dunno if this will help but here is a perl script I use to count ip
addresses in the imail sysXXXX.txt files, its quick and dirty but will give
you a list of ip addresses that connected to your server and how many times.
I run the command line from a bat file for ease of use. The draw back is
that dictionary attacks are often done with spam zombies which could keep
you busy greppin for a long time.
Rick Davidson
National Systems Manager
North American Title Group
-
----------------------------------------------------------------------------
--------------------
#!/usr/bin/perl
# Usage: perl ipcount.pl <path to log file> <limit> <path for output file>
#
# Limit sets the low threshold to weed out the flagrant offenders, this is
optional with 300 as the default.
#
# Usage Example: perl ipcount.pl d:\imail\spool\sys0621.txt 300
>d:\ipcount.txt
my $filename, $ip;
my $limit = 0;
my %iptab;
$filename = shift;
$limit = shift;
if ($limit eq '>' || !$limit){
$limit = 300;
}
open(FH, $filename) or die "can't open file $filename\n";
while (<FH>){
if ( /\[(.*)\]/o ) {
$iptab{$1}++;
}
}
close(FH);
foreach $ip (keys %iptab) {
if ($iptab{$ip} > $limit) {
printf "\t %-16s \t %3s \n", $ip, $iptab{$ip};
}
}
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
