Thanks it worked. I did "egrep -Ziv "(ravpostfix|ravmd|localhost|127.0.0.1)" /var/log/maillog.0.gz" it gives me about half the numbers that I used to get.
Thanks again. ----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 9:29 AM Subject: [IMGate] Re: multiple entries in maillog > > > >I was wondering if there was a way to make pflogsumm ignore some entries > >when creating a report. > > some people who run content filters run the maillog file through filters > that remove the unwnanted lines before piping to pflogsumm > > >Jun 30 09:08:51 mailgate postfix/smtpd[16671]: connect from > >somewhere.com[xxx.xxx.xxx.xxx] > >Jun 30 09:08:53 mailgate postfix/smtpd[16671]: 4A38C70: > >client=somewhere.com[xxx.xxx.xxx.xxx] > >Jun 30 09:09:02 mailgate postfix/cleanup[16672]: 4A38C70: > >message-id=<[EMAIL PROTECTED]> > >Jun 30 09:09:02 mailgate postfix/qmgr[171]: 4A38C70: > >from=<[EMAIL PROTECTED]>, size=1808, nrcpt=1 (queue active) > >Jun 30 09:09:02 mailgate ravpostfix[16690]: data received... begin > >scanning... > >Jun 30 09:09:02 mailgate ravmd[16691]: scanning with global configuration > >Jun 30 09:09:02 mailgate ravmd[16691]: mail from <[EMAIL PROTECTED]> to > ><[EMAIL PROTECTED]> > > egrep -iv "(ravpostfix|ravmd)\[" | pflogsumm > > or > > egrep -i " postfix\/" | pflogsumm > > > > > >
