Hi Bill,
Thanx for the little script. I ran it and got some weird results. Looks
like my log is fairly corrupted. I took what you suggested and ran it on
the imail logs. Not as elegant as your one liner but it works for me.
Thanx
========================================
set send=c:\imail\imail1.exe
set [EMAIL PROTECTED]
for /f "Tokens=2-4 Delims=/ " %%i in ('date /t') do set
IFileName=SYS%%i%%j.txt
set DecludeLogName=C:\imail\spool\%IFileName%
grep -i "ehlo bigdee.com" %decludelogname% | cut -b 7-8 | usort
>HourSend.txt
grep -i "230.43] connect" %decludelogname% | cut -b 7-8 | usort
>HourRecv.txt
cat HourSend.txt HourRecv.txt | usort >HourAll.txt
echo Messages sent and received by hour >ByHour.txt
uniq -c HourAll.txt >>ByHour.txt
echo . >>ByHour.txt
echo . >>ByHour.txt
echo Messages sent by hour >>ByHour.txt
uniq -c HourSend.txt >>ByHour.txt
echo . >>ByHour.txt
echo . >>ByHour.txt
echo Messages received by hour >>ByHour.txt
uniq -c HourRecv.txt >>ByHour.txt
%send% -f ByHour.txt -s "Messages processed by hour report for
%IFileName% on BIGDEE.COM" -t %dest1% -u [EMAIL PROTECTED]
========================================
1 $8000
378 00
348 01
354 02
306 03
332 04
355 05
378 06
416 07
593 08
2 08/25/2004
939 09
986 10
1 10)).
1 10.).
879 11
885 12
766 13
889 14
1 146.82.220.34
1183 15
890 16
628 17
876 18
494 19
1 19,
405 20
1 206.71.58.36
1 209.226.175.54
1 209.226.175.73
382 21
1 216.39.87.110
369 22
347 23
1 27.).
1 286,
1 30.).
1 35
1 35.).
1 37
1 40
1 40)).
1 41
1 44
1 46
1 50
1 52
1 61.163.67.199
1 64
1 64.106.241.73
1 69.9.161.194
1 82
1 9.0808/25/2004
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Bill Landry
> Sent: Thursday, August 26, 2004 12:00 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Log Information
>
> ----- Original Message -----
> From: "Goran Jovanovic" <[EMAIL PROTECTED]>
>
> > I was hoping for more of a histogram of the number of
> > messages processed by hour or half hour. My first thought
> > would be to just get info on simply messages by hour and
> > then maybe if I see a spike I could rerun it to see who was
> > sending/receiving during that time.
>
> This little script can give you a no frills, hourly, unique message
count
> (does not account for a single message that is sent to multiple
> recipients):
> =====
> gawk "{print $3,$2}" spam\dec0824.log | usort | uniq -w 18 | gawk
"{print
> $2}" | cut -d ":" -f1 | grep -v [[:alpha:]] | egrep [[:digit:]]{2} |
usort
> |
> uniq -c
> =====
>
> Watch for word-wrapping - the script should be executed as one long
line.
> These two entries: "grep -v [[:alpha:]] | egrep [[:digit:]]{2}" are
simply
> there to help filter out garbage from log corruption. The output will
> look
> like:
>
> 1212 00
> 1251 01
> 1218 02
> 1244 03
> 1244 04
> 1317 05
> 1400 06
> 1514 07
> 1757 08
> 1880 09
> 1777 10
> 1837 11
> 1785 12
> 1743 13
> 1830 14
> 1657 15
> 1530 16
> 1378 17
> 1367 18
> 1272 19
> 1312 20
> 1325 21
> 1289 22
> 1297 23
>
> Bill
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
