors from gawk.
> > >
> > >JS> -----Original Message-----
> > >JS> From: [EMAIL PROTECTED]
> > >JS> [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry
> > >JS> Sent: Thursday, 20 November 2003 12:00 PM
> > >JS> To: [EMAIL PROTECTED]
> > >JS> Subject: Re: [Declude.JunkMail] Parse Log File
> > >
> > >
> > >JS> If you have the Win32 UNIX tool (if not, you can get them at:
> > >JS> http://unxutils.sourceforge.net/), you can run the following
script:
> > >
> > >JS> grep "From:" spam\dec1119.log | gawk "{print $(NF-2)}" | usort |
> uniq -c |
> > >JS> usort
> > >
> > >JS> which will produce output like:
> > >
> > >JS> 86 38.113.200.29
> > >JS> 88 38.113.200.28
> > >JS> 94 207.244.68.34
> > >JS> 95 66.111.231.82
> > >JS> 98 205.157.110.11
> > >JS> 100 66.111.231.76
> > >JS> 106 66.35.250.206
> > >JS> 113 64.253.207.50
> > >JS> 125 65.168.38.245
> > >JS> 126 209.239.38.196
> > >
> > >JS> with the count in the first column followed by the IP address. If
> you
> > >want
> > >JS> the IP address only, remove the "-c" from the script above.
> > >
> > >JS> Bill
> > >JS> ----- Original Message -----
> > >JS> From: "Chuck Cahill" <[EMAIL PROTECTED]>
> > >JS> To: <[EMAIL PROTECTED]>
> > >JS> Sent: Thursday, November 20, 2003 8:18 AM
> > >JS> Subject: [Declude.JunkMail] Parse Log File
> > >
> > >
> > > >> I'm hoping someone can point me in the right direction. I'm
looking
> for a
> > > >> way to parse the IP Address out of the Spam Log file, DecMMDD.log.
> Then,
> > >JS> I
> > > >> would like to tally the amount of messages received from each
unique
> IP
> > > >> address.
> > > >>
> > > >> I'm using the option "LOG_OK NONE" in the config file so only those
> > > >> messages marked as spam should have their IP addresses in the log
> file
> > > >>
> > > >> By getting this information I can place the largest violators IP
> address
> > > >> into IMail's Control file to offset some of the overhead with
> processing
> > > >> messages.
> > > >>
> > > >> Anyone have something like this in place? Does this sound logical
or
> > >JS> flawed?
> > > >>
> > > >> Thanks
> > > >> Chuck Cahill
> > > >>
> > > >>
> > > >>
> > > >> ********************************
> > > >> Visit us at www.yfcs.com
> > > >> ********************************
> > > >> ---
> > > >> [This E-mail was scanned for viruses by Declude Virus
> > >JS> (http://www.declude.com)]
> > > >>
> > > >> ---
> > > >> This E-mail came from the Declude.JunkMail mailing list. To
> > > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > > >> type "unsubscribe Declude.JunkMail". The archives can be found
> > > >> at http://www.mail-archive.com.
> > > >>
> > >
> > >JS> ---
> > >JS> [This E-mail was scanned for viruses by Declude Virus
> > >JS> (http://www.declude.com)]
> > >
> > >JS> ---
> > >JS> This E-mail came from the Declude.JunkMail mailing list. To
> > >JS> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >JS> type "unsubscribe Declude.JunkMail". The archives can be found
> > >JS> at http://www.mail-archive.com.
> > >
> > >JS> ---
> > >JS> [This E-mail was scanned for viruses by Declude Virus
> > >(http://www.declude.com)]
> > >
> > >JS> ---
> > >JS> This E-mail came from the Declude.JunkMail mailing list. To
> > >JS> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >JS> type "unsubscribe Declude.JunkMail". The archives can be found
> > >JS> at http://www.mail-archive.com.
> > >JS> ---
> > >JS> [This E-mail scanned for viruses by Declude Virus]
> > >
> > >
> > >
> > >
> > >--
> > >Best regards,
> > > Administration
> mailto:[EMAIL PROTECTED]
> > >
> > >---
> > >[This E-mail scanned for viruses by Declude Virus]
> > >
> > >---
> > >[This E-mail was scanned for viruses by Declude Virus
> > >(http://www.declude.com)]
> > >
> > >---
> > >This E-mail came from the Declude.JunkMail mailing list. To
> > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >type "unsubscribe Declude.JunkMail". The archives can be found
> > >at http://www.mail-archive.com.
> >
> >
> > ********************************
> > Visit us at www.yfcs.com
> > ********************************
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list. To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail". The archives can be found
> > at http://www.mail-archive.com.
> >
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
